Privacy Leakage of Location Sharing in Mobile Social Networks: Attacks and Defense

• Published in: IEEE transactions on dependable and secure computing Vol. 15; no. 4; pp. 646 - 660
• Main Authors: Li, Huaxin, Zhu, Haojin, Du, Suguo, Liang, Xiaohui, Shen, Xuemin
• Format: Journal Article
• Language: English
• Published: Washington IEEE 01.07.2018; IEEE Computer Society
• Subjects: Context; Cybersecurity; Demographics; Facebook; Geology; Hazards; Leakage; Location privacy; Mobile communication; Mobile computing; mobile social networks; Privacy; privacy protection; Social networks; Wireless networks
• ISSN: 1545-5971; 1941-0018
• DOI: 10.1109/TDSC.2016.2604383

Along with the popularity of mobile social networks (MSNs) is the increasing danger of privacy breaches due to user location exposures. In this work, we take an initial step towards quantifying location privacy leakage from MSNs by matching the users' shared locations with their real mobility traces. We conduct a three-week real-world experiment with 30 participants and discover that both direct location sharing (e.g., Weibo or Renren) and indirect location sharing (e.g., Wechat or Skout) can reveal a small percentage of users' real points of interests (POIs). We further propose a novel attack to allow an external adversary to infer the demographics (e.g., age, gender, education) after observing users' exposed location profiles. We implement such an attack in a large real-world dataset involving 22,843 mobile users. The experimental results show that the attacker can effectively predict demographic attributes about users with some shared locations. To resist such attacks, we propose SmartMask, a context-based system-level privacy protection solution, designed to automatically learn users' privacy preferences under different contexts and provide a transparent privacy control for MSN users. The effectiveness and efficiency of SmartMask have been well validated by extensive experiments.