3

I am building a chatbot for my university in GroupMe, which very popular there. The bot will, for example, allow users to send messages to their chat groups like /menus (assuming that "/" is the character that indicates a command to the bot), or /busschedules, /calendar, etc.

The problem is that the GroupMe bot API behaves in what seems to me like a very bad way from a privacy perspective. It sends a POST request to the bot's (my) server for every new message sent to any group in which the bot is installed (not just messages starting with "/"), unencrypted. For a number of reasons, I don't want to be in a situation where I can read the messages a large number of students at my school. This is not so much so I don't get tempted to read them, as much as:

I don't want to be asked by my school or the police to turn over messages sent by any student, and I think if I provide reasonable notification that the bot sees every message sent, that may turn a lot of students off from using the bot. I can't think of a way to prevent this problem. I don't think any type of server-side encryption is relevant since I receive the data raw (i.e., it's on my server raw at some point, so encrypting it later is useless).

The only solution I've come up with is, to create a 2nd AWS account (I'm using elastic beanstalk, API gateway and Lambda), have that account just be responsible for checking each message and only pass it on if it begins with "/", and then ask some trusted person (for example, the university's IT department) to change and keep the password (an AIM account with only billing privileges would be created to keep credit cards current). To increase security, that AWS account and Lambda script or server could be set to post a message in a public place anytime someone logs in, or if it stops receiving requests from GroupMe (indicating that someone told the GroupMe API to bypass that server).

Is this setup common? Are there other ways to protect people's messages in this context that I'm not thinking of (I have tried googling but not found anything)?

Luke Baumann
  • 131
  • 1
  • uh, wow. First of all, Kudos for recognizing this is a privacy/data problem! You get my applause for not wanting to unnecessarily aggregate info. Most of the web folks don't care, sadly. But yeah: I'd assume the bot is as good as someone who's personally invited to the same conversations as the bot, so I don't really see any immediately way of making your bot selectively "deaf" to anything but things aimed at it. – Marcus Müller Aug 20 '17 at 17:13
  • Are you building your bot off a full web server? The best way in my mind is to make it a python micro app script thing that way you know exactly what's logged. First thing you do with a request is check if it starts with a slash and if not silently close it. – Allison Aug 20 '17 at 18:08
  • @Sirens yeah, and the reality is that's a pretty good system. It's just kind of unsatisfying because I wish I could find something that didn't rely on me being a good person (i.e., not go looking through the apache logs or something). I think I will just do this and put a disclaimer explaining the risks. – Luke Baumann Aug 21 '17 at 04:47
  • @MarcusMüller All the requests are handled with AWS API gateway and AWS Lambda (and S3 to cache the info I will return). That's nice because I've already set it to only pass along messages that start with a slash. However, these bots are look like regular users in a group (they might say "bot" underneath or something, but they interface like a human user). The potential problem is that people will install them and totally forget about them, and then I could (if I were evil) change the API configuration without telling anyone and read all their messages. – Luke Baumann Aug 21 '17 at 04:51
  • I don't know much about chatbots, but this seems to be a really thoughtless implementation on GroupMe's part. If I didn't warn users that they would send all their data to the bot, I could fool people incredibly easily (since most people don't think about privacy, especially with well-established apps like GroupMe). – Luke Baumann Aug 21 '17 at 04:53

0 Answers0