location privacy for mobile computing, cylab talk on feb 2011
DESCRIPTION
A talk I gave for Cylab in Feb 2011 on location privacy, summarizing some of my group's work in this area. I discuss some system architectures for location-based content (using pre-fetching and caching to manage privacy), why people use foursquare, and some empirical work on location sharing.TRANSCRIPT
©2
00
9 C
arn
eg
ie M
ello
n U
niv
ers
ity :
1
Location Privacy for Mobile Computing
Jason [email protected]
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
2
Ubiquity of Location-Enabled Devices
•2009: 150 million GPS-equipped phones shipped
•2014: 770 million GPS-equipped phones expected to ship (~ 5x increase!)
•Future: Every mobile device will be location-enabled (GPS or WiFi)
2
[Berg Insight ‘10]
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
3
Location-Based Services Growing
3
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
4
Lots of Location-Based Services
4
Claims over 5 million users
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
5Potential Benefits of Location
• Okayness checking• Micro-coordination• Games
– Exploring a city
• Info retrieval / filtering– Ex. geotagging photos, tweets
• Activity recognition– Ex. walking, driving, bus
• Improving trust– Co-locations to infer tie strength and trust
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
6Potential Risks
• Little sister• Undesired social obligations• Wrong inferences• Over-monitoring by employers
Failing to address accidents and legitimate concerns could blunt
adoption of a promising technology
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
7Our Work in Location Privacy
• System architectures– Architectures for location-based content– Estimating how many people in a location
• User studies– Why do people use foursquare?– Sharing location in China vs US
• User interfaces and policies– How to help people create policies?– How do people name places?– Large scale analysis of location traces
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
8Talk Outline
• System architectures– Architectures for location-based content– Estimating how many people in a location
• User studies– Why do people use foursquare?– Sharing location in China vs US
• User interfaces and policies– How to help people create policies?– How do people name places?– Large scale analysis of location traces
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
9
Location-based Content
• Some location-based content,even if old, still useful
• Different time-to-live
Amini et al, Caché: Caching Location-Enhanced Contentto Improve User Privacy. (Under Review)
Real-time
Daily
Weekly
Monthly
Yearly
Traffic, Parking spots, Friend Finder
Weather, Social events, Coupons
Movie schedules, Ads, Yelp!
Geocaches, Bus schedules
Maps, Store locations, Restaurants
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
10
Caching Location-based Content
• Pre-fetch all the content you might need for a geographic area in advance– SELECT * from DB where City=‘Pittsburgh’
• Then, use it locally on your device only– We assume that you determine your
location locally using WiFi or GPS– So a content provider would only know
you are in Pittsburgh
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
11
Feasibility of Pre-Fetching
• Are people’s mobility patterns regular?– Pre-fetching useful only if we can
predict where people will be– Locaccino: Top 20 people, 460k traces– Place naming: 26 people, 118k traces
• For each person, take a 5mi radius around two most common places (home + work) – What % of all mobility data does this
account for?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
12
Feasibility of Pre-Fetching
5mi
Work
Home
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
13
Feasibility of Pre-Fetching
Radius
5mi
10mi
15mi
Locaccino
86%
87%
87%
Place Naming
79%
84%
86%
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
14
Feasibility of Pre-Fetching
• Content doesn’t change that often– Average amount of change per day
(over 5 months)
• Downloading it doesn’t take long– NYC has 250k POI = 100MB, 65MB for map
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
15
Caché Toolkit
• Android background service for apps– Apps modified to make requests to service
– User specifies home and work locations– Caché service pre-fetches content in
background when plugged in and WiFi– Caché also gets content for your
region if you spend night there
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
16
Caché Discussion
• Doesn’t work for time-sensitive content
• Tor anonymizing servers– Performance hit for mobile devices– Tor not useful for named accounts
• Better content distribution models
• Still need user studies of effectiveness in practice
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
17
Talk Outline
• System architectures– Architectures for location-based content
• User studies– Why do people use foursquare?
