Reckless Designs and Broken Promises: Privacy Implications of Targeted Interactive Advertisements on Social Media Platforms

This paper reveals that the default interactive design of targeted advertisements on social media platforms like TikTok, Facebook, and Instagram creates a privacy loophole allowing advertisers to identify and view the profiles of users who engage with sensitive ads, thereby contradicting platform promises of data protection and highlighting the need for design modifications to ensure user transparency.

The Gist

Here is an explanation of the paper using simple language and everyday analogies.

The Big Idea: The "Open House" Loophole

Imagine you are a store owner (the Advertiser) who wants to sell a very specific product, like "High-End Golf Clubs." You don't want to just shout at everyone in the city; you want to find people who are likely to be golfers.

So, you hire a giant, famous event planner (the Social Media Platform, like TikTok or Instagram) to find your customers. You tell the event planner: "Only invite people who live in wealthy zip codes, are over 30, and have a high income."

The event planner agrees and says, "Don't worry, we protect our guests' privacy. We won't tell you their names or show you their ID cards. We'll just tell you, 'Hey, 500 people showed up, and they fit your description.'"

The Problem:
The event planner sets up the event so that guests can walk up to your booth, high-five you, or sign a guestbook. The planner thinks this is just "being friendly." But here is the catch: Every time a guest high-fives you or signs the book, the planner hands you a card with their name and photo on it.

Even though the planner promised to keep names hidden, this "friendly interaction" accidentally breaks the promise. Now, you know exactly who those 500 people are. You know their names, you can look them up, and you know they fit your specific criteria (wealthy, over 30, etc.).

What the Researchers Did

The authors of this paper (Julia, Athanasios, Laura, Sandra, and Damon) decided to test if this "Open House" loophole was real. They played the role of the store owner.

1. The Setup: They created a fake ad on TikTok and Meta (Facebook/Instagram).
2. The Target: They told the platforms to show the ad only to people over 18 in the US.
3. The Trap: They waited to see what happened when regular people interacted with the ad (by clicking "Like," "Love," or leaving a comment).

The Results:

• TikTok: When people commented, TikTok gave the researchers the commenters' usernames and profile pictures.
• Meta (Facebook/Instagram): When people "reacted" (liked) or commented, Meta gave the researchers the usernames and profile pictures for almost everyone.

The "Broken Promise"

The scary part isn't just that the researchers got the names; it's that the platforms promised they wouldn't.

• TikTok says: "We only share aggregated stats (numbers), not individual data."
• Meta says: "We won't tell advertisers who you are."

But by designing the ads to be "interactive" (allowing likes and comments) and then showing the advertisers who did those things, they broke their own rules. It's like a bouncer at a club saying, "We don't give out guest lists," but then handing the VIP a list of everyone who high-fived them at the door.

Why This Matters

This isn't just about seeing a name. It's about deduction.

If an advertiser runs an ad targeting "People interested in rare diseases" or "People with low credit scores," and they see a list of names of people who liked that ad, they now know exactly who those people are. They can link a specific username to a sensitive secret without the user ever realizing they just spilled the beans.

The Solution: Change the Rules

The paper suggests two ways to fix this:

1. The Warning Label (The "Fine Print" Fix): The platforms could add a big, bold warning before you click "Like" on an ad. It would say: "Warning: If you click this, the advertiser will see your name and know you fit their secret criteria."

   • Critique: The authors think this is unfair because it puts the burden on the user to read and understand complex privacy rules.

2. Turn Off the Lights (The "Default" Fix): The best solution is to stop making ads interactive by default. Just like you can't "like" a billboard on the side of a highway, you shouldn't be able to "like" an ad in a way that reveals your identity. If you really want to interact, you should have to explicitly turn that feature on, knowing the risks.

The Bottom Line

Social media platforms are great at connecting people, but their design choices are creating a privacy leak. By letting us "like" and "comment" on ads, they are accidentally handing advertisers a list of names, revealing our private interests and demographics, despite promising us that our data would stay safe. It's a design flaw that needs to be fixed before we accidentally out ourselves to the wrong people.

Technical Summary

Here is a detailed technical summary of the paper "Reckless Designs and Broken Promises: Privacy Implications of Targeted Interactive Advertisements on Social Media Platforms."

1. Problem Statement

The paper addresses a critical privacy loophole in major social media platforms (specifically TikTok and Meta's Facebook/Instagram) where the default design choice of making advertisements interactive contradicts the platforms' public privacy promises.

