This study systematically uncovers privacy leakage risks inherent in egocentric videos, focusing on three categories of sensitive information: demographic attributes, individual identity, and contextual privacy. To this end, we introduce EgoPrivacy—the first comprehensive, finely annotated benchmark dataset for egocentric privacy assessment—and propose a novel ego-to-exo retrieval-augmented attack paradigm. This framework leverages cross-view video retrieval to assist zero-shot foundation models in performing seven privacy inference tasks, spanning fine- to coarse-grained levels. Experiments demonstrate that state-of-the-art foundation models achieve 70–80% accuracy under zero-shot settings, confirming severe privacy vulnerabilities in egocentric video data. Our contributions include: (1) the first standardized benchmark for wearer privacy risk evaluation; (2) a new retrieval-augmented adversarial framework; and (3) empirical evidence of foundation models’ intrinsic privacy fragility. All code and datasets are publicly released.

While the rapid proliferation of wearable cameras has raised significant concerns about egocentric video privacy, prior work has largely overlooked the unique privacy threats posed to the camera wearer. This work investigates the core question: How much privacy information about the camera wearer can be inferred from their first-person view videos? We introduce EgoPrivacy, the first large-scale benchmark for the comprehensive evaluation of privacy risks in egocentric vision. EgoPrivacy covers three types of privacy (demographic, individual, and situational), defining seven tasks that aim to recover private information ranging from fine-grained (e.g., wearer's identity) to coarse-grained (e.g., age group). To further emphasize the privacy threats inherent to egocentric vision, we propose Retrieval-Augmented Attack, a novel attack strategy that leverages ego-to-exo retrieval from an external pool of exocentric videos to boost the effectiveness of demographic privacy attacks. An extensive comparison of the different attacks possible under all threat models is presented, showing that private information of the wearer is highly susceptible to leakage. For instance, our findings indicate that foundation models can effectively compromise wearer privacy even in zero-shot settings by recovering attributes such as identity, scene, gender, and race with 70-80% accuracy. Our code and data are available at https://github.com/williamium3000/ego-privacy.