1. Field
This disclosure is generally related to privacy and ubiquitous computing. More specifically, this disclosure is related to protecting the privacy of users of ubiquitous computing services.
2. Related Art
As mobile devices and wireless sensor networks become prevalent and powerful, computer systems are becoming adept at anticipating users' needs through intense analysis of various contextual data. The contextual data analysis increases productivity and social relationships for individuals. Moreover, the contextual data analysis can be used to improve services for corporations by providing, for example, targeted advertising and/or location-based services.
Nevertheless, despite various benefits of contextual data analysis, the collection and/or maintenance of maintenance of contextual data poses sensitive privacy concerns. For instance, giving out the location trace of a user's movements allows others to infer sensitive information related to the user, such as the user's home and/or work addresses, the user's shopping habits, the user's friends and associates, the user's social network memberships and/or affiliations, etc. The user will likely prefer not to make such sensitive information publicly available, because doing so may expose the user to personalized phishing and fraud attacks, which are difficult to detect. In extreme cases, knowledge about a user's real-time location can facilitate serious crimes, such as kidnapping or assassination. Furthermore, a user may sometimes want to withhold his or her whereabouts from others generally or selectively.
One common defense against these data-driven attacks involves perturbing the sensitive data to protect a user's identity. However, in the case of location data, modifying sensitive location data may render the data so imprecise that the data is no longer useful. For example, preserving privacy in location-based data could require a large amount of perturbation and consequently result in serious utility loss.
Another approach to this problem is to rely on security architectures to limit access to this data. For example, consumers generally trust corporations to keep the sensitive data private and secure. The corporations are expected to implement appropriate policies and security measures to protect the data. Another example is, while maintaining user web-search profiles, providers of major web search engines typically limit the retention period of Internet Protocol (IP) addresses and cookie data associated with a user's web search history. However, given the size, pervasiveness, and intelligence value of most sensitive data, it is unrealistic for a corporation to identify all of the potential avenues for breaches of consumers' privacy data.