Slack
Not gonna lie, Slack is a handy tool in our brave, new remote work world. The workplace workhorse keeps us all connected with pings, dings, and channels for everything from work to random distractions that make the day bearable. And it’s not just for work. A number of communities have set up Slack groups to help connect people interested in activism or issues. While Slack is mostly known for its IRC-like messaging features (remember IRC?...ah, memories), it does have built-in video and phone call features too (they've been around since 2016). Since the pandemic drove so many to remote work, it's become a real concern and possibility bosses can track all those thoughts, venting backchannels , and potentially video chats with co-workers too.
What could happen if something goes wrong?
There are some privacy and security concerns users should be aware of with Slack, although for the most part, Slack users are going to have to go with the rules of their workplace and trust their company to set up protections and privacy policies. One big concern we have about Slack is they have no features that allow users to block or hide abusive or unwanted messages. In the battle between Slack and Microsoft Teams to be the workplace tool of choice, Teams does have features that allow users to block and hide users, if only in personal Teams instances. Slack forces you to see the abuse and then mute it whereas with Teams you can block an abuser before they can send you abusive messages. This is definitely a win for Microsoft Teams over Slack. And, as with any workplace tool, please never assume anything you say is private. Many Slack versions allow the owner to monitor all chats, public and private. What could happen if something goes wrong? Well, you could message your co-worker about how annoying your boss is because they always come to meetings with Dorito dust on their face. Your boss could be monitoring your private chats, and boom, you’re fired! Best to keep those private vent sessions with your co-workers off Slack, off your work computer, and only on a private messaging app like Signal.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
Yes
Phone
Yes
Third-party account
No
What data does the company collect?
Personal
Email address, phone number, location (via IP address or physical devices).
Body related
Social
Workspaces, channels, people, features, content and links you view or interact with, the types of files shared and what Third-Party Services are used.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In 2015, Slack got hacked. Hackers were able to get into Slack’s central user database, which included usernames, email addresses, encrypted passwords, and any personal data users chose to add to their account, like phone numbers, Skype IDs, etc. Slack added a two-factor authentication as an extra security measure after the 2015 hack. In 2019 Slack said that some log-in credentials may have been compromised, and blamed the 2015 hack for it. So, they changed passwords for approximately 1% of users who were active before 2015 and have not changed passwords ever since. Slack also was criticized for leaving metadata including accurate location (GPS) in files uploaded to the platform. After May 2020, Slack began stripping uploaded images data of its metadata, including GPS coordinates (accurate location).
Can this product be used offline?
User-friendly privacy information?
Privacy policy is written in legalese, and sometimes forwards to contact Customer Support for more detail. For example, a clause on data retention: "The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Other Information. For more detail, please review the Help Center or contact Customer (sic)."
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Slack does not offer end-to-end encryption by default. It relies on encryption in transit and at rest. Users can add an end-to-end encryption messaging feature with third-party extensions.
Strong password
A strong password is required to login into Slack. You can also turn on a feature for a mobile passcode in the enterprise version.
Security updates
Slack details its security updates in its blog.
Manages vulnerabilities
Slack operates a security bug bounty program.
Privacy policy
Slack's AI blogs provide a decent overview with notes how they fight against biases. Good work Slack! Slack uses machine learning to analyze some of the data submitted to the service in order to provide search or recommendation features, among others. Additionally, they use machine learning for detecting and preventing spam.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
How Your Boss Can Use Your Remote-Work Tools to Spy on YouWirecutter
-
Hackers Are Exploiting Discord and Slack Links to Serve Up MalwareWired
-
All the ways Slack (and your boss) tracks you and how to stop itWired
-
Slack Doesn’t Have End-to-End Encryption Because Your Boss Doesn’t Want ItVice
-
Slack is resetting thousands of passwords after 2015 hackCNN
-
Slack now strips location data from uploaded imagesTechCrunch
-
Slack Admits It Made A ‘Mistake’ After Users Said Its New DM Feature Could Enable HarassmentForbes
-
No one is talking about the biggest problem with SlackQuartz
-
Hackers Are Exploiting Discord and Slack Links to Serve Up MalwareWired
Comments
Got a comment? Let us hear it.