• User interfaces and policies– Large scale analysis of location traces
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
18
Why People Use Foursquare
• Started in Mar 2009, 5 million users• After two decades of research,
finally a LBS beyond navigation– Large graveyard of location apps– Critical mass of devices and developers
• Opportunity to study value proposition and how people manage privacy
Lindqvist et al, I’m the Mayor of My House: Examining Why People Use a Social-Driven Location Sharing Application, CHI 2011
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
19
What is Foursquare?
• “Foursquare is a mobile application that makes cities easier to use and more interesting to explore. It is a friend-finder, a social city guide and a game that challenges users to experience new things, and rewards them for doing so. Foursquare lets users "check in" to a place when they're there, tell friends where they are and track the history of where they've been and who they've been there with.”
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
20
How Does Foursquare Work?
• Check-in– See list of nearby places– Manually select a place– “Off the grid” option – Can create new places– Facebook + Twitter too
• Can see check-ins of friends, plus who else is at your location
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
21
How Does Foursquare Work?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
22
How Does Foursquare Work?
Leave tips for others
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
23
How Does Foursquare Work?
Earn badges for activities
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
24
How Does Foursquare Work?Become mayor of a place if you
have most check-ins in past 60 daysWean Hall http://foursquare.com/venue/209221
Gates http://foursquare.com/venue/174205CIC http://foursquare.com/venue/175395
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
25
News of the Weird
• People fighting to be mayors of a place– One pair eventually got engaged
• Some people mayor of 30+ places• Some businesses offering discounts to
mayors
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
26
Three-Part Study of Foursquare
• Why do people use foursquare?– How do they manage privacy concerns?– Surprising uses?
• Interviews with early adopters of LBS (N=6)
• First survey to understand range of uses of foursquare (N=18)
• Second survey to understand details of use, especially privacy (N=219)
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
27
Why People Check-In
• Principal components analysis based on survey data– See paper for details
• Foursquare’s mission statement quite accurate– Fun (mayorships, badges)– Keep in touch with friends– Explore a city– Personal history
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
28
Privacy IssuesWhy people don’t check-in
• Presentation of Self issues– Didn’t want to be seen
in McDonalds or fast food– Boring places, or at Doctor’s
• Didn’t want to spam friends– Facebook and Twitter
• Didn’t want to reveal location of home– Tension: “Home” to signal availability– Tension: Some checked-in everywhere
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
29
Privacy Issues
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
30
Privacy Issues
• Surprisingly few concerns about stalkers– Only 9/219 participants (but early adopters)
• Checking in when leaving (safety)– Surprising use, 29 people said they did this– 71 people (32%) used for okayness checking
• Over half of participants had a stranger on their friends list– Want to know where interesting people go– Perceived like Twitter followers– Suggests separating Friends from friends
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
31
Talk Outline
• System architectures– Architectures for location-based content
• User studies– Why do people use foursquare?
• User interfaces and policies– Large scale analysis of location traces
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
32
Understanding Human Behavior at Large Scales
• Capabilities of today’s mobile devices– Location, sound, proximity, motion– Call logs, SMS logs, pictures
• We can now analyze real-world social networks and human behaviors at unprecedented fidelity and scale
• 2.8m location sightings of 489 volunteers in Pittsburgh
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
33
• Insert graph here• Describe entropy
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
34
Early Results
• Can predict Facebook friendships based on co-location patterns– 67 different features
• Intensity and Duration• Location diversity (entropy)• Mobility• Specificity (TF-IDF)• Graph structure (mutual neighbors, overlap)
– 92% accuracy in predicting friend/not
Cranshaw et al, Bridging the Gap Between Physical Location and Online Social Networks, Ubicomp 2010
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
35
35
Using features such a location entropy significantly improves performance over shallow features such as number of co-locations
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
36
36
Inte
nsity
feat
ures
Inte
nsity
feat
ures
Nu
mb
er
of
co-l
ocati
on
sN
um
ber
of
co-l
ocati
on
s
With
out inte
nsity
Full model
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
37
Early Results
• Can predict number of friends based on mobility patterns– People who go out often, on weekends,
and to high entropy places tend to have more friends
– (Didn’t check age though)
Cranshaw et al, Bridging the Gap Between Physical Location and Online Social Networks, Ubicomp 2010
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
38
Entropy Related to Location Privacy
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
39
Ongoing Work: Understanding Human Behavior at Large Scales
• What does me going to a placesay about me and that place?
