Directions search returns the shortest path from a source to a destination on a road network. However, the search interests of users may be exposed to the service providers, thus raising privacy concerns. For instance, a path query that finds a path from a resident address to a clinic may lead to a deduction about "who is related to what disease ". To protect user privacy from accessing directions search services, we introduce the OPAQUE system, which consists of two major components: (1) an obfuscator that formulates obfuscated path queries by mixing true and fake sources/destinations; and (2) an obfuscated path query processor installed in the server for obfuscated path query processing. OPAQUE reduces the likelihood of path queries being revealed and allows retrieval of requested paths. We propose two types of obfuscated path queries, namely, independently obfuscated path query and shared obfuscated path query to strike a balance between privacy protection strength and query processing overhead, and to enhance privacy protection against collusion attacks.