Most people use slack for work. I think it’s a pretty reasonable assumption that not only is everything kept forever, but that it’s not “your data”, it’s your employers.
That's not the point, the point is people who don't use it for work and are on the free tier. You can only manually delete messages back to 10,000 but ones older than that are stored and you have no control over them. Also, you can't set, say, a two week expiration unless you pay.
I love slack, but I’m 100% sure it’s been compromised by at least major intelligence services if not law enforcement and criminals. It’s too much of a big juicy target not to have been.
This article being on BusinessInsider sort of hides the true nature of Gennie Gebhart's complaint[1]. The targets of her editorial are not businesses that pay for using Slack. (It's also likely that business users such as the company's sysdmins and programmers don't care if their corporate chats are saved on Slack's servers; they actually want their chat history saved on the cloud so they can later search it.)
She's targeting the non-business oriented users such as:
>Slack’s users include community organizers, political organizations, journalists and unions. At the Electronic Frontier Foundation, where I work, we collaborate with activists, reporters and others on their digital privacy and security, and we’ve noticed these users increasingly gravitating toward Slack’s free product. [...] Instead, Slack retains all of your messages [...] , they are all still indefinitely available to Slack, law enforcement and third-party hackers.
Yes, if you're doing Edward Snowden type of communication that requires cloak & dagger protection, using the free tier on Slack is dangerous. She then makes this suggestion to Slack:
>Slack should give everyone the same privacy protections available to its paying enterprise customers and let all of its users decide for themselves which messages they want to keep and which messages they want to delete. It’s undeniably Slack’s prerogative to charge for a more advanced product, but making users pay for basic privacy and security protections is the wrong call.
I think it's more realistic for political activists to be educated on choosing an alternative to Slack rather than hope for Slack to change its business model.
I'm close to walking away from Slack for a personal group chat and pushing to move to something with either full encryption (Keybase Teams), or proper retention settings/control of ALL messages. Slacks decision to not allow control of message retention combined with them also taking away the ability to delete messages beyond the latest 10,000 is a big problem.
I don't know about rocketchat, but it must be really bad then. What's so attractive about slack UI? I was forced to use it for a few months last year and it was a very bad experience! I'd rather use mIRC (in the nineties) that this slack monstrosity.
Essentially you have to pay a fee (i.e. the minimum amount of paid service) in order to be able to purge message history - which looks like it’s $6.67. Does Slack purge data on cancellation?
Last couple of years have led me to err on the side of caution and assume that pretty much everything I use has backdoors. Also, Slack is so bloated that it doesn't even make it to the shortlist of the communication apps I'm looking to use. I understand that many workplaces require it, which is probably not fun. In any case, we should all assume that work related information is always retained, and someone has access to them even if the product is all about "privacy" and even if your bosses "would never do that".
20 comments
[ 4.9 ms ] story [ 68.8 ms ] threadShe's targeting the non-business oriented users such as:
>Slack’s users include community organizers, political organizations, journalists and unions. At the Electronic Frontier Foundation, where I work, we collaborate with activists, reporters and others on their digital privacy and security, and we’ve noticed these users increasingly gravitating toward Slack’s free product. [...] Instead, Slack retains all of your messages [...] , they are all still indefinitely available to Slack, law enforcement and third-party hackers.
Yes, if you're doing Edward Snowden type of communication that requires cloak & dagger protection, using the free tier on Slack is dangerous. She then makes this suggestion to Slack:
>Slack should give everyone the same privacy protections available to its paying enterprise customers and let all of its users decide for themselves which messages they want to keep and which messages they want to delete. It’s undeniably Slack’s prerogative to charge for a more advanced product, but making users pay for basic privacy and security protections is the wrong call.
I think it's more realistic for political activists to be educated on choosing an alternative to Slack rather than hope for Slack to change its business model.
[1] https://www.nytimes.com/2019/07/01/opinion/slack-chat-hacker...
> https://slack.com/pricing
https://news.ycombinator.com/item?id=20325226