How to Count Travelers Without Tracking Them Between Locations (Short Paper)

Authors Nadia Shafaeipour , Maarten van Steen , Frank O. Ostermann

Thumbnail PDF


  • Filesize: 0.53 MB
  • 6 pages

Document Identifiers

Author Details

Nadia Shafaeipour
  • Faculty of Geo-Information Science and Earth Observation (ITC), University of Twente, Enschede, The Netherlands
Maarten van Steen
  • Digital Society Institute (DSI), University of Twente, Enschede, The Netherlands
Frank O. Ostermann
  • Faculty of Geo-Information Science and Earth Observation (ITC), University of Twente, Enschede, The Netherlands

Cite AsGet BibTex

Nadia Shafaeipour, Maarten van Steen, and Frank O. Ostermann. How to Count Travelers Without Tracking Them Between Locations (Short Paper). In 12th International Conference on Geographic Information Science (GIScience 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 277, pp. 66:1-66:6, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


Understanding the movements of travelers is essential for sustainable city planning, and unique identifiers from wireless network access points or smart card check-ins provide the necessary information to count and track individuals as they move between locations. Nevertheless, it is challenging to deal with such uniquely identifying data in a way that does not violate the privacy of individuals. Even though several protection techniques have been proposed, the data they produce can often still be used to track down specific individuals when combined with other external information. To address this issue, we use a novel method based on encrypted Bloom filters. These probabilistic data structures are used to represent sets while preserving privacy under strong cryptographic guarantees. In our setup, encrypted Bloom filters offer statistical counts of travelers as the only accessible information. However, the probabilistic nature of Bloom filters may lead to undercounting or overcounting of travelers, affecting accuracy. We explain our privacy-preserving method and examine the accuracy of counting the number of travelers as they move between locations. To accomplish this, we used a simulated subway dataset. The results indicate that it is possible to achieve highly accurate counting while ensuring that data cannot be used to trace and identify an individual.

Subject Classification

ACM Subject Classification
  • Security and privacy → Domain-specific security and privacy architectures
  • Privacy preservation
  • encrypted Bloom filters
  • traveler counting
  • subway networks


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Austin Appleby. Murmurhash3.(2016). URL: https://github. com/aappleby/smhasher/wiki/MurmurHash3, 2016. Google Scholar
  2. Kay W Axhausen, Andrea Zimmermann, Stefan Schönfelder, Guido Rindsfüser, and Thomas Haupt. Observing the rhythms of daily life: A six-week travel diary. Transportation, 29(2):95-124, 2002. Google Scholar
  3. Burton H Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422-426, 1970. Google Scholar
  4. Yves-Alexandre De Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. Unique in the crowd: The privacy bounds of human mobility. Scientific reports, 3(1):1-5, 2013. Google Scholar
  5. Merkebe Getachew Demissie, Santi Phithakkitnukoon, Titipat Sukhvibul, Francisco Antunes, Rui Gomes, and Carlos Bento. Inferring passenger travel demand to improve urban mobility in developing countries using cell phone data: a case study of senegal. IEEE Transactions on intelligent transportation systems, 17(9):2466-2478, 2016. Google Scholar
  6. Yola Georgiadou, Rolf A de By, and Ourania Kounadi. Location privacy in the wake of the gdpr. ISPRS International Journal of Geo-Information, 8(3):157, 2019. Google Scholar
  7. Dmytro Karamshuk, Chiara Boldrini, Marco Conti, and Andrea Passarella. Human mobility models for opportunistic networks. IEEE Communications Magazine, 49(12):157-165, 2011. Google Scholar
  8. Odysseas Papapetrou, Wolf Siberski, and Wolfgang Nejdl. Cardinality estimation and dynamic length adaptation for bloom filters. Distributed and Parallel Databases, 28:119-156, 2010. Google Scholar
  9. Ronald L Rivest, Len Adleman, Michael L Dertouzos, et al. On data banks and privacy homomorphisms. Foundations of secure computation, 4(11):169-180, 1978. Google Scholar
  10. Valeriu-Daniel Stanciu, Maarten van Steen, Ciprian Dobre, and Andreas Peter. Privacy-preserving crowd-monitoring using bloom filters and homomorphic encryption. In Proceedings of the 4th International Workshop on Edge Systems, Analytics and Networking, pages 37-42, 2021. Google Scholar