BDP: Dynamic Collection and Publishing of Continuous CheckIn Data with BestEffort Differential Privacy
Abstract
:1. Introduction
 If the EDU is to be satisfied first, then privacy protection may be no longer to be guaranteed by DP, how does it evaluate the guarantee degree of satisfying EPP as much as possible under BDP?
 If there is a reasonable metric for the guarantee degree of satisfying EPP as much as possible under BDP, does it exist an implementation mechanism (or algorithm) to realize BDP?
1.1. Our Contributions
 A privacy protection concept of BDP and two metrics of privacy guarantee degree are put forward. BDP discussed in this paper is an expansion of the concept of DP, which can satisfy the EDU first and then provide the EPP as much as possible to be usefull for realworld applications. It uses two new metrics including the point belief degree (see Definition 4) and the regional average belief degree (see Definition 5) to quantify the degree of privacy protection for any expected privacy budget (see Section 4.2), rather than for DP itself by the privacy budget $\u03f5$ to evaluate only one EPP with the expected privacy budget equal to $\u03f5$. In addition, the regional average belief degree can be used as the average guarantee degree of the EPP in a region including multiple expected privacy budgets. To the best of our knowledge, it is a new discussion and definition of BDP that is different from the existing literature, and it uses two new metrics to explore and analyze the performance of privacy from a new perspective of the preference for privacy.
 An EXP${}_{Q}$ mechanism is proposed (see Definition 10). The newly constructed EXP${}_{Q}$ mechanism can be used to the categorical data for privacy protection, which smartly alters the privacy budget based on its probability in the data distribution to make itself to realize a better BDP compared to the existing KRR mechanism [24,25]. Thereby, it also verifies that BDP can be better realized to provide a good tradeoff between privacy and utility.
 The dynamic algorithm with the implementation algorithms of two perturbation mechanisms is proposed to realize the dynamic collection and publishing of continuous checkin data and meanwhile to satisfy BDP. The two perturbation mechanisms include the newly constructed EXP${}_{Q}$ and a classical DP mechanism KRR [25,26] (a simple local differential privacy (LDP) mechanism). We take KRR as an example to show how to realize BDP based on the existing DP mechanisms for the categorical data. Moreover, the number of domain values of both KRR and EXP${}_{Q}$ is more than 2 and both the randomized algorithms based on them only take one value as input and one value as output. In addition, the dynamic algorithm can also be used to other applications of social behavior except checkin data.
1.2. Outline
2. Related Work
 Tradeoff model with utility first. The majority of DP research is based on the tradeoff model with privacy first, while there are few relevant ones on the tradeoff model with utility first. Therein, Katrina et al. [30] proposed a generalized “noise reduction” framework based on the modified “Above Threshold” algorithm [33] to minimize the empirical risk of privacy (ERM) on the premise of utility priority, but the scheme is only applicable to the framework that minimizes the empirical risk of privacy, where the privacy minimized may not be able to meet the EPP. Liu et al. proposed firstly that DP satisfies the monotonic tradeoff between privacy and utility and its associated bounded monotone tradeoff under the semihonest model. They showed that there is no tradeoff under the rational model, while unilateral tradeoff could lead to utility disaster or privacy disaster [18,23,34]. They also presented an adaptive DP and its mechanisms under the rational model, which can realize the tradeoff between approximately EDU and EPP by adding conditional filtering noise [23], but the mechanisms are probably not able to meet the expectation of data provider for privacy protection and are easily attacked by background knowledge because of the adding conditional filtering noise. Most importantly, the above two utilityfirst research [23,30] do not provide a quantitative metrics of the unmet privacy protection or the unmet degree of EPP, whereas this paper presents two detailed quantitative metrics including the point belief degree and the regional average belief degree to evaluate the privacy from a new perspective of preference for privacy.
