Reckless Designs and Broken Promises: Privacy Implications of Targeted Interactive Advertisements on Social Media Platforms

TL;DR

This paper uncovers a privacy loophole in social media targeted ads, where advertisers can identify users interacting with ads, contradicting platform privacy promises, and suggests design changes for better transparency.

Contribution

It reveals a privacy vulnerability in popular social media platforms' ad interaction design and proposes modifications to enhance user privacy and transparency.

Findings

Advertisers can view profiles of users who interact with ads.

Current ad interaction design contradicts platform privacy promises.

Design modifications can improve transparency and privacy protection.

Abstract

Popular social media platforms TikTok, Facebook and Instagram allow third-parties to run targeted advertising campaigns on sensitive attributes in-platform. These ads are interactive by default, meaning users can comment or ``react'' (e.g., ``like'', ``love'') to them. We find that this platform-level design choice creates a privacy loophole such that advertisers can view the profiles of those who interact with their ads, thus identifying individuals that fulfill certain targeting criteria. This behavior is in contradiction to the promises made by the platforms to hide user data from advertisers. We conclude by suggesting design modifications that could provide users with transparency about the consequences of ad interaction to protect against unintentional disclosure.