Although generative trajectory models are often regarded as privacy-preserving tools, their actual privacy risks have lacked systematic evaluation. This work presents the first systematic application of empirical privacy assessment techniques—specifically membership inference attacks—to trajectory generation tasks, analyzing prominent architectures including generative adversarial networks, variational autoencoders, and diffusion models. Experimental results demonstrate that these models consistently exhibit significant privacy leakage, with membership inference attacks achieving success rates markedly higher than random guessing. These findings reveal that the generative mechanisms themselves are insufficient to protect individual trajectory privacy, thereby addressing a critical gap in the literature by providing the first comprehensive empirical evaluation of privacy risks in synthetic trajectory generation.

Trajectory data is fundamental to modern urban intelligence, yet its sensitivity raises significant privacy concerns. Generative models such as Generative Adversarial Networks, Variational Autoencoders, and Diffusion Models have been developed to generate realistic synthetic trajectory data by capturing underlying spatiotemporal distributions and mobility patterns. Although these models are often assumed to preserve privacy due to their generative nature, this assumption does not necessarily hold. In this work, we investigate the intersection of generative trajectory modeling and privacy evaluation. By identifying applicable empirical methods for assessing privacy preservation in trajectory generation tasks, we demonstrate a significant gap in the evaluation of privacy for generative trajectory models. Motivated by this gap, we implement Membership Inference Attacks against representative models, demonstrating the feasibility of using such empirical privacy evaluation methods and showing that their generative nature does not eliminate privacy risks.