637 comments

[ 2.9 ms ] story [ 396 ms ] thread
In this modern age it seems it's not safe to list anything which might come back to haunt you, including ethnicity.
Not just now, it never was a good idea to collect those information. You can look as far back as national census data with IBM and the holocaust.
Face recognition will solve that for you.
Good luck guessing ethnicity for Iran. There will be many who look less middle-eastern than your average "Californian with a tan". You'd have the same problem with most near-east or Mediterranean countries. Being at the crossroads for a few millennia will do that to a place.
This holds up if you imagine the profiling as done by humans. However, neural networks already surpass human ability in some computer vision tasks. The features the trained models come up with can go way past what we might consider visual likeness. The algorithmic method might eventually become 99.999% efficient at racial profiling with the help of something as ridiculous as fingerprinting eyebrow strand distribution & orientations. The right way forward is to fully consider the ethical implications when shaping these policies, regardless of technological ability.
> 99.999% efficient at racial profiling

Next on HN: Falsehoods Programmers Believe About Race

Oh, just correlate with a heuristic for the user's first and last name and their browser's language preference headers to improve the matching in case the face recognition algo is unsure.
State face recognition doesn't have to be any more accurate than other forms of institutional, armed, racism.
Or just plain name checking.

One of the personal projects of mine was to put on a map the nationalized buildings that used to be owned by Jewish owners (I live in a former Easter-European communist country, we did nationalize a lot of stuff immediately after WW2 ended). That was pretty simple: I just got the nationalization order/law from back in the day (it included the names of the building owners and the addresses), I inputed it in a database and then I matched those owners' names against a public database containing only jewish names, meaning this one [1]. It was a lot more difficult to exactly geo-locate those buildings on a map (a lot of street names had changed in the last 70 years) than it was to guess the ethnicity of a lot of people on that list.

Again, this was part of a personal project that I had built in order to better know the history of the local Jewish community, but I could see the same "technique" (meaning just plain name matching against a known database with positive ethnic identification) being used for nefarious reasons in other circumstances and places.

[1] https://www.yadvashem.org/

I mean, the exact same thing happened before WW2, where countries were gathering regular census data on their citizens. Surely filling out your nationality or religious affiliation could never be used against you, right?

Well, guess what kind of treasure trove that census data was for the Nazis later.

My point is - it's not just "this modern age". In every age sharing too much information about yourself is potentially dangerous, even if you can't see the danger yet.

Wow. This seems rather unprecedented and unnecessary, based upon the lack of action in this regard by other companies I don't know why Slack would do this. If for instance this kind of arbitrary action took place on GitHub I could see it having a detrimental impact to free software projects. This is another good reason to choose Zulipchat and other self-hostable platforms instead of proprietary SaaS solutions.
> This seems rather unprecedented

EULAs already sometime shad rules to excluded people based on the country they were a national of. Those one could simply ignore. With SaaS this is a different story.

>This is another good reason to choose Zulipchat and other self-hostable platforms instead of proprietary SaaS solutions

until someone targets your host and gets it shut down.

I don't understand what's wrong with this comment, but OP is right.

We have seen cases where domain registries or hosting providers suspend accounts for violating their ToS, which is totally legal.

Because you don’t need a hosting provider to self host. You don’t even need a domain name either.

But in all honesty, there are hundreds of registrars and thousands of hosting providers around the world. Not all of them fall under US jurisdiction. But if you’re really really paranoid of getting shut down, there’s also .onion sites or distributed systems like IPFS.

You can not prevent people from communicating on the internet any more than you can prevent people from writing letters.

I am not sure where you live, but in many places you can't host your own servers from your room because of ISP restrictions.

Also, there are not a lot of places where you can find data centers that rent servers out for personal uses.

Even then it's only a question of money, and you can keep local backups without having to fear it'll all be gone tomorrow.
> I am not sure where you live, but in many places you can't host your own servers from your room because of ISP restrictions.

We have those restrictions in the UK but I've never once known any ISP act upon them. But in any case, I did also list other options that wasn't reliant on your ISP as well.

> Also, there are not a lot of places where you can find data centers that rent servers out for personal uses.

Sure there are. Hosting providers don't care if you're a business or private individual - they just want your cash. There's even serval places in Europe where you can send them a Raspberry Pi and they'd host that for you (obviously for a monthly fee). There really isn't a shortage of places to host bare metal nor VMs.

>but I've never once known any ISP act upon them

what happens when ISPs do start acting on them? they do in india.court ordered blocks on whole ranges of IPs

At risk of sounding like a broken record:

> I did also list other options that wasn't reliant on your ISP as well.

However that aside, you could nitpick solutions until the cows come home but it’s unproductive because self hosting is still more resilient from takedowns than a SaaS solution. And that’s what matters. Self hosting gives you options that you simply don’t have with SaaS.

Frankly, I’m amazing anyone is even arguing against that point in the first place.

Then at least you can move it elsewhere.
Zulipchat offers free SaaS for open source projects and also provides you with the ability to export your data and choose to self host at any time in the future. I've found it to be superior to Slack but it just doesn't have the same level of name recognition and thus people are less inclined to use it for some reason. I hope this builds into a real campaign to have free software projects choose a more ethical alternative.
I'm not familiar with Zulipchat specifically but unless you're running a community with thousands of concurrent users then you could easily host most self-hostable chat platforms on a low powered devices (eg Raspberry Pi) on a home broadband internet connection.

Obviously this is a less than ideal solution, but my point is you're not reliant on AWS / OVH / Digital Ocean / whoever you choose for hosting.

You are still reliant on your isp however.
Don’t forget your electricity provider as well. Of course you could run a solar system and mesh WiFi.
Even if you run a solar system with mesh WiFi, you're still reliant on getting food and clean water.

/s

Incremental improvements are still improvements, even if you still rely on some people for some things.

Not if you use a distributed system like IPFS.

There is a technical workaround for any form of censorship - the real question is how difficult it is for ordinary folk to us.

Totally agree about going to the self-hostable path. I would add as an alternative, looking for non-US products, maybe from neutral countries.

As someone mentioned in the twitter thread, this could happen to any product: Google, Facebook, even taking the bus!

Neutral countries? What’s a neutral country?
It's Switzerland.
yes. are there any Swiss technological developments? are there any other neutral countries?
Switzerland hosts, among other things, the EFPL, which does a great deal of technlogical achievement. The EFPL itself leads the Scala language development, among a lof of other stuff !

I'm not familiar with other countries as neutral as Switzerland which has a successful track record of staying neutral during two world wars on their borders, but I suspect there should be actually quite some. I _think_ that for example Kazakhstan is currently trying to follow a similar neutral political path.

Costa Rica is another relevant example.
Wire is a Swiss Slack alternative that’s open source. Do note the comment close to this one mentioning that Switzerland would also have to comply with the sanctions.
"Neutral" countries also have to conform to sanctions; Switzerland is mentioned a few times but "the sanctions regime in place is based on the Federal Act on the Implementation of International Sanctions" and "Does Switzerland implement UN sanctions? - Yes."

https://sanctionsguide.eversheds-sutherland.com/countries/sw...

