Are Your Slack Conversations Really Private and Secure? (fastcompany.com) 68
An anonymous reader writes:
"Chats that seem to be more ephemeral than email are still being recorded on a server somewhere," reports Fast Company, noting that Slack's Data Request Policy says the company will turn over data from customers when "it is compelled by law to do so or is subject to a valid and binding order of a governmental or regulatory body...or in cases of emergency to avoid death or physical harm to individuals." Slack will notify customers before disclosure "unless Slack is prohibited from doing so," or if the data is associated with "illegal conduct or risk of harm to people or property."
The article also warns that like HipChat and Campfire, Slack "is encrypted only at rest and in transit," though a Slack spokesperson says they "may evaluate" end-to-end encryption at some point in the future. Slack has no plans to offer local hosting of Slack data, but if employers pay for a Plus Plan, they're able to access private conversations.
Though Slack has 4 million users, the article points out that there's other alternatives like Semaphor and open source choices like Wickr and Mattermost. I'd be curious to hear what Slashdot readers are using at their own workplaces -- and how they feel about the privacy and security of Slack?
The article also warns that like HipChat and Campfire, Slack "is encrypted only at rest and in transit," though a Slack spokesperson says they "may evaluate" end-to-end encryption at some point in the future. Slack has no plans to offer local hosting of Slack data, but if employers pay for a Plus Plan, they're able to access private conversations.
Though Slack has 4 million users, the article points out that there's other alternatives like Semaphor and open source choices like Wickr and Mattermost. I'd be curious to hear what Slashdot readers are using at their own workplaces -- and how they feel about the privacy and security of Slack?
Running an internal Jabber server here (Score:2)
It's only accessible over the intranet, so no privacy worries here (at least from 3rd parties -- I know that management reviews chat logs periodically, as is their right).
Re: (Score:3)
If management gets to review my chat logs, I should damn right be able to review theirs.
Remind me again who employs who?
Re:Running an internal Jabber server here (Score:4, Insightful)
Management isn't employing anyone. The company is. Managers are employees as well.
Ah I see. Willful ignorance in order to try and make a point.
Now remind me again who employs who and (the bit you are deliberately ignoring) creates this thing called a hierarchy (you're heard of them haven't you?) and grants people at different levels of said hierarchy different responsibilities and powers.
Re: (Score:3)
Re:Running an internal Jabber server here (Score:5, Funny)
Re: (Score:2)
Why?
Short answer: (Score:2)
No.
we have slack at work, and I don't understand why (Score:5, Interesting)
I am from the era where 'net news' (nntp) was popular.
for a few years, I was at SGI and they were HUGE into nntp. in fact, one of the most memorable ones was 'sgi.ba' and ba stood for 'bad attitude' (seriously). first day there, getting the HR orientation, they told us all about the usenet hier at work and how its GOOD to be aware of, and reading, sgi.ba. you'd hear about complaints but also the reasons behind them. HR was ok with that! those were the cool days in silicon valley, when it was still fun to live and work here, and companies were still pretty fun to work for.
anyway, I never understood what's wrong with usenet for internal threaded and persistent chats? you WANT it to stay around so you can find out the reasons for why this or that design was done. its part of the company history. but slack, unless you pay, fades away. how stupid! and yet, when I asked for nntp at work instead of slack, no one seemed to even KNOW what nntp was and to this day, they have no plans to implement it.
'chat' programs seem the most useless things; fully redundant to the MANY other forms of e-communication that we ALREADY have.
when usenet mostly 'ended' and web forums took over, I was sad. seems we continue to throw out old, free, WORKING tools for newfangled OH SHINEY! bullshit.
I don't get it. I really don't.
Re: (Score:1)
Another example of stupidity if you ask me.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
The main problem with Usenet is the client side readers are old and clunky.
If by "old and clunky" you mean "work dramatically better than web browsers on modern web forums", then yes!
With client side readers, for starters you can pick which one you want, instead of the web forum software deciding what features you may or may not have for its forums. They handled threaded conversations well, which only some web forums do. They supported local kill files. You could easily sort and search locally by any criteria you wanted, with none of the bullshit restrictions web forums often h
Re: (Score:2)
Could be a good idea (Score:2)
IRC sort of requires online presence when stuff happens, and discussions usually are pretty sequential.
NNTP could fork of a discussion into different threads.
Slack is, as you know, basically an IRC overlay with better integration for mobiles and other platforms. We use it at work and it's pretty ok.
I would love NNTP at work, but not for replacing Slack. I would like it to replace Yammer. Yammer so incredibly inefficient at searching for information.
Re: (Score:2)
Re: (Score:2)
Slack also handles multimedia. Even things like formatted code snippets are way up there, in comparison to IRC. Then there's all the integrations with things like JIRA, and you have a client that makes it a lot easier to work with other devs. Who the fuck cares if it's loosely based on IRC? It isn't IRC.
Re: (Score:2)
Also to your point about multimedia, the ability to paste screenshots directly into slack is great. Being able to just drop things like a PDF into a channel has been really handy.