 Utility metrics of relative error. Maryam et al. [31] presented DP in realworld applications, which discussed how to add Laplace [12] noise from a view of utility. They studied the relationship between the cumulative probability of noise and the privacy level in Laplace mechanism and combined with the relative error metrics to discuss how to use a DP mechanism reasonably without losing the established utility. However, the literature does not delve into the details that how the guarantee degree of privacy protection will be changed when utility is satisfied. Xiao et al. [18] presented a DP publishing algorithm on a batch query using resampling technique of correlation noise to reduce noise added and improve data utility. When the algorithm picks the priority items each time, it is based on the intermediate results with noise, and the intermediate results with noise are not enough to reflect the original order of data. In this way, there is a bias in adjusting the privacy budget allocation, which may cause the query items that should be optimized to be not optimized, thus affecting the utility of published data. However, the literature is a classical example of optimizing utility with privacy first, which runs counter to the theme of this paper. In addition, the above two schemes are essentially based on the central DP and use continuous Laplace mechanism, which are different from the LDP (discrete) data statistics and release required by the checkin application in this paper. Therefore, these schemes cannot be directly applied to the applications this paper considers.
 LDP mechanisms. In 1965, Warner first proposed the randomized response technique (WRR) to collect statistical data on sensitive topics and keep the sensitive data of contributing individuals confidential [35]. Although WRR can strictly satisfy $\u03f5$LDP [25] in one survey statistics, multiple collections on the same survey individuals will weaken the privacy protection intensity [12]. Therefore, Erlingsson et al. [28] used a double perturbation scheme combining permanent randomized response with instantaneous randomized response, namely, RAPPOR, to expand the application of WRR, and it has been used by Google in Chrome browser to collect users’ behavior data. In addition, RAPPOR also uses Bloom Filter technology [36] as the encoding method, which maps the statistical attributes into a binary vector. Finally, the mapping relation and Lasso regression method [37] are combined to reconstruct the frequency statistics corresponding to the original attribute string. Due to the high communication cost of RAPPOR, Bassily et al. [32] proposed the SHist method. In the method, each user first encodes his attributes, then randomly selects one of the bits and uses the randomized response technique to perturb it, and finally sends the result of the perturbation to the data collector, so as to reduce the communication cost. Chen et al. [29] proposed a PCEP mechanism and designed a PLDP (personalized LDP) applied to spatial data with it, aiming to protect the users’ location information and count the number of users in the area. Therein, the privacy budget of the scheme is determined by the users’ personalization, and hence the utility depends on the users’ individual behavior settings. In addition, the mechanism combines the SHist [32] method and adopts the random projection technique [38]. Although it can greatly reduce the communication cost, it still has the problem of unstable query precision. Based on the checkin application with multiple checkin spots in this paper, the KRR mechanism [24,25] just easily fits this application with no prior data distribution knowledge, but it is not very good for BDP. In addition, DP has already been studied in these applications, such as social networks [39,40], recommender systems [41], data publishing [42,43,44], deep learning [45], reinforcement learning [46] and federated learning [47].
3. Preliminaries
3.1. Differential Privacy (DP)
3.2. KRR Mechanism
3.3. Utility Metrics
4. Problem Formulations
4.1. System Model
4.2. The Related Concepts of BDP
4.3. Model Symbolization
5. Design and Implementation of BDP Mechanism
5.1. BDP Mechanism Based on KRR
5.2. BDP Mechanism Based on EXP${}_{Q}$
5.3. Implementation of BDP Machanism
Algorithm 1 BDP machanism based on KRR. 
Input: Probability distribution $\mathbf{p}={[{p}_{1},{p}_{2},\cdots ,{p}_{n}]}^{T}$, sample size m and expected data utility (EDU) $\eta $ 
Output: Privacy budget ${\u03f5}_{\eta}$ and perturbation probability matrix Q 

Algorithm 2 BDP mechanism based on EXP${}_{Q}$. 
