Popular social media platforms TikTok, Facebook and Instagram allow third-parties to run targeted advertising campaigns on sensitive attributes in-platform. These ads are interactive by default, meaning users can comment or ``react'' (e.g., ``like'', ``love'') to them. We find that this platform-level design choice creates a privacy loophole such that advertisers can view the profiles of those who interact with their ads, thus identifying individuals that fulfill certain targeting criteria. This behavior is in contradiction to the promises made by the platforms to hide user data from advertisers. We conclude by suggesting design modifications that could provide users with transparency about the consequences of ad interaction to protect against unintentional disclosure.

翻译：主流社交媒体平台TikTok、Facebook和Instagram允许第三方在平台内基于敏感属性开展定向广告活动。这些广告默认具有交互功能，意味着用户可对其发表评论或进行“反应”（例如“点赞”、“喜爱”）。我们发现该平台级设计选择会形成隐私漏洞，使得广告主能够查看与其广告互动的用户个人资料，从而识别出符合特定定向标准的个体。此行为与平台向广告主隐藏用户数据的承诺相悖。最后我们提出可通过改进设计机制，向用户揭示广告互动可能引发的后果，以防止非意愿的信息泄露。