I get the impression that neutral in this case is being confused with some libertarian / anarchist / lawless utopia.

Interesting, I didn't know that. I guess that makes the self hosted path the only safe and sustainable path for managing one's information.
The user says he's connected to Slack from an Iranian IP address 6 months ago. That's likely the reason Slack was able to pinpoint him.
So if you once log in during a holiday trip to iran your account gets blocked
Iran's been on my list of "wanna go" destinations for a while (Food and architecture mainly). Looks like I'd have to choose between that and having any connection with a US based company. Great.
I know it's inconvenient, but you could still work around this by using a burner phone during your trip, no?
Yeah but my laptop is more problematic. I'm responsible for a dozen client websites so I need to take my work environment on holiday with me in case of emergency. I guess I could take a Chromebook or something and rely on ssh but I really hate coding without my pet IDE and I've never got the hang of Vim.
Or just not log into slack when on holiday?
If you have an app installed in your phone, it might sync without your knowledge.
Sure, so your option is "uninstall app" or "never visit country/region I've always wanted to".

Tough choice.

I'm not defending slack or practices like it (hell, I have a blank phone I use whenever I leave the country) but it's not quite the choice you're making it out to be.

I'm just warning people that might not think of that.
> Sure, so your option is "uninstall app"

The problem is "which app?". Short of a factory reset on both my phone, laptop and kindle it seems I would be in danger of tripping a switch somewhere.

Ah well it’s probably smart to take a fresh phone through borders anyway.
Everyone I have ever met that has been to Iran absolutely raves about it. I've never met a single person that didn't extend their stay, and doesn't rate it as hands down the best country they have ever been to.

It's very, very high on my list. But if you have an American or British passport you currently can't go without an escort.

(I'm an Overlander, I drove AK-Argentina and am now driving right around Africa. I've met 200+ people that have been to Iran)

This sounds a bit interesting, extending trips doesn't sound like a common occurrence, but you say you met 200+ people that did just that?
Iran is one of the most heavy users of social accounts to influence the world, amongst Russia and China.
I think he's talking about overland travel, in which case extending trips would certainly be a common occurrence.
Oh, extending is super-common. Once you're in a country it's really easy to extend your visa, even if was hard to get in the first place.

I extended in Angola when getting a visa there was hard, I extended it in Mali, Zimbabwe, just looked into it in Ethiopia, etc.

Of course, as Overlanders we have our own vehicles are I'd say 50% of us are not time limited [1], so we just stay as long as we want in countries we like.

[1] NOTE: Many of us - me included - are money limited, not time limited.

Iran is an amazing country and the people even more so, never ever met people more kind, giving (even when they don't have anything they give you all they've got), helpful, funny and down to earth. The fauna, flora and architecture alone is worth it, the people is just the icing on the cake.
I am laughing because i am from Iran and no one here thinks people are nice.

My country people treat foreigners nicer than their own people because for some reason they believe that foreigners are rich and foreigners might give them reward or smth.

It's a common belief that foreigners are rich and locals aren't.

Same way if you are rich in Iran being a local isn't a problem people treat you extra nice

Once one foreigner brought an iPad for my friend.

It might seem odd to foreigners that in East simply looking rich/ or having money can earn you their nice behaviour.

So I saw an interesting little travel show, where Norwegian presenter Line Elvsåshagen was trying to travel on the "kindness of strangers": she'd post on instagram that she was looking for people to meet/eat/stay with, and film the result.

This worked even in Iran, and she met up with a Norwegian-Iranian family; but her government assigned minder/'translator' wouldn't let her sleep in their house. She counted as a journalist and there's no way Iran would let a loose journalist float around their society interviewing unsupervised ordinary people for the TV.

Pity, it does look like an interesting place to visit.

You will use internet through SSH tunnel or VPN anyway as otherwise internet is useless in Iran. I was there this September.
If you visit Iran it will impact your ability to visit certain countries without a visa, like the UK.

Also, from what I've gathered, visiting Israel may impact your ability to visit Iran.

I'm guessing Kremlin, D.C. sent them a list of names to embargo, and his name matched one of those names.

The "No-Fly List" has matched senators and congressmen. On the other hand, I find it interesting that they just do name matching, considering how easy it seemingly is to get a fake ID e.g. to buy booze (admittedly my point of reference is American movies).

A couple of our employees from Syria also got blocked today. They were using Slack from Syria though.

EDIT: I don't understand why they ban/block the account rather than "simply" block access from IPs from the country. This seems really strange and overreaching.

> They were using Slack from Syria though.

This doesn't excuse anything. People in Syria are people too.

This is similar to how people were calling for websites to block access to Europe over the copyright thing. The internet is a place where you don't even need to have a nationality. It is a place where we can all exist as pure thoughts. Why are we letting politics fuck it up?

The Syrian ban comes from a U.S. federal sanction. Not arguing that the sanction is right, or that Slack is correctly implementing its adherence, but this is not a similar situation to people calling for a boycott to make a point.
Yes, I can imagine it's hard for Slack to ignore those sanctions, but it does appear overzealous to ban individual accounts after having logged-in from Syria/Iran, instead of implementing a country ban from accessing slack. The latter would be far simpler from a technical standpoint, and I would imagine just as compliant with the sanctions.
Ye it's probably worse. Companies are happy to go along with US law, but can't be bothered to follow the law of other jurisdictions...
I think people are trying to stop politics from fucking it up. Politicians have started using the internet for political purposes.
Politics is just people, and we’re all people.
The internet is not a place. It only functions to connect people and places which exist in physical locations that are bound by national and regional laws, and the transfer of data between locations is subject to these rules.
That's true of snail mail, or telegrams, or even phone calls. But I'd argue the internet is so fast, and so high bandwidth, and so always-available, that it is a qualitatively different thing from merely a transfer of data between physical locations.

It is a place where things happen that aren't just transfers of information between physical places. For example, Hacker News is a place within the wider place that is the web.

You can argue that it is something other than a "place" (maybe "community"? or "society"?) but then you can just substitute "community" or "society" where I wrote "place" in my previous comment and everything still holds.

I think the important point is that it's bound by laws, and nations will (and must) enforce their laws.

Right now, it means revendicating parts of that place that is internet as waving their flags, and holding accountable individuals and companies powering those parts.

You can argue that there are no nationalities on the internet, bust most nations beg to differ.

I don't see what the velocity of the transfer has to do with the rules. Seems rather arbitrary.

Hacker News isn't a place because you're just requesting data from their servers with a well-known DNS name. In fact everyone who "visits" is technically getting a private copy sent to them, and it's all data being transferred between borders. You can clearly see it reflected in internet routing where transit is defined by political and business connections, and things like the Great Firewall of China.

Calling it a community fits better sure, but that just describes a group of individuals and doesn't create any political sovereignty. People still live in physical locations which are bound by laws, there's no way around that.

