Are Your Slack Conversations Really Private and Secure?

An anonymous reader writes: "Chats that seem to be more ephemeral than email are still being recorded on a server somewhere," reports Fast Company, noting that Slack's Data Request Policy says the company will turn over data from customers when "it is compelled by law to do so or is subject to a valid and binding order of a governmental or regulatory body...or in cases of emergency to avoid death or physical harm to individuals." Slack will notify customers before disclosure "unless Slack is prohibited from doing so," or if the data is associated with "illegal conduct or risk of harm to people or property."

The article also warns that like HipChat and Campfire, Slack "is encrypted only at rest and in transit," though a Slack spokesperson says they "may evaluate" end-to-end encryption at some point in the future. Slack has no plans to offer local hosting of Slack data, but if employers pay for a Plus Plan, they're able to access private conversations.
Though Slack has 4 million users, the article points out that there's other alternatives like Semaphor and open source choices like Wickr and Mattermost. I'd be curious to hear what Slashdot readers are using at their own workplaces -- and how they feel about the privacy and security of Slack?

those who ignore IRC

[nimbius]

are doomed to reinvent it, poorly. IRC has had end to end TLS and EECDH cryptography for quite some time. it even boasts key based authentication. This is the opinion of a Greybeard, so hold on for a rant. I dont think "chat-ops" brings anything to the table we havent had for 3 decades already. its a nice buzzword for startups to throw around when touting their agile workplaces.

Do one thing, and do it well. If im chatting with you, i dont need to see your face or hear your voice. Asterisk lets me place a call to you if its really that necessary but video conferencing is just compensating for managements insecurity. if you want to show me your code, send me a link to your gitlab or pastebin or gerrit (we have pull requests you know.) if you need to share your screen, tmux and novnc do it just fine but you should take a moment to determine why your screen has to be shared for me to understand a particular concept or issue. So in short, no. I dont see value in slack and mattermost. I dont want another goddamn client on my desktop and i dont need another website that loads 50mb of content just to make sure my manager can see my living room.

Re:Running an internal Jabber server here

[OzPeter]

Management isn't employing anyone. The company is. Managers are employees as well.

Ah I see. Willful ignorance in order to try and make a point.

Now remind me again who employs who and (the bit you are deliberately ignoring) creates this thing called a hierarchy (you're heard of them haven't you?) and grants people at different levels of said hierarchy different responsibilities and powers.

What is slack?

[RightwingNutjob]

And why should I use it in place of email or the telephone?

matrix.org is the answer

[alfino]

Check out matrix.org. It's a federated, open-standard, rich communication protocol. It can't do everything of Slack and Whatsapp yet, but it's moving along fast and you can help. There are already several clients to choose from, as well as integrations with other networks, APIs, and bot-like tools etc..

We used it at linux.conf.au 2017 to (inofficially) bridge between Slack and IRC, and had an update of ca. 33% of the conference within 3 days or so, while the number of Slack users went down to a low one-digit figure.

#matrix on Freenode is bridged to the main discussion room, so pop on over if you want.

Here's Matthew (one of the project leads) at FOSDEM (with video):
https://fosdem.org/2017/schedu...
https://fosdem.org/2017/schedu...

and my little lightning talk at LCA:
https://www.youtube.com/watch?...

-- @martinkrafft