GPS information), ( 2) inferred context information
to the server (for example, activity information), and
( 3) inferred context information to other users. Privacy policies are expressed as horn clause rules over
the knowledge base.
Whenever a request is received, either at the server or at a device, the privacy-control module fetches
the static knowledge about the user (for example,
personal information and defined groups), the
dynamic context knowledge, and the user-specified
privacy preferences. Access rights are obtained by
performing backward reasoning. Additionally, when
access is allowed and according to the user-defined
sharing preferences, certain pieces of the information
might be obfuscated in order to protect user privacy.
Privacy rules are defined as Jena rules (Carroll et al.
2004), and the Jena reasoning engine is used to perform the reasoning. For the devices, we use the
AndroJena port of Jena for Android.
Policies for Information Sharing
Privacy policies are represented as rules that describe
which information a user is willing to share, with
whom, and under what conditions. Conditions can
be defined based on attributes such as a user’s current
location, current activity, or any other dynamic
attribute. We rely heavily on the notion of group to
define the subjects who are allowed to access certain
information. A user can manage different networks
of friends, and assign a variety of group-level priva-
cy preferences accordingly. Example policies are
“share detailed contextual information with family
members all the time,” “share my activity with
friends all the time except when I am attending a lec-
ture,” and “do not share my sleeping activity with
teachers on weekdays from 9 AM to 5 PM.”
Policies for Obfuscating
Users need to be in control of the release of their per-
sonal information at different levels of granularity,
from raw sensed data to high-level inferred place
information. Besides being able to specify which
information a user is willing to share, we can specify
how that information should be shared. A user can
disclose information with different accuracy levels;
for instance, he or she may be willing to reveal to
close friends the exact room and building on which
he or she is located, but only the vicinity or town to
others. Furthermore, a user may decide not to dis-
close his or her location to advertisers.
Figure 5. Comparing Accuracies of Social Circles Recognized
Employing Stay Point, Interactions, and Place Information.
All contacts Strong contacts
Staypoints Interactions Places