Well said! About this particular case, what rules are applied?
- To some extent likely 15 CFR chapter VII, subchapter C.

- 31 CFR Part 560 and Appendix A to Chapter V

- Public Law 115–44 (the CAATSA)

> Why are we letting politics fuck it up?

Yes why?

Fight back: use Tor, have proxies, Tor nodes, bridges, gateways. Use ZeroNet, help crypto projects. Make it hard to discriminate on IP.

(comment deleted)
>This doesn't excuse anything. People in Syria are people too.

I don't get this attitude. Yes people in Syria are people too. Canadian steel exporters are people too, why do does their steel need to be tariffed when exported to United States? Why are American farmers punished when they export their dairy products to Canada, are they not people?

>The internet is a place where you don't even need to have a nationality.

SINCE WHEN?!?! It has never worked that way.

How do you have employees in Syria? It’s a violation of federal sanctions.

Edit: In the US, UK, and EU.

(comment deleted)
(comment deleted)
There's more countries in the world other than the US, you know.
(comment deleted)
I love when people just assume that everyone in the world just live in the US. Hackernews users are international and he uses Slack.
(comment deleted)
Presumably the employer isn't based in the US? (Sorry, but that seems the obvious answer to your question.)
Which might mean American companies can't employ people in Syria, but what does that have to do with the rest of the world?
(comment deleted)
The EU and U.K. are not in the US last I checked.
last I checked there are no restrictions on employment of Syrian people in the EU/UK, unless they are related to the government or military etc.
You just said you didn’t know and now all of the sudden you do?

It seems the harder restrictions were lifted in 2014 in the EU due to member state disputes.

I said that I'm not sure, but that I doubt it. I then spent some time checking, and couldn't find anything to support your claim. If you have any sources that EU countries are forbidden from employing "normal" Syrian people (now or even before 2014), I'd love to see them. Otherwise, it really feels like you're just trolling to be honest.
(comment deleted)
Yes I am wrong and will admit it. Certainly not a troll!
We're not a US company (I hope there are no sanctions in our own country. I somehow doubt it, but I'm not entirely sure to be honest, so I won't mention the country to avoid getting us in potential trouble... Anyone knows which other countries enforce similar sanctions on Syria??).
The US, UK, and EU.

I wound be careful of you or your company reside here. The company I used to work for was fined for continuing services in Syria.

I think your are in Germany and the EU might have lifted restrictions based on certain industries.

https://www.ajc.com/business/investigation-into-syria-accusa...

I'm not a lawyer, but I am not aware of any restrictions to employ people from Syria, unless they were involved in military or related to the government etc.
This is like when you see an HN thread about labour conditions and everyone says W-2, H1B, and "at-will state" as if the world has only one country.
Steve Jobs' biological father was Syrian.
Is the sanctions mentioned on Syria the country, or Syrian nationals? Both?
Saudi Arabia is a large investor in Slack. Probably doesn't mean much here, but you never know.
What do U.S. sanctions have to do with somebody who isn't in Iran?

Is Twitter, Google, Microsoft behaving the same here?

P.S. On a side note, if these sanctions are really about 'punishing the regime', blocking mediums for Iranians to speak on isn't a way to do it, but what do I know.

If you work for an American company, get a bug report from a user you know to be in Iran against an open source project you work on during company time and fix it as a result, can the company be considered to be engaging in commerce with Iran?
Direct exchange of value has to take place.

In this case no, because fixing that bug in your project doesn't benefit him specifically.

But direct exchange goes two ways. Fixing a bug in your project does benefit the project specifically.
But that's one reason dumping the account of a PhD student in Canada is puzzling -- there is no evidence of exchange of value.

I suppose the argument is that the person in question visited Iran and presumably had to pay for food at some point and thus "did business with Iran" -- and that would cover the American vacationing in Cuba as well. And that's probably why they're not just banning IPs originating in the small set of sanctioned countries, and instead dropping users. But I don't like it.

Sourceforge actively DID block interaction with countries under sanction by the US. even though they're garbage malware distributers now it is a data point

https://www.computerworld.com/article/2467444/open-source-to...

They're not garbage malware distributors anymore.
Once you @#$& a goat, you're always a goat-@#$&-er?
They're still garbage malware distributors in the hearts and minds of most people. People don't just forget the atrocities associated with the sourceforge name. I know I'm not going to trust them any time soon.
If they are just deleting accounts where someone logged in from a treasury-barred country’s IP, I wonder what happens if you BGP hijack a small amount of that address space, somehow get admins or high profile users to connect via this (run WiFi? Some kind of proxy?), and then observe the chaos.
(I was wrong)
He said having been to Iran and maybe having used app a few months ago might have triggered it.
Or if a data breach allows for account data to be stolen, then one can spoof access attempts from such IPs and seek to DOS the account access.

If the removals are automated, then the most vulnerable accounts would be those of slack employees - or slack investors?

I don't think it's an access attempt that matters but actual access. You need to login via the API, not simply try and fail to get access.
"originating from" is an interesting phrase as far as the internet goes and people's mobility.

Is that when the account was first used? Majority of use related to IP? Something to do with the email address?

Smart move. This shouldn't surprise anyone that makes a point of avoiding US prosecution and jail:

https://techcrunch.com/2018/12/07/huawei-cfo-accused-of-frau...

https://www.bassberrygovcontrade.com/iran-sanction-violation...

Banning people because of the country they were born in is not "smart", it's abhorrent.

That the US, supposedly the leader of the free world, is threatening prosecution and jail to those who want to treat everyone in the world equally, is a ludicrous state of affairs.

The US hasn't been the leader for a while now. I dont see it getting that title back for a long time.
We don't want to be the leader of anything. We're doing just fine, keep the trash out of this country. Europe will be re-entering the crusades while we're living the dream.
Country is made up of its citizens.

If a country does smth, citizens are punished.

This has been case throughout the history.

Alexander took the losing kingdom's citizen as slaves and American bombed Hiroshima and Nagasaki, again the citizens of Japan who were living there.

So when were the citizens of the US punished for their government bombing Japan?

EDIT: Also, in a different comment in this thread, you claim to be Iranian. Why are you defending sanctions against the country that you are from?

> So when were the citizens of the US punished for their government bombing Japan?

About the same time as Japanese citizens were punished for the Bataan Death March, the Rape of Nanking, and the Korean Comfort Women.

Besides, since when is it appropriate to "punish" a country for winning a war in which it was aggressed against?

"Collective punishment" of this form is a war crime under the Geneva conventions.
Why don't you use a free alternative as Matrix? If you self host, then you are the only one who controls who your users are.
The only advantage of SaaS really is system administration, which should be low-cost if the product is good.
It's not always your choice, and getting an organization to switch may be quite hard. Although Slack seems to be trying to help by pulling a stunt like this.
If I were in charge of an organization that used Slack for communication, I would immediately search for and start using an alternative service which would be hosted on premises.
From a technical standpoint what they're saying is if your IP matches any of these countries, we cannot allow you on our services. It's got nothing to do with ethnicity if a Puerto Rican guy from Orlando goes to Iran and gets banned, it's all about the IP not the person.

