
EFF warns people of the dangers of using Slack - whalabi
https://www.businessinsider.com/slack-eff-data-retention-encryption-2019-7
======
merricksb
Original NYT op-ed already heavily discussed 3 days ago:

[https://news.ycombinator.com/item?id=20325226](https://news.ycombinator.com/item?id=20325226)

~~~
whalabi
My bad, didn't see

------
jasode
This article being on BusinessInsider sort of hides the true nature of Gennie
Gebhart's complaint[1]. The targets of her editorial are not businesses that
pay for using Slack. (It's also likely that business users such as the
company's sysdmins and programmers don't care if their corporate chats are
saved on Slack's servers; they actually _want_ their chat history saved on the
cloud so they can later search it.)

She's targeting the _non-_ business oriented users such as:

 _> Slack’s users include community organizers, political organizations,
journalists and unions. At the Electronic Frontier Foundation, where I work,
we collaborate with activists, reporters and others on their digital privacy
and security, and we’ve noticed these users increasingly gravitating toward
Slack’s free product. [...] Instead, Slack retains all of your messages [...]
, they are all still indefinitely available to Slack, law enforcement and
third-party hackers._

Yes, if you're doing Edward Snowden type of communication that requires cloak
& dagger protection, using the free tier on Slack is dangerous. She then makes
this suggestion to Slack:

 _> Slack should give everyone the same privacy protections available to its
paying enterprise customers and let all of its users decide for themselves
which messages they want to keep and which messages they want to delete. It’s
undeniably Slack’s prerogative to charge for a more advanced product, but
making users pay for basic privacy and security protections is the wrong
call._

I think it's more realistic for political activists to be educated on choosing
an alternative to Slack rather than hope for Slack to change its business
model.

[1] [https://www.nytimes.com/2019/07/01/opinion/slack-chat-
hacker...](https://www.nytimes.com/2019/07/01/opinion/slack-chat-hackers-
encryption.html)

------
empath75
I love slack, but I’m 100% sure it’s been compromised by at least major
intelligence services if not law enforcement and criminals. It’s too much of a
big juicy target not to have been.

~~~
stunt
You are simply not allowed to run a messaging platform at that scale without
following all those known and unknown regulations.

------
jelly1
Why doesn't this link to the original article
[https://www.nytimes.com/2019/07/01/opinion/slack-chat-
hacker...](https://www.nytimes.com/2019/07/01/opinion/slack-chat-hackers-
encryption.html) instead of this shady businessinsider.com website?

------
throwaway8879
Last couple of years have led me to err on the side of caution and assume that
pretty much everything I use has backdoors. Also, Slack is so bloated that it
doesn't even make it to the shortlist of the communication apps I'm looking to
use. I understand that many workplaces require it, which is probably not fun.
In any case, we should all assume that work related information is always
retained, and someone has access to them even if the product is all about
"privacy" and even if your bosses "would never do that".

------
james_pm
I'm close to walking away from Slack for a personal group chat and pushing to
move to something with either full encryption (Keybase Teams), or proper
retention settings/control of ALL messages. Slacks decision to not allow
control of message retention combined with them also taking away the ability
to delete messages beyond the latest 10,000 is a big problem.

~~~
StavrosK
Can you not self-host Zulip or something similar?

------
dpflan
Essentially you have to pay a fee (i.e. the minimum amount of paid service) in
order to be able to purge message history - which looks like it’s $6.67. Does
Slack purge data on cancellation?

> [https://slack.com/pricing](https://slack.com/pricing)

~~~
dillonmckay
I understand the need to IPO now!

------
dillonmckay
Luckily, its search interface is horrible, so there is some barrier.

------
cgrealy
Most people use slack for work. I think it’s a pretty reasonable assumption
that not only is everything kept forever, but that it’s not “your data”, it’s
your employers.

~~~
sureaboutthis
Most? I've never worked anywhere that uses it.

~~~
rwbhn
An alternate interpretation: most people who use slack use it for work.

~~~
cgrealy
Sorry, yes. That's exactly what I meant.

------
rezeroed
This is why we run self-hosted rocketchat.

~~~
AHTERIX5000
Too bad alternatives often have subpar UIs, Rocketchat included. But still
worth considering imho.

~~~
enriquto
I don't know about rocketchat, but it must be really bad then. What's so
attractive about slack UI? I was forced to use it for a few months last year
and it was a very bad experience! I'd rather use mIRC (in the nineties) that
this slack monstrosity.

