Bots can Snoop: Uncovering and Mitigating Privacy Risks of Bots in Group Chats
Kai-Hsiang Chou
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Privacy 3: Attacks
This talk, presented by Kai-Hsiang Chou, delves into the often-overlooked privacy implications of integrating chatbots into group messaging platforms. Titled "Bots can Snoop: Uncovering and Mitigating Privacy Risks of Bots in Group Chats," the research highlights how commonly deployed chatbots are frequently **over-privileged**, gaining access to sensitive user data far beyond what is necessary for their intended functions. This over-privilege manifests in two critical ways: chatbots reading messages irrelevant to their purpose, and their ability to identify message senders, potentially enabling cross-group user tracking.
AI review
Legitimate academic research on a real and underexamined problem — bot over-privilege in E2EE group chats. The CMRT construction is a genuine cryptographic contribution, not just a threat survey. Solid USENIX-tier paper work, but the presentation lands as competent rather than compelling, and the practical deployment path has enough gaps that this won't change what defenders or platform engineers do tomorrow.