Seems they might want to tone down their bans starting from the moment the policy came to be vs doing it from the dawn of Slack's time, not sure how the policy is written and I'm not a lawyer so maybe they went off from legal advise.

(comment deleted)
> if your IP matches any of these countries, we cannot allow you on our services

That's misleading. It might be more accurate to say "if any IP you have ever used matches these countries..." but there seem to be other cases where even that doesn't explain the bans.

This would be perfect opportunity for some enterprising gray or blackhats to wreak havoc.

We know people reuse passwords. I'm sure there are a lot of weak accounts known, or at least suspected. So... if you had a large number of compromised slack accounts, and a complete lack of morals, you could log in with each of them to Slack through Iranian/Syrian proxies.

If Slack are indeed shutting down all accounts that have ever logged in from Iran or Syria, the above could be a brutal denial of service. Followed by a massive PR s##tstorm.

Disclaimer: I don't advocate doing anything like that. I just point out that there might be a way to weaponise the backfire...

As bad as it may sound, but from what I can read in the tweets, he did violate the sanctions by using slack while being in iran.

Well, that is called breaking the law and I fully understand why slack terminated his account when he broke the law and violated their terms of service.

For example, other services or tools (like cisco anyconnect) clearly state, that you are not allowed to use them when in embargoed contries.

He lives and works in Canada. I cannot see how this is violating canadian laws.
It sounds like he accessed Slack from an Iranian IP at some point in the past. Though I’m not sure that’s actually breaking the law.
Maybe the issue is that slack is an American entity subject to U.S. law, regardless of where the organization or employee is based.
I’m not sure that’s how export controls work. If I ship a weapon to Iran, I’m the guilty one, not the recipient.

If Slack allows connections from embargoed nations, that’s on them, not the individuals who might happen to connect from an embargoed nation. Slack is responsible for their own export, and if a user accesses Slack from an embargoed nation, it indicates that Slack is enforcing the embargo improperly. More importantly, blocking that user doesn’t fix their export issue.

Does Chrome need to ban Iranian users to?
I wonder if anyone from my company (a unicorn) has been shut down.
I believe that the only party that suffers from those sanctions are actually the populations living in those dictatorships who don't have a say about who is their leader. Who does actually benefit from them and who do they really harm?
There are other parties that suffer from the sanctions.

For example, the guy in the Tweet, who doesn't even live in Iran and is merely ethnically Iranian.

Not to mention anyone in the US (or, just ethnically North American?) who takes the ethical stance of ignoring the sanction and gets punished for it.

I think it's also worth noting that Iranians have no possibility of renouncing their Iranian citizenship. So even if they wanted to cut any possible connection to Iran, they will never be able to get rid off their citizenship.
I frankly never quite understood the extremely high stance against Iran.

Iran has not really stage any offensive wars since 1856 (and most of the XIXe century wars were in fact to recover/maintain control over the Persian Empire which was slowly eaten by the Russian and the UK).

Since 1940, Iran was constantly meddled with by foreign powers, first being invaded during the WW2 by the Allies and the Soviets, with the Soviet reluctantly leaving the country after 1945.

Then the democratically elected Mosaddegh was deposed by the MI6 and the CIA because of "precious Oil". A "Pro-Western" dictatorial government was was put in place. This regime was of course brutal but also at odds with the population and its traditions, leading to a revolution in 1979.

In the midst of this revolution, Irak, another "Western backed" dictatorship tried to profit from the chaos to invade the country which lead to costly a 8 years war leaving ~1 Million people dead. This war is probably the last high intensity conventional war between 2 roughly equals and relatively developed countries to date.

And then in the 2000, it has seen two countries at its borders being invaded by historically hostile powers. And then these countries collapsed into chaos (And I'm even forgetting the Soviet invasion of Afghanistan in the 80ies).

And lately, after lengthily and complex negotiations, an international accord was signed, just to be thrown out of the window 1 year later by the US, the US then bullying other signatories into not abiding by said accord.

No wonders Iran government stance can be a bit tense at time and that they want the Bomb to be at peace.

> Then the democratically elected Mosaddegh was deposed

Mossadegh was not democratically elected. He was appointed by a dictator. The only part of that process that was even slightly democratic, was indirectly via Majlis vote. The people of Iran never specifically elected Mossadegh.

> No wonders Iran government stance can be a bit tense at time and that they want the Bomb to be at peace.

How does being at peace square with constantly calling for the genocide of Israel across decades and very aggressively funding terrorism & militias? The Iranian people have been protesting their military adventures in Syria as one recent example. Iran is every bit as dirty as the US and Russia when it comes to such activities over the decades in the Middle East.

Don't you get in the way with facts. They don't support the narrative. Iran is an unfortunate victim of Western politics!
Sorry for the inaccuracy about Mossadegh.

I do agree that the successive Iranian governments and the Iranian regime is far from a saint in this story, specially since the Islamic revolution.

Calling Israel a "cancer" or a "little satan" (with the US as the "great satan") is an atrocious way to do diplomacy...

The Iran hostage crisis was a really bad starting move. with long lasting consequences.

Iran is also quite active militarily, but the goal is more to maintain security at its border (Iraq), or maintain the few allies it has in the region (Syria, Lebanon). There are reasons behind these adventures, even if that doesn't excuse them.

Mossadegh was appointed Prime Minister, by the Shah, after a nomination from the Iran Majlis (Parliament). The system of representative democracy that allowed his appointment is similar to many countries around the world today, where the people do not select the leader, the people vote for the members of Parliament, who in turn select the leader (such as Australia).

The Shah carried out the appointment, only after the democratically elected parliament members nominated Mossadegh in an overwhelming majority vote).

This could be considered "slightly more democratic", only if you consider the Australia to be "slightly more democratic" than a dictatorship such as North Korea.

I'm not going to attempt to untangle your final paragraph, only to say you have made some very large claims without any sources to back up your claims.

This link might give you a perspective https://twitter.com/stewart/status/391346582764789760
So you're assuming it's due to ethnic prejudice, based on nothing but the ethnicity of Slack's CEO?
The jewish propaganda machine is really after Iranian people wherever they are. A man proud of his Jewish heritage, may be connected to his peoples ideology. A proof, of course not, a correlation, maybe!
Few days ago i was in UAE and saw fishing boats carrying gadgets like iPad, iPhones and Macs into Iran.

Obviously, looking from outside you can't tell that this rotten boat is carrying expensive gadgets. I saw this because my friend owns a wharehouse and he had to put some of his stuff into same boat.

Funny thing is Tinder is available in Iran and i used it there when i was at home for vacation.

I think Slack is sending a clear and strong message: use a VPN!
Or use open source alternatives instead.
This! Open source helps protect users' freedoms.

However, I am sympathetic when you're talking about software that needs to be run server side. Because in that case, you almost always have to deploy and manage the infrastructure yourself (or know somebody to do it that you trust), which is just too much for most people.

