A defining characteristic of current web applications is that they are personalized according to the interests and preferences of individual users; popular examples are Google News and Amazon.com. While this paradigm shift is generally viewed as positive by both users and content providers, it introduces privacy concerns, as the data needed to drive this functionality is often considered private. Web applications have responded by giving users the chance to deny explicit disclosure of personal information, as well as minimizing the invasiveness of the information they require. In this position paper, we address the concern that explicit disclosure alone is not sufficient to protect user privacy, as attackers can combine users’ consensually-shared information with additional background information to infer private facts about individuals. We argue that to properly account for these attacks, auditors must consider not just the relationship between disclosed information and attackers’ background data, but also the semantics of applications that operate over the private information.