[guardian-dev] differential privacy for traffic and map routing?

[Greg Troxel]

Sorry if this is too far OT; just tell me and I'll endeavor to remember.

When a bunch of users want to report a metric, then they can add a
random value that's big enough to obscure it and report, and the only
thing that is revealed is that the user is using the app.  That assumes
that app users report the metric without depending on some user
behavior.

Currently, various map programs report traffic data, which is useful for
helping others.  But it's very concerning privacy wise.  One could
report over tor, and for things that are infrequent that many people are
expected to pass, that might be enough (police here, crash there).

In a discussion about improving open-source routing with OSM, it
occurred to me that it would be useful to have data about "the speed on
this road is usually X', vs X posted limit", and "when turning from A to
B, the time taken is Y seconds longer than would be computed by
traveling at A's normal speed to the turn point and instantaneously
turning to go along B and B's normal speed".  Similarly for stop signs
and traffic lights.

Different users have different mobility patterns and thus will report
different things.  This will lead to identifying them, even if the times
are blinded by differential privacy.  What's needed is to dissociate the
reports from each other.

Perhaps, an approach for typical traffic is to save the reports over a
week, and then in each new week, spread them randomly over that week,
with a fresh tor circuit for each.

For crashes/etc., and for speeds well below normal, perhaps a single
live report over tor is ok, for each user, once a week, perhaps with a
geofence to exclude.

Thoughts on how to do this better are welcome.  I know what I said is
very half baked.

Greg