With chat specifically, you might be able to avoid self-hosting by using something that supports federation. Personally I'm rooting for Matrix to establish itself here.

Or don’t rely on U.S. providers for any kind of international internet communication.
I think it's "absolutely do not patronize Slack".
Now if Twitter would only ban people working for Russia, even when they live in the White House.
Are you disappointed that someday we're going to stop killing children in Syria?

(Note: we haven't actually stopped yet.)

As an outsider, I am really surprised by how deep-rooted America's hostility is towards Iran. Shi'ite Iran certainly has human rights issues, but as far as terrorism is concerned the majority of them are orchestrated by Sunni groups. 9/11 hijackers, Al Queda, Islamic State, Paris attackers - are all Sunni.
Most Americans have as their only understanding a picture of Iran in their minds of the overthrow of the shah and IEDs in the past 14 years of war. Very few Americans would even understand that Iran isn't like the rest of the ME and has a very different history.

Americans in general aren't well educated about the ME and the ethnic and religious differences there -- even the past 17 years of war there haven't tipped the education system to give them better knowledge about it.

Most americans would be surprised that the situation for womens' rights, while not ideal, is significantly better in Iran than in the nation of our "good friends" Saudi Arabia. By very nearly any metric: Number of women with professional educated jobs, number of women with bachelors degrees or masters degrees from large, recognized universities, number of women who drive their own vehicles independently around their home cities without male accompaniment, etc.
It was that way in Afghanistan in the 70s as well.

Yeah -- agree, most Americans simply aren't able to identify the differences between the ME countries.

SA is a marriage of convenience, nobody likes them even though we have a somewhat tenuous alliance.

Iran is an easy enemy for the US government to offer to its citizens.

Because of the fairly harsh anti-US rhetoric circulated by the Iranian government to its citizens since the revolution (itself because of our previous support of the Shah and current support of Israel) for purposes of maintaining power, it's easy to say "Look, Iran hates America."

The Shia / Sunni distinction is largely lost on the average American.

And just as a personal note, almost every Iranian I've met in the US has been an awesome person. They've got a fascinating history and culture.

> almost every Iranian I've met in the US has been an awesome person

Yeah because most of the ones here are the kids of the high-level government officials from before the revolution.

To be completely fair about the last point, immigrants you meet in the US are not a representative sample. I say this as an immigrant myself. The Bangladeshis and Pakistanis I’ve met in the US are educated and relatively liberal, having gotten through our immigration filters. But the beliefs and attitudes of people back in the country are totally different. For example, American muslims are slightly more liberal than americans as a whole on homosexuality, and 60% of Americans say society should accept homosexuality. In Pakistan it’s 2%: http://www.pewglobal.org/2013/06/04/the-global-divide-on-hom...)

Also relevant: https://www.google.com/url?sa=i&source=web&cd=&ved=2ahUKEwiM...

Granted. I was going to include a note, but didn't want to get too long winded.

Non-representative sample, self-selected according to dominant migration obstacle (e.g. financial or educational).

(Some) Pakistani-Americans I’ve met who’ve grown up here have told me that my parents should be executed for being Ahmadis once an Islamic State has been established (but graciously offered them a one time chance to repent). So much for the immigration filter.
Hate towards certain ethnicities and countries is a tool used by the leaders (political and business) of the US to further their economic interests, either for selling weapons or sewing discord to take advantage of other people’s natural resources.

Kind of ironic when you consider the leaders of a country using patriotism for their personal gain. It’s so weird seeing all the flag toting, national anthem singing population in the US tow the line when they can’t even be bothered to learn their country’s history or participate in the civic process and hold its leaders accountable.

what history? my grandma's house is older than the US. /s
Wealthy Saudi propaganda organizations?

But I think the defiance is why the US elite hates Iran. They successfully kicked out a US-backed leader, humiliated Carter's rescue plan, fought off a US-backed Iraqi invasion, defied the US over nuclear proliferation. Refusing to follow US orders enrages the US.

Ironically there has been extensive on-the-ground cooperation between the US and Iran while fighting ISIS in eastern Syria.

"there has been extensive on-the-ground cooperation between the US and Iran while fighting ISIS in eastern Syria."

Could you possible share a source for this?

* cough * Israel * cough *.
cough AIPAC cough

You just have to see those anti-Israel boycott clauses that people have been talking about recently. And on the other hand, no problems with Saudi Arabia because they are friends with Israel. America is Israel's whore. It's sad when you come to think of it.

(comment deleted)
This. It's sad how much influence they have on American foreign policy.
Americans don't even understand the distinctions among Christian groups. If you actually went inside a Methodist church and asked people how their doctrine differs from Presbyterians' (or vice versa) you'd get mostly blank stares. So it should hardly be surprising that they don't recognize divisions in other religions. What they do understand is countries, and the US relationship with Iran has long been marked by enmity on both sides. Also, Iran's relationship with Israel is even worse, and that alone would ensure US enmity.
On the other hand the regime supports destabilizing groups throughout the middle east. They want to contend to be the main influence there along with Saudi.

They also from time to time threaten oil supplies and threaten Europe with restarting their missile programme. They’ve been quite nettlesome.

However, with more energy independence the present US administration seems to be disengaging from the ME, in contrast to the last two admins,

>On the other hand the regime supports destabilizing groups throughout the middle east. They want to contend to be the main influence there along with Saudi.

As does the USA. So?

Right. So they say we’re bad, we say they’re bad. I’m all for letting them work things out on their own and stay out of their local disputes so long as they keep it local.

But unfortunately with the weapons they’re willing to use against each other it may be hard to just sit on the sidelines.

Any case OP was painting them as being “innocent”.

> with the weapons they’re willing to use against each other it may be hard to just sit on the sidelines.

Someone's got to keep selling them those weapons, right?

I think Iran has demonstrated they ate quite capable in this regard.
As an insider, I have no hostility towards Iran, and would prefer that our government ally itself with them instead of Saudi Arabia (if it has to choose at all). However, our government is a representative government, meaning it favors those whom it profits most to represent. Sometimes this works in favor of the common American, sometimes it doesn't.
This. It's funny that the West is blaming Iran 24/7 for terrorism while 3/4 of terrorist attacks are just Sunni against Shia mainly in Syria, Iraq, Afghanistan and the other 1/4 is Sunni against non-muslims.
> 3/4 of terrorist attacks are just Sunni against Shia

I think people are talking past each other here because "Sunni vs. Shia" is a distinction that has great meaning to those on the inside of that religious or regional context, but means absolutely nothing to most on the outside - especially but not only those in the US.

Imagine that there was a wave of Buddhist terrorism. Would people in mostly-Christian or mostly-Muslim countries notice or care about mahayana vs. hinayana (vs. other)? Big nope. If they made any distinctions at all, those would be on the basis of country/region or skin color or just about anything besides doctrinal differences. More likely they'd just tar all Buddhists with the same brush. Do people in Iran pay attention to factional differences in the US, or are we all "Americans"?