Input: Probability distribution $\mathbf{p}={[{p}_{1},{p}_{2},\cdots ,{p}_{n}]}^{T}$, sample size m, expected data utility (EDU) $\eta $, expected privacy budget ${\u03f5}_{e}$ (or expected privacy protection region $Region({\u03f5}_{e})=\{{\u03f5}_{{e}_{1}},{\u03f5}_{{e}_{2}},\cdots ,{\u03f5}_{{e}_{K}}\}$ with ${\u03f5}_{{e}_{1}}<{\u03f5}_{{e}_{2}}<\cdots <{\u03f5}_{{e}_{K}}$) 
Output: Privacy setting parameter ${\gamma}_{\eta}$, the parameter of privacy protection intensity change point ${\kappa}_{n}$, perturbation probability matrix Q and actual privacy budget ${\u03f5}_{i}$ of $PO{I}_{i}$ for $i\in [1,n]$ 

5.4. Case Analysis of Point Belief Degree and Regional Average Beleif Degree
6. BDP Dynamic Collection and Publishing Algorithm Design
Algorithm 3 BDP dynamic collection and publishing of checkin data algorithm—(KRR/EXP${}_{Q}$). 

7. Experimental Evaluation of BDP Dynamic Collection and Publishing Algorithm
7.1. Experimental Settings
7.2. Validity and Robustness Evaluation
7.3. Utility and Privacy Evaluation
8. Discussions and Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Appendix A. Proof of Theorem 5
 (1)
 For ${\kappa}_{n}\in [1,n1]$,
 (i)
 if $1\le i\le {\kappa}_{n}$, then ${\u03f5}_{i}=\gamma (1{p}_{i+1})$;
 (ii)
 if ${\kappa}_{n}<i\le n1$ and ${\kappa}_{n}\le n2$, then ${\u03f5}_{i}=\gamma (1+{p}_{ni+{\kappa}_{n}})$;
 (iii)
 if ${\kappa}_{n}<i=n$, then ${\u03f5}_{n}=\gamma (1+{p}_{{\kappa}_{n}+1})$.
 (2)
 For ${\kappa}_{n}=0$,
 (i)
 if $1\le i\le n1$, then ${\u03f5}_{i}=\gamma (1+{p}_{ni})$;
 (ii)
 if $i=n$, then ${\u03f5}_{n}=\gamma (1+{p}_{1})$.
 (3)
 For ${\kappa}_{n}=n$,
 (i)
 if $1\le i\le n1$, then ${\u03f5}_{i}=\gamma (1{p}_{i+1})$;
 (ii)
 if $i=n$, then ${\u03f5}_{n}=\gamma (1{p}_{n})$.
Appendix B. Proof of A1
Appendix C. Proof of Theorem A2
References
 Patil, S.; Norcie, G.; Kapadia, A.; Lee, A.J. Reasons, rewards, regrets: Privacy considerations in location sharing as an interactive practice. In Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS), Washington, DC, USA, 11–13 July 2012; pp. 1–15. [Google Scholar]
 Patil, S.; Norcie, G.; Kapadia, A.; Lee, A. “Check out where I am!”: Locationsharing motivations, preferences, and practices. In Proceedings of the Extended Abstracts on Human Factors in Computing Systems (CHI), Austin, TX, USA, 5–10 May 2012; pp. 1997–2002. [Google Scholar]
 Lindqvist, J.; Cranshaw, J.; Wiese, J.; Hong, J.; Zimmerman, J. I’m the mayor of my house: Examining why people use foursquarea socialdriven location sharing application. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI), Vancouver, BC, Canada, 7–12 May 2011; pp. 2409–2418. [Google Scholar]
 Guha, S.; Birnholtz, J. Can you see me now?: Location, visibility and the management of impressions on foursquare. In Proceedings of the 15th International Conference on Humancomputer Interaction with Mobile Devices and Services ( MobileHCI), Munich, Germany, 27–30 August 2013; pp. 183–192. [Google Scholar]
 Gruteser, M.; Grunwald, D. Anonymous usage of locationbased services through spatial and temporal cloaking. In Proceedings of the 1st International Conference on Mobile Systems, Applications and Services (MOBISYSP), San Francisco, CA, USA, 5–8 May 2003; pp. 31–42. [Google Scholar]
 Cho, E.; Myers, S.A.; Leskovec, J. Friendship mobility: User movement in locationbased social networks. In Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD), San Diego, CA, USA, 21–24 August 2011; pp. 1082–1090. [Google Scholar]
