Suggestions
Use Public Services Cautiously
Group bots
A bot with Ban users
permission may: Kick off all members in the group without paying attention.
A bot with Delete messages
permission may: delete all messages in the group without paying attention.
A bot with administrator permissions may: Collect most of the messages in the group. However, anonymous User-Bots may also exist in your group, and they appear as normal human user accounts, which can quietly collect all the data without administrator permissions.
For security reasons, you should only use your own group management bots, and you even shall not use the public demo services hosted by us. The use of third-party bots, may lead to probable damage to group members and messages, meanwhile, semi-private internal rules or models of the bot may be suspected for abuse. You should be aware that even the bot is open source, it does not mean that the hosted public service is running on this code, which means that certain bot has the entire ability to perform additional behaviors.
If your group is super private, you should not share the group link to any promotion platform or unreliable people. Your group is no longer private even if spammers are free to join and send ads.
Private Chat Bot
There is no doubt that by using a third-party hosted private chat bot, your conversation details with others will no longer be private, and the chat will be entirely transparent to the service provider. This not only brings inexpediency, but greatly increases the risk of privacy leak and relationship disclosure.
Build Your Own Bots
WHY
As mentioned above, third-party bots are out of your control. Risk will be significantly lowered when you start to host your own bots build on source codes. You should not trust others, nor should you believe in us, but you can rely on yourself in some aspects.
HOW TO
The SCP-079 Project provides source code, and detailed instructions, as well as a separate introduction to each bot project, according to which you can quickly build your own bot. If you have technical problems, you can also contact us.
Defence
The basic security protections that your server needs include, but are not limited to: finding a trusted VPS service provider, changing the default SSH port, disabling logging in as root user, using key instead of password to login, requiring two-step authentication each time, opening SSH port only, upgrading and maintaining the system regularly and the VPS should be mainly used to run SCP-079 bot programs only.
Privacy
Some of the channels required for SCP-079 bots to operate may have a risk of spreading user privacy, so it is recommended to carefully review revalant staffs.
Management
You shall invite some reliable friends as the service administrators. Managing the entire service on your own is also a good duty.