Slack

Slack

Review date: Sept. 8, 2021

|
|

Mozilla says

|
People voted: Very creepy

Not gonna lie, Slack is a handy tool in our brave, new remote work world. The workplace workhorse keeps us all connected with pings, dings, and channels for everything from work to random distractions that make the day bearable. And it’s not just for work. A number of communities have set up Slack groups to help connect people interested in activism or issues. While Slack is mostly known for its IRC-like messaging features (remember IRC?...ah, memories), it does have built-in video and phone call features too (they've been around since 2016). Since the pandemic drove so many to remote work, it's become a real concern and possibility bosses can track all those thoughts, venting backchannels , and potentially video chats with co-workers too.

What could happen if something goes wrong?

There are some privacy and security concerns users should be aware of with Slack, although for the most part, Slack users are going to have to go with the rules of their workplace and trust their company to set up protections and privacy policies. One big concern we have about Slack is they have no features that allow users to block or hide abusive or unwanted messages. In the battle between Slack and Microsoft Teams to be the workplace tool of choice, Teams does have features that allow users to block and hide users, if only in personal Teams instances. Slack forces you to see the abuse and then mute it whereas with Teams you can block an abuser before they can send you abusive messages. This is definitely a win for Microsoft Teams over Slack. And, as with any workplace tool, please never assume anything you say is private. Many Slack versions allow the owner to monitor all chats, public and private. What could happen if something goes wrong? Well, you could message your co-worker about how annoying your boss is because they always come to meetings with Dorito dust on their face. Your boss could be monitoring your private chats, and boom, you’re fired! Best to keep those private vent sessions with your co-workers off Slack, off your work computer, and only on a private messaging app like Signal.

  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Slack claims it does not sell the personal information they collect (and will not share it without providing a right to opt out). Slack use third-party cookies for advertising purposes. Also, users may enable or permit many Third-Party Services in Slack like Zoom or Google services. These services may have their own policies and practices for data collection, use, and sharing, and Slack holds no responsibilities for them.

How can you control your data?

The retention rules in Slack's privacy policy are vaguely formulated, and there are no clear retention periods. Slack can also keep your data after you have deactivated your account for the period of time needed for Slack to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce their agreements.

What is the company’s known track record of protecting users’ data?

Average

In 2015, Slack got hacked. Hackers were able to get into Slack’s central user database, which included usernames, email addresses, encrypted passwords, and any personal data users chose to add to their account, like phone numbers, Skype IDs, etc. Slack added a two-factor authentication as an extra security measure after the 2015 hack. In 2019 Slack said that some log-in credentials may have been compromised, and blamed the 2015 hack for it. So, they changed passwords for approximately 1% of users who were active before 2015 and have not changed passwords ever since. Slack also was criticized for leaving metadata including accurate location (GPS) in files uploaded to the platform. After May 2020, Slack began stripping uploaded images data of its metadata, including GPS coordinates (accurate location).

Can this product be used offline?

N/A

User-friendly privacy information?

No

Privacy policy is written in legalese, and sometimes forwards to contact Customer Support for more detail. For example, a clause on data retention: "The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Other Information. For more detail, please review the Help Center or contact Customer (sic)."

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Slack does not offer end-to-end encryption by default. It relies on encryption in transit and at rest. Users can add an end-to-end encryption messaging feature with third-party extensions.

Strong password

Yes

A strong password is required to login into Slack. You can also turn on a feature for a mobile passcode in the enterprise version.

Security updates

Yes

Slack details its security updates in its blog.

Manages vulnerabilities

Yes

Slack operates a security bug bounty program.

Privacy policy

Yes

Does the product use AI? information

Yes

Slack's AI blogs provide a decent overview with notes how they fight against biases. Good work Slack! Slack uses machine learning to analyze some of the data submitted to the service in order to provide search or recommendation features, among others. Additionally, they use machine learning for detecting and preventing spam.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • How Your Boss Can Use Your Remote-Work Tools to Spy on You
    Wirecutter Link opens in a new tab
  • Hackers Are Exploiting Discord and Slack Links to Serve Up Malware
    Wired Link opens in a new tab
  • All the ways Slack (and your boss) tracks you and how to stop it
    Wired Link opens in a new tab
  • Slack Doesn’t Have End-to-End Encryption Because Your Boss Doesn’t Want It
    Vice Link opens in a new tab
  • Slack is resetting thousands of passwords after 2015 hack
    CNN Link opens in a new tab
  • Slack now strips location data from uploaded images
    TechCrunch Link opens in a new tab
  • Slack Admits It Made A ‘Mistake’ After Users Said Its New DM Feature Could Enable Harassment
    Forbes Link opens in a new tab
  • No one is talking about the biggest problem with Slack
    Quartz Link opens in a new tab
  • Hackers Are Exploiting Discord and Slack Links to Serve Up Malware
    Wired Link opens in a new tab

Comments

Got a comment? Let us hear it.