AI has transformed the act of "handing over data" from a passive, stolen, and unpleasant process into an active, immediately rewarding, and social everyday behavior.

Article author and source: 0x9999in1, ME News

TL;DR

• Five years ago, people were angry about apps stealing their contact lists and leaking their phone numbers; now, they willingly feed their ID cards, resumes, and medical records into AI, remaining eerily calm.
• Privacy tolerance is indeed increasing, but the essence is not "not caring anymore"—it's a cost-benefit calculation: the immediate rewards provided by AI are so great that users are willing to pretend they don't see the risks.
• Three core forces are driving this shift: the nature of interaction has changed (conversational trust), the speed of feedback has changed (second-level fulfillment), and alternatives have disappeared (if you don’t, you’re out).
• Regulation has not kept pace with this collective psychological shift. After the implementation of China's Interim Measures for the Management of Generative Artificial Intelligence Services and the EU AI Act, enforcement remains coarse-grained.
• The real danger isn't "I know I'm giving up my privacy," but "I have no idea what I've given up"—in the era of multimodal AI, the granularity of data collection has far surpassed user awareness.
• Increasing privacy tolerance is a gradual, conditional, and reversible process, not a one-way slippery slope.

Five years ago: Anger was standard.

Between 2019 and 2021, privacy news was such that—



A top social app was flagged by the Ministry of Industry and Information Technology for frequently accessing users’ photo albums in the background. A food delivery platform was exposed for practicing price discrimination based on device type—iPhone users saw delivery fees that were 2 yuan higher than those for Android users. A real estate information platform sold registered phone numbers in bulk to real estate agents; within three minutes of filling out a property inquiry form, users received five calls from sales representatives in different regions.

What was the public reaction back then? Explosive. Weibo trending topics routinely reached hundreds of millions of views. CCTV’s 315 Gala called out the issue. The Ministry of Industry and Information Technology issued repeated rounds of takedown and rectification notices. People left highly specific comments: “Why are you reading my clipboard?” “I just downloaded a weather app—why do you need access to my contacts?”

Anger is real. Distrust is real.

The 2021 implementation of the Personal Information Protection Law was an institutional outcome of the collective sentiment of that era.

Looking back, it was an era when people had a "simple sense of territorial privacy"—my phone number was mine, my address was mine, my spending records were mine. If you stole them, I’d call you out. The logic was simple, the stance clear.

Now: Feeding is daily

Fast-forward to 2025, 2026.

Open DouBao and paste a resume containing real name, educational background, and work experience: "Please polish this for applying to multinational companies."

Open ChatGPT and upload a photo of your ID: "Help me turn this into a high-resolution scan, with front and back separated."

Open Kimi and upload a health check report: "Help me interpret this— which indicators are abnormal?"

Open Grok and paste a chat log with your ex: "Help me analyze what he means."

Pause. Think about these actions.

Five years ago, an app secretly accessed your contacts, and you wanted to report it. Now, you willingly feed your ID, resume, medical records, emotional privacy, and even financial data into an AI model whose backend architecture you don’t understand.

And what emotions are you experiencing while doing these things?

Not nervous. Not hesitant. Anticipating. "Give me the results soon."

This is the change. A massive, structural change.

Why is this happening? It's not that people have become stupid.

First, let’s rule out the lazy explanation: people have become numb.

No. At the end of 2024, Clearview AI was heavily fined in Europe, and the comments under related news articles remained angry. In early 2025, a domestic large model was exposed for using user conversation data for training without clear disclosure; social media quickly reacted, and the company issued an apology statement within two days.

People are not entirely indifferent to privacy. They have simply recalculated within a new framework.

Past data collection was done "behind your back." The app secretly uploaded your contacts in the background—a process you couldn’t see, weren’t aware of, and didn’t participate in. Once discovered, it naturally felt like a violation.

But AI is different. You speak to it, and it responds to you. It calls you "dear" or politely says, "Sure, I'll help you with that." This is a conversation—and conversations naturally build trust.

In psychology, there's a concept called "reciprocal self-disclosure"—when you feel the other person is responding to you, you're more likely to reveal more. AI perfectly mimics this mechanism, even though the party providing the "response" isn't human at all.

You think you're collaborating with an assistant. In reality, you're exposing yourself to a database. But because the experience feels like "chatting," your vigilance relaxes.

Previously, the pattern of privacy leaks was this: you give up your data → it’s sold by black-market actors → eventually, you receive harassing calls. There’s a delay between giving up your data and facing the consequences, and almost no positive correlation between what you give and what you gain. So the instinctive reaction is to refuse.

