Data brokers can learn all about you just from what online ads you see. Here's how to stop them.

Digital ads are a commonality across the internet. You see them in Google Search, social media feeds, and even on your favorite websites. If you spend enough time online, you might’ve grown accustomed to ignoring them.

Unfortunately, a new study reveals that what has become a necessary annoyance to the modern web might also have the power to reveal personal and private information about your interests, beliefs, and more. Even worse, these personal details about you can be gathered without clicking on a single ad, thanks to AI.

Websites can’t stop any company from collecting and using this data.

The study

In a study published by UNSW Sydney in early May, researchers revealed an alarming new trend about online ads: These seemingly innocuous bits of marketing materials on sites all around the web can be used to reveal and track a person’s most privately held values and beliefs – including political affiliation, degree of education, and employment status – simply by monitoring the advertisements users see online.

To be clear, it’s not the ads themselves that can gather specific data about you, but it’s the collective presence of the ads displayed that reveal personal traits. Here’s how it works:

Using Facebook as the catalyst for the study, researchers reviewed 435,000 ads distributed to a relatively small subset of 891 users. After monitoring which ads were served to each user, they ran the correlated data through a large language model and discovered four main points about the results:

• Researchers could infer users’ personal traits without accessing their browsing history or personal data on their devices. All they needed was a log of their ad history.
• User profiles could be created after a short browsing session (though they didn’t outline how long a session needed to be to make it work).
• AI-based personal trait matching rivaled and even exceeded human capabilities.
• The AI-powered process was both 200 times more affordable and 50 times quicker than relying on human analysis alone.

The thing that makes this study so startling is that users don’t have to actively share any information about themselves, no cybersecurity loopholes or zero-day exploits are required, and platform holders behind today’s operating systems, web browsers, and websites can’t stop any company from collecting and using this data.

RELATED: A secret bot army is phishing, scamming, and sabotaging our lives

gremlin/Getty Images

This isn’t the first time LLMs have been used to reveal extremely private information about online users. Earlier this year, we reported how AI can reveal the real identities of anonymous accounts simply by comparing writing styles.

Should you be worried?

At this point in the story, you might be wondering if you have anything to worry about. The answer is “maybe,” depending on how your smart devices are configured.

The bright spot of the study is that your personal interests can’t be measured if the data is never recorded. UNSW Sydney noted that extensions, like those you’ll find in the Chrome Web Store, Safari Extensions, and Microsoft Edge Add-Ons are the likely avenue for data collection. The more extensions you have installed on your devices, the higher your chances are that your ad history could be abused. If you don’t have any extensions installed, your chances of ad data collection drop precipitously.

That’s not to say that all extensions are bad. However, even the innocent ones have the power to view which webpages you visit and even the content on those pages.

Ironically, another possible method for ad data collection are ad blockers. While blockers can effectively prevent websites from showing you ads, some may still access served ad data and gather it for user profiling. You especially want to watch out for ad blockers that claim to be free. Remember, if you’re not paying for the product, you likely are the product.

Even without extensions in the mix, data brokers can still collect plenty of information about you, and you still don’t have to click on an ad to hand it over. The sites you browse on the internet are filled with cookies — little crumbs of data — that track where you go and which pages you click from site to site. Even if you don’t click on an ad, simply visiting a product page or website is enough to leave a cookie in your browser that tells brokers the things you like and the things you don’t. These can then be used to build profiles on your browsing habits to target you with other ads you might actually click, which you should never do, as evidenced by the stark rise in social media scams.

Ways to protect yourself from ad data collection

Staying safe and anonymous online is an increasingly difficult task. However, if you want to give yourself the best shot at nullifying this ad data collection “exploit,” try out these tips:

• Remove all extensions from your preferred web browser. This is probably the top way to block bad actors from recording your ad data.
• Install a VPN. Many VPNs come with built-in ad-blocking technology. If you choose to add a VPN to your device, make sure it’s a RAM-based option with a no-log system that actively prevents the VPN provider from recording or saving user data. Some popular RAM-based VPNs include ExpressVPN, NordVPN, and CyberGhost VPN.
• Block cookies entirely. Some browsers will let you block all third-party cookies. Unfortunately, this may break some websites, so your mileage may vary.
• Clear out your cookies often. Set a reminder to delete your browser history and cached data every week or month. This can make it harder for sites to monitor your activity over time.
• Browse in private mode. While “private” or “incognito” mode won’t obscure your web traffic from your ISP, many browsers come with extra tools to reduce or block cookies and other tracking methods that brokers use.