In this systematic review, we have included 36 papers in an attempt to focus on the papers that covered users’ geospatial and social characteristics and at the same time identify location privacy issues. For the purposes of our study, it was important to proceed with a categorization of the papers that to the best of our knowledge have already discussed geolocation and social identity issues. That was our primary goal when organizing the respective subsections, namely geosocial networks; users’ identity through geolocation information; identifying users’ identity—location privacy concerns and identifying users’ identity—threats; attributes of geolocation information and digital identities; location privacy issues through geolocation information, and digital identities attributes. More specifically, the papers have been divided into the following six categories: namely, papers that refer to geosocial networks, papers discussing the representation of user’s identity in geosocial networks through geolocation information, papers that examine users’ concerns and privacy issues, and papers focusing on threats that may arise due to the information leak of a user’s location. After that, we also focus on matching attributes of geolocation information to attributes of social identity, and we discuss the location privacy issues that arise due to geolocation information or digital identities attributes disclosure.
In particular, this categorization of the papers reflects the rationale of our study. First and foremost, it was important to gain a better understanding of geosocial networks, which is considered to be a milestone in deepening our study. That is because building upon the way that users tend to use social media and at the same time represent themselves while online may raise questions about their online representation, which apart from social characteristics, utilizes geospatial descriptions. On the second category we focus on geospatial landmarks that frequently aim to add social characteristics to users profiles, i.e., social media users may state the name of their institution not only to describe their place in the world but rather represent themselves as members of academia or alumni of a higher institution in order to offer their online representations an educational status [12
]. Deepening our understanding of geosocial networks and how users represent themselves online, we move to the third category, as we cannot disregard users’ privacy concerns. It is worth mentioning that although users seem to express their concerns about potential information leaks and malicious users, they do not hesitate to use geosocial networks or geotag themselves [6
]. That incompatibility, which has already caught our attention in the introduction, motivates us to shed light upon the fourth category of papers in our study, which aims to identify possible threats (malware or private profit) that could harm users’ online activity. The fifth category of papers matches geolocation attributes to attributes of social identity, while the sixth category discusses location privacy issues, which should be discussed due to the leaks related to geolocation information or digital identities attributes.
3.2. Users’ Identity through Geolocation Information
The papers included in this category discuss how geolocation information is descriptive enough to provide specific information about users’ identity through location infuriation.
Location-sharing applications (LSAs) as a part of location-based services support current location sharing among users. Tang, Lin, Hong, Siewiorek, and Sadeh in [15
] take a closer look at the way that people share their geolocation information, using one-to-one or one-to-many sharing. In addition, this paper focuses on the difference of revealing a user’s location based on the purpose, meaning for purpose-driven or social-driven purpose. The study focuses on the social-driven purpose and concludes that “social-driven location sharing favored semantic location names, blurring of location information, and using location information to attract attention and boost self-presentation” (p. 10). The study was carried out on a limited number of participants for a limited period of time, while participants were all members of the academic community. That is, users tend to disclose their location information in a way that boosts their social status in order to catch other users ‘attention. The next two articles can serve our purpose as examples of how users utilize location-aware services to represent themselves, adding desirable characteristics to their identities.
Bao, Zheng, and Mokbel suggest a location recommender system that is constituted of offline modeling (social knowledge learning and personal preference discovery), and online recommendation (preference aware candidate selection and location rating calculation) [16
]. This paper investigates users’ location histories in order to understand their preferences while traveling to a new city. The authors identify two main challenges that are linked to specifying users’ preferences and defining a rating for a user’s unknown place. Location recommendations match users’ interests with nearby places by following specific requirements, namely user preferences, the current location of the user and the opinions of a location given by other users. The contribution of the study is proposing a location-based and preference-aware recommendation system that takes care of both user preferences, which are inferred by his/her location history, and social opinions, which are derived from local experts’ location histories. For example, a user that identifies herself as “sommelier” has already provided information on her inclination from previous logs, and thus can acquire information on places of interest, e.g., wine bars, from other users with the same expertise.
Location-aware services are also employed in a number of dating applications, which are commonly used to match nearby individuals who are interested in meeting new partners. Birnholtz, Fitzpatrick, Handel, and Brubaker carry out a survey on how men who have sex with men (a term that refers to both people who identify themselves as gay and people who do not identify themselves as such) handle their identities and online information in order to represent themselves through Grindr. The representation is very condensed as far as language is concerned, as the focus is placed on users’ images [12
]. The language is of primary concern for users to identify themselves through a location. According to the study, except for neighborhoods, cities, and states, users tended to locate themselves through universities, as they function as landmarks carrying socio-economic or educational status. The study concludes that neighborhood level was used more often in larger cities, while users used the city-level identification either when they were present or while traveling.