Anyone who thinks
Comment removed (Score:5, Insightful)
Re: (Score:2)
Do one thing, and do it well.
If that one thing is "communicate," well, then that "one thing" may encompass sharing screens, sharing code, sharing text, sharing audio, sharing video, etc. etc. etc. or at the very least, calling some under-the-hood program to do those things for you while the user perceives it as "one seamless thing."
If that "one thing" is "texting" then that "one thing" may include getting typed input from the user, determining who the recipient is, determining how to send it to the recipient, sending it, receiving data
Re: (Score:2)
What if I want to do all those things (talk, chat, share screens, share files) w/o having to configure 15 different programs and figure out to get each one thru the firewalls? What if I just want to click the "share screen" button and have it, you know, work?
I use skype, and whatever I need to do, it just plain works. That's what I want. Not 15 obscure programs to configure, update, and have break.
Re: (Score:3)
I'll agree with one thing, I don't want webcam video. We had our daily standups via hipchat and I just left my webcam off. People know what I look like, they don't need to see me grimacing as they lay out absurd schedules.
Re: (Score:2)
> video conferencing is just compensating for managements insecurity
I would have agreed with you until recently, when I started collaborating on a creative project with a non-technical friend. He was really in favor of occasional video conferencing, so we've been doing that, and it really has added an important dimension to our work.
I prefer to self-host whenever possible, so while we conduct much of our communication via a Mattermost instance, I would really like to ditch Google Hangouts for something
Re: (Score:2)
greynecks know, we had dozens of solutions for this before they even implemented this featureless proprietary pap!
Wait, people thought they were secure? (Score:3)
Re: (Score:2)
Slack may not have end-to-end crypto, but there is nothing technical stopping me and the person I am taking to from using a Secret Decoder Ring or for that matter, a one-time pad, to encrypt our messages.
Reporters need to get computer literate (Score:2)
That was my reaction too: it's not too difficult to notice that the search in Slack is searching chat messages that you have never seen locally, is it? What's more, this feature is not unusual among HipChat clones... Even Discord just launched search.
I'm not sure who the misunderstanding belongs to -- the people at Fast Company reporting the story as it is at the Gawker people the story was about.
Reporters need to get computer literate... and then hopefully go beyond that to become involved in choosing prod
Simple answer... (Score:2)
Are your conversations on the Internet? Then no, they aren't private or secure.
I could be wrong, but I doubt many smart people would bet on it.
Mattermost (Score:3)
Re: (Score:2)
We have Slack at work. I recently set up a Mattermost instance for a personal project. Very much a work-alike - and of course can be self-hosted.
Though I didn't use it, Mattermost has an "omnibus" install that encapsulates pretty much everything requires to run it - web server, database server, etc.
Re: (Score:2)
What is slack? (Score:5, Insightful)
Re: (Score:3)
And why should I use it in place of email or the telephone?
Because keeping up with a dozen team members in geographically, time zone and time schedule diverse places is a pain. More than once I have ended up working with instructions or a document that had been superseded and I was unaware of the fact that it had been superseded.
You end up in a situation with a dozen people hitting "reply all" or calling each other on the telephone leaving messages. While you're listening to one message or talking to one person, three others call and leave more messages and sendi
Re: (Score:2)
Re: (Score:1)
Slack is a communications program useful for people who aren't bigots and better-than-thou shit heads who go by stupid pseudonyms, such as RightwingNutjob.
Use a Tox client (Score:2)
Holy obvious problem Batman (Score:3)
Is there literally ANYONE using Slack that is under any impression that their conversations are private or secure? It's a web-based service that epitomises the phrase "the cloud is someone else's computer".
If you want private and/or secure conversations, use Signal, or Wire. Or shit, even Whatsapp is probably more secure.
Re: (Score:3)
This. And no, I don't really care if someone snoops and sees that we've ordered x vegan food product, or are short on y vegan food product and need to order more, or checks out the business card design draft I've posted. Slack is easy for our staff to use, which is why we go to it, but we're under no delusion that it's particularly 'secure'. Mundane conversations abound!
matrix.org is the answer (Score:3, Insightful)
Check out matrix.org. It's a federated, open-standard, rich communication protocol. It can't do everything of Slack and Whatsapp yet, but it's moving along fast and you can help. There are already several clients to choose from, as well as integrations with other networks, APIs, and bot-like tools etc..
We used it at linux.conf.au 2017 to (inofficially) bridge between Slack and IRC, and had an update of ca. 33% of the conference within 3 days or so, while the number of Slack users went down to a low one-digit figure.
#matrix on Freenode is bridged to the main discussion room, so pop on over if you want.
Here's Matthew (one of the project leads) at FOSDEM (with video):
https://fosdem.org/2017/schedu... [fosdem.org]
https://fosdem.org/2017/schedu... [fosdem.org]
and my little lightning talk at LCA:
https://www.youtube.com/watch?... [youtube.com]
-- @martinkrafft