Explore the privacy risks associated with Facebook's PII-based targeting in this IEEE Symposium on Security & Privacy conference talk. Delve into the vulnerabilities of custom audience implementations, focusing on how adversaries can exploit these interfaces to infer users' personal information and online activity. Learn about attacks that allow inferring full phone numbers from email addresses, determining website visits, and de-anonymizing website visitors en masse. Understand the implications of these attacks, which can be conducted without victim interaction or detection. Examine the proposed fix for these vulnerabilities and Facebook's response to the security concerns. Gain insights into the broader privacy implications for advertising platforms and the need for careful consideration of interface designs to protect user data.