Bots can Snoop: Uncovering and Mitigating Privacy Risks of Bots in Group Chats

TL;DR

This paper reveals privacy risks posed by chatbots in group chats, demonstrating their potential to access and link user information, and introduces SnoopGuard, a protocol that enhances privacy while maintaining security.

Contribution

The paper identifies privacy vulnerabilities in current group messaging protocols and proposes SnoopGuard, a novel secure protocol that limits chatbot access and preserves user anonymity.

Findings

Chatbots often access more messages than necessary.

There is a 3.6% chance chatbots recognize users across groups.

SnoopGuard maintains privacy with acceptable message overhead.

Abstract

New privacy concerns arise with chatbots on group messaging platforms. Chatbots may access information beyond their intended functionalities, such as sender identities or messages unintended for chatbots. Chatbot developers may exploit such information to infer personal information and link users across groups, potentially leading to data breaches, pervasive tracking, or targeted advertising. Our analysis of conversation datasets shows that (1) chatbots often access far more messages than needed, and (2) when a user joins a new group with chatbots, there is a 3.6% chance that at least one of the chatbots can recognize and associate the user with their previous interactions in other groups. Although state-of-the-art (SoA) group messaging protocols provide robust end-to-end encryption and some platforms have implemented policies to limit chatbot access, no platforms successfully combine these features. This paper introduces SnoopGuard, a secure group messaging protocol that ensures user privacy against chatbots while maintaining strong end-to-end security. Our protocol offers (1) selective message access, preventing chatbots from accessing unrelated messages, and (2) sender anonymity, hiding user identities from chatbots. SnoopGuard achieves $O(\log n + m)$ message-sending complexity for a group of $n$ users and $m$ chatbots, compared to $O(\log(n + m))$ in SoA protocols, with acceptable overhead for enhanced privacy. Our prototype implementation shows that sending a message to a group of 50 users and 10 chatbots takes about 10 milliseconds when integrated with Message Layer Security (MLS).