According to Schwartz and Halegoua, [17
] users’ location information can be shared on social media applications in order to represent their identity. The term “spatial self” describes the representation of the user via geocoded online traces, adding information about his/her social sphere. Schwartz and Halegoua’s term is defined as follows: “the spatial self is constituted from a bricolage of personal and collective, private and public meanings and narratives of place” (p. 13). Researchers conclude that in order to analyze geolocation information, it is important to combine both qualitative and quantitative methods. The paper analyzes information retrieved from Instagram, Facebook, and Foursquare. The notion of a spatial self underlines the importance of geolocation information in identifying users’ identity while online in a way that draws on both social identity and geotagging theories, thus constituting one of the key aspects in our analysis.
Drawing on the notion of the spatial self from the aforementioned paper, we should also include Lefebvre’s term of social body while discussing on the notion of space. In other words, the notion of space is thought to be constituted by “living bodies” [18
]. Under this spectrum, social relationships along with the human body, which is perceived as a multi-sensor, are being investigated in the framework of spatial characteristics. In addition, Lefebvre also introduces the notion of everyday life in a way that incorporates “insights on time, multiple temporalities, and the time–body relationship” (p. 7) [18
]. The author’s comment on what time means for Lefebvre is also quite intriguing, as he underlines that “For Lefebvre, time was closely connected with space and apprehended in space, and both enjoyed the same ontological status” (p. 7) [18
]. Lefebvre’s analysis of the social body seems to incorporate all four common attributes between the social and location attributes of our analysis, which should be in accordance with location privacy when designing privacy-aware information systems.
The next paper presents a new study based on graph metrics to analyze geosocial relationships among users by drawing on four popular online social networks. Scellato, Musolesi, Mascolo, and Latora introduce two metrics for geosocial networks: users’ likelihood of exhibiting long (or short)-distance social interactions and the locality of social clusters [19
]. Except for those metrics, the study also measures the tightness of each node. Social relationships are investigated in order to determine the role that distance can play. Close distance is associated with closer bonds when it comes to advertisements; however, it seems that this is not the case when it comes to new broadcasting, even in an online world where distance is not important for social relationships. Distance can play an important role in identifying relationships among users, as it is generally linked to closer bonds among them. However, distance should be associated with additional characteristics, as it is not possible to predict social relationships alone.
3.4. Identifying User’s Identity—Privacy Threats in Geolocation Apps/Services
Another important issue raised by a number of papers is how to address threats related to a user’s identification through the disclosure of their geolocation information by malicious attackers. Duckham and Kulik [4
] define privacy using Alan Westin’s definition: “Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (p. 2), before moving to location privacy, which can be defined as “a special type of information privacy which concerns the claim of individuals to determine for themselves when, how, and to what extent location information about them is communicated to others” (p. 2). The authors argue that location awareness provides a specific context to users’ actions. In other words, that context can endow users with a number of additional characteristics, such as social characteristics. The paper reviews a number of location privacy protection mechanisms that are not advised to be used individually; as a consequence, the authors propose a combination of approaches, such as regulation, privacy policies, anonymity, and obfuscation. Except for discussing the prerequisites under which social characteristics are expected to be shared, this paper underlines the social characteristics that provide context to the protection of location services. Users expect their location information to be handled in a way that matches their social characteristics.
], Liu, Zhou, Zhu, Gao and Xiang review methods used in addressing users’ location privacy concerns, such as cryptography, anonymity, obfuscation, and caching. However, the study underlines two basic obstacles in addressing location privacy, primarily due to the difficulty in making comparisons between location privacy preservation mechanisms and the incompatibility between theory and real social media practice. The authors also identify two potential types of attacks: identity and localization attack. The paper goes a step further and defines location privacy as a subcategory of information privacy by focusing on “the ability of an individual to move in public space with the expectation that under normal circumstances, their location will not be systematically and secretly recorded for later use’’ (p. 4). In other words, the user is willing to sacrifice part of his/her privacy while joining the public sphere as far as the user feels that the sensitive personal information will not be collected or used in a suspicious way. Another key aspect of the aforementioned study is that the representation of location information can be analyzed as a three-dimensional concept, which apart from a specific or abstract location description will also include a user’s identity, spatial information (position), and temporal information (time). The study enumerates the distinctive characteristics of location information; namely, it concludes that it is massive, highly correlated, dynamic, and unequal in importance. Having stressed the importance of location information in disclosing users’ identity, it is of great importance to estimate the value of privacy in terms of an actual price, as it is carried out in the following paragraph.