 Huo, Z.; Meng, X.; Zhang, R. Feel free to checkin: Privacy alert against hidden location inference attacks in GeoSNs. In Proceedings of the International Conference on Database Systems for Advanced Applications (DASFAA), Wuhan, China, 22–25 April 2013; pp. 377–391. [Google Scholar]
 Naghizade, E.; Bailey, J.; Kulik, L.; Tanin, E. How private can I be among public users? In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UBICOMP), Osaka, Japan, 7–11 September 2015; pp. 1137–1141. [Google Scholar]
 Rossi, L.; Williams, M.J.; Stich, C.; Musolesi, M. Privacy and the city: User identification and location semantics in locationbased social networks. In Proceedings of the 9th International AAAI Conference on Web and Social Media (ICWSM), Oxford, UK, 26–29 May 2015; pp. 387–396. [Google Scholar]
 Sweeney, L. kanonymity: A model for protecting privacy. Int. J. Uncertain. Fuzz. 2002, 10, 557–570. [Google Scholar] [CrossRef] [Green Version]
 Machanavajjhala, A.; Kifer, D.; Gehrke, J.; Venkitasubramaniam, M. ldiversity: Privacy beyond kanonymitty. ACM Trans. Knowl. Discov. Data 2007, 1, 3–54. [Google Scholar] [CrossRef]
 Dwork, C.; McSherry, F.; Nissim, K.; Smith, A. Calibrating noise to sensitivity in private data analysis. In Proceedings of the 3rd Theory of Cryptography Conference (TCC), New York, NY, USA, 4–7 March 2006; pp. 265–284. [Google Scholar]
 Hay, M.; Rastogi, V.; Miklau, G.; Dan, S. Boosting the accuracy of differentially private histograms through consistency. arXiv 2010, arXiv:0904.0942v5. [Google Scholar] [CrossRef] [Green Version]
 Xiao, X.; Wang, G.; Gehrke, J. Differential privacy via wavelet transforms. IEEE Trans. Knowl. Data Eng. 2011, 23, 1200–1214. [Google Scholar] [CrossRef]
 Rastogi, V.; Nath, S. Differentially private aggregation of distributed timeseries with transformation and encryption. In Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data (SIGMOD), Indianapolis, IN, USA, 6–10 June 2010; pp. 735–746. [Google Scholar]
 Dwivedi, A.D.; Singh, R.; Ghosh, U.; Mukkamala, R.R.; Tolba, A.; Said, O. Privacy preserving authentication system based on noninteractive zero knowledge proof suitable for internet of things. J. Amb. Intel. Hum. Comp. 2021, in press. [Google Scholar]
 Dwork, C. Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages, and Programming (ICALP), Venice, Italy, 10–14 July 2006; pp. 1–12. [Google Scholar]
 Xiao, X.; Bender, G.; Hay, M.; Gehrke, J. iReduct: Differential privacy with reduced relative errors. In Proceedings of the 2011 ACM SIGMOD International Conference on Management of data (SIGMOD), Athens, Greece, 12–16 June 2011; pp. 229–240. [Google Scholar]
 Liu, H.; Wu, Z.; Zhou, Y.; Peng, C.; Tian, F.; Lu, L. Privacypreserving monotonicity of differential privacy mechanisms. Appl. Sci. 2018, 8, 2081. [Google Scholar] [CrossRef] [Green Version]
 Dwork, C.; Kenthapadi, K.; McSherry, F.; Mironov, I.; Naor, M. Our data, ourselves: Privacy via distributed noise generation. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), St. Petersburg, Russia, 28 May–1 June 2006; pp. 486–503. [Google Scholar]
 Tang, J.; Korolova, A.; Bai, X.; Wang, X.; Wang, X. Privacy loss in Apple’s implementation of differential privacy on MacOS 10.12. arXiv 2017, arXiv:1709.02753. [Google Scholar]
