©2009 carnegie mellon university : 1 an overview of location privacy for mobile computing jason...
Post on 19-Dec-2015
214 views
TRANSCRIPT
©2
00
9 C
arn
eg
ie M
ello
n U
niv
ers
ity :
1
An Overview of Location Privacy for Mobile Computing
Jason [email protected]
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
2
Ubiquity of Location-Enabled Devices
•2009: 150 million GPS-equipped phones shipped
•2014: 770 million GPS-equipped phones expected to ship (~ 5x increase!)
•Future: Every mobile device will be location-enabled
2
[Berg Insight ‘10]
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
3
Location-Based Services Growing
3
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
4
Lots of Location-Based Services
4
Claims over 5 million users
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
5Potential Benefits of Location
• Okayness checking• Micro-coordination• Games
– Exploring a city
• Info retrieval / filtering– Ex. geotagging of photos
• Activity recognition– Ex. walking, driving, bus
• Improving trust– Co-locations to infer tie strength and trust
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
6Potential Risks
• Little sister• Undesired social obligations• Wrong inferences• Over-monitoring by employers
Failing to address accidents and legitimate concerns could blunt
adoption of a promising technology
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
7Protecting Location Privacy
• System architecture– How you get location– Where and how data stored and used
• User interface and policies– When is it shared– How is it displayed
• User studies– How do people manage in practice
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
8Protecting Location Privacy
• System architecture– How you get location– Where and how data stored and used
• User interface and policies– When is it shared– How is it displayed
• User studies– How do people manage in practice
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
9
How You Get and Use Location
• Some location-based content,even if old, still useful
• Different time-to-live
Shah Amini et al, Caché: Caching Location-Enhanced Contentto Improve User Privacy. (Under Review)
Real-time
Daily
Weekly
Monthly
Yearly
Traffic, Parking spots, Friend Finder
Weather, Social events, Coupons
Movie schedules, Ads, Yelp!
Geocaches, Bus schedules
Maps, Store locations, Restaurants
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
10
How You Get and Use Location
• Pre-fetch all the content you might need for a geographic area in advance– SELECT * from DB where City=‘Pittsburgh’
• Then, use it locally on your device only– We assume that you determine your
location locally using WiFi or GPS– So a content provider would only know
you are in Pittsburgh
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
11
Feasibility of Pre-Fetching
• Are people’s mobility patterns regular?– Pre-fetching useful only if we can
predict where people will be– Locaccino: Top 20 of 4000, 460k traces– Place naming: 26 people, 118k traces
• For each person, 5mi radius around two most common places (home + work) accounts for what % of mobility data?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
12
Feasibility of Pre-Fetching
5mi
Work
Home
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
13
Feasibility of Pre-Fetching
Radius
5mi
10mi
15mi
Locaccino
86%
87%
87%
Place Naming
79%
84%
86%
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
14
Feasibility of Pre-Fetching
• Content doesn’t change that often– Average amount of change per day
(over 5 months)
• Downloading it doesn’t take long– NYC has 250k POI = 100MB, 65MB for map
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
15
Caché Toolkit
• Android background service for apps– Apps modified to make requests to service
– User specifies home and work locations– Caché service pre-fetches content in
background when plugged in and WiFi– Caché also gets content for your
region if you spend night there
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
16
Protecting Location Privacy
• System architecture– How you get location– Where and how data stored and used
• User interface and policies– When is it shared– How is it displayed
• User studies– How do people manage in practice
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
17
Why People Use Foursquare
• Started in Mar 2009, 5 million users• After two decades of research,
finally a LBS beyond navigation– Large graveyard of location apps– Critical mass of devices and developers
• Opportunity to study value proposition and how people manage privacy
Janne Lindqvist et al, I’m the Mayor of My House: Examining Why People Use a Social-Driven Location Sharing Application, CHI 2011
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
18
What is Foursquare?
• “Foursquare is a mobile application that makes cities easier to use and more interesting to explore. It is a friend-finder, a social city guide and a game that challenges users to experience new things, and rewards them for doing so. Foursquare lets users "check in" to a place when they're there, tell friends where they are and track the history of where they've been and who they've been there with.”
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
19
How Does Foursquare Work?
• Check-in– See list of nearby places– Manually select a place– “Off the grid” option – Can create new places– Facebook + Twitter too
• Can see check-ins of friends, plus who else is at your location
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
20
How Does Foursquare Work?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
21
How Does Foursquare Work?
Leave tips for others
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
22
How Does Foursquare Work?
Earn badges for activities
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
23
How Does Foursquare Work?
Become mayor of a place if youhave most check-ins in past 60 days
Wean Hall http://foursquare.com/venue/209221 Gates http://foursquare.com/venue/174205
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
24
News of the Weird
• People fighting to be mayors of a place– One pair eventually got engaged
• Some people mayor of 30+ places• Some businesses offering discounts to
mayors
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
25
Three-Part Study of Foursquare
• Why do people use foursquare?– How do they manage privacy concerns?– Surprising uses?
