Measuring Membership Privacy on Aggregate Location Time-Series

While location data is extremely valuable for various applications, disclosing it prompts serious threats to individuals' privacy. To limit such concerns, organizations often provide analysts with aggregate time-series that indicate, e.g., how many people are in a location at a time interval, rather than raw individual traces. In this paper, we perform a measurement study to understand Membership Inference Attacks (MIAs) on aggregate location time-series, where an adversary tries to infer whether a specific user contributed to the aggregates. We find that the volume of contributed data, as well as the regularity and particularity of users' mobility patterns, play a crucial role in the attack's success. We experiment with a wide range of defenses based on generalization, hiding, and perturbation, and evaluate their ability to thwart the attack vis-a-vis the utility loss they introduce for various mobility analytics tasks. Our results show that some defenses fail across the board, while others work for specific tasks on aggregate location time-series. For instance, suppressing small counts can be used for ranking hotspots, data generalization for forecasting traffic, hotspot discovery, and map inference, while sampling is effective for location labeling and anomaly detection when the dataset is sparse. Differentially private techniques provide reasonable accuracy only in very specific settings, e.g., discovering hotspots and forecasting their traffic, and more so when using weaker privacy notions like crowd-blending privacy. Overall, our measurements show that there does not exist a unique generic defense that can preserve the utility of the analytics for arbitrary applications, and provide useful insights regarding the disclosure of sanitized aggregate location time-series

Continuous measurements of real-life bidirectional pedestrian flows on a wide walkway

Employing partially overlapping overhead \kinectTMS sensors and automatic pedestrian tracking algorithms we recorded the crowd traffic in a rectilinear section of the main walkway of Eindhoven train station on a 24/7 basis. Beside giving access to the train platforms (it passes underneath the railways), the walkway plays an important connection role in the city. Several crowding scenarios occur during the day, including high- and low-density dynamics in uni- and bi-directional regimes. In this paper we discuss our recording technique and we illustrate preliminary data analyses. Via fundamental diagrams-like representations we report pedestrian velocities and fluxes vs. pedestrian density. Considering the density range $0$ - $1.1\,$ped/m$^2$, we find that at densities lower than $0.8\,$ped/m$^2$ pedestrians in unidirectional flows walk faster than in bidirectional regimes. On the opposite, velocities and fluxes for even bidirectional flows are higher above $0.8\,$ped/m$^2$.Comment: 9 pages, 7 figure

Enter the Circle: Blending Spherical Displays and Playful Embedded Interaction in Public Spaces

Public displays are used a variety of contexts, from utility driven information displays to playful entertainment displays. Spherical displays offer new opportunities for interaction in public spaces, allowing users to face each other during interaction and explore content from a variety of angles and perspectives. This paper presents a playful installation that places a spherical display at the centre of a playful environment embedded with interactive elements. The installation, called Enter the Circle, involves eight chair-sized boxes filled with interactive lights that can be controlled by touching the spherical display. The boxes are placed in a ring around the display, and passers-by must “enter the circle” to explore and play with the installation. We evaluated this installation in a pedestrianized walkway for three hours over an evening, collecting on-screen logs and video data. This paper presents a novel evaluation of a spherical display in a public space, discusses an experimental design concept that blends displays with embedded interaction, and analyses real world interaction with the installation

Prochlo: Strong Privacy for Analytics in the Crowd

The large-scale monitoring of computer users' software activities has become commonplace, e.g., for application telemetry, error reporting, or demographic profiling. This paper describes a principled systems architecture---Encode, Shuffle, Analyze (ESA)---for performing such monitoring with high utility while also protecting user privacy. The ESA design, and its Prochlo implementation, are informed by our practical experiences with an existing, large deployment of privacy-preserving software monitoring. (cont.; see the paper