Modern field guide to security and privacy

Why you should think twice before spilling your guts to a chatbot

Chatbots for Facebook Messenger are proliferating. And while these handy personal assistants might be good for ordering shoes, they also pose serious privacy challenges. 

Shailesh Andrade/Reuters
Facebook logo on a mug at the company's office in Mumbai, India.

Chatbots are having a moment.

These artificial intelligence-powered digital assistants that can check the weather, read the latest headlines, do your banking, and help you shop for clothes are proliferating on Facebook Messenger. In fact, an estimated 10,000 chatbots are now available via Messenger.

But the rapid spread of chatbots is raising fresh privacy concerns, too. Due to the personal nature of the bots – encouraging users to reveal intimate details about their habits and personal lives – some experts worry that consumers aren’t aware of how just much insight these bots have into their lives, and who is actually using the information.

“Chatbots may be able to get us to say more about ourselves than an ordinary website,” says Ryan Calo, codirector of the Tech Policy Lab at the University of Washington.

A major factor is convenience. The always-on interface is meant to make asking the digital assistants to do things – like ordering food with a simple text message – seamless for the user. And because of the simple, conversational interface, users might be tempted to tell the bots things they wouldn’t ordinarily post of type into an ordinary online order form.

“Consider a chatbot that leverages the social principle of reciprocity,” says Mr. Calo. “If a chatbot, like an online form, just says: ‘Enter your age here,’ you might not. But if amidst a conversation with a chatbot it says, ‘I was created last year. When were you born?’ you well might. At least that's what experimental studies by Cliff Nass and others have shown.” (One such study can be found here.)

While chatbots are just in their infancy, the ballooning ecosystem of personal assistants fueled by venture capitalists could collectively amass an even more intimate portrait of consumers and their behaviors than within the data archives of Google, Facebook, or Twitter.

“I think of chatbots as heralds of what's coming – increasingly sophisticated social technologies that are so pervasive that we never feel alone,” says Calo.

As chatbots evolve and become more intelligent, they could be designed to tailor responses to make users more comfortable with giving away increasingly personal information, or telling the bots their true feelings. The machines could customize responses so that users don’t feel judged based on their views, thus giving many companies that are deploying chatbots a more accurate view of consumers.

“Pollsters always worry about whether people are willing to give their real opinion because they worry that the person on the phone may judge them for being racist or ignorant or just judge them in general,” says Dave Maass, an investigative researcher at the tech advocacy group Electronic Frontier Foundation. “But having a conversation with a chatbot might make people more honest.”

Still, chatbots are currently limited by the information that users provide to them. But what happens if and when chatbots are able to collect and analyze all the information that Facebook already has about a user – location, birthdays, names of friends and families, anniversaries, and career information?

“The success of bots relies a lot on their understanding of the user's context,” says Hamza Harkous, a PhD student at Switzerland’s École Polytechnique Fédérale de Lausanne who has studied the effect chatbots have on privacy. “This is an avenue where bots are currently limited: they don't have full permissions to access users' data, photos, location, or device sensors.”

Of course, Facebook already has much of this information on users. Mr. Harkous worries that the company’s desire to establish Messenger as the go-to platform for chatbots could eventually lead it to share some of this information with companies using its platform, and that it might do so even if its users don’t know that data exchange is happening or don’t fully understand its implications.

“With time, the need for a better user experience could force Facebook to grant more permissions directly to bots,” Harkous said. “It would be interesting to see how these permissions will work and how much control the user has. What could be a privacy nightmare is if Facebook is left to determine when and what permissions to grant based on the chatbots’ request.”

For its part, Facebook says that it has taken privacy concerns about chatbots into account with its Messenger platform.

“As with all things, people’s privacy is one of the most important factors we take into consideration when developing new products,” said a Facebook spokesperson. “Bots for Messenger are no exception. We have an approval process in place for the beta program to prevent sub-par bots from reaching people, and we also have policies in place that govern what information bots have access to.”


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Why you should think twice before spilling your guts to a chatbot
Read this article in
QR Code to Subscription page
Start your subscription today