Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Bots can Snoop: Uncovering and Mitigating Privacy Risks of Bots in Group Chats

Kai-Hsiang Chou, Yi-Min Lin, Yi-An Wang, Jonathan Weiping Li, Tiffany Hyun-Jin Kim, Hsu-Chun Hsiao

TL;DR

This work identifies two privacy risks in group chats with chatbots: access to irrelevant messages and leakage of sender identities. It introduces SnoopGuard, a privacy‑preserving secure group messaging protocol built on a compressed multi‑roots tree CGKA (CMRT) to achieve selective message access and sender anonymity while preserving end‑to‑end security and post‑compromise security. The authors formalize extensions such as pseudonymity and trigger concealment, analyze security under standard cryptographic assumptions, and show practical performance (e.g., ~10 ms to deliver a message to 50 users and 10 bots with MLS integration). Through case studies, platform surveys, and a prototype implementation, the work demonstrates feasible privacy gains with manageable overhead, and it outlines a roadmap toward broader adoption and usability in real‑world chat platforms.

Abstract

New privacy concerns arise with chatbots on group messaging platforms. Chatbots may access information beyond their intended functionalities, such as sender identities or messages unintended for chatbots. Chatbot developers may exploit such information to infer personal information and link users across groups, potentially leading to data breaches, pervasive tracking, or targeted advertising. Our analysis of conversation datasets shows that (1) chatbots often access far more messages than needed, and (2) when a user joins a new group with chatbots, there is a 3.6% chance that at least one of the chatbots can recognize and associate the user with their previous interactions in other groups. Although state-of-the-art (SoA) group messaging protocols provide robust end-to-end encryption and some platforms have implemented policies to limit chatbot access, no platforms successfully combine these features. This paper introduces SnoopGuard, a secure group messaging protocol that ensures user privacy against chatbots while maintaining strong end-to-end security. Our protocol offers (1) selective message access, preventing chatbots from accessing unrelated messages, and (2) sender anonymity, hiding user identities from chatbots. SnoopGuard achieves $O(\log n + m)$ message-sending complexity for a group of $n$ users and $m$ chatbots, compared to $O(\log(n + m))$ in SoA protocols, with acceptable overhead for enhanced privacy. Our prototype implementation shows that sending a message to a group of 50 users and 10 chatbots takes about 10 milliseconds when integrated with Message Layer Security (MLS).

Bots can Snoop: Uncovering and Mitigating Privacy Risks of Bots in Group Chats

TL;DR

This work identifies two privacy risks in group chats with chatbots: access to irrelevant messages and leakage of sender identities. It introduces SnoopGuard, a privacy‑preserving secure group messaging protocol built on a compressed multi‑roots tree CGKA (CMRT) to achieve selective message access and sender anonymity while preserving end‑to‑end security and post‑compromise security. The authors formalize extensions such as pseudonymity and trigger concealment, analyze security under standard cryptographic assumptions, and show practical performance (e.g., ~10 ms to deliver a message to 50 users and 10 bots with MLS integration). Through case studies, platform surveys, and a prototype implementation, the work demonstrates feasible privacy gains with manageable overhead, and it outlines a roadmap toward broader adoption and usability in real‑world chat platforms.

Abstract

New privacy concerns arise with chatbots on group messaging platforms. Chatbots may access information beyond their intended functionalities, such as sender identities or messages unintended for chatbots. Chatbot developers may exploit such information to infer personal information and link users across groups, potentially leading to data breaches, pervasive tracking, or targeted advertising. Our analysis of conversation datasets shows that (1) chatbots often access far more messages than needed, and (2) when a user joins a new group with chatbots, there is a 3.6% chance that at least one of the chatbots can recognize and associate the user with their previous interactions in other groups. Although state-of-the-art (SoA) group messaging protocols provide robust end-to-end encryption and some platforms have implemented policies to limit chatbot access, no platforms successfully combine these features. This paper introduces SnoopGuard, a secure group messaging protocol that ensures user privacy against chatbots while maintaining strong end-to-end security. Our protocol offers (1) selective message access, preventing chatbots from accessing unrelated messages, and (2) sender anonymity, hiding user identities from chatbots. SnoopGuard achieves message-sending complexity for a group of users and chatbots, compared to in SoA protocols, with acceptable overhead for enhanced privacy. Our prototype implementation shows that sending a message to a group of 50 users and 10 chatbots takes about 10 milliseconds when integrated with Message Layer Security (MLS).

Paper Structure

This paper contains 44 sections, 1 equation, 8 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Our Contributions
  3. Background on Group Chat and Chatbot
  4. Messaging Platforms
  5. Secure Messaging
  6. Threat Model and Assumptions
  7. Privacy Issues of Chatbots in Group Chats
  8. Case Study 1: Unnecessary Access
  9. Case Study 2: Cross-Group Identification
  10. Tension Between Mitigating Privacy Issues and Achieving E2EE
  11. Methodology
  12. Platforms with Chatbot Support
  13. Platforms Lacking Chatbot Support
  14. Findings
  15. SnoopGuard: A Privacy-Preserving Secure Group Messaging Protocol
  16. ...and 29 more sections

Figures (8)

  • Figure 1: Example views of typical group messages from a URL-checking bot (⓪) and messages when our desired privacy policy is enforced (①--③). Selective message access ① ensures that the chatbot can only view messages relevant to its functionality (i.e., containing URLs). With sender anonymity ②, the chatbot does not know the sender's identity. With sender anonymity featuring pseudonyms (③), the chatbot can distinguish between senders using pseudonymous identifiers that may change over time.
  • Figure 2: A typical messaging platform involves a service provider forwarding messages among group members. Two primary adversaries against users' privacy in this setting are ➊ malicious service providers with key-compromise capability and ➋ overprivileged chatbots. While state-of-the-art secure group messaging can address ➊ only, our work aims to address both. The icons in the figure are from https://fontawesome.com/.
  • Figure 3: Illustration of $\mathsf{CMRT}$ with users $u_1, \dots, u_n$ and chatbots $c_1, c_2$. Users share the group secret $G$ from the user subtrees (triangles), while $C_1, C_2$ are secrets for chatbots $c_1, c_2$, respectively. The rectangles represent secrets shared between the group and each chatbot. The arrows indicate secret assignments, and the lines indicate parent-child relationships, where a child knows the secret of its parent. For example, in (b), $G'$ represents the group secret, while $S_1'$ is the secret shared between $u_1, \dots, u_n$ and $C_1$. In (c), the chatbot can send the fresh key $S_2'$ to the users using the public key derived from $G$.
  • Figure 4: Adding Chatbot with Sender Anonymity
  • Figure 5: Sending Messages with Sender Anonymity
  • ...and 3 more figures

Theorems & Definitions (3)

  • Definition 1
  • Definition 2
  • Definition 3