**6. Conclusions**

This paper has proposed a local perturbation mechanism for preserving user-location privacy, while maintaining a high utility of proximity-detection-based services such as digital contact tracing or find-a-friend application. We would like to emphasize that the proposed argmax-based mechanism is useful only for applications relying strictly on the relative distance between any two users, such as digital contact tracing. However, the system loses its utility in the context of location-based services requiring absolute user location, such as finding the nearest shop or searching for a specific route in a mall.

The proposed mechanism is able to offer GeoInd and a very good privacy-utility tradeoff. It relies on the assumption that users have full control of the disclosure level of their location accuracy. Moreover, it is assumed that the service provider has access to the floor plans of the buildings of interests (e.g., a commuting hall, a shopping mall, etc.) and is transmitting the discretized grid map (in terms of x, y, z coordinates) of the building. to all users in the building.

We have provided detailed simulation-based results in a multi-floor building scenario, under different assumptions of user location distributions, grid map step size, hotspot distributions, and number of users in the building. We have also compared the proposed *argmax*-based metric with an *argmin*-based metric and other state-of-the-art metrics which would be useful in location-based services requiring absolute location information, not only relative location information as needed in proximity-based services. We have shown that argmax-based approach with a perturbation level 1/ between 1 and 10 cm offers the best tradeoff utility-privacy for proximity-based services, while argmin-based metric is more suitable for services requiring absolute location information. We have also shown that the number and distribution of users in a building, the random distribution type (Gaussian or Laplacian), as well as the building grid steps have little impact on the results. We were able to reach, via the argmax-based mechanisms, very good privacy levels (RMSE in the orders of the building sizes) with detection probabilities of the order of 90% and false alarm probabilities below 15%. The simulations have also shown that the service utility, measured as detection probability, which is slightly better for large buildings and low *γ* threshold than for small buildings and high *γ* threshold. At the same time, the false alarm probabilities are slightly better for small buildings and high *γ* threshold than for large buildings and low *γ* threshold. The *γ* threshold is highly dependent of the target proximity-based service (e.g., we considered *γ* = 2 m for digital contact-tracing applications and *γ* = 10 m for 'find-a-friend' type of applications).

Open challenges are related to mechanisms for ensuring full user control on local devices about his/her/their location information, the impact of the imperfect knowledge of the user location information (or true position), as well as the impact of imperfect floormap knowledge (e.g., incorrect floor heights) from the proximity service provider's point of view.

**Author Contributions:** Conceptualization, E.S.L., V.S., and D.N.; methodology, E.S.L.; software, E.S.L. and V.S.; validation, E.S.L. and V.S.; formal analysis, E.S.L. and V.S.; writing—original draft preparation, E.S.L. and V.S.; writing—review and editing, E.S.L., V.S., and D.N.; visualization, V.S. and E.S.L.; supervision, E.S.L. and D.N.; project administration, E.S.L.; funding acquisition, E.S.L. All authors have read and agreed to the published version of the manuscript.

**Funding:** This work was supported by the funding from European Union's Horizon 2020 Research and Innovation programme under the Marie Skłodowska Curie gran<sup>t</sup> agreemen<sup>t</sup> No. 813278 (A-WEAR: A network for dynamic wearable applications with privacy constraints, www.a-wear.eu). The work has also been supported by the Academy of Finland, project ULTRA (#328226), and by a gran<sup>t</sup> from the Romanian National Authority for Scientific Research and Innovation, UEFISCDI project PN-III-P2-2.1-PED-2019-5413.

**Institutional Review Board Statement:** Not applicable.

**Informed Consent Statement:** Not applicable.

**Conflicts of Interest:** The authors declare no conflict of interest.
