LLMs Enable Accurate Inference of Private Attributes from Facebook Ad Streams, Study Finds

Global: Study Shows LLMs Can Infer Private User Attributes from Facebook Ads

A new study released on arXiv in September 2025 demonstrates that large language models can deduce personal characteristics such as political affiliation, employment status and education level solely from users’ exposure to Facebook advertisements. The research, conducted by a team of computer scientists, examined a longitudinal dataset of ad impressions to evaluate how adversaries might exploit these signals for privacy‑invasive profiling.

Methodology

The authors built a pipeline that treats off‑the‑shelf multimodal LLMs as adversarial inference engines. They applied the system to more than 435,000 ad impressions collected from 891 distinct users over an extended period. By feeding the textual and visual content of each ad into the model, the pipeline generated predictions about hidden user attributes without any direct user data.

Key Findings

Results indicate that the LLM‑driven approach accurately reconstructed complex private attributes, consistently surpassing strong census‑based priors and achieving performance comparable to or better than human social perception. The study reports a cost reduction of approximately 223‑fold and a speed increase of about 52‑fold relative to manual analysis.

Implications for Privacy

Crucially, the investigation shows that effective profiling is possible even within short observation windows, meaning that prolonged tracking is not a prerequisite for a successful attack. This suggests that ad streams act as a high‑fidelity digital footprint that can bypass existing platform safeguards.

Expert Reactions

According to the paper’s authors, the findings “highlight a systemic vulnerability in the ad ecosystem and underscore the urgent need for responsible web‑AI governance.” Scholars in privacy law have echoed concerns, noting that current regulatory frameworks may not adequately address inference attacks powered by generative AI.

Future Directions

The research team has made their code publicly available on GitHub to encourage further investigation and mitigation strategies. They recommend that policymakers, platform operators, and AI developers collaborate on safeguards that limit the misuse of LLMs for covert profiling.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.