Paper 2015/496

Quantifying Location Privacy Leakage from Transaction Prices

Arthur Gervais, Hubert Ritzdorf, Mario Lucic, and Srdjan Capkun

Abstract

Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers’ purchase histories have on the consumers’ location privacy. We show that using a small set of low-priced product prices from the consumers’ purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers’ purchase history (e.g., for privacy reasons), information about the consumers’ location is leaked. The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. In addition, we show how to identify the local currency, given only the total price of a consumer purchase in a global currency (e.g., in Bitcoin). The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.