The dynamic has reversed: you provide data → AI instantly returns a polished resume, a restored ID photo, or a clear diagnostic interpretation. There’s nearly zero delay between input and reward, while potential risks are pushed to an uncertain point in the future.

This is the classic "hyperbolic discounting"—humans naturally overweight immediate, certain gains and severely underweight future, uncertain losses. AI has exploited this cognitive bias to its fullest extent—not intentionally, but structurally.

By 2026, AI will be infrastructure in the workplace, education, and daily life.

You don’t use AI to revise your resume, but the person next to you does—and their resume is three times more polished. You don’t use AI to process your ID photos, yet the photo shop down the street uses AI before selling them to you—you’re just paying an extra 30 yuan so someone else can feed data for you. You don’t use AI to assist with coding, and your project progress is simply slower than those who do.

When a tool becomes a social infrastructure that you fall behind on if you don’t use it, privacy choices are no longer purely personal preferences, but rather forced behaviors driven by social pressure.

You can choose not to. But the cost is visible, immediate, and continuously accumulating.

How to say data

According to Cisco's 2024 Consumer Privacy Survey, 84% of respondents globally expressed concern about privacy, but only 46% said they would stop using an AI service due to privacy concerns. In other words, nearly half explicitly acknowledged: "I care, but I won’t give up using it."

Domestic data is more interesting. A survey released by the China Academy of Information and Communications Technology in March 2025 showed that among users who use generative AI, 67% have uploaded content containing personal sensitive information (including names, identification numbers, photos, etc.), but only 23% of them have carefully read the service’s privacy policy.

Two-thirds of people are naked, and three-quarters of those naked don’t realize how exposed they are.

Now consider the enterprise side. According to a 2025 Salesforce survey on workplace AI usage, 28% of global respondents admitted to entering company confidential data into public AI tools without authorization. Back in 2023, Samsung experienced an incident where engineers pasted internal source code into ChatGPT, resulting in a leak—this is not permissive privacy, it’s a privacy blind spot.

Case: Things we have become accustomed to

Case 1: AI ID Photo

From 2024 to 2025, AI-based ID photo apps experienced explosive growth in China. Products such as Miao Ya Camera and Hai Ma Ti AI Photos have reached user bases in the tens of millions. The process is simple: upload 15–20 personal photos (including front and side views from various angles), and the AI generates a variety of ID photos and portrait shots.

Think about what this means—you’ve handed over your high-definition facial biometric data, captured from multiple angles and under varying lighting conditions, to a commercial company’s server. Is this data used for model training? How long is it retained? What encryption standards are applied? Most users never ask.

In 2020, this would have sparked public outrage. In 2025, people see it as a "lifestyle."

Case 2: AI Resume and Job Search

From 2025 to 2026, using large models to revise resumes has become a standard practice among job seekers. A 2025 survey by LinkedIn noted that over half of job seekers on its platform have used AI to assist in generating or optimizing resume content. A 2025 report from Zhipin Recruitment also shows a similar trend.

These resumes include full name, contact information, educational background, employers, project experience, and even salary expectations. Users provide the AI with a complete professional profile all at once. This is more comprehensive than any job board’s structured data collection—because resumes are narrative, containing context, logical relationships, and personal intentions.

Case 3: AI Psychological Counseling and Sentiment Analysis

Since 2025, there has been a surge in AI emotional companion products. Character.ai has seen massive usage of its mental health-related characters. Domestic products such as "Xingye" and "Zhumeng Island" also have large numbers of users sharing their personal concerns.

What users reveal in these scenarios are emotional states, interpersonal details, psychological trauma, or evaluations of specific individuals. The sensitivity of this information far exceeds that of phone numbers and addresses.

At the end of 2024, Character.ai was sued by the family of an American teenager who died by suicide after deeply interacting with an AI character. The incident drew regulatory attention, but did not lead to a significant decline in user numbers for such products.

What does this indicate? People are not unaware of the risks. But emotional needs are too real, too urgent, and alternatives—such as in-person counseling—are too expensive, too hard to book, and carry too much social stigma.

Tolerance has increased, but there are boundaries.

At this point, my judgment is:

Yes, the tolerance has increased. Not because people care less, but because the AI era has redefined the threshold for "acceptable privacy transactions."

But this tolerance is conditional.

Condition one: Users need to feel "I am proactive."