Danezis, Lewis, and Anderson carry out a study to focus on measuring the price of precise location information by using economic and psychology tools as a potential guide to estimate the amount that the users would be willing to pay for protecting their geolocation information [24
]. Volunteers were exposed to a ‘compensation auction’ to determine a price that would be sufficient in order to share their exact location information, so as to make sure that participants were going to respond truthfully. The median bid according to the results was £10; however, students who were traveling outside the city or who had a partner tended to bid higher. The authors conclude that students may bid lower than the average population due to a lack of spouses, fewer responsibilities, or their environment. This study enables reaching conclusions on how individuals value their geolocation information by providing a representative amount of money for disclosing them. This representation could also be used in estimating the importance of protecting users’ personal information.
Mobile devices that incorporate a variety of sensors have opened a new discussion about mobile crowd sensing (MCS). However useful these incentive mechanisms may be, they have proven to be quite costly for individual workers in terms of time and system resources. Therefore, it is important to provide the necessary incentive mechanisms to boost users’ participation. Those incentives are primarily of economic origin for compensation reasons. The authors in [25
] designed the INCEPTION, which is “a novel MCS system framework with an integrated design of the incentive, data aggregation, and data perturbation mechanism”. In other words, it proposes a weighted data aggregation mechanism that takes into consideration users’ reliability while choosing reliable workers who tend to provide reliable data so as to generate highly accurate aggregated results. The cost of the compensation for sensing and privacy leakage satisfies both truthfulness and individual rationality while minimizing the platform’s total payment for worker recruiting with a guaranteed approximation ratio. Furthermore, INCEPTION guarantees maintaining users’ privacy and the accuracy of the outcomes. INCEPTION was validated using both theoretical analysis and a variety of simulations.
Another paper that combines the utilization of MCS systems while protecting users’ privacy is [26
]. This paper sheds light upon a private incentive mechanism that protects user’s privacy (worker’s bid information), while at the same time aims to incentivize worker participation in MCS systems. More precisely, the author proposes a differentially private incentive mechanism that minimizes the total sum of the payment using an approximation ratio. The proposed platform collects the bids for each set of tasks, and then serves as an auctioneer in order to determine the winner while preserving the privacy of each worker against their co-workers. Except for the theoretical analysis, the paper includes an adequate number of simulations.
Yang et al. [27
] also focus on designing auction-based incentive mechanisms while examining k-anonymity location privacy. As they observe the rise of location-based services (LBSs), such as Foursquare, Google Latitude, and Where, they discuss LBSs as being both informational and entertainment oriented in providing services that handle a user’s geographical position. Simultaneously, they observe that users tend not to be concerned about their location privacy. Thus, the authors need to provide incentives for mobile users to participate in anonymity sets in order to achieve k-anonymity. In this paper, they examine different cases. They initiate their analysis and contribution by considering the case where all users have the same privacy degree requirement. After that, they examine the case in which they have different requirements. Last but not least, the third case refers to a more intriguing case where mobile users can disclose both valuations and requirements. The authors designed auction-based incentive mechanisms for each of the aforementioned cases while following computational efficiency, individual rationality, budget balance, and truthfulness as necessary critical properties that should be met in an auction.
This article also discusses the development of mobile services that are equipped with a variety of different sensors, thus enabling the rise of the crowdsensing paradigm according to which workers who carry mobile devices can complete several tasks related to large-scale sensory data for traffic detection (SmartRoad), transit stations labeling (TransitLabel), air quality monitoring (Aircloud), and noise map construction (Ear-phone) [28
]. Location-aware and location diversity-based offline and online crowdsensing systems are put under discussion. The authors investigate offline crowdsensing, using a combinatorial algorithm to assign tasks to workers. Then, the authors introduced online crowdsensing with dynamic workers and tasks to examine changing spatio-temporal aspects. Lyapunov optimization was incorporated to handle both stochastic characteristics and a fair allocation of worker resources. In [29
], Malin and Airoldi’s focus is on re-identification trails and their potential privacy threats. Re-identification threats may arise through matching users’ location information among different information bases. The study evaluates a number of information sets and links re-identification to the number of people to places. More specifically, using a generative model, Malin and Airoldi infer that “the skew of the distribution of people to places is one of the main factors that drives trail re-identification” (p. 413). The model under discussion estimates the risk of re-identification in case a user’s information is revealed among a set of locations. Special methods and metrics are utilized so as to investigate how different location access behaviors can trace re-identification.
