Thwarting location privacy protection in location-based social discovery services

AbstractLocation-based social discovery LBSD services enable users to discover their geographic neighborhoods to make new friends. Original LBSD services were designed to provide the exact distances to nearby users. It has been shown that it is easy to pinpoint any target user's location by using trilateration based on the exact distances from three fake Global Positioning System locations to the target user. To defend against the trilateration attack, contemporary LBSD services then began to report distances of nearby users in concentric bands, for example, bands of 100 meters, rather than exact distances. In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with fake Global Positioning System locations, one can nevertheless localize user locations in band-based LBSD. Our methodology is guaranteed to localize any reported user within a circle of radius no greater than one meter, even for LBSD services using large bands such as 100 m as used by WeChat. Eventually, countermeasures are proposed to reduce location privacy leakage to the very minimum. To the best of our knowledge, this is the first work that explicitly exploits and quantifies user location privacy leakage in band-based LBSD services. We expect our study to draw more public attention to this serious privacy issue and expectantly motivate better privacy preserving LBSD designs. Copyright © 2016 John Wiley & Sons, Ltd.