Paper Detail

Inferential Privacy Leakage in Anonymized Conversational AI Logs

S M Mehedi Zaman, Kiran Garimella

Browse

Workflow Queues

arxiv Score 10.6

Published 2026-05-22 · First seen 2026-05-25

General AI

Open paper source

Abstract

Hundreds of millions of users now hold detailed, multi-turn conversations with ChatGPT and similar LLM assistants. We measure two privacy-relevant features of these conversations on a corpus of complete ChatGPT histories donated by over 1,000 users in four Global South countries (Brazil, India, Nigeria, Pakistan). First, on explicit disclosure: 34.5% of user messages contain personal information across a twenty-category taxonomy, with the median user first revealing identifying content within the first 14% of their conversation history. Second, on inference beyond explicit disclosure: we restrict to a cohort whose conversations contain no messages flagged by an LLM-based filter for explicit demographic self-identification (a separate NER pass marks PII for the disclosure audit but does not drive cohort exclusion). On this filtered cohort, an off the shelf large language model still recovers each user's age, gender, and country at weighted F1 of 0.84, 0.90, and 0.88, respectively, with the median user identified from the first 5% of their conversation history. Reading the model's natural-language reasoning traces, we identify four recurring stereotype patterns that drive both successful inference and an asymmetric error distribution concentrating on women in technical fields, older users with contemporary skills, and Global South tech professionals. We also compare ChatGPT against the same users' Google Search and YouTube histories as inference surfaces, and find it competitive with these older substrates that have driven behavioral advertising for two decades. Message-level PII removal is insufficient on its own as a privacy intervention for conversational AI data.

Workflow Status

Review status
pending
Role
unreviewed
Read priority
soon
Vote
Not set.
Saved
no
Collections
Not filed yet.
Next action
Not filled yet.

Reading Brief

No structured notes yet. Add `summary_sections`, `why_relevant`, `claim_impact`, or `next_action` in `papers.jsonl` to enrich this view.

Why It Surfaced

No ranking explanation is available yet.

Tags

No tags.

Similar Papers

When RAG Chatbots Expose Their Backend: An Anonymized Case Study of Privacy and Security Risks in Patient-Facing Medical AI 2026-05-01 · Score 7.3 General AI A Compound AI Agent for Conversational Grant Discovery 2026-05-04 · Score 10.5 Research Track B · General AI ClawArena: Benchmarking AI Agents in Evolving Information Environments 2026-04-05 · Score 14.0 General AI Toward Multimodal Conversational AI for Age-Related Macular Degeneration 2026-04-28 · Score 16.3 General AI AgentSearchBench: A Benchmark for AI Agent Search in the Wild 2026-04-24 · Score 13.5 General AI

BibTeX

@article{zaman2026inferential,
  title = {Inferential Privacy Leakage in Anonymized Conversational AI Logs},
  author = {S M Mehedi Zaman and Kiran Garimella},
  year = {2026},
  abstract = {Hundreds of millions of users now hold detailed, multi-turn conversations with ChatGPT and similar LLM assistants. We measure two privacy-relevant features of these conversations on a corpus of complete ChatGPT histories donated by over 1,000 users in four Global South countries (Brazil, India, Nigeria, Pakistan). First, on explicit disclosure: 34.5\% of user messages contain personal information across a twenty-category taxonomy, with the median user first revealing identifying content within th},
  url = {https://arxiv.org/abs/2605.23820},
  keywords = {cs.CY, cs.SI},
  eprint = {2605.23820},
  archiveprefix = {arXiv},
}

Metadata

{}