The notion of “re-identification” as it was discussed in [29
] is also deliberated in [30
] by Bettini, Wang, and Jajodia. This paper argues that even if a user’s identity is not clearly revealed, “the geo-localized history of user-requests can act as a quasi-identifier and may be used to access sensitive information about specific individuals” (p. 1). In other words, geolocation information is sensitive information, as it can potentially reveal the link between the real person and the pseudonym under use.
Managing geolocation information that may lead to defining a user’s identity is tackled in [31
]. More precisely, Gedik and Liu focus on how to employ a k-anonymity model in addressing location privacy concerns. The proposed model enables users to “define and modify their location privacy specifications at the granularity of single messages, including the minimum anonymity level requirement, and the inaccuracy tolerances along the temporal and spatial dimensions” (p. 17). Another important aspect of the study is the definition of the “Restricted Space Identification” and “Observation Identification” types of attack. The former addresses the possible connection among upcoming positions of the user after his identity is being revealed, and the latter refers to the matching of “external observation on location-identity binding to a message” (p. 2). The k-anonymity approach to location privacy addresses the de-personification procedure, using perturbation techniques, which are vital before distributing sensitive information to service providers. More precisely, users are given the opportunity to set their privacy preferences in relation to space and time to obscure their online traces.
According to Liu, there are two distinguishable types of location-based services: personal subscriber level privacy and corporate enterprise-level privacy [32
]. This tutorial introduces location l-diversity and location m-invariant in a way that is complementary to k-anonymity so as to further support location privacy in varying location privacy demands. The former refers to the level of privacy that is linked to the user’s preferences, while the latter refers to the level of privacy that is imposed by the enterprise IT experts. Some of the most popular approaches for preserving location privacy can be divided in three categories: Location protection through user-defined or system-supplied privacy policies, Location protection through the anonymous usage of information, and Location protection through applying the pseudonymity of user identities. The authors claim that “location privacy is context sensitive” (p. 2); in that way, there seems to be a continuous fluctuation between users’ need for using location services appropriately and their need for protecting their privacy. In that way, by using k-anonymity, users can address their anonymity set among users, and by using l-diversity, they can address their set of possible locations. M-variant can also provide different routes for mobile users.
], Jagwani and Kaushik underline that sensitive location information can potentially threaten a “user’s identity and integrity” (p. 2). This type of information should be put under meticulous analysis in order to identify both possible attacks and handling mechanisms. The article draws attention to two different ways that location privacy may be affected, more precisely, the kind of information that may be derived and the amount of time that the respective information is stored. The authors list a number of possible privacy attacks along with a proposition for handling them, namely, spatial knowledge attack, location-dependent attacks, multi-query attack, maximum movement boundary attack, trajectory attacks, inversion attacks, query tracking attacks, inference attacks, and other attacks. The authors argue that despite researchers’ privacy protection methods in use, especially after the Location Privacy Protection Act of 2011, there is a considerable number of open issues to address, such as the use of semantics, privacy-preserving location information collection, the application of PIR, and the formalizing of location privacy preservation mechanisms.
Additional techniques for handling a user’s location information are under discussion in [34
]. Freni, Ruiz Vicente, Mascetti, Bettini, and Jensen focus on location privacy, meaning information provided as far as a user’s presence in a place is concerned, and absence privacy, meaning information provided as far as a user’s absence from a place is concerned at a specific time. Users and service providers are highly interested in identifying and putting into practice mutually accepted privacy preferences, as it is common knowledge that geospatial and temporal content may be retrieved through a service provider.
Another paper that deals with privacy threats associated with location privacy and friendship relation privacy while at the same time providing enough information on a user’s location is [35
]. According to Son, Kim, Bhuiyan, Tashakkori, Seo, and Lee, privacy is addressed as multidimensional, consisting of location privacy and identity privacy. According to Mascetti et al.’s definition of complete privacy, it is possible to refer to complete privacy when both location privacy and identity privacy are met. The authors developed a new cryptographic primitive, so that users can be protected from untrusted users while keeping their identity visible to their “friends”. More precisely, the paper identifies three possible attacks, namely, attacks on pseudonym, attacks on location information, and attacks on friendship relation, which are respectively linked to pseudonym indistinguishability, identity/location privacies, and friendship relation privacy as security goals.
