Slack Doesn't Have End-to-End Encryption Because Your Boss Doesn't Want It

Business communications service Slack, which has more than three million paying customers, offers a bouquet of features that has made it popular (so popular that is worth as much as $9 billion), but it lacks a crucial feature that some of its rivals don't: end-to-end encryption. It's a feature that numerous users have asked Slack to add to the service. Citing a former employee of Slack and the company's chief information security officer, news outlet Motherboard reported Tuesday that the rationale behind not including end-to-end encryption is very simple: bosses around the world don't want it. From the report: Work communication service Slack has decided against the idea of having end-to-end encryption due to the priorities of its paying customers (rather than those who use a free version of the service.) Slack is not a traditional messaging program -- it's designed for businesses and workplaces that may want or need to read employee messages -- but the decision still highlights why some platforms may not want to jump into end-to-end encryption. End-to-end is increasingly popular as it can protect communications against from interception and surveillance. "It wasn't a priority for exec [executives], because it wasn't something paying customers cared about," a former Slack employee told Motherboard earlier this year.

Just because your customers don't care about it

[hey!]

doesn't mean they shouldn't, and not making it available creates a risk in situations where they suddenly discover they need it yesterday.

As a designer you frequently put things into a product that customers never asked for. Sometimes, yes, it is a waste of time. But if you don't bring expertise to the table the customers don't have, then what are they paying you for?

hindsight is 20/20

[nimbius]

So when your company experiences a massive breach of security because your sales and marketing team openly discuss designs, your C levels openly discuss M&A, and your engineers openly share passwords over your chat program, you can look back and say "well at least we didnt have a bunch of meaningless features we didnt want to pay for" when you're busy packing your shit into a box and filing for unemployment.

For those of us who'd like to keep a job longer than it takes to teach little johnny how to encrypt, Use mattermost instead. https://www.mattermost.org/

This makes no sense

[StandardCell]

There are ways to protect communication links end-to-end yet allow access to messages. If an employer wants access to messages in a particular chat, that can be built in by centralizing their archival at the same time they're sent through a cryptographic chain of trust. It's not trivial, but I don't buy that unencrypted communications are the alternative for the reasons they state.

If I were Slack, I'd be much more worried about Microsoft Teams. Microsoft is pouring huge sums of money into Teams at the moment to make it the new paradigm and push for online, with the added benefit of tighter Office/O365 integration as well as integration of other pieces to make a unified communication solution. I get a bit concerned in that respect for market dominance by MS, but it is what it is.