skip to main content
research-article
Public Access

Evaluating the Privacy Guarantees of Location Proximity Services

Authors Info & Claims
Published:03 February 2017Publication History
Skip Abstract Section

Abstract

Location-based services have become an integral part of everyday life. To address the privacy issues that emerge from the use and sharing of location information, social networks and smartphone applications have adopted location proximity schemes as a means of balancing user privacy with utility. Unfortunately, despite the extensive academic literature on this topic, the schemes that large service providers have adopted are not always designed or implemented correctly, rendering users vulnerable to location-disclosure attacks. Such attacks have recently received major publicity as, in some cases, they even exposed citizens of oppressive regimes to life-threatening risks. In this article, we systematically assess the defenses that popular location-based services and mobile applications deploy to guard against adversaries seeking to identify a user’s location. We provide the theoretical foundations for formalizing the privacy guarantees of currently adopted proximity models, design practical attacks for each case, and prove tight bounds on the number of queries required for carrying out successful attacks in practice.

To evaluate the completeness of our approach, we conduct extensive experiments against popular services including Facebook, Foursquare, and Grindr. Our results demonstrate that, even though the aforementioned services implement various privacy-preserving techniques to protect their users, they are still vulnerable to attacks. In particular, we are able to pinpoint Facebook users within 5m of their exact location. For Foursquare and Grindr, users are pinpointed within 15m of their location in 90% of the cases, even with the strictest privacy settings enabled. Our attacks are highly efficient and complete within a few seconds. The severity of our findings was acknowledged by Facebook and Foursquare, both of which have followed our recommendations and adopted our design of a safe proximity scheme in their production systems. As the number of mobile applications offering location functionality will continue to increase, service providers and software developers must be able to assess the privacy guarantees that their services offer. To that end, we discuss viable defenses that can be currently adopted by all major services, and provide an open-source testing framework to be used by researchers and service providers who wish to evaluate the privacy-preserving properties of applications offering proximity functionality.

