In this paper, we address privacy issues related to ranked retrieval model in web databases, each of which takes private attributes as part of input in the ranking function. Many web databases have both public attributes and private attributes which serve different purposes. The owners of web databases, which normally are websites, show the public attributes but keep private attributes invisible to public. For example, social network websites provide privacy settings which allow users to control the visibility of user profiles by hiding certain attributes values from public view. In order to maximize the protection effect, these websites also hide private attributes in query results so that public can only access attributes that are set to public. In this way, even private attributes have been taken as part of input in the ranking function, many websites believe that the adversary is unable to reveal the private attribute values from ranked query results. Thus they declare the private attributes are well protected. Intuitively, users indeed cannot view others' private attribute values and their own private attribute values are hidden from public view. Users trust these websites because they believe that 'what you see is what you get', and be persuaded to input sensitive personal information as private attributes to databases. However, the investigation by Rahman et al. proves that though the values of private attributes could be hidden from public view, they still can be inferred from the ranking function.