Study exposes privacy flaws in generative trajectory models

A new paper by Stavros Bouras and colleagues (accepted at MuseKDE 2026, co-located with IEEE MDM 2026) tackles the assumption that generative models for trajectory data automatically preserve privacy. The authors note that trajectory data is essential for urban intelligence tasks like traffic prediction and mobility planning, but its sensitivity raises serious concerns. While models like Generative Adversarial Networks (GANs), Variational Autoencoders (VAEs), and Diffusion Models are used to create realistic synthetic trajectories, their generative nature has been widely assumed to provide privacy. The study systematically identifies applicable empirical privacy evaluation methods and demonstrates a significant gap in the literature: most prior work on generative trajectory models overlooks rigorous privacy auditing.

To fill this gap, the researchers implement Membership Inference Attacks (MIAs) against representative generative trajectory models. MIAs test whether an adversary can determine if a specific individual's trajectory data was included in the model's training set. The results confirm that these models are vulnerable—synthetic trajectories can leak private information about the original users, undermining the privacy guarantee often claimed for generative approaches. The work serves as a practical demonstration of how to apply empirical privacy evaluations to trajectory generation tasks, urging the community to adopt stronger privacy protections. The full paper is available on arXiv (2605.15246).