 Dwork, C. Differential privacy: A survey of results. In Proceedings of the International Conference on Theory and Applications of Models of Computation (TAMC), Xi’an, China, 25–29 April 2008; pp. 1–19. [Google Scholar]
 Liu, H.; Wu, Z.; Peng, C.; Tian, F.; Lu, H. Adaptive gaussian mechanism based on expected data utility under conditional filtering noise. KSII Trans. Internet. Inf. 2018, 12, 3497–3515. [Google Scholar]
 Kairouz, P.; Bonawitz, K.; Ramage, D. Discrete distribution estimation under local privacy. In Proceedings of the 33rd International Conference on Machine Learning (ICML), New York, NY, USA, 19–24 June 2016; pp. 2436–2444. [Google Scholar]
 Kairouz, P.; Oh, S.; Viswanath, P. Extremal mechanisms for local differential privacy. In Proceedings of the 27th International Conference on Neural Information Processing Systems (NIPS), Cambridge, MA, USA, 8–13 December 2014; pp. 2879–2887. [Google Scholar]
 Duchi, J.C.; Jordan, M.I.; Wainwright, M.J. Local privacy and statistical minimax rates. In Proceedings of the 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS), Berkeley, CA, USA, 26–29 October 2013; pp. 429–438. [Google Scholar]
 Hale, M.T.; Egerstedty, M. Differentially private cloudbased multiagent optimization with constraints. In Proceedings of the 2015 American Control Conference (ACC), Chicago, IL, USA, 1–3 July 2015; pp. 1235–1240. [Google Scholar]
 Erlingsson, U.; Pihur, V.; Korolova, A. Rappor: Randomized aggregatable privacypreserving ordinal response. In Proceedings of the 2014 ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ, USA, 3–7 November 2014; pp. 1054–1067. [Google Scholar]
 Chen, R.; Li, H.; Qin, A.K.; Kasiviswanathan, S.P.; Jin, H. Private spatial data aggregation in the local setting. In Proceedings of the 2016 IEEE 32nd International Conference on Data Engineering (ICDE), Helsinki, Finland, 16–20 May 2016; pp. 289–300. [Google Scholar]
 Ligett, K.; Neel, S.; Roth, A.; Bo, W.; Wu, Z.S. Accuracy first: Selecting a differential privacy level for accuracyconstrained ERM. In Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS), Red Hook, NY, USA, 4–9 December 2017; pp. 2563–2573. [Google Scholar]
 Shoaran, M.; Thomo, A.; Weber, J. Differential privacy in practice. In Proceedings of the Workshop on Secure Data Management (SDM), Istanbul, Turkey, 27 August 2012; pp. 14–24. [Google Scholar]
 Bassily, R.; Smith, A. Local, private, efficient protocols for succinct histograms. In Proceedings of the 47th annual ACM symposium on Theory of Computing (STOC), Portland, OR, USA, 14–17 June 2015; pp. 127–135. [Google Scholar]
 Dwork, C.; Roth, A. The Algorithmic Foundations of Differential Privacy; Now Publisher: Norwell, MA, USA, 2014; pp. 28–64. [Google Scholar]
 Liu, H.; Wu, Z.; Zhang, L. A Differential Privacy Incentive Compatible Mechanism and Equilibrium Analysis. In Proceedings of the 2016 International Conference on Networking and Network Applications (NaNA), Hakodate, Hokkaido, Japan, 23–25 July 2016; pp. 260–266. [Google Scholar]
 Warner, S.L. Randomized response: A survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 1965, 60, 63–69. [Google Scholar] [CrossRef] [PubMed]
 Bloom, B.H. Space/time tradeoffs in hash coding with allowable errors. ACM Commun. 1970, 13, 422–426. [Google Scholar] [CrossRef]
 Tibshirani, R. Regression shrinkage and selection via the Lasso. J. R. Stat. Soc. B 1996, 58, 267–288. [Google Scholar] [CrossRef]