• The Conflict: While platforms claim to protect user data by only sharing "aggregated statistics" with advertisers, their infrastructure allows users to comment on or "react" to ads (like, love, etc.).
• The Loophole: Because advertisers define the targeting criteria (which often include sensitive attributes like household income, age of dependents, or specific interests), they already know the nature of the group being targeted. If the platform reveals the specific usernames of users who interact with the ad, advertisers can reverse-engineer the identity of individuals who fit those sensitive criteria.
• The Risk: This allows advertisers to identify specific individuals based on potentially sensitive targeting parameters, effectively leaking personal data that platforms claim to keep hidden.

2. Methodology

The researchers conducted an empirical study by running controlled advertising campaigns on TikTok and Meta to test data visibility.

• Experimental Setup:
  • Platforms: TikTok and Meta (Facebook and Instagram).
  • Targeting: Ads were targeted broadly to users over 18 in the United States.
  • Content: A neutral advertisement (Figure 1) was used to avoid biasing user reactions.
  • Ethics: The study was IRB-approved. No participants were recruited; the researchers acted as advertisers using standard business tools. No user data was removed or further analyzed beyond what the platform interfaces displayed.
• Data Collection:
  • The researchers monitored the advertising dashboards to see if the usernames and profile images of individuals who commented or reacted were visible to the advertiser.
  • TikTok Campaign: Ran Dec 18–20, 2025 (11,667 views).
  • Meta Campaign: Ran Jan 6–9, 2026 (~31,300 total views across FB/IG).

3. Key Contributions

The paper makes three primary technical contributions:

1. Empirical Evidence of Data Leakage: It provides concrete proof that both TikTok and Meta expose individual user identities (usernames) to advertisers when users interact with ads, directly contradicting platform documentation regarding data aggregation.
2. Platform-Specific Analysis: It details the specific mechanisms of data exposure for each platform:
   • TikTok: Reveals usernames of commenters but not those who simply "liked" the ad.
   • Meta: Reveals usernames of both commenters and reactors (likes/hearts, etc.).
3. Design Critique: It challenges the assumption that interactivity is an inevitable feature of online ads, noting that other platforms (e.g., YouTube) treat ads as non-interactive content, thereby avoiding this specific privacy vector.

4. Results

The study confirmed that the privacy loophole exists and is active on both platforms:

Platform	Commenter Visibility	Reactor (Like/Love) Visibility	Configurable?
TikTok	Visible (Username & Profile)	Not Visible	Yes (but UI discourages disabling)
Meta (FB/IG)	Visible (Username & Profile)	Visible (Username & Profile)	Limited/Unavailable (at time of study)

• Specific Findings:
  • TikTok: The advertiser could view the names and profile pictures of the two users who commented.
  • Meta: The advertiser could view the names and photos of all 4 reactions on Facebook. On Instagram, 10 out of 11 comments and 8 out of 14 reactions were visible.
  • Privacy Implication: By seeing these usernames, an advertiser targeting a specific sensitive demographic (e.g., "High Income") can immediately identify which specific users belong to that demographic, bypassing the "aggregated data" promise.

5. Significance and Recommendations

Significance:

• Broken Promises: The findings highlight a discrepancy between platform privacy policies (claiming data is aggregated) and actual technical implementation (revealing individual identities).
• Unintentional Disclosure: Users interact with ads assuming they are engaging with content, not realizing they are inadvertently disclosing their membership in sensitive groups to third parties.
• Discrimination Risk: This mechanism facilitates discriminatory targeting by allowing advertisers to build lists of individuals based on sensitive attributes.

Recommendations:
The authors propose two design modifications to mitigate this risk:

1. Transparency & Disclaimers: Update user documentation and in-platform ads to explicitly warn users that interacting with an ad reveals their username to the advertiser. (The authors note this places an undue burden on the user).
2. Default Non-Interactivity: The preferred solution is for platforms to disable interactivity by default for advertisements. This would align with how other platforms (like YouTube) handle ads and prevent the leakage of individual identities entirely, shifting the burden of choice to the advertiser rather than the user.

Conclusion:
The paper concludes that the current design of interactive ads on TikTok and Meta constitutes a significant privacy failure. By allowing advertisers to see the identities of users who engage with targeted content, these platforms enable the identification of individuals based on sensitive criteria, violating their own privacy commitments.