Right, as is so often the case with AI stuff the thing that's disconcerting is how cheap and low friction and friction adopt available this ability is now.
Anyone with access to a decent LLM can now perform a version of this in just a few seconds.
It's a lot to take in, if I'm being honest. Growing up in the sort of cultures where gossip and tabloids were the norm, this tool is painful to me in a way I'm not sure many folks can understand. It's not even low friction anymore; it's no friction, in the sense that anyone with a chatbot and minimal rails can just ask it to do these sorts of profiles now, on anyone they choose.
We desperately need to modernize laws around discrimination in light of the proliferation of these tools. No longer does someone need to thread the needle in interviews around "illegal" questions to find something to (metaphorically) hang an interviewee with, as these tools can pick it apart quite cleanly. People in protected classes are going to get reamed by bad actors leveraging these tools.
That said, after rubber ducking with a friend on this, I've come to the conclusion that there's two paths forward from this point: flight (scrubbing socials, hiding online, creating an acceptable persona) or fight (being firmly authentic, owning your weirdness, and accepting you can't control the outcomes of others' actions using these tools). I've spent decades in 'flight', and I'm tired of it. I can't control who uses these tools and to what end, so I may as well just be my damn self anyhow and do regular threat assessments accordingly. The more people who behave authentically, the less power these tools have over us.
I think it's not unreasonable, if one is in an oft discriminated protected class, to aim ones career / expense trajectory towards stability for the next couple decades. (Prioritizing remote, focusing towards subfields where there's more tolerance, working for companies in financially stable industries)
The law, currently predicated on the difficulty of discriminating en masse without leaving a paper trail, will take a while to catch up with de facto use.
We've come a long way in some aspects, while staying pretty much in place in others.
I taught infosec 101 course at a university ~20 years ago. (Twice.) On the topic of privacy I used an example of harvesting data on peoples' habits, movements and behaviours and then said that as a society we use two different terms for the same thing. "When an individual does this, it's called stalking. When a company does this, it's called data mining."
The economics department students, many of who already knew they would want to work in marketing, were quite offended.
Anyone with access to a decent LLM can now perform a version of this in just a few seconds.