• Interviews with early adopters of LBS (N=6)
• First survey to understand range of uses of foursquare (N=18)
• Second survey to understand details of use, especially privacy (N=219)
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
26
Why People Check-In
• Principal components analysis based on survey data– See paper for details
• Foursquare’s mission statement quite accurate– Fun (mayorships, badges)– Keep in touch with friends– Explore a city– Personal history
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
27
Privacy IssuesWhy people don’t check-in
• Presentation of Self issues– Didn’t want to be seen
in McDonalds or fast food– Boring places, or at Doctor’s
• Didn’t want to spam friends– Facebook and Twitter
• Didn’t want to reveal location of home– Tension: “Home” to signal availability– Tension: Some checked-in everywhere
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
28
Privacy Issues
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
29
Privacy Issues
• Surprisingly few concerns about stalkers– Only 9/219 participants (but early adopters)
• Checking in when leaving (safety)– Surprising use, 29 people said they did this– 71 people (32%) used for okayness checking
• Over half of participants had a stranger on their friends list– Want to know where interesting people go– Perceived like Twitter followers– Suggests separating Friends from friends
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
30
Protecting Location Privacy
• System architecture– How you get location– Where and how data stored and used
• User interface and policies– When is it shared– How is it displayed
• User studies– How do people manage in practice
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
31
Sharing One’s Location
• Place naming– “Hey mom, I am at 55.66N 12.59E.”
vs “Home”
• User study + machine learning to model how people name places– Semantic: business, function, personal– Geographic: city, street, building
Jialiu Lin et al, Modeling People’s Place Naming Preferencesin Location Sharing, Ubicomp 2010
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
32
Sharing One’s Location
• Location abstractions
share nothing &
no social benefits
share precise location (GPS) &
max social benefits
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
33
Sharing One’s Location
• Location abstractions
share nothing &
no social benefits
share precise location (GPS) &
max social benefits
use location abstractions to scaffold privacy
concerns
use location abstractions to scaffold privacy
concerns
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
34
Sharing One’s Location
• Location abstractions
type of description example
geographic 100 Art Rooney AveNear Golden TriangleDowntownPittsburgh
semantic Heinz FieldSteelers vs. BengalsSteelers’ homeFootball field
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
35
Sharing One’s Location
• Place entropy
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
36
Understanding Human Behavior at Large Scales
• Capabilities of today’s mobile devices– Location, sound, proximity, motion– Call logs, SMS logs, pictures
• We can now analyze real-world social networks and human behaviors at unprecedented fidelity and scale
• 2.8m location sightings of 489 volunteers in Pittsburgh
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
37
• Insert graph here• Describe entropy
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
38
Early Results
• Can predict Facebook friendships based on co-location patterns– 67 different features
• Intensity and Duration• Location diversity (entropy)• Mobility• Specificity (TF-IDF)• Graph structure (mutual neighbors, overlap)
– 92% accuracy in predicting friend/not
Justin Cranshaw et al, Bridging the Gap BetweenPhysical Location and Online Social Networks, Ubicomp 2010
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
39
39
Using features such a location entropy significantly improves performance over shallow features such as number of co-locations
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
40
40
Inte
nsity
feat
ures
Inte
nsity
feat
ures
Num
ber
of
co-
loca
t ions
Num
ber
of
co-
loca
t ions
With
out intensit
y
Full model
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
41
Early Results
• Can predict number of friends based on mobility patterns– People who go out often, on weekends,
and to high entropy places tend to have more friends
– (Didn’t check age though)
Justin Cranshaw et al, Bridging the Gap BetweenPhysical Location and Online Social Networks, Ubicomp 2010
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
42
Entropy Related to Location Privacy
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
43
Ongoing Work
• Managing geotagged photos• Enhanced social graph• Understanding real-world human
behavior at large scales
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
44
Managing Geotagged Photos
• 4.3% Flickr photos, 3% YouTube, 1% Craigslist photos geotagged
• Idea: Use place entropy to differentiate between public / private
• But need to radically scale up entropy– 2.8m sightings, 489 volunteers, N years
Wired Magazine story
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
45
Calculating Entropy from Flickr
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
46
Foursquare Check-in Data
• Viz of 566k check-ins in NYC
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
47
Enhanced Social Graph
• Family, friends, co-workers, acquaintances all mixed together
• Gay friends and 12yo swimmers
• Family friends and high school friends
• Friends and boss• My personal use
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
48
Enhanced Social Graph
• Create a more sophisticated graph that captures tie strength and relationship
• Take call data, SMS, FB use, co-locations
• More appropriate sharing
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
49
Understanding Human Behavior at Large Scales
• What does me going to a placesay about me and that place?
• Scale up to thousands of people, what does it say about people in a city?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
50
Understanding Human Behavior at Large Scales
• Utility for individuals– Predict onset of depression– Infer physical decline– Predict personality type
• Utility for groups– Architecture and urban design– Use of public resources (e.g. buses) – Traffic Behavioral Inventory (TBI)– Ride-sharing estimates– What do Pittsburgher’s do?– What do Chinese people in Pittsburgh do?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
51
Understanding Human Behavior at Large Scales
• Get location from thousands of people in a city– Or, what if we could give smart phone to every
incoming freshman?
• New metrics to describe people and places– Churn, transience, burst
• Ways of sharing data with other researchers while maintaining privacy of individuals?– Very high cost in collecting data– How to offer k-anonymity (or other) guarantees?– Privacy server rather than sharing data
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
52
Research Angle of Attack
Sensed DataLocation, sound, proximity, motion
Computer DataFacebook, Call Logs,
SMS logs
Intermediate MetricsCharacterize People and Places at Large Scale
Human Phenomena We Care AboutPrivacy, Health Care, Relationships,
Info Overload, Architecture, Urban Design
Privacy M
od
els
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
53
End-User Privacy in HCI
• 137 page article surveying privacy in HCI and CSCW
Iachello and Hong, End-User Privacy in Human-Computer Interaction, Foundations and Trends in Human-Computer
Interaction
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
54
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
55
WYEP Summer FestivalBlizzard …same guyTrigger happy guyRandom peak
EventEvent
Non-eventNon-event
2010 Photos in Pittsburgh
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
56