Trajectory data collection is a common task with many applications in our
daily lives. Analyzing trajectory data enables service providers to enhance
their services, which ultimately benefits users. However, directly collecting
trajectory data may give rise to privacy-related issues that cannot be ignored.
Local differential privacy (LDP), as the de facto privacy protection standard
in a decentralized setting, enables users to perturb their trajectories locally
and provides a provable privacy guarantee. Existing approaches to private
trajectory data collection in a local setting typically use relaxed versions of
LDP, which cannot provide a strict privacy guarantee, or require some external
knowledge that is impractical to obtain and update in a timely manner. To
tackle these problems, we propose a novel trajectory perturbation mechanism
that relies solely on an underlying location set and satisfies pure
ϵ-LDP to provide a stringent privacy guarantee. In the proposed
mechanism, each point's adjacent direction information in the trajectory is
used in its perturbation process. Such information serves as an effective clue
to connect neighboring points and can be used to restrict the possible region
of a perturbed point in order to enhance utility. To the best of our knowledge,
our study is the first to use direction information for trajectory perturbation
under LDP. Furthermore, based on this mechanism, we present an anchor-based
method that adaptively restricts the region of each perturbed trajectory,
thereby significantly boosting performance without violating the privacy
constraint. Extensive experiments on both real-world and synthetic datasets
demonstrate the effectiveness of the proposed mechanisms.Comment: Accepted by VLDB 202