 Blum, A.; Ligett, K.; Roth, A. A learning theory approach to noninteractive database privacy. J. ACM 2013, 60, 1–25. [Google Scholar] [CrossRef]
 Huang, H.; Zhang, D.; Xiao, F.; Wang, K.; Gu, J.; Wang, R. Privacypreserving approach PBCN in social network with differential privacy. IEEE Trans. Netw. Serv. Man. 2020, 17, 931–945. [Google Scholar] [CrossRef]
 Hu, X.; Zhu, T.; Zhai, X.; Zhou, W.; Zhao, W. Privacy data propagation and preservation in social media: A realworld case study. IEEE Trans. Knowl. Data Eng. 2021, in press. [Google Scholar]
 Shin, H.; Kim, S.; Shin, J.; Xiao, X. Privacy enhanced matrix factorization for recommendation with local differential privacy. IEEE Trans. Knowl. Data Eng. 2018, 30, 1770–1782. [Google Scholar] [CrossRef]
 Huang, W.; Zhou, S.; Zhu, T.; Liao, Y. Privately publishing internet of things data: Bring personalized sampling into differentially private mechanisms. IEEE Internet Things 2008, 9, 80–91. [Google Scholar] [CrossRef]
 Ou, L.; Qin, Z.; Liao, S.; Hong, Y.; Jia, X. Releasing correlated trajectories: Towards high utility and optimal differential privacy. IEEE Trans. Depend. Secur. Comput. 2020, 17, 1109–1123. [Google Scholar] [CrossRef]
 Ren, X.; Yu, C.M.; Yu, W.; Yang, S.; Yang, X.; McCann, J.A.; Yu, P.S. LoPub: Highdimensional crowdsourced data publication with local differential privacy. IEEE Trans. Inf. Forensics Secur. 2018, 13, 2151–2166. [Google Scholar] [CrossRef] [Green Version]
 Chamikara, M.A.P.; Bertok, P.; Khalil, I.; Liu, D.; Camtepe, S.; Atiquzzaman, M. Local differential privacy for deep learning. IEEE Internet Things 2020, 7, 5827–5842. [Google Scholar]
 Ye, D.; Zhu, T.; Cheng, Z.; Zhou, W.; Yu, P.S. Differential advising in multiagent reinforcement learning. IEEE Trans. Cybern. 2020, in press. [Google Scholar]
 Ying, C.; Jin, H.; Wang, X.; Luo, Y. Double Insurance: Incentivized federated learning with differential privacy in mobile crowdsensing. In Proceedings of the 2020 International Symposium on Reliable Distributed Systems (SRDS), Shanghai, China, 21–24 September 2020; pp. 81–90. [Google Scholar]
 McSherry, F.; Talwar, K. Mechanism design via differential privacy. In Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Providence, RI, USA, 21–23 October 2007; pp. 94–103. [Google Scholar]
 McSherry, F.D. Privacy integrated queries: An extensible platform for privacypreserving data analysis. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data (SIGMOD), New York, NY, USA, 29 June–2 July 2009; pp. 19–30. [Google Scholar]
 Garofalakis, M.; Kumar, A. Wavelet synopses for general error metrics. ACM Trans. Database Syst. 2005, 30, 888–928. [Google Scholar] [CrossRef]
 Vitter, J.S.; Wang, M. Approximate computation of multidimensional aggregates of sparse data using wavelets. ACM Sigm. Rec. 1999, 28, 193–204. [Google Scholar] [CrossRef]
 Gini, C. Measurement of inequality of incomes. Econ. J. 1921, 31, 124–126. [Google Scholar] [CrossRef]
Selected Papers  Mechanism  Utility First  Privacy First  Privacy Metrics  Utility Metrics  EPP & EDU Involved 

Katrina et al. [30]  Laplace  Yes  No  Central DP  Absolute error  No 
Liu et al. [23]  Gauss with conditional filtering noise  Yes  No  Central DP  Relative error  Yes, but it may not provide EPP as much as possible 
Maryam et al. [31]  Laplace  No  Yes  Central DP  Relative error  No 
Xiao et al. [18]  Laplace  No  Yes  Central DP  Relative error  No 
Kairouz et al. [25]  WRR  No  Yes  LDP  KL divergence  No 
