DIGITAL LIFE

Think online ads are harmless? They could be revealing your private life, say researchers

A new study has uncovered a significant and largely invisible privacy risk in the online advertising ecosystem: the ads you see may be enough to reveal sensitive personal information.

Researchers from the ARC Center of Excellence for Automated Decision-Making and Society (ARC ADM+S) at UNSW Sydney and QUT have demonstrated that artificial intelligence can assess personal attributes, including political preferences, education level, and employment status, based solely on the advertisements a person is shown online.

The study analyzed more than 435,000 Facebook ads seen by 891 Australian users, collected through the Australian Ad Observatory project—a signature project of the ARC ADM+S.

Using advanced large language models (LLMs), researchers found that:

-Personal traits could be inferred without access to browsing history or personal data

-Profiles could be built from short browsing sessions

-AI systems matched and sometimes exceeded human ability to infer personal characteristics

-The process was over 200 times cheaper and 50 times faster than human analysis.

The research shows LLMs can very quickly and cheaply assess online adverts being fed to individuals to predict a wide range of detailed personal information.

In a paper presented at the ACM Web Conference 2026, the researchers say, "Our results demonstrate that off-the-shelf LLMs can accurately reconstruct complex user private attributes.

"Critically, actionable profiling is feasible even within short observation windows, indicating that prolonged tracking is not a prerequisite for a successful attack."

Lead author Baiyu Chen, from UNSW, said the findings challenge common assumptions about online privacy.

"The key point is that the ads a person sees are not random. Advertising systems optimize delivery based on inferred profiles and behaviors, so the overall pattern of ads shown to a user can carry signals about traits such as gender, age, education, employment status, political preference, and broader socioeconomic position.

"Our study shows that LLMs can analyze those patterns and infer private attributes from ad exposure alone.

"These findings provide the first empirical evidence that ad streams serve as a high-fidelity digital footprint, enabling off-platform profiling that inherently bypasses current platform safeguards, highlighting a systemic vulnerability in the ad ecosystem and the urgent need for responsible web AI governance in the generative AI era.

"This work reveals a critical blind spot in web privacy: the latent leakage of user private attributes through passive exposure to algorithmic advertising."

A critical blind spot in privacy...By using AI to analyze ad content, the researchers—including Professor Flora Salim, Professor Daniel Angus, Dr. Benjamin Tag and Dr. Hao Xue—show that streams of ads act like highly detailed digital fingerprints, allowing private attributes to be reconstructed with surprising accuracy, often matching or even exceeding human judgment.

Crucially, the research shows this is not a theoretical risk. Profiles can be built quickly and at scale, even from short browsing sessions, and without long-term tracking. Even when predictions are not exact, they are often close enough to reveal meaningful insights about a person's life stage or financial situation.

How it could be exploited...While major platforms have restricted advertisers from targeting sensitive categories, the study shows that algorithmic ad delivery still encodes these traits indirectly and that this information can now be extracted using widely available AI tools.

This creates a new form of privacy risk where:

-Users do not actively share information.

-No hacking or platform-side access is required.

-Profiling can happen outside platform oversight.

The researchers warn that everyday tools such as browser extensions could be repurposed to quietly collect ads and build detailed user profiles—bypassing platform safeguards and leaving little trace.

In the paper, they say, "We identify browser extensions that abuse legitimate privileges as the potential primary vector for this attack. This scenario is severe due to its inherent stealth and scalability.

"Rather than distributing specialized malware, an adversary can opportunistically deploy this attack within the existing ecosystem of widely installed, benign functioning extensions, such as ad blockers, coupon finders, or page translators.

"These extensions legitimately require permissions to read web page content to function, providing a perfect cover for data harvesting."

Implications for policy and regulation...The findings suggest current privacy protections may not go far enough.

As AI tools make this kind of analysis easier and more accessible, the researchers argue that regulation must evolve to address not just data collection, but what can be inferred from the content people are exposed to.

Addressing this risk will require rethinking privacy frameworks to account for the hidden signals embedded in everyday online experiences—including the ads users passively consume.

"In terms of protection, users can reduce the risk by being cautious with browser extensions, limiting unnecessary permissions, and using available privacy and ad-personalization settings," said Chen.

"However, this is not something users can fully solve on their own, because the broader issue is systemic: people cannot easily opt out of the ad ecosystem altogether, so stronger platform safeguards are also needed."

The study draws on data from the Australian Ad Observatory, a citizen science initiative that collects ads seen by everyday users. It represents one of the largest real-world investigations into how AI can infer personal information from online advertising.

Online ads have gone from being just random ads to becoming a detailed mirror of your private life. Recent studies reveal that the simple stream of ads you receive — even without clicking on anything — can be used by Artificial Intelligence to reconstruct your personal profile with alarming accuracy.

How ads "snitch" on you... Unlike what many think, ads don't appear by chance. They are the end result of a complex system called Real-Time Bidding (RTB), an instant auction that takes place in the milliseconds it takes for a page to load.

Digital ad impressions: Researchers at UNSW Sydney have demonstrated that AI models (LLMs) can infer traits such as political preference, education level, employment status, and financial situation simply by analyzing the pattern of ads displayed to a user.

Surveillance without clicks: You don't need to interact with the ad to be exposed. "Passive exposure" to algorithmic content serves as a high-fidelity digital footprint that bypasses current platform protections.

Short sessions are enough: Months of monitoring are not necessary. Actionable profiles can be created from short browsing sessions, making the attack quick and cheap for malicious actors.

The role of "data brokers": Advertising systems fuel a billion-dollar surveillance industry:

Location sales: Precise location data is harvested through SDKs (software development kits) in common applications, such as weather or flashlight apps, and sold to marketing companies and even government agencies.

Exposure of sensitive groups: There have been confirmed cases of data brokers selling lists of people categorized as "pregnant women," "Hispanic churchgoers," or members of the LGBTQ+ community, often exposing individuals in vulnerable situations.

Provided by University of New South Wales