So it is with US vs. Iran. Sunni vs. Shia might well be important, might be highly visible to you, but to at least one half of the people making geopolitical decisions it's just not part of the equation. Maybe that's a good reason not to have the ecclesiastical and secular authorities so intertwined, as it makes such confusion almost inevitable (cf. Israel vs. Judaism).

In the case of suspending these accounts, this isn't something just Slack has done. A crypto exchange was wholesale closing accounts in the past 3 years if people even opened the app while on holiday in Cuba and rightly so. You do NOT want to have to deal with the government if they suspect you, or a customer, of dealing with a sanctioned or embargoed country. You just don't. It's going to be messy and long and expensive especially as a finance or communication company.

It isn't a "oh you're a Muslim/Iranian/Cuban/resident of Kiev, banned!" thing it's a "Oh, you could cost us millions and millions of dollars in legal trouble, exposure of our other customer's data, etc, sorry but we have to sever ties with you immediately to reduce our risk to very serious government investigation and litigation".

Given Slack also uses encryption at rest and in transit, there may be a LEGAL REQUIREMENT not to allow users with ties to Iran to use the product under CFR title 15 chapter VII, subchapter C.

> Shi'ite Iran certainly has human rights issues, but as far as terrorism is concerned the majority of them are orchestrated by Sunni groups

It doesn't matter what religious sect has perpetrated acts, the current government is reliably documented to a laundry list of terrorist attacks, cyber attacks, imprisoning/lashing/executing members of the gay community, at least 15 assassinations on foreign soil (US, FR, DE, CH, SE etc), a recent president was a staunch holocaust denier and the government even sponsored an anti-holocaust conference.

We impose sanctions, embargoes etc on COUNTRIES not religious sects. We hold COUNTRIES responsible for war crimes and genocides, not specific religious sects. The current government of Iran in this instance has a history of doing bad things for its entire existence, as such the U.S. government has decided they are both a threat to nation and worthy of sanctions for various reasons. I suspect the powers that be at Slack simply are trying to minimize risk to the company and other customers by eliminating users that have shown a connection to IPs geographically connected to the nation of Iran.

See:

- 15 CFR chapter VII, subchapter C.

- 31 CFR Part 560 and Appendix A to Chapter V

- Public Law 115–44 (the CAATSA)

It's mostly about 1979 and the humiliation of the hostage crisis.
You are surprised by how deep-rooted America's hostility is towards Iran, so you seize the opportunity to incite hatred against Sunnis?
You know, Iran is selling oil to countries without using US dollars.
My wife’s Slack account was closed yesterday.

She created the account while traveling in Cuba (legally) years ago and hasn’t been back to Cuba or any other sanctioned country since.

She is a cofounder of an org that uses Slack heavily and has now lost access to all her messages and files from the past couple years of work.

There appears to be no appeal process here.

The appeal process is filing a lawsuit against Slack, provided the person wronged didn’t already agree to give up that right when accepting Slack’s TOS.
Even if it wasn't given up, what would the lawsuit complain be, and what would one gain from it if it succeeds? Isn't Slack legally entitled to shut down any accounts at any time?
GDPR holds that you own your data and are entitled to be provided a download of it. Not sure what the Canadian equivalent is, if any.
Even if the GDPR applied in this situation, Slack is trying to obey US sanctions. I’d wager a guess GDPR can’t force a company to violate those laws.
GDPR has the force of law in its area of jurisdiction. If Slack can't comply with it, then they'd better not do business in that jurisdiction. That's how the law works; there isn't some hierarchy of one country's laws overriding others'.
/s Exactly. It’s why we never saw two countries going to war.
Are you suggesting the US go to war with the EU to force them to repeal the GDPR, so that Slack can do business in the EU? I know HN typically takes a pro-business angle politically, but that seems beyond even the most rabid line that I usually see here.

If not, I am totally confused about how your response connects to what I wrote.

Other way around. The EU is the one who bears the burden of forcing American companies like slack to comply with their laws. Though jumping straight to a shooting war feels like an overreaction. Maybe start with a fine and ban the company if they don't pay.
Do the US sanctions prevent them from giving the user a copy of their data?
And it applies to people who are in the EU. So all these people have to do to get their data is to book a plane ticket into any EU country.
(Maybe this a stupid question) Why should they be entitled if you are a paying customer? Do they give you a backup of your activity on their platform before closing the account?
IANAL but cutting you off your everyday job and crucial documents (causing stress, money problems, hopefully not: unemployment) only because you happened to open an account in a random country seems like a reason good enough for a lawsuit. What to gain: compensation, and that damn' account.
You are not entitled to Slack's infrastructure, no matter how much you came to depend on it for your day-to-day life.
Well that's not strictly true. Presumably there is a contract of some sort, and Slack must abide by it, entitling users to Slack's infrastructure to some degree.

It's not completely arbitrary. Plus there're notions of estoppel potentially at play.

I'd pretty much guarantee their terms of service stipulate they can terminate an account at any time for any reason. It's how most Internet services operate. The only likely addition to that, is a monetary refund if warranted based on the account context.
(comment deleted)
One, no, you are not legally entitled to shut down accounts on the basis of race or national origin, if that's what they're doing.

Two, they may have to at least return the data: if I let you use a desk at my place and you start doing business there, I am pretty sure I cannot legally refuse you entry and hold on to your papers.

Three, even if they are, we're also legally entitled to call Slack incompetent losers, and to tell our employers that we should not switch to Slack if we wish to continue being co-workers with Iranians. I will be telling my employer that shortly. (One fascinating aide effect of using Slack is thst the entire company must conform to Slack's policies. You cannot hire someone whom Slack won't create an account for, nor someone who won't agree to Slack's ToS, because if they're not on Slack they can't get work done.)

> no, you are not legally entitled to shut down accounts on the basis of race or national origin, if that’s what they’re doing.

That’s not what the parent comment said, you’re twisting it with an assumption. Slack is not legally obligated to provide Slack accounts to anyone, that was the point.

> they may have to at least return the data: if I let you use a desk at my place and you start doing business there, I am pretty sure I cannot legally refuse you entry and hold on to your papers.

Your analogy is rather confused. The data Slack has isn’t equivalent to your papers that you dropped on their desk. When you sign up for Slack, you enter into a contract outlined in their Terms of Service that detail explicitly what they agree to be responsible for. In particular, here’s the agreement relating to your data:

“Following termination or expiration of a workspace’s subscriptions, we will have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in our systems or otherwise in our possession or under our control.”

https://slack.com/terms-of-service

> Slack is not legally obligated to provide Slack accounts to anyone

Slack is legally obligated to provide Slack accounts to people who pay, with 30 days notice for termination in most cases. There is this stipulation:

> We may terminate the Contract immediately on notice to Customer if we reasonably believe that the Services are being used by Customer or its Authorized Users in violation of applicable law.

However, if they are terminating accounts based on ethnicity that doesn't seem like a reasonable belief they can use to justify applying export controls.

