Summary by Patrick Skevik This paper proposes an alternative way of gathering location data about users without compromising their privacy or direct location. SpotME is a software to estimate the number of users in a geographic location without revealing where each individual user are. The idea is that users send a map of the area they're in to the location-based service, which contains a set of locations that the user might be at. The user will claim to be at a set of locations, based on a given probability. By knowing the probability, the service can estimate how many users are at any given location. Their method of protecting a users privacy appears to be reasonable and their evaluation looks good. They also look into the communication overhead which involves calculation of random locations and the size of the map for uploading. ----- BEGIN SUMMARY ------ SpotME If You Can: Randomized Responses for Location Obfuscation on Mobile Phones summarized by Guangyu Han ------------------------------ Today the location services really give us the convenience and help but the collecting of these personal location data may lead to privacy issues. SpotME is a system allowing their customers to use the erroneous locations instead of real ones. By using some probabilistic equations they would compute the real number of users in each area without knowing about each individual data and the erroneous locations will not seriously affect the real estimation. The systems is relatively accurate in densely populated areas but poor in rural areas. Questions:It's hard for any copmpany to found an proper size of aggregation pool and how to found a trusted third part to reach this target as I know this kind of application are better to use for the limited groups of people eg. who wants make new friends close in geography . ------END SUMMARY----------- Summary by Ioana Livadarlu SpotME If You Can: Randomized Responses for Location Obfuscation on Mobile Phones - Daniele Quercia, Ilias Leontiadis, Liam McNamara, Cecilia Mascolo and Jon Crowcroft( ICDCS 2011) The paper present SpotME, a mechanism that allows obtaining aggregated user location data while preserving the privacy of the actual location. The problem that is addressed through this work is privacy of users data in mobile networks. The proposed solution is based on two components. The first one is represented by messages send by the SpotME users: Each user sends periodically data ( referred in the article as a map ) that contains both his/hers true location and a number of other erroneous locations. In order to obtain these, the randomised response technique is used, and each the users claims to be in each location of the map with the a certain probability ( p ). The second component is a system that collects all the maps received from the users and infers the information in order to obtain the aggregated values ( the number of users at a certain locations ). The data that is used in order to evaluate the systems is represented by two types of mobility traces. The first type corresponds to the traces obtained for vehicle drivers and is generated using GMSF( Generic mobility simulation framework ). This is furthered analysed in the Evaluation section of the paper in term of the area in which the vehicles are considered to be driven : urban, suburban and rural. The second type of traces correspond to the subway passengers from the London subway system. These are collected during rush hour in a week day. The authors evaluate the proposed solution in term of: effectiveness( the number of users that the system can detect versus the real number of users ), robustness both agains malicious providers and malicious users, and communication, storage and computational overheads. The main findings in respect with the three criteria are : 1. Effectiveness : - accurate estimation of the number of users in a certain location can be achieved by tuning two values: the probability p and the number k of potential locations. - the number of users is unaffected by the penetration rate; 2. Robustness : - the system is robust against injections of false information ( for a given probability p, a user can expect a certain level of protection ) 3. The solution offers scalability. Questions : 1. What are the assumptions used by the proposed software ? 2. The paper details a type of attack on SpotME. What other attacks can be used against it? Summary by Adnan Malik New methods are used today to make human life easier, for example finding the closest grocery store or ATM cash machine. The technology is not limited to fix spots but is also used in moving object like cars and computer devices. Hence it has become possible to find a person¨ªs location using the electronic equipment he/she is using. It is helpful sometimes when one wants to use the service to travel to a destination B. Then the system has to know the location of that person, in order to calculate and suggest the path. To make it more efficient companies are providing better services like : by calculating less crowded path from location A to B. This is done by looking at number of mobile users on the paths from A to B. Similarly in order to find night life club¨ªs detail that which club is more crowded and which is not. This is also done by calculating number of mobile users at a particular club, This is done by using their location. As long as this process is used in positive way , its good for anyone. But the problem arises when location of particular person is accessed. This triggers privacy concerns issues. In order to avoid privacy issues SpotME is explained in this paper, where this software does not send all the information from one user but the information of group of people is send . So that meta data of one particular user is not sent. SpotME uses some algorithms to make it more efficient where some false information is also sent along the accurate information. Summary by Sasha Mile Rudan ¡ñ This paper is presenting a solution for proximity/location based system and users¡¯ concerns regarding publishing they locations. It is not focused on a network that particular user location is important, like in social location networks (including privacy settings and encryption) but rather with proximity networks that depends on average statistics of users population on average locations. SpotME algorithm is lifting user¡¯s protection for one whole level up, by avoiding trust of users to the centralized proximity service servers; obfuscation is happening at the client side. Not mentioned, but important is the fact, that malicious users cannot intercept communication and find out real user location. ¡ñ I liked state-of-the art report regarding development of algorithms that are obfuscating real location of user with erroneous locations that are trying to imitate real user location related patterns (motion patterns). ¡ñ In the randomized response algorithm implementation I recognized shifting from a simple probabilistic value to set of 2-dimensional values as interesting concept switching and application ¡ñ I acknowledged simple but working approach of counterattacking malicious users regarding problem of repeating random locations when users are not moving; sending acknowledge signal, however, this is a questionable solution if users are moving very slowly, i would like to see algorithm of switching between steady to moving mode and how revealing of location will happen in that case. ¡ñ Also some of standard mathematical apparatus, they presented in a way as it is smart approach; like moving average, Root Mean Square Error, etc ¡ñ What I didn¡¯t like about the paper is initial delusion that data provided are coming from real datasets (vehicles, and passengers), however later it happens that vehicle data are coming from car simulator (that incorporates driving patterns extracted from historical routes), and similar situation was with passengers that i can just figure out that they used some patterns based on RFID card readers and smart device/laptop readers but no more details. I also believe that recognizing some user behavioral patterns in data they can collect from passengers in metro system would be better to use together with simulation, instead of relying on uncertain data ¡ñ I also wanted to see more discussion on simulation used for malicious attackers following moving user ¡ñ they presented that there is a safe window of p ¡Ê [0.4, 0.5] as a good balance of error and user privacy protection, however very often location is not primary parameter, rather driving speed, etc. I would like to see two more things; average of a second variable (speed) in average how it is affected with other users that are not really present at observing location, and also with user obfuscation and hiding that variable (i.e. using second level of randomized response algorithm for protecting real speed). ¡ñ Without too much consideration i would say that they explanation why there is more errors in urban area (vehicles) compared to rural is not correct to me (since if there are more samples, in average there are same number of right and wrong?!), the reason is in my opinion more because of density of locations among which the system can make wrong matching ¡ñ Regarding calculation of uptake and prediction of the total number of people at the location, i didn¡¯t figure out completely they algorithm and error calculation ¡ñ Personally I believe that the whole research is less relevant for common user, compared to research related to the balance of hiding personal location, but extracting as much as possible knowledge relevant for the particular service.