Your private Slack conversations, might not be private at all
TL;DR – Option allows Slack account admins to export all conversations, including your private ones!
With more than 3 million users spending a total of 100 million hours a month on the service, Slack is one of the hottest business tools around. The app, which can be run as easily on mobile as on any computer, is a cross between a posting board, a messaging app and a project management tool.
If you’re part of the rare company that hasn’t tried it yet, here’s how it works. When a company signs up for a Slack account, they’re given a URL and their own virtual house to play in. Once inside the house, you can create specific rooms or “channels”. Workers then leave messages in these rooms for others to see later or they can have real time text conversations with any other active member.
Because Slack works in real time, it’s great for getting quick answers to questions or solicit opinions from all members of a group. In that respect, it beats email by a mile. Here’s where it gets tricky. Anyone with access to the main URL (team members) can create their own channels and make them public or private. Slack also sets up a private channel for each team member so you can leave a message for an individual rather than the whole group.
Public channels are open and visible to anyone who has access to the main URL. Private channels inside that URL can only be seen by people who were invited into that channel.
Many companies also have social channels which act as virtual water-coolers. Media company Slate has a channel called #Slate-Cute for cute photos of babies and puppies. Charity: Water has a Slack channel for images of employees who happened to dress alike.
Some companies also use Slack to give specific kinds of employees a place to address their concerns. For example, a Slack channel for single parents so they can trade off babysitting if someone has to work late, or a channel just for women executives, or a place for disabled workers to accessibility issues. After a while, the comfort level rises and – knowing they’re in a private environment – people begin to say things they wouldn’t want their boss to hear.
But guess what?
Those private conversations might not be all that private.
Slack has a plan called Plus Plan Compliance Export that allows the administrator to download everything inside a company Slack account including the message history in both private and direct message channels. Yes, all those bad things you said about your boss on your friend’s individual channel could become part of the public company record.
Oops.
Slack says that in order to access this “private” information, the administrator must “turn on” the feature, which in turn notifies all participants. Any posts made prior to the switch flip would not be included in the download, so there’s that. But how many people will actually take note of the warning and remember it six months from now. How many people will fall into old habits and speak freely in “private” in spite of that warning?
Chances are, your company won’t ever take advantage of the Compliance Export option, let alone read every word you said. But if there’s any sign of trouble on the horizon – especially legal trouble – a smart lawyer could access your conversations and use them against you. Once you type your words into a company owned Slack channel, that company owns your data and they can do with it as they see fit. And there’s nothing to stop any other employee from screen-capturing your conversation to share with others.
All of this might sound a bit paranoid, but last month three teachers in Rhode Island were fired for saying disparaging things about their students on a Slack channel. Earlier this year, lawyers subpoenaed Slack records in the Hulk Hogan / Gawker case. Soon, getting fired for what you said on Slack will be as common as getting fired for what you said on Facebook.
Don’t get caught up in intimate feel of the software: if you wouldn’t say it in a company-wide email, don’t say it on Slack.