> Slack is legally obligated to provide Slack accounts to people who pay

Rather, Slack agrees to provide accounts to people who pay and agree to the contract in return.

That little stipulation is exactly what is in effect here. Slack believes the users are in violation of the agreement, and under the legal rules that Slack established and controls, they enforce immediate termination.

> if they are terminating accounts based on ethnicity

This defending of the argument based on wild assumptions that Slack is ethnically profiling is a bad place to start from. That hasn't been shown, nor is it very likely.

On the other hand, Slack is legally obligated to block traffic to Iran, and it's within reason to assume an account that ever had any traffic in Iran broke the law. It's certainly possible that Amir forgot that he used an Iran proxy, or traveled there. It's possible that someone on his team broke the rule without his knowledge. It's also possible that Slack made a mistake, which can and does happen from time to time at many companies when trying to enforce international laws using only IP traffic logs. None of that points at Slack intentionally terminating accounts based on ethnicity.

> Slack is not legally obligated to provide Slack accounts to anyone, that was the point.

And this point is untrue. As long as Slack provides accounts to the general public, they are required by law not to discriminate when doing so on the basis of race or national origin. They can stop serving everyone. They can firewall access from Iran, or identify actual persons covered by the sanctions. But they are legally obligated to serve Iranians as much as they serve anyone else.

> Following termination or expiration of a workspace’s subscriptions

One, this is an individual account, not a workspace. The workspace remains active.

Two, terms of service don't override law. There may or may not be law that overrides this and says that certain rights cannot be signed away. (For instance, if you're subject to the GDPR, my understanding is it would override it.)

> terms of service don't override law.

Correct, agreed!

> As long as Slack provides accounts to the general public

Slack does not provide accounts to the general public, in any legal sense. Slack is a private business, not a public service. Please read the terms of service to understand the terminology.

> they are required by law to not discriminate

Well, they are required by law to discriminate against traffic to Iran.

But, again, you've twisted my meaning to make your own separate point. I wasn't talking about discrimination. Slack is not compelled by law to provide accounts to someone. They can legally refuse service to someone who lives in Iran, or connects to Slack from servers located in Iran.

> But they are legally obligated to serve Iranians as much as they serve anyone else.

That statement is true in the sense that Slack is under no legal obligation to provide their service to anyone, outside of the agreement they created. That is separate from and irrelevant to whether or not they're allowed to discriminate against the people Slack agrees to provide service to, under their terms of service contract.

> they are required by law not to discriminate

BTW, what law are you talking about specifically? I'm aware of civil rights for US citizens, and anti-discrimination employment law in the US, but not of a specific law that bars online discrimination. I personally believe discrimination online would be wrong and bad, but are you certain that it's illegal?

Keep in mind we're talking about someone in Canada connecting to a US service, with a plausible decent chance that he connected from Iran or through an Iran server and just forgot about it. I'm not aware of specific US anti-discrimination or civil rights laws that would protect Amir in this case.

Slack doesn't even know someone's race or ethnicity, thus can't discriminate against that. They are just disabling accounts based on the IP they were created from, which was the best they had to go by to abide the sanctions. This is for sure inexact and bound to have false positives though.
Exactly. Assuming ethnic discrimination seems pretty unwarranted.
It’s not quite that simple. A case could be made that other variables are a proxy for race or national origin, and travel to specific countries is one of them.

Of course that argument has an opposing side as well, but it seems prima facie plausible as a cause of action.

> "will have no obligation to maintain or provide any Customer Data..."

I have to admit that this case (and some others I read in recent days, e.g. MailChimp account deleted: https://news.ycombinator.com/item?id=18715866 ) made me aware that the terms of some popular services can be much worse than I would expect. I should really start reading those terms. Thank you for helping me reduce my naivety.

Honest question: if I go to McDonalds and pay for a burger can they refuse to serve me? I understand that they can refuse to serve me before paying, but after I pay their service and goods too?
Cuba is one of the most popular destination for Canadians, can't ever imagine what would happen if they actually ban everyone that had their IP over there at some point in the last few years.
I suspect the fact that the account was created in Cuba is what triggered the action.
So, uhh, just stop using Slack then? There are plenty of alternatives now.
How do people export/backup messages from Slack?
Migrating to Mattermost from Slack and transitioning all the data is easy. My team at work transitioned to Mattermost a few years ago. https://docs.mattermost.com/administration/migrating.html#mi...
Thanks. This seems to be the important part:

> Generate a Slack “Export” file from Slack > Administration > Workspace settings > Import/Export Data > Export > Start Export.

If the account is already closed, this is not possible. And this is a major problem.
So is it related to her ethnicity as this guy is claiming it is in his case?

If not maybe everyone can consider that maybe Slack’s actions for the Iranian guy have some basis other than “his ethnicity.”

It appears we are talking about place of origin of accounts, at least in my wife’s case.
While it's perfectly legal for your wife, a Canadian, to go to Cuba, it's still embargoed by the U.S., and Slack as a U.S. company must comply with the embargo (even though your wife has done nothing wrong per Canadian law).
That's true, but why does that mean they need to shut down her account just because she visited Cuba? Would that mean a grocery store would then have to refuse to sell you their goods because you visited the country once?
They didn't shut down their account because she visited Cuba, but because her account was created _from_ Cuba. It's unfortunate but I guess it's the only way Slack has to "know" where an account is from.
It's the laziest possible way. They could've looked at most frequent login IPs instead.
They should never have allowed the account to be created from Cuba in the first place. Slack when it was younger, didn't have good policies in place to actually follow US law. As such, now that they are reviewing their old records they realized they committed illegal actions that they need to clean up.

Yes, it harms their customers, but that harm and the resulting damages to Slack' reputation (and maybe legal costs), is what they must pay for being negligent in the past.

Not a great analogy since you normally can't shop at an American grocery store from Cuba, but you can use an American web site from there.
The guy's wife didn't do anything wrong. Slack broke the law by providing an embargoed service to someone in Cuba. I'll bet money that when this was discussed with their compliance officer, the lawyers and engineers and everyone else agreed to use certain metrics (like source IP) to determine whether someone fell under the embargo. Otherwise, Slack would have to spend a lot of time and money validating people's identity, etc., in order to comply. I don't really fault them for taking this path because their exposure is huge and compliance is hard.

Your analogy about grocery stores doesn't really work because logging into Slack isn't the same thing as walking into a grocery store, because buying from a grocery store isn't the same thing as exporting food across a national boarder, and because neither food nor medicine is embargoed.

That's a good point except that Slack shouldn't be banning people that are not violating sanctions.

In this case, if the account was actually opened from Cuba ... that could be a problem.

What they should do is offer recourse and a way to have this resolved.

They did offer an appeals process, but that can be safely assumed not to be a process for appealing the US law and their interpretation of it — it’s much more likely a process for appealing technical errors committed by accident during bulk work, such as “you identified my IP as Cuba when it’s Florida” or “I was hacked and we discussed that back then, please recheck your logs excluding the hacker’s activity”.

So they are absolutely offering recourse and resolution, but only where it is in their power to do so.

