Even the author’s suggestion of “close”, “far”, “very far” would reveal enough information, even with noise being added, to more or less pinpoint someone’s location. Measuring the transition from “far” to “close” would give you a data point, and enough data points would let you model (and therefore subtract) any added noise.
If your app really needs to have a feature like this, it needs to have aggressive rate limiting that makes it impossible to gather a statistically significant number of samples before someone changes their location.
2. Make "close" mean in the same grid cell, "far" mean in an adjacent grid cell, and "very far" mean somewhere else.
3. In sparsely populated areas, merge groups of 7 cells into a larger cell.
4. Add some kind of random delay to people who are moving around to reduce the information you get if you are stationary and they cross a cell boundary. The idea here is that if you are not moving and they are "close" and then they change to "far", you would know that they just crossed one of your cell's boundaries. In many places there might only be a small number of places where people cross those boundaries, and so you'd be able to narrow them down quite a bit.
Yes, this would work. The problem with random error is that it can be averaged out. The error vector must be consistent. One way to provide a consistent vector is quantization, which is as you propose where you assign a point deterministically to a nearby discrete set (in this case hexagonal grid centers).
This still leaves some issues with non-static positions, or temporal variation, as you noted in (4), where boundary crossings (or worse, movement near 3-cell boundaries) allow better precision. I think a good solution in this case is to also add temporal quantization (limited update rate of position), as well as some hysteresis (to avoid back-and-forth between cells for people living near borders). This way you cannot pinpoint the exact time the transition occurred (you cannot locate the person in space-time), and with hysteresis you cannot tell he is consistently near a border.
edit: Interestingly, all of those suggestions appear elsewhere in this thread! They all more or less appear forms of quantization.
I must thank you for your precise verbiage. The way you put this has given me a lot of clarity about how one can solve this particular problem, and is definitely going to be helpful in any future similiar issues I might face as well. Thanks for writing this out.
This would prevent precise triangulation of the stationary targets, but still leaks potentially unacceptable amount of information. Imagine an attacker who mapped out all of the cells. This is not too hard as you see close/far shifts when you cross cell boundaries.
Now place a device monitoring people nearby in each cell. This allows you to geotag people to the cell and monitor their movements. If you cross correlate with other tracking services (such as cell phone tracking datasets) you will be able to identify the individual pretty quickly.
For the above to work tracking does not have to be continuous. As long as a person sometimes is trackable you will accumulate information that allows for cross correlation. With intermittent tracking it would just take a lot longer.
I'm not sure rate limiting is really an option to still make it useful. Most people are at the same place from more or less 9pm to 5-6am occasionally shifted for people doing late shift work but most people have a steady home so you could gather that data over many nights.
Definitely true. Although, if it took a month to gather the dozens of samples the author used in the article rather than minutes, a dedicated tracker would probably have more success using more traditional stakeout methods.
And then, if you’re someone who is concerned about that kind of surveillance, you’re probably not someone who is sharing your location on an app like this.
If your app really needs to have a feature like this, it needs to have aggressive rate limiting that makes it impossible to gather a statistically significant number of samples before someone changes their location.