Sharing trajectories is beneficial for many real-world applications, such as managing disease spread through contact tracing and tailoring public services to a population's travel patterns. However, public concern over privacy and data protection has limited the extent to which this data is shared. Local differential privacy enables data sharing in which users share a perturbed version of their data, but existing mechanisms fail to incorporate user-independent public knowledge (e.g., business locations and opening times, public transport schedules, geo-located tweets). This limitation makes mechanisms too restrictive, gives unrealistic outputs, and ultimately leads to low practical utility. To address these concerns, we propose a local differentially private mechanism that is based on perturbing hierarchically-structured, overlapping $n$-grams (i.e., contiguous subsequences of length $n$) of trajectory data. Our mechanism uses a multi-dimensional hierarchy over publicly available external knowledge of real-world places of interest to improve the realism and utility of the perturbed, shared trajectories. Importantly, including real-world public data does not negatively affect privacy or efficiency. Our experiments, using real-world data and a range of queries, each with real-world application analogues, demonstrate the superiority of our approach over a range of alternative methods.

中文翻译：

---

具有局部差分隐私的真实世界轨迹共享

共享轨迹有利于许多现实世界的应用，例如通过接触者追踪管理疾病传播以及根据人群的旅行模式定制公共服务。然而，公众对隐私和数据保护的担忧限制了这些数据的共享程度。本地差异隐私支持数据共享，其中用户共享其数据的扰动版本，但现有机制未能纳入独立于用户的公共知识（例如，营业地点和开放时间、公共交通时间表、地理定位推文）。这种限制使机制过于严格，产生不切实际的输出，并最终导致低实际效用。为了解决这些问题，我们提出了一种基于扰动分层结构的本地差异私有机制，轨迹数据的重叠$n$-grams（即，长度$n$的连续子序列）。我们的机制在公开可用的真实世界兴趣点的外部知识上使用多维层次结构来提高扰动共享轨迹的真实性和实用性。重要的是，包括真实世界的公共数据不会对隐私或效率产生负面影响。我们的实验使用真实世界的数据和一系列查询，每个查询都与真实世界的应用程序类似，证明了我们的方法优于一系列替代方法。包括真实世界的公共数据不会对隐私或效率产生负面影响。我们的实验使用真实世界的数据和一系列查询，每个查询都与真实世界的应用程序类似，证明了我们的方法优于一系列替代方法。包括真实世界的公共数据不会对隐私或效率产生负面影响。我们的实验使用真实世界的数据和一系列查询，每个查询都与真实世界的应用程序类似，证明了我们的方法优于一系列替代方法。