It costs four dollars to figure out who you are online. That's it. Not four thousand. Not four hundred. Four dollars.
In February 2026, researchers at ETH Zurich published a study that should make everyone uncomfortable. They took anonymous posts from Hacker News and fed them to a large language model. The LLM matched 226 out of 338 users to their real LinkedIn profiles, at 90% precision. No hacking. No special access. Just pattern matching on publicly available text.
The cost per identification? Between one and four dollars in API fees.
Now think about what you typed into ChatGPT last week.
You're telling AI more than you think
Search queries are short. Three or four words, usually. But AI conversations are different. You don't just ask a question. You provide context. You describe your situation. You share details you'd never put into a Google search bar.
"I'm a nurse in Portland dealing with a hostile coworker in the ER." "My landlord at 4th and Pine is refusing to fix the heat." "I'm interviewing at Stripe next week for a senior role and I need to prep for system design."
Each of those sentences contains enough information to narrow down who you are. Combined across a conversation, they paint a very specific portrait. Your job, your city, your health concerns, your relationship problems. All of it, freely offered to a chat window that feels private but isn't.
The $4 problem, scaled
The ETH Zurich study worked on short, anonymous forum posts. People who were trying to be anonymous. Security researcher Bruce Schneier called it a fundamental shift in what's possible. If an LLM can identify someone from a handful of forum comments, imagine what it can do with months of AI chat history.
This isn't theoretical. We've seen it before.
In 2006, AOL released 20 million "anonymized" search queries for research. User IDs replaced real names. Should've been safe. It wasn't. New York Times journalists identified User #4417749 as Thelma Arnold, a 62-year-old widow in Lilburn, Georgia. Her searches for "landscapers in Lilburn, Ga" and people with the last name Arnold were enough. Twenty years later, that data is still available on the Internet Archive.
Those were search queries. Two or three words each. Your AI conversations contain paragraphs.
87% of Americans can be identified by three facts
In 1997, a Harvard researcher named Latanya Sweeney proved something unsettling. She showed that 87% of Americans can be uniquely identified using just three pieces of information: zip code, date of birth, and gender.
To prove the point, she bought a $20 voter registration database and cross-referenced it with "anonymized" medical records from the state of Massachusetts. She found the governor's records. Sent them to his office. Made her point.
That was three data points. Think about how many data points exist in a single AI conversation. Your location. Your age range. Your profession. Your medical questions. Your family situation. The neighborhood you're complaining about. The school your kid attends. The name of your dog.
You're not giving away three facts. You're giving away dozens, sometimes in a single session.
This data doesn't disappear
Here's the part that should keep you up at night. This data is permanent.
AI companies retain your conversations. The retention window varies. Thirty days on the short end, up to five years on the long end. But retention policies only cover the original copies. If your data gets used in training, the patterns it created live inside the model. You can't delete a pattern from a neural network.
We already know LLMs memorize training data. Researchers have shown that models can reproduce phone numbers, email addresses, and code snippets verbatim from their training sets. If your conversations become training data (and on most free plans, they do by default), pieces of what you shared could resurface in ways nobody predicted.
And then there are breaches. In March 2023, a bug in ChatGPT exposed other users' conversation histories. People saw chat titles that weren't theirs. Some paying users could see other people's names and partial credit card numbers. OpenAI fixed it quickly. But the data was out.
The AOL data leaked in 2006. It's still online in 2026. Once data escapes, there's no calling it back.
The $270 billion industry waiting for your data
Data brokers already profile 2.6 billion people worldwide. Acxiom, one of the largest, tracks over 10,000 traits per individual. These companies buy, sell, and combine data from every source they can find. Public records, purchase histories, app usage, location data.
Now add AI conversations to that mix. A leaked or sold dataset of chat histories, cross-referenced with existing broker profiles, creates something far more detailed than anything that existed before. Not just where you shop and what you buy. What you worry about. What you're planning. What you asked a machine at 2 a.m. when you thought nobody was watching.
The data broker industry is worth $270 billion. Your AI chats are exactly the kind of high-signal, deeply personal data these companies are hungry for.
What "anonymous" actually means (and doesn't)
Most people assume their AI conversations exist in some protected bubble. No name attached, no way to trace it back. That assumption is wrong.
Your AI provider knows your IP address. If you have an account, they know your email. If you're on a paid plan, they know your payment details. That's the explicit stuff. The implicit stuff is worse. Your writing style, your vocabulary, your concerns, your schedule (when do you chat?), your location references. All of these are fingerprints.
The ETH Zurich researchers didn't need any of that explicit information. They identified people from writing patterns alone. Add in the metadata that AI companies already collect, and "anonymous" starts to look like a very thin mask.
The next time you type something into an AI chatbot, pause for a second. The service knows your IP address, your account email, and everything you've ever asked it. If you're on a free plan, your conversations are probably training the next model. If there's a breach, that data could end up anywhere.
That's not anonymous. That's a diary with someone else's lock on it.