Information flow control for comparative privacy analyses

The prevalence of web tracking and its key characteristics have been extensively investigated by the research community by means of large-scale web measurements. Most such measurements however are limited to the choice of a specific client used for data collection, which is insufficient to characterize the relative privacy guarantees offered by the adoption of different clients to access the Web. Recent work on comparative privacy analyses involving multiple clients is still preliminary and relies on relatively simple heuristics to detect web tracking based on the inspection of HTTP requests, cookies and API usage. In this paper, we propose a more sophisticated methodology based on information flow tracking, which is better suited for the complexity of comparing tracking behavior observed in different clients. After clarifying the key challenges of comparative privacy analyses, we apply our methodology to investigate web tracking practices on the top 10k websites from Tranco as observed by different clients, i.e., Firefox and Brave, under different configuration settings. Our analysis estimates information flow reduction to quantify the privacy benefits offered by the filter lists implemented in Firefox and Brave, as well as the effectiveness of their partitioned storage mechanism against cross-site tracking.