Nowadays, mobile users with global positioning devices canaccess Location Based Services (LBS) and query about pointsof interest in their proximity. For such applications to succeed,privacy and confidentiality are essential. Encryptionalone is not adequate; although it safeguards the systemagainst eavesdroppers, the queries themselves may disclosethe location and identity of the user. Recently, there havebeen proposed centralized architectures based on K-anonymity,which utilize an intermediate anonymizer between themobile users and the LBS. However, the anonymizer mustbe updated continuously with the current locations of allusers. Moreover, the complete knowledge of the entire systemposes a security threat, if the anonymizer is compromised.In this paper we address two issues: (i) We show thatexisting approaches may fail to provide spatial anonymityfor some distributions of user locations and describe a noveltechnique which solves this problem. (ii) We propose Prive,a decentralized architecture for preserving the anonymityof users issuing spatial queries to LBS. Mobile users self-organizeinto an overlay network with good fault toleranceand load balancing properties. Prive avoids the bottleneckcaused by centralized techniques both in terms of anonymizationand location updates. Moreover, the system state isdistributed in numerous users, rendering Prive resilient toattacks. Extensive experimental studies suggest that Priveis applicable to real-life scenarios with large populations ofmobile users.