Due to the wide availability of location-based services (LBSs) that enable many applications to provide usertailored services, it becomes possible to trace the locations of an individual by an adversary, especially when the LBS server is distrusted, which violates the user's privacy. Therefore, we propose, in this paper, a user-based location selection scheme (UBLS) to hide the users' locations using k-anonymity to preserve users' privacy. The proposed scheme uses the concept of dummy locations to hide the real locations of the users, but on top of that, it selects the dummy locations based on the users that exist in these locations. Moreover, we propose an attacker location exclusion (ALE) algorithm that can be used to attack the existing location privacy-preserving schemes. We also propose a new metric, namely location privacy level (LPL), to qualify the ability of the malicious LBS server to reduce the privacy level of the requester. Our envisioned UBLS scheme is evaluated with extensive computer-based simulations. Comparing to the existing schemes in the literature that preserve location privacy, our proposed UBLS demonstrates performance improvement in terms of entropy, cloaking region, and location privacy level metrics.