Slack

Slack

Review date: 09/08/2021

Not gonna lie, Slack is a handy tool in our brave, new remote work world. The workplace workhorse keeps us all connected with pings, dings, and channels for everything from work to random distractions that make the day bearable. And it’s not just for work. A number of communities have set up Slack groups to help connect people interested in activism or issues. While Slack is mostly known for its IRC-like messaging features (remember IRC?...ah, memories), it does have built-in video and phone call features too (they've been around since 2016). Since the pandemic drove so many to remote work, it's become a real concern and possibility bosses can track all those thoughts, venting backchannels , and potentially video chats with co-workers too.

What could happen if something goes wrong

There are some privacy and security concerns users should be aware of with Slack, although for the most part, Slack users are going to have to go with the rules of their workplace and trust their company to set up protections and privacy policies. One big concern we have about Slack is they have no features that allow users to block or hide abusive or unwanted messages. In the battle between Slack and Microsoft Teams to be the workplace tool of choice, Teams does have features that allow users to block and hide users, if only in personal Teams instances. Slack forces you to see the abuse and then mute it whereas with Teams you can block an abuser before they can send you abusive messages. This is definitely a win for Microsoft Teams over Slack. And, as with any workplace tool, please never assume anything you say is private. Many Slack versions allow the owner to monitor all chats, public and private. What could happen if something goes wrong? Well, you could message your co-worker about how annoying your boss is because they always come to meetings with Dorito dust on their face. Your boss could be monitoring your private chats, and boom, you’re fired! Best to keep those private vent sessions with your co-workers off Slack, off your work computer, and only on a private messaging app like Signal.

Privacy

Can it snoop on me?

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks Location

Device: N/A

App: Yes

What is required to sign up?

What data does it collect?

What is the company’s known track record for protecting users’ data?

Average

In 2015, Slack got hacked. Hackers were able to get into Slack’s central user database, which included usernames, email addresses, encrypted passwords, and any personal data users chose to add to their account, like phone numbers, Skype IDs, etc. Slack added a two-factor authentication as an extra security measure after the 2015 hack. In 2019 Slack said that some log-in credentials may have been compromised, and blamed the 2015 hack for it. So, they changed passwords for approximately 1% of users who were active before 2015 and have not changed passwords ever since. Slack also was criticized for leaving metadata including accurate location (GPS) in files uploaded to the platform. After May 2020, Slack began stripping uploaded images data of its metadata, including GPS coordinates (accurate location).

Can this product be used offline?

Not applicable

User friendly privacy information?

No

Privacy policy is written in legalese, and sometimes forwards to contact Customer Support for more detail. For example, a clause on data retention: "The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Other Information. For more detail, please review the Help Center or contact Customer (sic)."

Links to privacy information

Security

Does this product meet our Minimum Security Standards?

Yes

Encryption

Yes

Slack does not offer end-to-end encryption by default. It relies on encryption in transit and at rest. Users can add an end-to-end encryption messaging feature with third-party extensions.

Strong password

Yes

A strong password is required to login into Slack. You can also turn on a feature for a mobile passcode in the enterprise version.

Security updates

Yes

Slack details its security updates in its blog.

Manages vulnerabilities

Yes

Slack operates a security bug bounty program.

Privacy policy

Yes

Artificial Intelligence

Does the product use AI?

Yes

Does the AI use your personal data to make decisions about you?

Can’t Determine

Does the company allow users to see how the AI works?

Yes

Slack's AI blogs provide a decent overview with notes how they fight against biases. Good work Slack! Slack uses machine learning to analyze some of the data submitted to the service in order to provide search or recommendation features, among others. Additionally, they use machine learning for detecting and preventing spam.

Updates

How Your Boss Can Use Your Remote-Work Tools to Spy on You
Wirecutter
In the past, we’ve covered the dos and don’ts of using your work computer for personal business (in short: don’t). But as companies expand their use of remote-work software, there are increasing concerns about what kinds of data bosses can access through such tools. Some of these fears are overblown. But depending on the software your company uses and the type of work you do, some of your activity could be exposed. And privacy concerns aren’t the only worry, as employers are also starting to use the data extracted from these tools to gauge productivity.
Hackers Are Exploiting Discord and Slack Links to Serve Up Malware
Wired
Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victims—sometimes in unexpected ways.
All the ways Slack (and your boss) tracks you and how to stop it
Wired
It’s not that easy for someone to snoop on your Slack messages. But that doesn’t mean you shouldn’t take precautions
Slack Doesn’t Have End-to-End Encryption Because Your Boss Doesn’t Want It
Vice
A former Slack employee and the company's current chief information security officer say that Slack's paying customers aren't that interested in end-to-end encryption.
Slack is resetting thousands of passwords after 2015 hack
CNN
Slack has reset the passwords of thousands of accounts after receiving new information about a hack that took place in March 2015.
Slack now strips location data from uploaded images
TechCrunch
What may seem like an inconsequential change to how the tech giant handles storing files on its servers, it will make it far more difficult to trace photos back to their original owners.
Slack Admits It Made A ‘Mistake’ After Users Said Its New DM Feature Could Enable Harassment
Forbes
Slack rolled out a feature Wednesday allowing users to direct message people outside their company—but the workplace chat app quickly admitted it made a “mistake” and pared back some of its functionality after users complained it could facilitate harassment.
No one is talking about the biggest problem with Slack
Quartz
Slack does not have the functionality for a user to mute or block anyone. In fact, the company views this kind of design utility as not productive and doesn’t think it makes sense.

Comments

Related products