Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slack Doesn't Have End-to-End Encryption Because Your Boss Doesn't Want It (vice.com)

Posted by msmash on from the plain-and-simple dept.

Business communications service Slack, which has more than three million paying customers, offers a bouquet of features that has made it popular (so popular that is worth as much as $9 billion), but it lacks a crucial feature that some of its rivals don't: end-to-end encryption. It's a feature that numerous users have asked Slack to add to the service. Citing a former employee of Slack and the company's chief information security officer, news outlet Motherboard reported Tuesday that the rationale behind not including end-to-end encryption is very simple: bosses around the world don't want it. From the report: Work communication service Slack has decided against the idea of having end-to-end encryption due to the priorities of its paying customers (rather than those who use a free version of the service.) Slack is not a traditional messaging program -- it's designed for businesses and workplaces that may want or need to read employee messages -- but the decision still highlights why some platforms may not want to jump into end-to-end encryption. End-to-end is increasingly popular as it can protect communications against from interception and surveillance. "It wasn't a priority for exec [executives], because it wasn't something paying customers cared about," a former Slack employee told Motherboard earlier this year.

3 of 92 comments (clear)

  1. Mattermost is an alternative by sinator · · Score: 5, Informative

    Mattermost is an open source, privately hostable clean room reimplementation of Slack that supports a variety of encryption options that Slack does not.

    --
    Three Step Plan:
    1. Take over the world.
    2. Get a lot of cookies.
    3. Eat the cookies.
  2. Re:This makes no sense by jeff4747 · · Score: 4, Informative

    It's not trivial, but I don't buy that unencrypted communications are the alternative for the reasons they state.

    The client-server communications are encrypted. The reason it isn't end-to-end encryption is the server decrypts the messages before encrypting them for the recipient's connection and sending them on.

    Basically, they do what you propose. But that isn't end-to-end because the server (aka "centalizing their archival") can read the contents of the messages.

  3. Re:hindsight is 20/20 by jeff4747 · · Score: 4, Informative

    Alternatively, you could realize not having end-to-end encryption is not the same as not having encryption.

    The client-server communications are encrypted. You just can't send a DM that the server can not read. At least, not directly through Slack.