20 comments

[ 4.9 ms ] story [ 68.8 ms ] thread
Most people use slack for work. I think it’s a pretty reasonable assumption that not only is everything kept forever, but that it’s not “your data”, it’s your employers.
Most? I've never worked anywhere that uses it.
An alternate interpretation: most people who use slack use it for work.
Sorry, yes. That's exactly what I meant.
That's not the point, the point is people who don't use it for work and are on the free tier. You can only manually delete messages back to 10,000 but ones older than that are stored and you have no control over them. Also, you can't set, say, a two week expiration unless you pay.
I love slack, but I’m 100% sure it’s been compromised by at least major intelligence services if not law enforcement and criminals. It’s too much of a big juicy target not to have been.
You are simply not allowed to run a messaging platform at that scale without following all those known and unknown regulations.
This article being on BusinessInsider sort of hides the true nature of Gennie Gebhart's complaint[1]. The targets of her editorial are not businesses that pay for using Slack. (It's also likely that business users such as the company's sysdmins and programmers don't care if their corporate chats are saved on Slack's servers; they actually want their chat history saved on the cloud so they can later search it.)

She's targeting the non-business oriented users such as:

>Slack’s users include community organizers, political organizations, journalists and unions. At the Electronic Frontier Foundation, where I work, we collaborate with activists, reporters and others on their digital privacy and security, and we’ve noticed these users increasingly gravitating toward Slack’s free product. [...] Instead, Slack retains all of your messages [...] , they are all still indefinitely available to Slack, law enforcement and third-party hackers.

Yes, if you're doing Edward Snowden type of communication that requires cloak & dagger protection, using the free tier on Slack is dangerous. She then makes this suggestion to Slack:

>Slack should give everyone the same privacy protections available to its paying enterprise customers and let all of its users decide for themselves which messages they want to keep and which messages they want to delete. It’s undeniably Slack’s prerogative to charge for a more advanced product, but making users pay for basic privacy and security protections is the wrong call.

I think it's more realistic for political activists to be educated on choosing an alternative to Slack rather than hope for Slack to change its business model.

[1] https://www.nytimes.com/2019/07/01/opinion/slack-chat-hacker...

I'm close to walking away from Slack for a personal group chat and pushing to move to something with either full encryption (Keybase Teams), or proper retention settings/control of ALL messages. Slacks decision to not allow control of message retention combined with them also taking away the ability to delete messages beyond the latest 10,000 is a big problem.
Can you not self-host Zulip or something similar?
This is why we run self-hosted rocketchat.
Too bad alternatives often have subpar UIs, Rocketchat included. But still worth considering imho.
I don't know about rocketchat, but it must be really bad then. What's so attractive about slack UI? I was forced to use it for a few months last year and it was a very bad experience! I'd rather use mIRC (in the nineties) that this slack monstrosity.
Essentially you have to pay a fee (i.e. the minimum amount of paid service) in order to be able to purge message history - which looks like it’s $6.67. Does Slack purge data on cancellation?

> https://slack.com/pricing

Last couple of years have led me to err on the side of caution and assume that pretty much everything I use has backdoors. Also, Slack is so bloated that it doesn't even make it to the shortlist of the communication apps I'm looking to use. I understand that many workplaces require it, which is probably not fun. In any case, we should all assume that work related information is always retained, and someone has access to them even if the product is all about "privacy" and even if your bosses "would never do that".
Luckily, its search interface is horrible, so there is some barrier.