This paper identifies critical privacy risks in group chats arising from chatbots’ excessive access to messages and user identities: bots can exfiltrate non-targeted messages, infer senders’ sensitive attributes, and cross-link users across groups—empirically achieving a 3.6% identification rate—leading to data leakage and user tracking. To address this, we propose SnoopGuard, the first end-to-end encrypted group messaging protocol supporting sender anonymity and selective message delivery. Built upon the Messaging Layer Security (MLS) framework, SnoopGuard integrates hierarchical key distribution, dynamic access control, and a lightweight obfuscation mechanism. Its theoretical computational complexity is O(log n + m), and in evaluation with 50 users and 10 bots, average message latency remains ≈10 ms. Experiments demonstrate that SnoopGuard preserves scalability while provably eliminating unauthorized message access and cross-group identity linkage by chatbots.

New privacy concerns arise with chatbots on group messaging platforms. Chatbots may access information beyond their intended functionalities, such as sender identities or messages unintended for chatbots. Chatbot developers may exploit such information to infer personal information and link users across groups, potentially leading to data breaches, pervasive tracking, or targeted advertising. Our analysis of conversation datasets shows that (1) chatbots often access far more messages than needed, and (2) when a user joins a new group with chatbots, there is a 3.6% chance that at least one of the chatbots can recognize and associate the user with their previous interactions in other groups. Although state-of-the-art (SoA) group messaging protocols provide robust end-to-end encryption and some platforms have implemented policies to limit chatbot access, no platforms successfully combine these features. This paper introduces SnoopGuard, a secure group messaging protocol that ensures user privacy against chatbots while maintaining strong end-to-end security. Our protocol offers (1) selective message access, preventing chatbots from accessing unrelated messages, and (2) sender anonymity, hiding user identities from chatbots. SnoopGuard achieves $O(log n + m)$ message-sending complexity for a group of $n$ users and $m$ chatbots, compared to $O(log(n + m))$ in SoA protocols, with acceptable overhead for enhanced privacy. Our prototype implementation shows that sending a message to a group of 50 users and 10 chatbots takes about 10 milliseconds when integrated with Message Layer Security (MLS).