While the existing literature on Differential Privacy (DP) auditing predominantly focuses on the centralized model (e.g., in auditing the DP-SGD algorithm), we advocate for extending this approach to audit Local DP (LDP). To achieve this, we introduce the LDP-Auditor framework for empirically estimating the privacy loss of locally differentially-private mechanisms. This approach leverages recent advances in designing privacy attacks against LDP frequency estimation protocols. More precisely, through the analysis of eight state-of-the-art LDP protocols we extensively explore the factors influencing the privacy audit, such as the impact of different encoding and perturbation functions. Additionally, we investigate the influence of the domain size and the theoretical privacy loss parameter $\epsilon$ on local privacy estimation. In-depth case studies are also conducted to explore specific aspects of LDP auditing, including distinguishability attacks on LDP protocols for longitudinal studies and multidimensional data. Finally, we present a notable achievement of our LDP-Auditor framework, which is the discovery of a bug in a state-of-the-art LDP Python package. Overall, our LDP-Auditor framework as well as our study offer valuable insights into the sources of randomness and information loss in LDP protocols. These contributions collectively provide a realistic understanding of the local privacy loss, which can help practitioners in selecting the LDP mechanism and privacy parameters that best align with their specific requirements.

翻译：现有关于差分隐私（DP）审计的研究主要集中在中心化模型（例如审计DP-SGD算法）上，我们主张将此方法扩展到审计本地差分隐私（LDP）。为此，我们提出了LDP-Auditor框架，用于经验性地估计本地差分隐私机制的隐私损失。该方法利用了近期针对LDP频率估计协议的隐私攻击设计进展。具体而言，通过分析八种最先进的LDP协议，我们广泛探讨了影响隐私审计的因素，例如不同编码和扰动函数的影响。此外，我们研究了域大小和理论隐私损失参数$\epsilon$对本地隐私估计的影响。我们还进行了深入的案例研究，以探索LDP审计的具体方面，包括纵向研究和多维数据的LDP协议的可区分性攻击。最后，我们展示了LDP-Auditor框架的一个显著成果：发现了一个最先进的LDP Python包中的漏洞。总体而言，我们的LDP-Auditor框架及研究为理解LDP协议中随机性和信息损失的来源提供了宝贵见解。这些贡献共同提供了对本地隐私损失的现实理解，有助于从业者选择最符合其特定需求的LDP机制和隐私参数。