• Scale up to thousands of people, what does it say about people in a city?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
40
Understanding Human Behavior at Large Scales
• Utility for individuals– Predict onset of depression– Infer physical decline– Predict personality type
• Utility for groups– Architecture and urban design– Use of public resources (e.g. buses) – Traffic Behavioral Inventory (TBI)– Ride-sharing estimates– What do Pittsburgher’s do?– What do Chinese people in Pittsburgh do?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
41
Understanding Human Behavior at Large Scales• Get location from thousands of people
in a city– Or, what if we could give smart phone to
every incoming freshman?– Incentivizing people to share
• Ways of sharing data while maintaining privacy of individuals?– Very high cost in collecting data– How to offer k-anonymity (or other)
guarantees?– Privacy server rather than sharing data
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
42Acknowledgements
Shah AminiJustin CranshawJialiu LinJanne LindqvistJason WieseKaren TangEran TochGuang Xiang
Lorrie CranorNorman Sadeh
CylabGoogleIntel ResearchPortugal
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
43
Enhanced Social Graph
• Family, friends, co-workers, acquaintances all mixed together
• Family friends and high school friends
• Friends and boss• My personal use
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
44
Enhanced Social Graph
• Create a more sophisticated graph that captures tie strength and relationship
• Take call data, SMS, FB use, co-locations
• More appropriate sharing
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
45
Research Angle of Attack
Sensed DataLocation, sound, proximity, motion
Computer DataFacebook, Call Logs,
SMS logs
Intermediate MetricsCharacterize People and Places at Large Scale
Human Phenomena We Care AboutPrivacy, Health Care, Relationships,
Info Overload, Architecture, Urban Design
Privacy M
od
els
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
46
End-User Privacy in HCI
• 137 page article surveying privacy in HCI and CSCW
Iachello and Hong, End-User Privacy in Human-Computer Interaction, Foundations and Trends in Human-Computer
Interaction
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
47
WYEP Summer FestivalBlizzard …same guyTrigger happy guyRandom peak
EventEvent
Non-eventNon-event
2010 Photos in Pittsburgh
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
48
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
49
Sharing One’s Location
• Place naming– “Hey mom, I am at 55.66N 12.59E.”
vs “Home”
• User study + machine learning to model how people name places– Semantic: business, function, personal– Geographic: city, street, building
Jialiu Lin et al, Modeling People’s Place Naming Preferencesin Location Sharing, Ubicomp 2010
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
50
Sharing One’s Location
• Location abstractions
share nothing &
no social benefits
share precise location (GPS) &
max social benefits
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
51
Sharing One’s Location
• Location abstractions
share nothing &
no social benefits
share precise location (GPS) &
max social benefits
use location abstractions to scaffold privacy
concerns
use location abstractions to scaffold privacy
concerns
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
52
Sharing One’s Location
• Location abstractions
type of description example
geographic 100 Art Rooney AveNear Golden TriangleDowntownPittsburgh
semantic Heinz FieldSteelers vs. BengalsSteelers’ homeFootball field
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
53
Managing Geotagged Photos
• 4.3% Flickr photos, 3% YouTube, 1% Craigslist photos geotagged
• Idea: Use place entropy to differentiate between public / private
• But need to radically scale up entropy– 2.8m sightings, 489 volunteers, N years
Wired Magazine story
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
54
Calculating Entropy from Flickr
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
55
Foursquare Check-in Data
• Viz of 566k check-ins in NYC