Are your Slack Direct Messages really private? Here's how to find out.
UPDATE: March 21, 2018, 10:59 a.m. PDT:Slack is changing its policies around this, and doing away with Compliance Exports altogether. However, that doesn't mean your DMs are necessarily safe. In fact, the situation could be even worse. Read our follow up story for more details.
The original story below.
Slack, like office gossip, is a part of modern day work life. And so it's only natural to wonder just who, exactly, is privy to all the juicy tidbits you and your coworkers share over direct message. Could your boss be reading those comments about his ugly tie — or, much more seriously, your plans to unionize?
While some will argue that you should never send a message you wouldn't want a manager to see, that level of caution is extremely difficult for many who work remotely or with coworkers spread across the world. It's not like you can have a casual, off the record lunch with your team when your closest coworker is thousands of miles away. Thankfully, there is a way to find out what Slack privacy settings your company has in place.
SEE ALSO:Slack announces a new screen-sharing tool that lets coworkers control your computerFirst, let's cover the basics. Obviously, public channels can be joined by anyone. Their contents are searchable, so even if your boss hasn't joined a channel, it doesn't mean he or she can't see its contents. Second, while Slack says both a private channel (identified with a little lock icon) "and its contents are visible and searchable only to the channel members," your messages there cease being private the second a boss gets wind of the channel and insists someone invite them in.
Where does that leave a corporate dissident? That would be the classic direct message. On Slack, DMs can be between two or more people, and the company explains that "[they're] visible and searchable only to you and the members you DM."
Sounds pretty good, right? But there's a pretty massive catch, and it goes by the name of compliance export.
Credit: giphyCompanies on Slack's Plus plan have the option to enable the benign sounding compliance report. And just what is that, exactly? In a nutshell, it's a way for a Team Owner to export all Slack data.
"In a regulated industry or have legal obligations to archive messages?" asks Slack in an ad for the service. "Team Owners can request access to their entire Slack message history, including private channel messages and direct messages."
Additional reading makes it clear that "Compliance Exports can be enabled so that messages and files from private channels and direct messages are included in Slack data exports."
Essentially, if the head of your company has this feature enabled, he or she can export the contents of your DMs in a searchable form for reading at a leisurely pace — making your private chats suddenly very public. This is not an abstract concern. For example, Splinterreports that this feature was enabled at CNNearlier this year.
What a message looks like in a Slack Compliance Export.Credit: slackSo, how can you tell if your company has Compliance Exports enabled? It's actually incredibly simple. While signed into Slack in your browser, mosey on over to https://[insert your team name here].slack.com/account/team. Scroll to the bottom of the page, and you'll see if that feature is turned on. Fingers crossed it's not.
If it is enabled, than anything you've ever sent over DM — included now deleted messages — can potentially be searched by your company's higher ups. If it's not enabled, then you're good for now as the feature does not log "messages from private channels and direct messages sent before the feature was enabled."
In other words, say your CEO got suspicious and turned this feature on today. They would still not be able to read what you wrote in a DM last week.
That's not all you need to worry about, however. There's also a little thing called the Discovery API. According to Slack, this feature allows "eligible Slack customers (and their Workspace Owners) to integrate their organization with third-party applications in order to export, retain, or archive some or all messages and files submitted to Slack, including all messages and files submitted to workspaces on Free, Standard and Plus plan that the applicable Customers and/or Workspace Owner(s) elect(s) to migrate into a Slack for Enterprise organization."
Essentially, your company can plug third-party software into Slack's API, which then has the ability to archive messages sent over the platform. So, how do you check for that? Buckle up, because this part's a pain.
Head to https://[insert your team name here].slack.com/apps/manageto see all the apps integrated with your Slack's API. There may be none, a few, or a lot. Next, select "Can access messages" from the "Access type" drop-down menu. Scroll through every app's "App Info" and "Settings" sections. You may find that certain named individuals (coworkers or bosses), via integrated apps, have the listed permission to "Access content in user’s direct messages."