Erlingsson et al. [28]  RAPPOR  No  Yes  LDP  Standard deviation  No 
Bassily et al. [32]  SHist  No  Yes  LDP  Absolute error  No 
Chen et al. [29]  PCEP  No  Yes  PLDP  KL divergence/relative error  No 
Kairouz et al. [24,25]  KRR  No  Yes  LDP  KL divergence  No 
Our paper  EXP${}_{Q}$  Yes  No  (Local) BDP  Relative error  Yes, and it provides EPP as much as possible 
Symbol  Description 

EDU  Expected data utility 
EPP  Expected privacy protection 
${\epsilon}_{e}$  Expected privacy budget 
Region(${\u03f5}_{e}$)  Expected privacy protection region around ${\u03f5}_{e}$ 
$\eta $  Expected data utility 
${\u03f5}_{\eta}$  The privacy budget of a differential privacy mechanism that just meets the expected data utility $\eta $ 
${C}_{{\u03f5}_{e}}$  Point belief degree of ${\u03f5}_{e}$ 
${C}_{Region({\u03f5}_{e})}$  Regional average belief degree of Region(${\u03f5}_{e}$) 
$\mathbf{p}$  Original data distribution 
$\tilde{\mathbf{p}}$  Perturbed data distribution 
$\widehat{\mathbf{p}}$  Estimated data distribution 
S  Checkin state space 
$\mathbf{h}(\mathbf{S})$  Original checkin counts vector 
$\tilde{\mathbf{h}}(\mathbf{S})$  Perturbed checkin counts vector 
$\widehat{\mathbf{h}}(\mathbf{S})$  Estimated checkin counts vector 
Q  Perturbation probability matrix 
${q}_{ij}$  The perturbation probability of the original checkin state ${S}_{j}$ to the checkinstate ${S}_{i}$ 
KRR  kary randomized response mechanism 
EXP${}_{Q}$  Perturbation mechanism 
$\gamma $  Privacy setting parameter 
${\gamma}_{\eta}$  Privacy setting parameter with satisfying the expected data utility $\eta $ 
${\kappa}_{n}$  The parameter of privacy protection intensity change point 
w  Modified estimate parameter 
Re${}_{thredthold}$  Update threshold parameter 
$err(\mathbf{p},\widehat{\mathbf{p}})$  The maximum relative error between $\mathbf{p}$ and $\widehat{\mathbf{p}}$ 
Pareto Distribution  $\mathit{\theta}$  Gini Coefficient 

P1  1.55  0.4471 
P2  1.17  0.3884 
P3  0.52  0.2784 
Datasets  Data Distributions  Gini Coefficient 

Gowalla  G1  0.2357 
G2  0.3488  
G3  0.4465  
Brightkite  B1  0.2849 
B2  0.3488  
B3  0.4628 
Mechanisms  Brightkite  Gowalla  

B1  B2  B3  G1  G2  G3  
EXP${}_{Q}$  0.045  0.06  0.15  0.18  0.25  0.4 
KRR  0.035  0.055  0.15  0.18  0.25  0.4 
$\mathit{\eta}$  Mechanisms  Data Distributions  

B1  B2  B3  G1  G2  G3  
0.1  EXP${}_{Q}$  1.738  1.874  6.627  2.928  4.429  5.774 
KRR  1.55  1.83  6.71  2.65  4.09  5.695  
0.08  EXP${}_{Q}$  2.017  2.128  6.967  3.204  4.688  6.072 
KRR  1.91  2.01  7.065  2.945  4.505  5.955  
0.05  EXP${}_{Q}$  2.568  2.751  7.995  3.858  5.451  7.041 
KRR  2.435  2.57  7.95  3.66  5.375  6.995 
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. 
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Chen, Y.; Xu, Z.; Chen, J.; Jia, S. BDP: Dynamic Collection and Publishing of Continuous CheckIn Data with BestEffort Differential Privacy. Entropy 2022, 24, 404. https://doi.org/10.3390/e24030404
Chen Y, Xu Z, Chen J, Jia S. BDP: Dynamic Collection and Publishing of Continuous CheckIn Data with BestEffort Differential Privacy. Entropy. 2022; 24(3):404. https://doi.org/10.3390/e24030404
Chicago/Turabian StyleChen, Youqin, Zhengquan Xu, Jianzhang Chen, and Shan Jia. 2022. "BDP: Dynamic Collection and Publishing of Continuous CheckIn Data with BestEffort Differential Privacy" Entropy 24, no. 3: 404. https://doi.org/10.3390/e24030404