Duckham and Kulik also discuss the appropriate level of obfuscation for users to experience the benefits of online location services while at the same time maintaining the desired level of location privacy [8
]. The authors suggest that obfuscation degrades a user’s location information to protect users’ privacy in pervasive computer environments as a method of balancing the amount of information required by the service in order to provide the best results and the amount of information that the user is willing to disclose. In other words, as the authors claim, “the aim of this approach is to use only just enough location information to provide a location-based service: the so-called ‘need to know principle’ or ‘principle of minimal collection’” (p. 15). As potential negative effects can represent a considerable threat to the user, namely “location-based “spam”, “personal wellbeing and safety” or “intrusive inferences” (p. 3), it is important to address through a combination of both already existing methods, such as regulation, privacy policies, anonymity, and pseudonymity and obfuscation techniques. The authors define the scenario and the architecture of the obfuscation system before proceeding to the obfuscation model and algorithms. To address potential heuristic threats, the researchers first categorize and then formalize the methodology. They conclude that the methodology needs to be implemented and tested in order to cover users’ personal needs. That is to say, a user’s geolocation information is thought to be descriptive and sensitive enough that researchers conclude that it is vital to be protected in the same way as a user’s personal information.
As revealing geolocation information can be potentially descriptive of a user’s identity, researchers have designed special applications to address this need. Mokbel, Chow, and Aref [36
] present “Casper”, which is “a new framework in which mobile and stationary users can entertain location-based services without revealing their location information” (p. 1). Casper includes “the location anonymizer” and “the privacy-aware query processor”, as its main purpose is to deal with private information while at the same time enabling the user to take advantage of the services. Cloaked spatial information neutralizes users’ sensitive location information with the use of filters.
Location-based services are also under active consideration in “Reno”, which is a social location disclosure service [37
]. According to Smith et al., places are described either as predefined place lists or as personally defined users’ labels. Reno’s pilot study was carried out to a limited number of participants and for a limited period of time, while it could only be used as a mobile phone platform for a specific mobile device. The need to protect geolocation information urged researchers to focus toward this direction while employing various means. However, while a number of different techniques and methodologies were explored, it seems that there is still the need for further research to tackle potential information leaks.
Therefore, taking into consideration the above studies and the categorization of the papers, we focused on addressing our research questions. Consequently, we proceeded in matching location information attributes to attributes of social identity in a way that could create new affiliations in addressing location privacy concerns and threats while designing privacy requirements.
3.5. Attributes of Geolocation Information and Digital Identities
According to [2
], geolocation, which is a case of life-logging, can be defined as “one specific case of ‘action-location’: the capacity to locate the position of an object in an ‘activity space’ at a given time” (p. 9). Identifying user’s digital identity can prove to be a multidimensional project; however, tracking a user’s location information may present a detailed record of his/her activity. Location information, along with providing the setting for a user’s activity (place), is also descriptive of the exact time or the part of the day in which the action was completed [22
In other words, it seems that there is a connection between location information and a user’s identity; thus, we proceed in examining the first research question of this paper (RQ1a: Does the interrelation of users’ geospatial and social characteristics trigger additional privacy concerns and threats?), while at the same time identifying how location attributes, which have already been widely investigated [1
], can propose new affiliations and privacy requirements in designing socially aware information systems upon the projection of location attributes on social attributes.
Drawing on Lahlou’s paper, the notion of face, a basic notion of social identity theory, was introduced in our analysis as it could provide the necessary theoretical background for understanding users’ different behaviors and needs in different social contexts and around the clock [2
], as well as for making an analogy to the attributes of location information. According to [2
], “Face is a social construct which includes both a representation of what the subject is supposed to do and of what others are supposed to do with him/her. Faces are a kind of social user’s manual” (p. 18). In other words, the notion of face describes a user’s identity while placing him/her in a specific context, which provides information not only for the possible way of his/her actions but also for the way other users should treat him/her for a successful interaction and cooperation among them [2
shows how user’s faces can function in different stages. For example, faces can be labeled as “Father”, “Employee”, “Patient, “Dancer”, and “Tourist”, etc. Social encounters are public performances that take place in specific settings, which are named “frames” by social theory. Users benefit from different faces, which can be utilized or dropped accordingly so as to warrant a successful engagement in social media practices [2
Public performances are played in specific settings, which are called frames by social theory and can be paralleled to the attribute of where, according to geolocation theory. According to [10
], a user’s space of action can be summarized by a set of frames, i.e., by combining location information—the attribute ‘where’—to time, and thus the attribute ‘when’. Spaces of action are referred to as frames by social theory. As a consequence, users tend to cover different needs in alternative social settings respectively. Thus, it seems that places function as stages [4
]. Users’ social media representation (who) at a given space (when) makes them follow certain social norms (faces) [2
In other words, frames (attributes of where and when) can function as stages, as they provide additional conclusions, enabling social representations to clearly require for a specific norm, expected way of behavior, to be identified, applied, and followed from the user [2
]. Users should be compromised to norms, as they give them the opportunity to cover their social needs in an appropriate way in order to communicate successfully through social media in their online activity space. Users reveal part of their social identities in their online social performance.