TLDR: Don’t expect Slack to be responsive to arguments that contain “please ignore US law for my individual circumstances”.

What other life-long punishments does she deserve for doing that horrible deed? Completely removed Google account with all her data? Permanent ban from any grocery store? Revoked driver license? Lifelong ban from Amazon, HN and other US services?
If Slack did this because of her trip to Cuba years ago it means they have kept records of her IP going back years.

This causes me to think about the metadata records they have held onto in addition to all the data.

Right, which should also indicate that this trip to Cuba wasn’t part of a pattern but rather an anomaly.

I understand the complex legal frames that this exists in, but they appear to have the data to be way more precise here.

They may have the data, but they have no incentive to care whether or not their inferences are correct. This is a common problem with ostensibly data-driven companies.
> If Slack did this because of her trip to Cuba years ago it means they have kept records of her IP going back years

Or they did an IP to country lookup back then and kept the result of that rather than keeping the IP.

And yet some people are wondering why GDPR has a data retention policy that aims at keeping personal data around for the least amount of time necessary.

Companies should be made accountable for such blatant abuse of user data.

i am starting to become scared that my accounts with different companies will be closed retroactively. I have, through work, toured most of the free and some parts of the non-free world (including Iran, Cuba and sudan). That apparently makes me fair game to have my US accounts closed. Had I been a slack user I, by the look of it, probably would have had my account closed today, even though I have lived within the EU for all my life.

I am pretty certain I have logged into my mail, PayPal account and Digital Ocean account from countries embargoed in the regions my providers operate. PayPal I could lose without much fuzz, but jeez how I'd hate to lose access to my email.

I worked in webhosting forever and I've never heard of a company until this post actively digging through a users access to services to block them. What we'd do is use products like Maxmind where if you tried to sign up and pay from Iran, etc, you'd be automatically denied. I've never, ever heard of audits to SSH logs to track this stuff down. We'd audit ssh logs if there was a server that was hacked, etc, usually to see if they hacked other servers so we could take them all down at once or find out (they'd often have irc running) what groups they were in to get more info on how they did it, etc.

This is absolutely ridiculous. I've opened up Slack while in Cuba to check on work things at my American company who does no business there. I don't have anything to do with our Slack bill and I'm a US citizen. So if someone goes to see their family in Iran/etc and just happens to open Slack they'll get banned? That's hamfisted as all hell.

Was her account the owner of the workspace? What has happened to the whole workspace?
I've just opened all my slack workspaces from an IP Geolocated in Tehran to test that hypothesis. Let's see how it unfolds.

[EDIT] to be on the safe side, I've also created a new workspace from said IP.

Slack could just block access to IPs from banned countries. Why are they retroactively blocking accounts? Sounds like Slack is punishing regular people who visited those countries.
If the data is worth something, get a lawyer to write a letter to them and request the data back.

Lesson: keep backup of everything in multiple jurisdictions even if you are innocent like Jesus. You know what happened to him.

As far as I remember Slack does not ask/hold any information about your nationality. I wonder if he created his account when he was visiting one of the listed countries and for some reason, Slack is just using that information to block accounts.
If Slack has a presence in France, they can be sued for this. And I think in any country with anti-discrimination laws which I thought included many US states?
You should be able to use GDPR to force them to give you your data, probably not to reinstate services.
Highlight doubt that. France and Europe have similar sanctions.

We had an alumni from my university who opened a company and sold some stuff to a client in a middle east country. Hardware parts, not software. One shipment got stopped at the border for a random control, before the police showed up at the office and arrested everyone. Turns out there are sanctions. Couldn't sell there.

The main issue seems to be that they are not only blocking people actually in embargoed countries, and furthermore not only nationals of that country, but everyone who has ever used the service from an IP geolocated - or otherwise - associated with embargoed countries.

If former nationals are more likely to have visited an embargoed country, it could conceivably fall under discrimination laws.

But it is probably even more problematic if using a service from an country specific IP actually should triggers the embargo from a legal point of view?

Then we have a problem, because suddenly you won't be able to use your phone, even turn it on at all while traveling an embargoed country if this starts to be applied broadly.

Furthermore, it would imply that things like a single BGP route hijack could kill all of a company's accounts on any US service, without recourse.

If this would be the case, using any service from a country interpreting embargoes this way becomes an impossibly risky proposition. Which was probably not the intent of the embargo.

Agreed. It's very obvious that Slack has zero experience dealing with regulations. They totally went overboard with deleting any account that ever connected from a restricted location.

There is no conflict with discrimination though. Sanctions takes precedence over pretty much everything else.

Don't expect your phone and applications to be usable when you travel to Iran/Syria, many services won't work. There was a news not long ago about Google Cloud blocking network access from Iran.

This kind of thing can kill Slack or other networks because if you have a team of 100 people and just one can't use the platform, you'll switch. The network effect seems likely to work in reverse in this case.

Beyond that I find it outrageously unethical.

> Beyond that I find it outrageously unethical.

What, complying with national and international sanctions and erring on the side of caution? Losing part of your customer base is preferable over getting fined to the tune of hundreds of millions of USD.

If the sanctions demand this, then the sanctions are outrageously unethical. If the sanctions don't explicitly demand it and banning ethnic Iranians is just "erring on the side of caution" then yes, sorry, but Slack is being outrageously unethical. Even if the sanctions do demand it, to me this is a reason to seriously consider either moving Slack to another jurisdiction like Canada, the EU, Switzerland, etc., or proudly face the fine.

What's the alternative? Just hide your Iranian/Persian colleagues and friends under the digital rafters? It's plain wrong, and I refuse to be on that side of history. If Slack needs to risk a massive fine then that's their duty, so yes, face the fine, take it to the Supreme Court. To be honest, doing anything else is unpatriotic as well as unethical.

> consider either moving Slack to another jurisdiction like Canada, the EU, Switzerland

I wouldn't put Canada in the same company as the EU or especially Switzerland, Canada is generally very happy to play ball on these matters.

> then that's their duty, so yes, face the fine, take it to the Supreme Court

No, it's definitely not. What's with the hyperbole? Do you consider every single person and company in the US unpatriotic and unethical then because these sanctions exist?

We need less corporate involvement in politics. If you don't like the laws then you are free and welcome to participate in the government to change them but expecting a private company to go to the Supreme Court (!) over sanctions is just ridiculous.

> What, complying with national and international sanctions and erring on the side of caution?

Yes.

She/He makes a valid argument so I think a downvote is uncalled for.

As someone else pointed out: if anything is unethical here, it is the sanctions. Ensuring your company operates within the law is a business decision and not everyone has the ability to go toe to toe with the government.

The brigade here is too strong to listen to any reasons against this.

If it were my company and the potential downside of not closing accounts was personal jailtime, I'd absolutely err on the side of caution and close any account that seemed like it might land me in jail. Yes, people would get pissed off. But I'm not going to jail for them.

The real problem here is that Slack's support is horrible and there's no way to talk to them about an account closed in error.