Existing local differential privacy (LDP) protocols for data streams lack fine-grained security analysis, leaving critical vulnerabilities unexamined in dynamic settings. Method: We propose the first unified, composable adversarial framework tailored to streaming LDP, supporting multiple privacy models—including event-level, user-level, and w-event-level privacy—and covering canonical tasks such as frequency estimation and mean computation. By modeling the attack surface, composing probabilistic perturbations, and conducting rigorous theoretical analysis, our framework enables targeted, convergent manipulation of streaming statistical outputs. Contribution/Results: We empirically validate the framework on real-world datasets, demonstrating significant degradation in estimation accuracy across mainstream streaming LDP algorithms. Additionally, we design and evaluate a lightweight anomaly-detection defense mechanism. This work uncovers novel vulnerabilities of streaming LDP under adaptive adversaries in dynamic environments, establishing both theoretical foundations and empirical evidence to guide the design of robust streaming privacy protocols.

Local Differential Privacy (LDP) enables massive data collection and analysis while protecting end users' privacy against untrusted aggregators. It has been applied to various data types (e.g., categorical, numerical, and graph data) and application settings (e.g., static and streaming). Recent findings indicate that LDP protocols can be easily disrupted by poisoning or manipulation attacks, which leverage injected/corrupted fake users to send crafted data conforming to the LDP reports. However, current attacks primarily target static protocols, neglecting the security of LDP protocols in the streaming settings. Our research fills the gap by developing novel fine-grained manipulation attacks to LDP protocols for data streams. By reviewing the attack surfaces in existing algorithms, We introduce a unified attack framework with composable modules, which can manipulate the LDP estimated stream toward a target stream. Our attack framework can adapt to state-of-the-art streaming LDP algorithms with different analytic tasks (e.g., frequency and mean) and LDP models (event-level, user-level, w-event level). We validate our attacks theoretically and through extensive experiments on real-world datasets, and finally explore a possible defense mechanism for mitigating these attacks.