References

  1. Miguel E. Andrés, Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In ACM CCS’13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Leyla Bilge, Thorsten Strufe, Davide Balzarotti, and Engin Kirda. 2009. All your contacts belong to us: Automated identity theft attacks on social networks. In ACM WWW’09. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2014. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 251--262. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Stephen Boyd and Lieven Vandenberghe. 2004. Convex Optimization. Cambridge University Press, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Chaabane, G. Acs, and M. A. Kaafar. 2012. You are what you like! Information leakage through users’ interests. In NDSS’12.Google ScholarGoogle Scholar
  6. Brent N. Clark, Charles J. Colbourn, and David S. Johnson. 1990. Unit disk graphs. Discrete Mathematics 86, 1--3, 165--177. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Josh Constine. 2014a. Techcrunch - Ambient Proximity Is The Next Phase Of Location Sharing. Retrieved November 28, 2016 from http://techcrunch.com/2014/05/01/ambient-proximity.Google ScholarGoogle Scholar
  8. Josh Constine. 2014b. Techcrunch - Facebook Launches Nearby Friends With Opt-In Real-Time Location Sharing To Help You Meet Up. Retrieved November 28, 2016 from http://techcrunch.com/2014/04/17/facebook-nearby-friends.Google ScholarGoogle Scholar
  9. Thomas H. Cormen, Clifford Stein, Ronald L. Rivest, and Charles E. Leiserson. 2001. Introduction to Algorithms (2nd ed.). McGraw-Hill Higher Education, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Minati De, Gautam K. Das, and Subhas C. Nandy. 2011. Approximation algorithms for the discrete piercing set problem for unit disks. In CCCG.Google ScholarGoogle Scholar
  11. Federal Communications Commission. 2015. Wireless E911 location accuracy requirements. Ps Docket 07-114 (2015).Google ScholarGoogle Scholar
  12. Huan Feng and Kang G. Shin. 2014. POSTER session: Positioning attack on proximity-based people discovery. In CCS’14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Foo Kune, J. Koelndorfer, N. Hopper, and Y. Kim. 2012. Location leaks on the GSM air interface (NDSS’12).Google ScholarGoogle Scholar
  14. Police Forum. 2013. Police Forum - Social Media and Tactical Considerations For Law Enforcement. Retrieved November 28, 2016 from http://www.policeforum.org/assets/docs/Free_Online_Documents/Technology/social%20media%20and%20tactical%20considerations%20for%20law%20enforcement%202013.pdf.Google ScholarGoogle Scholar
  15. Sam Frizell. 2014. Time - Tinder Security Flaw Exposed Users’ Locations. Retrieved November 28, 2016 from http://time.com/8604/tinder-app-user-location-security-flaw/.Google ScholarGoogle Scholar
  16. Gabriel Ghinita, Maria Luisa Damiani, Claudio Silvestri, and Elisa Bertino. 2009. Preventing velocity-based linkage attacks in location-aware applications. In GIS’09. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Glenn Greenwald and Ewen MacAskill. 2013. The Guardian - NSA Prism program taps in to user data of Apple, Google and others. Retrieved November 28, 2016 from http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data.Google ScholarGoogle Scholar
  18. Grindr. 2014. Grindr - Location Security Update. Retrieved November 28, 2016 from http://grindr.com/blog/grindrs-location-security-update/.Google ScholarGoogle Scholar
  19. Marco Gruteser and Dirk Grunwald. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In MobiSys. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Tanzima Hashem, Lars Kulik, and Rui Zhang. 2003. Countering overlapping rectangle privacy attack for moving kNN queries. Information Systems 38, 3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Trevor Hastie, Robert Tibshirani, and Jerome Friedman. 2001. The Elements of Statistical Learning. Springer, New York, NY.Google ScholarGoogle Scholar
  22. Ming-Shih Huang and Ram M. Narayanan. 2014. Trilateration-based localization algorithm using the Lemoine point formulation. IETE Journal of Research 60, 1, 60--73.Google ScholarGoogle ScholarCross RefCross Ref
  23. Yaoqi Jia, Xinshu Dong, Zhenkai Liang, and Prateek Saxena. 2014. I know where you’ve been: Geo-inference attacks via the browser cache. In W2SP’14.Google ScholarGoogle Scholar
  24. Richard Lardner. 2010. Huffington Post - Feds Using Fake Online Profiles To Spy On Suspects. Retrieved November 28, 2016 from http://www.huffingtonpost.com/2010/03/16/fbi-uses-fake-facebook-pr_n_500776.html.Google ScholarGoogle Scholar
  25. Hong Ping Li, Haibo Hu, and Jianliang Xu. 2013. Nearby friend alert: Location anonymity in mobile geosocial networks. IEEE Pervasive Computing 12, 4, 62--70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Muyuan Li, Haojin Zhu, Zhaoyu Gao, Si Chen, Le Yu, Shangqian Hu, and Kui Ren. 2014. All your locations belong to us: Breaking mobile social networks for automated user location tracking. In MobiHoc. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Zi Lin, Denis Foo Kune, and Nicholas Hopper. 2012. Efficient private proximity testing with GSM location sketches. In Financial Cryptography and Data Security.Google ScholarGoogle Scholar
  28. M. V. Marathe, H. Breu, H. B. Hunt III, S. S. Ravi, and D. J. Rosenkrantz. 1995. Simple heuristics for unit disk graphs. NETWORKS 25.Google ScholarGoogle Scholar
  29. Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen, and Srdjan Capkun. 2014. Smartphones as practical and secure location verification tokens for payments (NDSS’14).Google ScholarGoogle Scholar
