Beware! Slack leaks are the new email leaks
When Amy Pascal's ruthless emails leaked in the infamous Sony hack, friends of mine who worked in the entertainment industry were less than shocked, recalling that her emails just reflected how everyone speaks, and how deals get made, in Hollywood.
And when John Podesta's leaked emails revealed the wheeling and dealing surrounding the Democratic National Committee and Hillary's nomination, people in politics expressed a similar sentiment to me: That's just how things get done.
In both cases, the fault lay not in the actual content of leaked emails, but with the executives and politicians who put too much truth in writing. Silly old people. They should have known better!
Now, a new kind of leak is becoming the norm: Slack messages sent between co-workers. As the popular office-chat client has grown to 6 million daily users, multiple instances of leaked Slack conversations have revealed sometimes embarrassing, sometimes enlightening information about the true thoughts and feelings of a company's employees — and it's already led to firings.
When we spurned email for its ability to burn us, we turned to chat. But Slack's particular user interface can make even those of us who are wary of putting anything in an email spill our guts in both direct messages and office slack channels — complaining about the bosses in the same breath as the weather.
Conversations among colleagues can and should be truthful, honest, funny — even occasionally unflattering. But we've started rendering permanent these sorts of conversations by chatting them, rather than speaking them out loud. Silence is not more secure: Slack's channels — its immediacy, its private-public, highly recordable format — is starting to get people, and institutions, in trouble.
The Slack leak is the new email leak.
Drip drip drip
On Wednesday, the Huffington Post printed a Slack transcript of New York Timesemployees airing complaints about a controversial tweet from op-ed columnist Bari Weiss, as well as faults they found with larger policies at the Times.
Coming from one of the leading newsmakers in the world, the NYTimeschat transcript represents the most significant Slack leak to date. Through the laughably simple means of copying and pasting internal conversations, whoever is responsible for the leak provided an inside look into how ire around the management of the op-ed pages, liberal-versus-conservative fracturing, and diversity initiatives are causing a heated level of strife.
With a restrictive social media policy, the Timestakes pains to prevent its employees from revealing their opinions to the public (as the Huffington Post leak article notes). So whether readers find the content of the leak predictable or shocking, the leak was organizationally damning: It revealed a side of the company management clearly did not want the public to see.
But this wasn't the first time a leaked Slack transcript provided an inside look into the organizational workings and private thoughts of employees. In fact, the low-tech method responsible for this leak has led to breaches at Breitbart, Reddit, and a high school. Breitbart leaks have been similar to the ones from the Times. They show more internal dialogue and a less united front than Breitbart would like to present to its readers. The alleged Reddit leak of a moderator's Slack channel provided fodder for conservative trolls looking for bias in "anti-Trump" moderators.
The security breach at a Rhode Island high school recently revealed several teachers using Slack to bash students, calling them "idiots," and complaining about their parents. A teacher's email was reportedly hacked in order to disseminate the leak via a shared Google doc, but the conversations themselves were copied through good old-fashioned screenshots.
The school fired the teachers for what they said over chat. And while the New York Timesdoes not appear to be disciplining its employees, who's to say whether organizations with leaked chats containing employee complaints or bad behavior will be as forgiving in the future.
Coming back to haunt you
And then there was the meta-Slack leak. Splinter acquired a screengrab of a Slackbot message from CNN's Slack. The message informed channel members that "Team Owners" would as-of that message be able to "export communication history, including the content of private group and direct messages, subject to your team’s message retention and deletion policy.”
That is, the bosses would be able to read your DM's.
In 2014, Slack changed its policy to allow this oversight and export capability. Employees should understand that that little padlock next to private channels doesn't mean jack if their company has enabled this setting.
But it's not just the Slack owners who have access to your chats.
In the Gawker-Hulk Hogan lawsuit, Hogan's council pressed a Gawker employee on the significance of a joke one employee made about Hogan to another. In a reflective essay, the author of the joke characterizes what he said as a throwaway comment, but he recognizes the larger significance. "This is a scary realization," he writes. "Hulk Hogan’s lawyers have a better sense of many conversations I had in 2012 than I do."
This is just one instance in which one's private chats become discoverable evidence in a lawsuit; a seemingly innocuous chat may have contributed to the bankruptcy of a major media organization.
This access is by no means limited to opposing councils. Just like other tech companies including Apple and Facebook, Slack complies with law enforcement requests to provide data and history on users.