People can tolerate data they willingly give up, but not data that is stolen. In 2025, a short-video platform was exposed for using microphone permissions to collect ambient audio without users’ knowledge, for ad targeting. The public reaction? Still furious and intense.

So it’s not “privacy doesn’t matter.” It’s “what I give is fine, what you steal is not.” The perception of control is the key variable.

Condition two: Users must trust the brand

Uploading your ID to WeChat, Alipay, or a little-known app involves completely different user psychological thresholds. Trust acts as a critical regulator here. Major brands like OpenAI, ByteDance, and Baidu benefit from the implicit endorsement of "big equals trustworthy"—even though "big" and "secure" are not causally linked.

Condition three: Data types differ

Users still exhibit varying levels of sensitivity toward different types of data. According to the 2025 survey data from China’s Academy of Cyberspace Studies, users’ sensitivity ranking for the following data types is approximately: financial account information > ID number > medical records > facial data > occupational information > interest preferences.

In other words, people are willing to give their resumes to AI, but they still hesitate for a long time before allowing AI to link their bank cards. Tolerance is layered, not one-size-fits-all.

The real risk: you don’t know what you’ve given up

What I'm most concerned about isn't actually the part where users voluntarily give.

The greatest danger lies in the era of multimodal AI, where the dimensions of data collection far exceed user awareness.

You think you’re just uploading an audio clip for AI transcription. But what does the audio contain? Speech rate, pause patterns, emotional fluctuations, background noise, accent characteristics. These are all data.

You thought you were just taking a photo for AI to edit. But the photo’s EXIF data contains GPS coordinates, device model, and shooting time. In the background are your house number, your car’s license plate, and the label on the medicine bottle on your desk.

You thought you were just having AI analyze a PDF document. But the document’s metadata contained the author’s name, edit history, and company domain.

Users "voluntarily hand over" surface-level information, but the AI system actually gains a deep profile. Users think they’ve made a small payment, but in reality, they’ve signed a blank check.

This认知差距—what users think they paid versus what they actually paid—is the greatest privacy trap of this era.

Can regulation keep up?

To be honest, things are currently progressing unevenly.

In China, the Interim Measures for the Administration of Generative Artificial Intelligence Services, effective August 2023, require service providers not to illegally retain input information that can identify users, nor to use such input information for model training unless user consent is obtained. The direction is correct, but the enforcement is coarse. What constitutes user consent? A pop-up window? A pre-checked checkbox? What is the essential difference from the privacy policy practices of apps ten years ago?

In the European Union, the AI Act began phased implementation in 2025, subjecting high-risk AI systems to strict regulation and requiring traceability of training data. While the direction is sound, enforcing cross-border regulations against globally operating companies like OpenAI and Google incurs extremely high costs.

The U.S.? There is still no unified federal privacy law. Each state operates independently. California’s CCPA is leading, but its provisions on generative AI are still being updated.

Summary: Regulation is moving, but it’s at least two to three years behind the pace of technological implementation. Meanwhile, user behavior is changing even faster than regulation. This speed gap among the three is the primary source of today’s privacy risks.

Conclusion

Has people's tolerance for privacy increased?

Higher. But not because people have become dumber, nor because they no longer care.

Because AI has transformed the act of "handing over data" from a passive, stolen, and unpleasant process into an active, immediately rewarding, and socialized daily behavior.

You haven’t lost your privacy awareness. You simply accepted a price you thought was fair in a transaction whose full scope you may not have fully understood.

Will this price be proven too low in the future?

The answer to this question may only be known one day, when the true destination of AI training data is fully revealed.

By then, I hope we still have room to negotiate.

Reference source

1. Cisco, 2024 Consumer Privacy Survey, December 2024.
2. China Academy of Information and Communications Technology, "Research Report on Personal Information Protection in Artificial Intelligence Applications," March 2025.
3. Salesforce, Trends in AI at Work Report, 2025.
4. The National Internet Information Office, Interim Measures for the Administration of Generative Artificial Intelligence Services, effective August 15, 2023.
5. European Parliament, Artificial Intelligence Act (EU AI Act), officially adopted in 2024, to be implemented in phases starting in 2025.
6. Reuters, "Character.AI sued after teen's death linked to chatbot interactions," October 2024.
7. Samsung, internal memo on restricting ChatGPT use after source code leak, reported by Bloomberg, May 2023.
8. China Cyber Space Research Institute, "Survey on Chinese Internet Users' Perception of Data Security," 2025.