Revealing the True Cost of Local Privacy: An Auditing Perspective

Abstract

This paper introduces the LDP-Auditor framework for empirically estimating the privacy loss of Locally Differentially Private (LDP) mechanisms. Several factors influencing the privacy audit are explored, such as the impact of different encoding and perturbation functions of eight state-of-the-art LDP protocols. Furthermore, the influence of domain size as well as the theoretical privacy loss parameter $\epsilon$ on local privacy estimation are also examined. Overall, our LDP-Auditor framework and findings offer valuable insights into the sources of randomness and information loss in LDP protocols, contributing to a more realistic understanding of the local privacy loss. Furthermore, we demonstrate the effectiveness of LDP-Auditor by successfully identifying a bug in an LDP library.Comment: Accepted for poster presentation at TPD