Location privacy can be defined by Duckham and Kulik in [2] as follows: A special type of information privacy which concerns the claim of individuals to determine for themselves when, how, and to what extent location information about them is communicated to others. Based on this definition, users should have power over their location information; however, it is well known that this is not the reality in many cases. Often, a service provider requires full access to a user's location in order for the service to become available.
In addition, because there is no restriction on the quality of location information that service providers can record, it's common for the exact GPS coordinates to be acquired, even when it is not relevant to the service itself.
The main goal of LPPMs should be to allow users to hide or reduce the quality of this location information in such a way that users will still have an adequate service functionalities, and that the service provider can still benefit from insights product of spatial analysis .
In order to provide geoprivacy, it is important to understand the components location information, these are: identity, location, and time. If an adversary is able to link those three aspects, location privacy is compromised. These components form an instance of location information; a sequence of such instances that gives historical location information, allowing others to establish behavior patterns and then making it possible for them to identify the user's home, work, and routine. Most LPPMs attack at least one of these components in order to protect privacy.
Suppose an attacker gains access to a user's identity and the time, but has no clear knowledge of what places the user has visited. As the location component has been obfuscated, the attacker would be able to infer very little, as the context is highly-altered and the data has lost its potential usability. (This specific scenario corresponds to location privacy.)
Another popular solution has been the implementation of identity privacy or anonymity, where users' traveled pathways can be accessed, but they provide no information on the identity of the subjects, or even if they are different users; however, this information alone could be enough to infer the identity of a person by matching records on a phonebook, as in the experiments conducted by [3].
Finally, when a user's location and identity are specified, but the time component is missing, the resulting information lacks context, and so pathways may not be reconstructed accurately; however, implementing a model in which this occurs is unlikely, as requests and LBS responses happen at a specific time and delaying queries can cause them to lose their relevance.