  30. Donald W. Marquardt. 1963. An algorithm for least-squares estimation of nonlinear parameters. Journal of the Society for Industrial 8 Applied Mathematics 11, 2, 431--441.Google ScholarGoogle ScholarCross RefCross Ref
  31. Sergio Mascetti, Letizia Bertolaja, and Claudio Bettini. 2013. A practical location privacy attack in proximity services. In MDM. IEEE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Sergio Mascetti, Claudio Bettini, Dario Freni, Xiaoyang Sean Wang, and Sushil Jajodia. 2009. Privacy-aware proximity based services. In MDM. IEEE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Sergio Mascetti, Dario Freni, Claudio Bettini, X. Sean Wang, and Sushil Jajodia. 2011. Privacy in geo-social networks: Proximity notification with untrusted service providers and curious buddies. The VLDB Journal The International Journal on Very Large Data Bases 20, 4, 541--566. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Shigeru Masuyama, Toshihide Ibaraki, and Toshiharu Hasegawa. 1981. Computational complexity of the m-center problems on the plane. IEICE Transactions E64, 2, 57--64.Google ScholarGoogle Scholar
  35. Kazuhiro Minami and Nikita Borisov. 2010. Protecting location privacy against inference attacks (WPES’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Arvind Narayanan, Narendran Thiagarajan, Michael Hamburg, Mugdha Lakhani, and Dan Boneh. 2011. Location privacy via private proximity testing. In NDSS’11.Google ScholarGoogle Scholar
  37. Tim Nieberg and Johann Hurink. 2006. A PTAS for the minimum dominating set problem in unit disk graphs. In WAOA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Rick Noack. 2014. Washington Post - Could using gay dating app Grindr get you arrested in Egypt? RetrievedNovember 28, 2016 from http://www.washingtonpost.com/blogs/worldviews/wp/2014/09/12/could-using-gay-dating-app-grindr-get-you-arrested-in-egypt/.Google ScholarGoogle Scholar
  39. Callum Paton. 2014. The Independent - Grindr and Egypt. Retrieved November 28, 2016 from http://www.independent.co.uk/news/world/africa/9757652.html.Google ScholarGoogle Scholar
  40. Iasonas Polakis, Stamatis Volanis, Elias Athanasopoulos, and Evangelos P. Markatos. 2013. The man who was there: Validating check-ins in location-based services. In ACSAC’13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Krishna P. N. Puttaswamy and Ben Y. Zhao. 2010. Preserving privacy in location-based mobile social applications (HotMobile’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Guojun Qin, Constantinos Patsakis, and Mélanie Bouroche. 2014. Playing hide and seek with mobile dating applications. In IFIP SEC’14.Google ScholarGoogle Scholar
  43. Justin Scheck. 2010. WSJ - Stalkers Exploit Cellphone GPS. Retrieved November 28, 2016 from http://online.wsj.com/articles/SB10001424052748703467304575383522318244234.Google ScholarGoogle Scholar
  44. Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011. Quantifying location privacy. In IEEE Security and Privacy’11. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting location privacy: Optimal strategy against localization attacks (CCS’12). Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Laurynas Šikšnys, Jeppe Rishede Thomsen, Simonas Saltenis, and Man Lung Yiu. 2010. Private and flexible proximity detection in mobile social networks. In 11th International Conference on Mobile Data Management (MDM’10). IEEE, 75--84. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Laurynas Šikšnys, Jeppe R. Thomsen, Simonas Šaltenis, Man Lung Yiu, and Ove Andersen. 2009. A location privacy aware friend locator. In SST’09.Google ScholarGoogle Scholar
  48. George Theodorakopoulos, Reza Shokri, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2014. Prolonging the hide-and-seek game: Optimal trajectory privacy for location-based services. In WPES’14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Federico Thomas and Llus Ros. 2005. Revisiting trilateration for robot localization. Transactions on Robotics’05 21, 1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. You-Chiun Wang, Chun-Chi Hu, and Yu-Chee Tseng. 2005. Efficient deployment algorithms for ensuring coverage and connectivity of wireless sensor networks. In Wireless Internet’05. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Patrick Wardle. 2014. Synack Security - The Do’s and Don’ts of Location Aware Apps; A Case Study. (2014). Retrieved November 28, 2016 from https://www.synack.com/labs/projects/the-dos-and-donts-of-location-aware-apps-a-case-study.Google ScholarGoogle Scholar
  52. Zheng Yang, Yiyang Zhao, Yunhao Liu, and Yu Xu. 2014. Human mobility enhances global positioning accuracy for mobile phone localization. IEEE Transactions on Parallel and Distributed Systems 99, 1.Google ScholarGoogle Scholar
  53. Xinxin Zhao, Lingjun Li, and Guoliang Xue. 2013. Checking in without worries: Location privacy in location based social networks. In INFOCOM’13.Google ScholarGoogle Scholar
  54. Yao Zheng, Ming Li, Wenjing Lou, and Y. Thomas Hou. 2012. SHARP: Private proximity test and secure handshake with cheat-proof location tags. In ESORICS’12.Google ScholarGoogle Scholar
  55. Ge Zhong, Ian Goldberg, and Urs Hengartner. 2007. Louis, Lester and Pierre: Three protocols for location privacy. In PETS’07. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Evaluating the Privacy Guarantees of Location Proximity Services

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!