Automated Profile Inference with Language Model Agents
Yuntao Du, Zitao Li, Bolin Ding, Yaliang Li, Hanshen Xiao, Jingren Zhou, Ninghui Li
TL;DR
The paper identifies automated profile inference as a new privacy threat enabled by LLM-based agents that autonomously extract sensitive attributes from publicly available pseudonymous activity. It introduces AutoProfiler, a four-agent, multi-step framework that scrapes, analyzes, and infers personal information, achieving high accuracy and substantial efficiency gains over manual profiling across real and synthetic datasets. Experimental results on Reddit, Twitter, and SynthPAI demonstrate risks including de-anonymization and SPI leakage, while also evaluating robustness, calibration, and cross-LLM performance. The authors discuss mitigation strategies across user education, platform controls, model alignment, and privacy-enhancing technologies, and advocate for heightened awareness and policy consideration. Collectively, the work highlights a practical, scalable privacy threat with broad implications for online pseudonymity and privacy protection.
Abstract
Impressive progress has been made in automated problem-solving by the collaboration of large language models (LLMs) based agents. However, these automated capabilities also open avenues for malicious applications. In this paper, we study a new threat that LLMs pose to online pseudonymity, called automated profile inference, where an adversary can instruct LLMs to automatically scrape and extract sensitive personal attributes from publicly visible user activities on pseudonymous platforms. We also introduce an automated profiling framework called AutoProfiler to assess the feasibility of such threats in real-world scenarios. AutoProfiler consists of four specialized LLM agents, who work collaboratively to collect and process user online activities and generate a profile with extracted personal information. Experimental results on two real-world datasets and one synthetic dataset demonstrate that AutoProfiler is highly effective and efficient, and can be easily deployed on a web scale. We demonstrate that the inferred attributes are both sensitive and identifiable, posing significant risks of privacy breaches, such as de-anonymization and sensitive information leakage. Additionally, we explore mitigation strategies from different perspectives and advocate for increased public awareness of this emerging privacy threat to online pseudonymity.
