This study addresses the privacy risk that user personas can be inferred from encrypted network traffic using only packet lengths and timing. The authors formally define and quantify this threat for the first time, proposing a large language model–driven multi-agent browsing framework to simulate persona-specific behaviors on real websites and collect corresponding encrypted traffic. Through multi-task learning in both closed-set and open-world settings, their approach achieves approximately 84% accuracy in cross-site persona inference across 10 websites and 15 persona categories. Moreover, a lightweight multi-task training strategy maintains 93% website identification accuracy while boosting persona inference performance to around 80%, demonstrating that existing website fingerprinting models inadvertently encode exploitable persona information that can be leveraged efficiently and at low cost.

Website Fingerprinting (WFP) has traditionally focused on inferring which website a user visits from encrypted traffic metadata such as packet sizes and timing. In this paper, we identify and quantify a new privacy risk in modern web settings: an adversary can infer a user's persona using only packet-length and inter-arrival-time sequences. To study this risk at scale, we build an LLM-driven multi-agent browsing framework that enforces controllable persona constraints while a computer-use agent interacts with real websites and collects corresponding encrypted traffic traces. We formalize persona fingerprinting under both closed-set and open-world settings and further evaluate whether persona information is already embedded in representations learned by existing WFP models and can be amplified at low cost. Across 10 modern websites and 15 personas (plus an open-world class), persona inference achieves about 84% accuracy on mixed-site traffic; moreover, a lightweight multi-task objective can boost persona accuracy to around 80% while retaining strong site classification performance (about 93% baseline). Our results show that, on modern websites, encrypted traffic metadata can leak not only which site a user visits, but also how they browse and who is browsing.