Slack

Slack

Review date: Sept. 8, 2021

|
|

Mozilla says

|
People voted: Somewhat creepy

Not gonna lie, Slack is a handy tool in our brave, new remote work world. The workplace workhorse keeps us all connected with pings, dings, and channels for everything from work to random distractions that make the day bearable. And it’s not just for work. A number of communities have set up Slack groups to help connect people interested in activism or issues. While Slack is mostly known for its IRC-like messaging features (remember IRC?...ah, memories), it does have built-in video and phone call features too (they've been around since 2016). Since the pandemic drove so many to remote work, it's become a real concern and possibility bosses can track all those thoughts, venting backchannels , and potentially video chats with co-workers too.

What could happen if something goes wrong?

There are some privacy and security concerns users should be aware of with Slack, although for the most part, Slack users are going to have to go with the rules of their workplace and trust their company to set up protections and privacy policies. One big concern we have about Slack is they have no features that allow users to block or hide abusive or unwanted messages. In the battle between Slack and Microsoft Teams to be the workplace tool of choice, Teams does have features that allow users to block and hide users, if only in personal Teams instances. Slack forces you to see the abuse and then mute it whereas with Teams you can block an abuser before they can send you abusive messages. This is definitely a win for Microsoft Teams over Slack. And, as with any workplace tool, please never assume anything you say is private. Many Slack versions allow the owner to monitor all chats, public and private. What could happen if something goes wrong? Well, you could message your co-worker about how annoying your boss is because they always come to meetings with Dorito dust on their face. Your boss could be monitoring your private chats, and boom, you’re fired! Best to keep those private vent sessions with your co-workers off Slack, off your work computer, and only on a private messaging app like Signal.

mobile Privacy warning Security A.I.

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Slack claims it does not sell the personal information they collect (and will not share it without providing a right to opt out). Slack use third-party cookies for advertising purposes. Also, users may enable or permit many Third-Party Services in Slack like Zoom or Google services. These services may have their own policies and practices for data collection, use, and sharing, and Slack holds no responsibilities for them.

How can you control your data?

The retention rules in Slack's privacy policy are vaguely formulated, and there are no clear retention periods. Slack can also keep your data after you have deactivated your account for the period of time needed for Slack to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce their agreements.

What is the company’s known track record of protecting users’ data?

Average

In 2015, Slack got hacked. Hackers were able to get into Slack’s central user database, which included usernames, email addresses, encrypted passwords, and any personal data users chose to add to their account, like phone numbers, Skype IDs, etc. Slack added a two-factor authentication as an extra security measure after the 2015 hack. In 2019 Slack said that some log-in credentials may have been compromised, and blamed the 2015 hack for it. So, they changed passwords for approximately 1% of users who were active before 2015 and have not changed passwords ever since. Slack also was criticized for leaving metadata including accurate location (GPS) in files uploaded to the platform. After May 2020, Slack began stripping uploaded images data of its metadata, including GPS coordinates (accurate location).

Can this product be used offline?

N/A

User-friendly privacy information?

No

Privacy policy is written in legalese, and sometimes forwards to contact Customer Support for more detail. For example, a clause on data retention: "The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Other Information. For more detail, please review the Help Center or contact Customer (sic)."

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Slack does not offer end-to-end encryption by default. It relies on encryption in transit and at rest. Users can add an end-to-end encryption messaging feature with third-party extensions.

Strong password

Yes

A strong password is required to login into Slack. You can also turn on a feature for a mobile passcode in the enterprise version.

Security updates

Yes

Slack details its security updates in its blog.

Manages vulnerabilities

Yes

Slack operates a security bug bounty program.

Privacy policy

Yes

Does the product use AI? information

Yes

Slack's AI blogs provide a decent overview with notes how they fight against biases. Good work Slack! Slack uses machine learning to analyze some of the data submitted to the service in order to provide search or recommendation features, among others. Additionally, they use machine learning for detecting and preventing spam.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Can’t Determine


News

How Your Boss Can Use Your Remote-Work Tools to Spy on You
Wirecutter
In the past, we’ve covered the dos and don’ts of using your work computer for personal business (in short: don’t). But as companies expand their use of remote-work software, there are increasing concerns about what kinds of data bosses can access through such tools. Some of these fears are overblown. But depending on the software your company uses and the type of work you do, some of your activity could be exposed. And privacy concerns aren’t the only worry, as employers are also starting to use the data extracted from these tools to gauge productivity.
Hackers Are Exploiting Discord and Slack Links to Serve Up Malware
Wired
Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victims—sometimes in unexpected ways.
All the ways Slack (and your boss) tracks you and how to stop it
Wired
It’s not that easy for someone to snoop on your Slack messages. But that doesn’t mean you shouldn’t take precautions
Slack Doesn’t Have End-to-End Encryption Because Your Boss Doesn’t Want It
Vice
A former Slack employee and the company's current chief information security officer say that Slack's paying customers aren't that interested in end-to-end encryption.
Slack is resetting thousands of passwords after 2015 hack
CNN
Slack has reset the passwords of thousands of accounts after receiving new information about a hack that took place in March 2015.
Slack now strips location data from uploaded images
TechCrunch
What may seem like an inconsequential change to how the tech giant handles storing files on its servers, it will make it far more difficult to trace photos back to their original owners.
Slack Admits It Made A ‘Mistake’ After Users Said Its New DM Feature Could Enable Harassment
Forbes
Slack rolled out a feature Wednesday allowing users to direct message people outside their company—but the workplace chat app quickly admitted it made a “mistake” and pared back some of its functionality after users complained it could facilitate harassment.
No one is talking about the biggest problem with Slack
Quartz
Slack does not have the functionality for a user to mute or block anyone. In fact, the company views this kind of design utility as not productive and doesn’t think it makes sense.

Comments

Got a comment? Let us hear it.