Combining frame (the attribute ‘where’) and time (the attribute ‘when’), according to geolocation theory, we create the notion of stage, according to social theory. Stages endow social performances with additional characteristics, which enable further associations. For example, “Father” as a face can be put on in the frame “Home” during the afternoon, while “Dancer” can be utilized in the frame of “Dancing School” during the weekend.
At this point, Table 7
sheds light upon the analogy that was made among the attributes of location information and social identity. The four geolocation attributes of who, where, when, and what are linked to the attributes of social identity theory, while at the same time, there is some space for possible combinations among them.
More precisely, the attribute of ‘who’ in geolocation theory is analogous to the attribute of face in social theory. The attribute of ‘where’ can be paralleled to the frame as it refers to the space of action of the user. The attribute of ‘when’ is linked to the attribute of time, giving additional information about the exact or more general information about when the user proceeded in using a service or logged himself/herself during a specific action. The attribute of ‘where’ can be also combined to the attribute of ‘when’, which endows them with additional characteristics that can be paralleled to the ones of stage, according to the social theory. Last but not least, it is important to note that the attribute of ‘what’ can be linked to the specific activity, which is performed respectively.
3.6. Location Privacy Issues through Geolocation Information and Digital Identities Attributes
Following the analogy regarding the above attributes of location information and attributes on social identity, users’ privacy concerns seem to acquire an additional aspect. In that way, this part of the results refers to the second research question of this study (RQ1b: What are the major scales measuring socio-spatial location privacy concerns?). After completing the review of the aforementioned papers, we can conclude that to the best of our knowledge, there was not a proper scale to measure users’ socio-spatial location privacy concerns. Therefore, it is important to note that the focus of the study turned toward identifying the appropriate concepts that such a scale should include, connecting both social identity and geolocation information with location privacy. The interdisciplinarity of the study is discussed in the analogy between notions of social identity and location information in a way that tries to create affiliations in a reciprocal way.
By projecting location attributes on social identity attributes, we created space for addressing concerns referring to a number of additional characteristics. The notion of face draws not only to one social identity, but also to a dynamic attribute that fluctuates along with attributes of location information, such as where or when. Furthermore, it is important to note that faces are considered to be sensitive and distinctive from one another. More specifically, social actors tend not to share implications of their private life wearing one face to any other potential faces they may put on during the day [2
]. For instance, users would be unwilling to share information of their “Patient” face when wearing their “Employee” face in a distinct stage, due to potential medical information disclosure in their working environment.
In any case, combining location and time over a period of time can potentially lead to unveiling repetitive patterns, hence, enabling assumptions concerning user’s habits, activity space, and the space of action-sensitive information disclosure. In that way, tracking user’s online normativity through past experiences can draw inferences as far as upcoming decisions are concerned. As [2
] underlines, a user’s activity space places the subject in a context that is descriptive for its social status, geographic location, or future intentions. In addition, [2
] tracking users’ trajectories can potentially enable reaching conclusions about social status, geographic places, and users’ ambitions, thus defining the user as a biographical subject. According to [2
], activity space is “the general space of all variables that can describe a subject’s state in the world: emotional state, social position, goals, geographical position, movements, belongings, etc.” (p. 9). The author also defines activity as “a trajectory in this space, where behavior can be described as changes in some of these parameters” (p. 9) [2
]. In other words, as location information attributes can be paralleled to users’ social attributes, our analysis focuses on how these new affiliations may help designers while setting socially-aware privacy requirements. After completing our review and presenting the results of our analysis, we would like to proceed with the next section of the paper, in which we will try to increase our insight on attributes of location privacy while discussing users’ socio-spatial characteristics.