Secure information flow (SIF) analysis can determine if web browser add-ons
may leak sensitive information to third parties. However, many reported
leaks are false positives, or only reveal a few bits of information. We
visualize its results. The analysis is a client of JSAI, a provably sound
flows between program statements. By classifying different types of
information flow, the tool helps users determine whether reported leaks are
serious, trivial, or spurious. This allows browser communities to review
add-ons more efficiently and soundly than the current manual process.