Mariana Cruz Cunha

Abstract
Location privacy is a major concern in the current digital society, due to the sensitive information that can be inferred from location data. This has led smartphones' Operating Systems (OSs) to strongly tighten access to location information in the last few years. The same tightening has, however, not yet happened when it comes to our second most carried around device: the laptop. In this work, we demonstrate the privacy risks resulting from the fact that major laptop OSs still expose WiFi data to installed software, thus enabling to infer location information from WiFi Access Points (APs). Using data collected in a real-world experiment, we show that laptops are often carried along with smartphones and that a large fraction of our mobility profile can be inferred from WiFi APs accessed on laptops, thus concluding on the need to protect the access to WiFi data on laptops.

Abstract
The pervasiveness of mobile devices has fostered a multitude of services and applications, but also raised serious privacy concerns. In order to avoid users' tracking and/or users' fingerprinting, smartphones have been tightening the access to unique identifiers. Nevertheless, smartphone applications can still collect diverse data from available sensors and smartphone resources. Using real-world data from a field study we performed, this paper demonstrates the possibility of fingerprinting users from Wi-Fi data in mobile devices and the consequent privacy impact. From the performed analysis, we concluded that a single snapshot of a set of scanned Wi-Fi BSSIDs (MAC addresses) per user is enough to uniquely identify about 99% of the users. In addition, the most frequent Wi-Fi BSSID is sufficient to re-identify more than 90% of the users, a percentage that goes up to 97% of the users with the top-2 scanned BSSIDs. The Wi-Fi SSID (network name) also leads to a re-identification risk of about 83% and 97% with 1 and 2 of the strongest Wi-Fi Access Points (APs), respectively.

Abstract
With the massive data collection from different devices, spanning from mobile devices to all sorts of IoT devices, protecting the privacy of users is a fundamental concern. In order to prevent unwanted disclosures, several Privacy-Preserving Mechanisms (PPMs) have been proposed. Nevertheless, due to the lack of a standardized and universal privacy definition, configuring and evaluating PPMs is quite challenging, requiring knowledge that the average user does not have. In this paper, we propose a privacy toolkit - Privkit - to systematize this process and facilitate automated configuration of PPMs. Privkit enables the assessment of privacy-preserving mechanisms with different configurations, while allowing the quantification of the achieved privacy and utility level of various types of data. Privkit is open source and can be extended with new data types, corresponding PPMs, as well as privacy and utility assessment metrics and privacy attacks over such data. This toolkit is available through a Python Package with several state-of-the-art PPMs already implemented, and also accessible through a Web application. Privkit constitutes a unified toolkit that makes the dissemination of new privacy-preserving methods easier and also facilitates reproducibility of research results, through a repository of Jupyter Notebooks that enable reproduction of research results.

Abstract
In an era dominated by Location-Based Services (LBSs), the concern of preserving location privacy has emerged as a critical challenge. To address this, Location Privacy-Preserving Mechanisms (LPPMs) were proposed, in where an obfuscated version of the exact user location is reported instead. Adding to noise-based mechanisms, location discretization, the process of transforming continuous location data into discrete representations, is relevant for the efficient storage of data, simplifying the process of manipulating the information in a digital system and reducing the computational overhead. Apart from enabling a more efficient data storage and processing, location discretization can also be performed with privacy requirements, so as to ensure discretization while providing privacy benefits. In this work, we propose a Privacy-Aware Remapping mechanism that is able to improve the privacy level attained by Geo-Indistinguishability through a tailored pre-processing discretization step. The proposed remapping technique is capable of reducing the re-identification risk of locations under Geo-Indistinguishability, with limited impact on quality loss.

Abstract
Location Privacy-Preserving Mechanisms (LPPMs) have been proposed to mitigate the risks of privacy disclosure yielded from location sharing. However, due to the nature of this type of data, spatio-temporal correlations can be leveraged by an adversary to extenuate the protections. Moreover, the application of LPPMs at collection time has been limited due to the difficulty in configuring the parameters and in understanding their impact on the privacy level by the end-user. In this work we adopt the velocity of the user and the frequency of reports as a metric for the correlation between location reports. Based on such metric we propose a generalization of Geo-Indistinguishability denoted Velocity-Aware Geo-Indistinguishability (VA-GI). We define a VA-GI LPPM that provides an automatic and dynamic trade-off between privacy and utility according to the velocity of the user and the frequency of reports. This adaptability can be tuned for general use, by using city or country-wide data, or for specific user profiles, thus warranting fine-grained tuning for users or environments. Our results using vehicular trajectory data show that VA-GI achieves a dynamic trade-off between privacy and utility that outperforms previous works. Additionally, by using a Gaussian distribution as estimation for the distribution of the velocities, we provide a methodology for configuring our proposed LPPM without the need for mobility data. This approach provides the required privacy-utility adaptability while also simplifying its configuration and general application in different contexts.