A new Australian study has uncovered a hidden privacy risk in the online advertising ecosystem — revealing that the ads people see may be enough to expose sensitive personal information.
Researchers from the ARC Centre of Excellence for Automated Decision-Making and Society (ADM+S) at UNSW Sydney and QUT have shown that artificial intelligence can infer personal attributes such as political preferences, education level and employment status based solely on the advertisements displayed to an individual online.
The study analysed more than 435,000 Facebook ads viewed by 891 Australian users, collected through the Australian Ad Observatory project — a flagship ADM+S initiative. Using advanced large language models (LLMs), the research team demonstrated that AI systems could accurately reconstruct private user profiles without access to browsing history or personal data.
The findings, presented at the ACM Web Conference 2026, revealed that AI could match or even exceed human ability to infer personal characteristics, while being over 200 times cheaper and 50 times faster than human analysis.
Lead author Baiyu Chen from UNSW said the results challenge long-held assumptions about online privacy. “The key point is that the ads a person sees are not random,” Chen said. “Advertising systems optimise delivery based on inferred profiles and behaviours, so the overall pattern of ads shown to a user can carry signals about traits such as gender, age, education, employment status, political preference and socioeconomic position.
“Our study shows that LLMs can analyse those patterns and infer private attributes from ad exposure alone. This reveals a critical blind spot in web privacy — the leakage of user information through passive exposure to algorithmic advertising.”
A Hidden Privacy Risk
The research team — including Professor Flora Salim, Professor Daniel Angus, Dr Benjamin Tag and Dr Hao Xue — found that streams of ads act like digital fingerprints, allowing private attributes to be reconstructed with surprising accuracy. Profiles could be built quickly and at scale, even from short browsing sessions, without long-term tracking.
While major platforms have restricted advertisers from targeting sensitive categories, the study shows that algorithmic ad delivery still encodes these traits indirectly — and that this information can now be extracted using widely available AI tools.
The researchers warn that everyday browser extensions could be exploited to quietly collect ads and build detailed user profiles, bypassing platform safeguards. “Rather than distributing specialised malware, an adversary could deploy this attack within the existing ecosystem of benign extensions such as ad blockers, coupon finders or page translators,” the paper notes. “These extensions legitimately require permissions to read web page content, providing a perfect cover for data harvesting.”
Implications for Policy and Regulation
The findings suggest that current privacy protections may not go far enough. As AI tools make this kind of analysis easier and more accessible, the researchers argue that regulation must evolve to address not only data collection but also what can be inferred from the content people are exposed to.
“Users can reduce risk by being cautious with browser extensions and limiting unnecessary permissions,” Chen said. “However, this is not something users can fully solve on their own. The broader issue is systemic — people cannot easily opt out of the ad ecosystem altogether, so stronger platform safeguards are needed.”
About the Research
The study draws on data from the Australian Ad Observatory, a citizen science initiative that collects ads seen by everyday users. It represents one of the largest real-world investigations into how AI can infer personal information from online advertising. The research, titled When Ads Become Profiles: Uncovering the Invisible Risk of Web Advertising at Scale with LLMs, will be presented at the ACM Web Conference 2026.