There has yet to be a major Slack security breach. But the introduction of chat logs into evidence, law enforcement and organization's ability to access data, and simple copy and pasted transcripts have shown that there does not need to be a hack of the Sony or Wikileaks variety to prove that Slack leaks are real and that chat logs are searchable. And with such free-flowing dialogue about company politics and sensitive topics, the leaks are sure to keep coming.
Letting those fingers fly
The quick and casual way we use chat is certainly at the root of Slack's ability to hurt us when the conversations we have on it leak. But there are several features of Slack's particular user interface that seem to encourage treating its channels — private and public — like an employee lounge.
Chat, of course, breeds immediate responses. You don't have to open a new message window, and all you have to do is press enter. Have you ever written a joke to a comment, followed by a little nagging question of whether you really should have said that? The immediacy contributes to sending those questionable jokes and complaints, pressing send before we've thought through what we're saying. In its own study about the use and nature of chat, Facebook says that messaging leads to more "authentic" and meaningful conversation. Though sad but true, authenticity might not be the best feature of all messages we send to our colleagues.
Slack's differences from email also help blind us to how easy it is for our messages to be passed on, or read by people who might not like what we have to say. Chats distinctly lack that "Forward" button. Sure, emails can be copy and pasted, just like Slacks. But the existence of the email Forward button reminds us of our words' ability to have a life of their own.
Slack channels also more effectively mask the actual recipients of the messages you send. When writing an email, you either have to type in directly who you're sending your message to, or send to a list. In office clients like Outlook, you can click on a list to see who you're actually sending your email to. This makes you more aware of how far and wide your message is spreading. Plus, you have the ability to delete any recipients you might be wary of.
But Slack channels don't give you the option to delete recipients — that requires a DM. Sure, you can click on the people icon under the channel name. But who's really thinking about all of the people who have access to your messages in an open Slack channel? The New York Timesleak had to have originated from an internal source — a Times employee who had access to the channel. You never know how an employee you might not be thinking about may take an opinionated message, or even a joke. Sending messages out into the ether of office chat is not as private, or secure, as you might think while firing off a chat.
Stemming the tide
While there's not much you as an individual can do to prevent a fellow employee from leaking a copy and pasted message, there are steps you can take to protect yourself from getting your words leaked, and facing potential consequences.
First, of course, is watching what you say. Don't treat public Slack channels like private DM's. Save company complaints for in person conversations, not messages that can be taken out of context, or make your employer look bad. That's not to say that companies and bosses shouldn't be questioned, and that you shouldn't speak your mind. But if Amy Pascal — formerly one of the most powerful people in Hollywood — can fall for doing business, so can you.
Next up is checking whether your company has access to your private messages. This is a setting called "Compliance Exports" that companies can choose to enable in Slack. To check whether your company has turned this feature on, click the downward arrow in the top right corner next to your company's workspace. Click on "Profile & account," and your profile will open in a sidebar. Click the downward arrow underneath your photo, and navigate to "Open account settings." This will take you to your "Account" page in your browser. (You can also go straight here by typing in the URL of your workspace plus /account/settings).
Now, click on workspace settings. Here, you'll find a bunch of handy info: who your workspace owners and admins are, how often messages in public and private slack channels and DM's get deleted, and of course, whether the "Compliance Exports" capability is turned on. Scroll all the way down to find the "Compliance Exports" section: here, you can see if your bosses have the ability to read your DM's. From there, proceed wisely.
Your company may have set the "Retention and deletion" settings for all types of messages; IE, whether and how frequently messages get automatically hard deleted from your company's and Slack's servers.
However, your company may have allowed employees to override these settings, specifically in private channels and DMs. It's a good idea to have your messages auto-delete: even if you think you haven't said anything damaging, you don't want something you don't even remember saying to become discoverable evidence in a lawsuit that costs your company money, and maybe even costs you your job.
To see if you are able to change how frequently messages get deleted, click the gear icon in a private channel or DM. Click "Edit message retention" if it appears, choose how long you want to keep your messages, then save and apply. Reportedly, when messages are deleted, Slack hard deletes all messages and back-ups from their servers within 14 days — and they're no longer accessible to anyone who asks for them. Phew.
Just do it
In the middle of the leaked New York Timestranscript, an employee tells the channel "hey all. whatever we’re saying here is leaking outside the Times. I’ve got a message from a reporter outside the building asking me to screen shot this conversation."