Slack confirmed that this does in fact mean that an administrator could theoretically read an entire teams DM's via a whitelisted app plugged into the Discovery API.
If, after diving through your company's Slack settings, you see that your DMs are being exported, consider exchanging cell numbers with your coworkers and using a messaging app like Signal — there's even a group messaging function. Because whether you're planning to unionize, discussing a creepy boss, or just wanting to talk about getting drunk — it's better to be safe than sorry.
This story has been updated with a confirmation from Slack regarding the Discovery API.
(责任编辑:产品中心)
- Coach jailed for sexual exploitation of underage athlete
- 大渡河壅塞体成功爆破
- 倒计时2天,参评必看!新会陈皮系列产品包装创新设计火热征集
- Labor minister vows to let artists receive employment insurance
- Wordle today: The answer and hints for August 27
- 夜间献血模式“上线”
- 芦山县城最新情况[高清组图]
- [News Focus] Korea unrivaled in gender wage gap among OECD members
- Guy takes a photo with Seth Rogen every year for a good cause
- When Are Next
- Facebook won't let users disable the phone number look up setting
- 名山“四项措施”推进“警民亲”
- Guy takes a photo with Seth Rogen every year for a good cause
-
Prime exclusive deal: $50 off Govee floor lamp
GET $50 OFF:As of July 19, the Govee floor lamp 2 is available at Amazon for $99.99, down from $149. ...[详细] -
The Statue of Peace, damaged in an act of vandalism on Wednesday in Seoul (Yonhap)The Statue of Peac ...[详细]
-
S. Korea reviewing damages suit over N. Korea's illegal operation of Gaesong complex
Gaesong Industrial Complex, a joint industrial complex in the North's border city of Gaesong is seen ...[详细] -
Hundreds handed over their Tinder to a chatbot to get young people to vote
Our Tinder profiles are sacred vaults of private -- and sometimes lascivious --conversations. But, s ...[详细] -
Webb telescope discovers 6 rogue worlds. They didn't form the way you'd expect.
Sometimes, planets go rogue. Scientists used the powerful James Webb Space Telescope to spot six of ...[详细] -
S. Korea's spy agency seeks to block access to N. Korea's propaganda YouTube channel
Footage of the "Olivia Natasha" channel, run by a young North Korean female Youtuber, named YuMi is ...[详细] -
Joe Biden totally surprised a grad with a big kiss on the cheek
Brieana Carter got quite the surprise on graduation day--a kiss on the cheek from former Vice Presid ...[详细] -
Trump picks outspoken fiscal hawk Mulvaney to lead budget office.
President-Elect Donald Trump is sending a clear message with his pick for White House budget directo ...[详细] -
10 Places to Get to Know Paul Bunyan
Paul Bunyan, a larger-than-life lumberjack with super-human strength, was a character created by Can ...[详细] -
粤港澳大湾区(广州)乡村振兴产业协作基地——绿色循环种养产业集群正式揭牌
粤港澳大湾区(广州)乡村振兴产业协作基地——绿色循环种养产业集群正式揭牌_南方+_南方plus1月25日,粤港澳大湾区(广州)乡村振兴产业协作基地--绿色循环种养产业集群揭牌仪式在广州市黄埔区大田山餐 ...[详细]
- Nvidia GeForce Now Ultimate vs. New Graphics Card
- Kane fit for Denmark game, Chilwell and Trippier withdrawn
- Apple: all Macs and iOS devices are affected by Meltdown and Spectre
- 【抗震救灾·雅电魂】人物志:职责的召唤——天全公司总经理俞学才抗震救灾侧记
- Best Home Depot Labor Day sale deals
- 粤港澳大湾区(广州)乡村振兴产业协作基地——绿色循环种养产业集群正式揭牌
- Luke Perry, star of 'Riverdale' and 'Beverly Hills, 90210,' has died