Large language models (LLMs) learn statistical associations from massive training corpora and user interactions, and deployed systems can surface or infer information about individuals. Yet people lack practical ways to inspect what a model associates with their name. We report interim findings from an ongoing study and introduce LMP2, a browser-based self-audit tool. In two user studies ($N_{total}{=}458$), GPT-4o predicts 11 of 50 features for everyday people with $\ge$60\% accuracy, and participants report wanting control over LLM-generated associations despite not considering all outputs privacy violations. To validate our probing method, we evaluate eight LLMs on public figures and non-existent names, observing clear separation between stable name-conditioned associations and model defaults. Our findings also contribute to exposing a broader generative AI evaluation crisis: when outputs are probabilistic, context-dependent, and user-mediated through elicitation, what model--individual associations even include is under-specified and operationalisation relies on crafting probes and metrics that are hard to validate or compare. To move towards reliable, actionable human-centred LLM privacy audits, we identify nine frictions that emerged in our study and offer recommendations for future work and the design of human-centred LLM privacy audits.

翻译：大型语言模型（LLM）从海量训练语料和用户交互中学习统计关联，已部署的系统可能呈现或推断出与个人相关的信息。然而，人们缺乏实际方法来检查模型将其姓名与何种信息相关联。我们报告了一项正在进行的研究的阶段性发现，并介绍了LMP2——一款基于浏览器的自审计工具。在两项用户研究（总样本量$N_{total}{=}458$）中，GPT-4o对普通人的50项特征中的11项预测准确率达到$\ge$60%，参与者报告希望控制LLM生成的关联信息，尽管并非所有输出都被视为隐私侵犯。为验证我们的探查方法，我们在公众人物和虚构姓名上评估了八个LLM，观察到稳定的姓名条件关联与模型默认输出之间存在明显分离。我们的发现也有助于揭示更广泛的生成式AI评估危机：当输出具有概率性、上下文依赖性且通过用户引导生成时，模型与个体的关联具体包含哪些内容本身定义不清，其操作化依赖于难以验证或比较的探查设计和度量指标。为实现可靠、可操作的以人为中心的LLM隐私审计，我们识别了研究中出现的九大挑战，并对未来工作及以人为中心的LLM隐私审计设计提出建议。