This work addresses the privacy risks posed by online vision-language models (OVLMs), which may inadvertently disclose personally identifiable information (PII) through explicit visual content or implicit contextual cues in user-uploaded images. The study presents the first systematic evaluation of both direct and indirect PII leakage mechanisms in OVLMs and introduces an integrated framework that combines context-aware analysis, privacy-preserving techniques, and utility retention strategies. By jointly optimizing these components, the proposed approach significantly mitigates PII exposure while preserving the functional utility of images for downstream OVLM tasks, thereby demonstrating the feasibility of harmonizing privacy protection with model performance.

The increasing use of Online Vision Language Models (OVLMs) for processing images has introduced significant privacy risks, as individuals frequently upload images for various utilities, unaware of the potential for privacy violations. Images contain relationships that relate to Personally Identifiable Information (PII), where even seemingly harmless details can indirectly reveal sensitive information through surrounding clues. This paper explores the critical issue of PII disclosure in images uploaded to OVLMs and its implications for user privacy. We investigate how the extraction of contextual relationships from images can lead to direct (explicit) or indirect (implicit) exposure of PII, significantly compromising personal privacy. Furthermore, we propose methods to protect privacy while preserving the intended utility of the images in Vision Language Model (VLM)-based applications. Our evaluation demonstrates the efficacy of these techniques, highlighting the delicate balance between maintaining utility and protecting privacy in online image processing environments. Index Terms-Personally Identifiable Information (PII), Privacy, Utility, privacy concerns, sensitive information