A Methodology for Information Flow Experiments
This addresses the challenge of analyzing information flow without control or complete models, offering a foundational approach for researchers in web privacy and security.
The paper tackled the problem of detecting data usage by websites in limited information flow analysis, formalizing it as causal inference and providing a systematic methodology based on experimental science and statistical analysis, leading to practical advice for improving detection work.
Information flow analysis has largely ignored the setting where the analyst has neither control over nor a complete model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the usage of data by websites. We prove that these problems are ones of causal inference. Leveraging this connection, we push beyond traditional information flow analysis to provide a systematic methodology based on experimental science and statistical analysis. Our methodology allows us to systematize prior works in the area viewing them as instances of a general approach. Our systematic study leads to practical advice for improving work on detecting data usage, a previously unformalized area. We illustrate these concepts with a series of experiments collecting data on the use of information by websites, which we statistically analyze.