LeakyLM: Research Reveals AI Assistants Leaking User Conversations to Third-Party Trackers
Key Takeaways
- ▸Meta Pixel, Google, and TikTok trackers are embedded by default in major LLM services, receiving conversation URLs and user metadata
- ▸Conversation URLs function as publicly accessible permalinks, potentially allowing anyone with the URL to view sensitive user conversations
- ▸Trackers employ cookie syncing and email hash collection to map online activity to user identities and create persistent behavioral profiles
Summary
A new research disclosure titled 'LeakyLM' has exposed significant structural privacy vulnerabilities in four major generative AI products: Anthropic's Claude, OpenAI's ChatGPT, Perplexity, and xAI's Grok. The research reveals that third-party trackers—including Meta Pixel, Google, and TikTok—are systematically embedded in these LLM services and receive user conversation URLs, identities, and sensitive metadata through insecure access control mechanisms.
The study identifies two critical privacy risks: (1) the systematic integration of third-party analytics services within prominent AI assistants, and (2) weak access control mechanisms that allow tracking services to receive user conversation permalinks alongside tracking identifiers like cookies and email hashes. In some cases—notably with Grok—shared conversations generate publicly accessible screenshot images with verbatim message text exposed in Open Graph metadata shared with TikTok's tracker.
The research demonstrates that conversation URLs function as publicly accessible permalinks with weak access control, potentially allowing trackers and anyone with the URL to view sensitive user conversations. Users can be persistently tracked and reidentified through cookie syncing, server-side tracking, and email hash collection. While these LLM services offer privacy controls, the research shows they may mislead users about the strength of these protections, as privacy policies acknowledge data collection and third-party cookies but fail to clearly disclose that conversations are shared with advertising services.
- LLM providers' privacy policies use deliberately vague language and fail to clearly disclose that conversations are shared with advertising and tracking services
- Privacy controls exist but may create a false sense of security for users unaware of these underlying data flows
Editorial Opinion
This research exposes a fundamental contradiction at the heart of modern AI services: while users trust these platforms with intimate conversations, the companies have embedded advertising and tracking infrastructure that collects this sensitive data by default. The deliberately vague privacy policies—using phrases like 'content you submit' and 'business partners' while omitting clear disclosure of advertising network integration—constitute a systematic deception of user expectations. This is not a technical oversight but a structural choice that prioritizes ad-tech industry partnership over user privacy. As AI assistants become central to users' digital lives and decision-making, this privacy posture demands immediate remediation and regulatory intervention.
