Section: New Software and Platforms

Location Guard

Participants : Konstantinos Chatzikokolakis [correspondant] , Marco Stronati.


The purpose of Location Guard is to protect the user’s location during the use of a location-based service, in an easy and intuitive way that makes it available to the general public. Various modern applications, running either on smartphones or on the web, allow third parties to obtain the user's location. A smartphone application can obtain this information from the operating system using a system call, while web application obtain it from the browser using a JavaScript call.

Although both mobile operating systems and browsers require the user's permission to disclose location information, the user faces an “all-or-nothing” choice: either disclose his exact location and give up his privacy, or stop using the application. This forces many users to disclose their location, although ideally they would like to enjoy some privacy.

The API level of a browser or an operating system is an ideal place for integrating a location obfuscation technique, in a way that is easy to understand for the average user, and readily available to all applications. When an application asks for the user's location, the browser or operating system can ask the user's permission, but including the option to provide an obfuscated location instead of the real one! Different levels of obfuscation can be also offered, so that the user can chose to provide more accurate location to applications that really need it, and more noisy location to those that don't.

In 2015, Location Guard matured with several additions and fixes throughout the year, and was selected by Mozilla as the pick of the month for June 2015, confirming the users' general interest in location privacy.

Moreover in 2015 we set the foundations for actively using Location Guard as a platform for performing research on location privacy. Since location data are sensitive, since the creation of Location Guard we chose to collect no data whatsoever from the users. However, such data are invaluable for research purposes. As a consequence, we created a framework for locally collecting data at the user's machine, perform an analysis also locally, and collect back only the results of the analysis for research purposes.