The employees carry on as if she hasn't said anything. They're clearly frustrated and looking for a way to voice their concerns — public eye be damned (and maybe even embraced).
Who doesn't roll their eyes at the refrain to not talk shit in chat, keep your words professional in the office at all times and on all platforms, think before you speak? Mashable's Rachel Thompson recently reported that email is on the way out for entrepreneurs because its slow pace can't keep up with start-up culture; instead, millennial workers turn to chat and project management clients.
We don't have time to think before we speak, the attitude seems to say. Plus, in what world could our boring work convos actually have any consequences? It seems like an old wive's tail, a warning from an older generation. And it's just no freaking fun. We don't want to live in the buttoned up world where we can't be our authentic selves in the office. That's what our generation, the generation of seeking out purpose in work, is all about.
But we are just at the beginning of learning about the consequences of chat. Over the last decade, we gradually stopped sending those bitchy emails, those "ughs" to our work friends, in the forwarded message body above a particularly annoying note from that colleague you hate. Email stopped being fun because it stopped being honest and emotive. With email, no matter how banal our messages seemed, the stories detailing the consequences executives and employees alike faced for their emails, changed the way we used email, too.
So despite all the custom dancing emoji in the world, with every new Slack leak, life on Slack will (have to) change, too.
Featured Video For You
This 3D technology could be the future of FaceTime
(责任编辑:行业动态)
-
特写|在农事定向大赛遇见和美乡村_南方+_南方plus随着“发现和众创乡村价值”的鸣笛声响起,上千名旅乡人和原乡人在茂名市高州分界镇杏花村开跑。大暑前夕,他们因2024年广东省第一届农事运动会·广东农 ...[详细]
-
杨某、李某谈恋爱半年,李某的父母反对女儿与杨某来往。为挽留爱情,杨某几经努力无果,便泼汽油烧房……这是发生在天全县城厢镇的一起放火案。14日,杨某因涉嫌犯放火罪被天全县检察院依法批准逮捕。凌晨火灾 民 ...[详细]
-
广东省农科院与佛山市三水区签订科技合作框架协议_南方+_南方plus协调发展,科技先行,9月23日下午,广东省农业科学院蔬菜所以下简称“蔬菜所”)党委书记曾秀媚、副所长江彪等一行应邀参加佛山市三水区庆 ...[详细]
-
340个作品入围!广东农产品品牌最高奖红荔奖初赛晋级名单公示
340个作品入围!广东农产品品牌最高奖红荔奖初赛晋级名单公示_南方+_南方plus初赛晋级名单正式出炉!9月17日,中国国际农产品品牌建设运营广东)邀请大赛红荔奖)以下简称“红荔奖”)初赛评审圆满结束 ...[详细] -
Coach jailed for sexual exploitation of underage athlete
A coach for the national jump rope team was sentenced to five years in jail for his yearlong sexual ...[详细] -
2月3日,汉源县片马彝族乡大营村寒风凛冽,天空中不时飘着雪花,但这一天大营村的村民觉得很温暖,因为农行雅安分行工作人员的慰问,让他们感受到了寒冬中的暖意。全行行动暖人心“这是我们雅安农行人的一点心意, ...[详细]
-
目前,位于多营镇的雨城区粮食物流产业园区,一期工程已完工并投入使用,二期工程施工进入扫尾阶段。二期工程于2014年7月20日开工建设,于2015年12月28日实现主体完工。该工程包括6幢仓库、1条日产 ...[详细]
-
广东省新一批地理标志专用标志企业公示!6家达濠鱼丸相关企业入围
广东省新一批地理标志专用标志企业公示!6家达濠鱼丸相关企业入围_南方+_南方plus8月22日,广东省市场监督管理局发布《关于核准汕头市达濠李老二食品有限公司等企业使用地理标志专用标志的公示》,对生产 ...[详细] -
10 Big Misconceptions About Computer Hardware
With technology advancing so rapidly around us, sometimes misconceptions can work their way into our ...[详细] -
工行雅安分行营业室大堂经理指导客户使用智能终端机 无论是企业,产品,还是服务,品牌,是否给消费者带来舒适与愉悦,成为其在激烈的市场竞争中脱颖而出的法宝。尤其在互联网时代,创造卓越的用户体验被奉为最重要 ...[详细]