An Empirical Assessment of Security and Privacy Risks of Web-Based Chatbots

Web-based chatbots provide website owners with the benefits of increased sales, immediate response to their customers, and insight into customer behaviour. While are getting popular, they have not received much scrutiny from security researchers. The come at cost users’ privacy security. Vulnerabilities, such as tracking cookies third-party domains, can be hidden in chatbot’s iFrame script. This paper presents a large-scale analysis five among top 1-million Alexa websites. Through our crawler tool, we identify presence these We discover that 13,392 out 1- million websites (1.58%) use one analysed chatbots. Our reveals 300k ranking dominated by Intercom embed least number domains. LiveChat dominate remaining highest samples also find 721 (5.38%) web-based insecure protocols transfer chats plain text. Furthermore, some heavily rely on for advertisement purposes. More than two-thirds (68.92%) identified chatbot iFrames used ads users. results show that, despite promises privacy, security, anonymity given most websites, millions users may unknowingly subject poor guarantees service providers.