Track-based services, such as road pricing, usage-based insurance, and sports trackers, require users to share entire tracks of locations, however this may seriously violate users’ privacy. Existing privacy methods suffer from the fact that they degrade service quality when adding privacy. In this paper, we present the concept of privacy by substitution that addresses the problem without degrading service quality by substituting location tracks with less privacy invasive behavioral data extracted from raw tracks of location data or other sensing data. We explore this concept by designing and implementing TracM, a track-based community service for runners to share and compare their running performance. We show how such a service can be implemented by substituting location tracks with less privacy invasive behavioral data. Furthermore, we discuss the lessons learned from building TracM and discuss the application of the concept to other types of track-based services.
Lecture Notes of the Institute for Computer Sciences, Social-informatics and Telecommunications Engineering: 4th International Conference, Mobisec 2012, Frankfurt Am Main, Germany, June 25-26, 2012, Revised Selected Papers, 2012, p. 107-118