Slack dms read by employer?

Oracle sg37ep
Mar 13 205 Comments

Apparently direct messages can be read by your employer on slack. Did everybody know about this? This seems very concerning...

https://nypost.com/2018/03/22/slack-will-allow-employers-to-read-your-private-messages/

comments

Want to comment? LOG IN or SIGN UP
TOP 205 Comments
  • Accenture / DataGachon
    Never used it. Accenture uses Microsoft teams.
    Mar 1316
    • Tesla 100thieves
      What’s Accenture?
      Mar 13
    • Amazon sinter
      Arthur Andersen
      Mar 13
    • Flagged by the community.

    • Expedia anony🐭
      We're being too mean.
      Mar 13
    • Salesforce Jeremy1
      Ok.. ok.. sorry. It was just my first reaction. Expedia is right.
      Mar 13
    • Salesforce Jeremy1
      Wow. Why was the first reply flagged. It made perfect sense to me.
      Mar 13
    • Amazon sinter
      People flag stuff for nothing on here. Some real tight asses if you ask me.
      Mar 13
    • Salesforce Jeremy1
      lol. True. I have a good response to what you just said, but what's the point. It will get flagged.
      Mar 13
    • Flagged by the community.

    • Capital One / OtherMyNamBorat
      Lol Microsoft Teams 💀
      Mar 13
  • New / HRKBJM57
    It’s a company asset being used on the company network using company hardware. They can do whatever they want
    Mar 137
    • Gap / EngrandUser
      sure, but it's complete micromanagement and weird to do
      Mar 13
    • Square SquaredUp
      I don't think you know what micromanagement is...
      Mar 13
    • Salesforce Jeremy1
      Haha, what Square said.
      Mar 13
    • SonicWALL / Eng
      tUpH80

      SonicWALLEng

      PRE
      Cisco
      tUpH80more
      This is micromonitor. Not micromanagement.
      Mar 13
    • Twitter / Eng
      EditTweet

      TwitterEng

      BIO
      Definitely Jack Dorsey
      EditTweetmore
      Company hardware? Have you heard of this thing called the cloud? It’s not an on premise installation
      Mar 13
    • Square SquaredUp
      I don't think you know what company hardware is...
      Mar 13
    • Facebook pndubs
      This kind of data retention and access is required for compliance purposes.
      Mar 15
  • Gap / EngrandUser
    Microsoft people, can employers read Teams DMs? Because I've said a few things forgetting it's a work chat, but usually edit the comment then delete haha
    Mar 137
    • Amazon / Product
      weяпыс

      AmazonProduct

      PRE
      Microsoft
      weяпысmore
      Assume everything you type on your work computer or through a service provided by your employer can be read by them.

      The thing on your side is that it is a shit ton of data and no one wants to. This only really happens when you otherwise draw attention to yourself and cause an investigation
      Mar 13
    • Magic Leap MSXX57
      Yes. Am teams admin. Full access to everything you do.
      Mar 13
    • Amazon / Product
      weяпыс

      AmazonProduct

      PRE
      Microsoft
      weяпысmore
      Also anything you do through the company network
      Mar 13
    • Adobe jjjx12
      I'd basically assume you have a keylogger installed.
      Mar 14
    • Gap / EngrandUser
      damn my work laptop is my leetcode laptop bc I don't have a personal one 😭😭
      Mar 14
    • Microsoft not-a-dev
      Just FYI, editing then deleting should not help. Everything (even deleted stuff) is kept on records for years.

      And in general no one will want to read your conversations unless they have a reason for that. Like, you did something bad. Or someone is suing the company and you work on the product involved. Etc
      Mar 14
    • Gap / EngrandUser
      could these records be accessed for clients of ms teams or just on the Microsoft side of things?

      Didn't say anything really all that bad, just curious
      Mar 14
  • Pandora mbnbb
    I don't think they do but they can if they need to. Company servers= company apps.
    Mar 131
    • AdRoll ipopwc
      You are alerted if they are read, as well. That’s an upside of Slack - you will know if your DMs have been accessed and they have to provide a reason before accessing (from a drop-down if applicable reasons like compliance and HR concerns)
      Mar 13
  • Amazon / Engopgadget
    Plus, I always assume my Employer has access to anything I do on company resources so I don't do or say things that could cause problems if the wrong person saw them. Be smart people.
    Mar 131
    • AdRoll ipopwc
      This 1000x. We all have the money for a personal MacBook, spend it.
      Mar 13
  • Amazon / Engopgadget
    It's not possible without pulling a report or data export on a specific user or set of users and the permissions for that report are typically very restricted, I can't imagine a sane reason to grant that privilege level to Managers because it's a global permission not "per team".
    Mar 133
    • Microsoft
      DS2017

      Microsoft

      PRE
      amazon
      DS2017more
      Exactly. It’s not your manager reading them.
      Mar 13
    • Amazon / Engopgadget
      More like HR/Legal if required for a personnel abuse or legal investigation
      Mar 13
    • Microsoft
      DS2017

      Microsoft

      PRE
      amazon
      DS2017more
      Exactly my comment above 😊
      Mar 13
  • New Learner
    SLACK is an acronym Searchable Log of All Communication and Knowledge
    Mar 130
  • TripAdvisor 7JQJ954
    I'm working on a lawsuit and DMs are part of the case. Don't send anything you don't want to be shown in a court of law.
    Mar 130
  • Homeaway xkdz05
    If you are using company hardware, you may as well assume they cna read everything displayed on your scteen or typed on your keyboard.
    Mar 130
  • Intuit destiny
    Why is this surprising? Lol
    When I'm at work, I assume whatever I do isn't private
    Mar 130
  • Microsoft
    DS2017

    Microsoft

    PRE
    amazon
    DS2017more
    No one has the time to just read your IMs for the sake of watching you. Of course this is a *possibility*. Ever think legal or HR would want to view your IMs if you’re accused of harassment online? Don’t be dumb. Of course this is possible.
    Mar 130
  • HashiCorp Re3Bh1
    Can only be done with a workspace audit/compliance report - only workspace/grid owners can pull these.
    Mar 132
    • New / SalesLadyCloser
      Really? I was told there was a channel called “All” which is available to admins that shows every message that is shared on every channel and DM
      Mar 13
    • Intel JTzI14
      Nope they definitely make it a pain to get to but it is possible
      Mar 13
  • Overstock.com / ProductMoca86
    I thought everyone knew this. Companies can read everything.
    Mar 130
  • Hearst Communications X0X0X0
    Yes - you should assume that everything is accessible (email, Slack, whatever) by your employer - without you knowing
    Mar 130
  • Oracle 3.141
    Of course if you are using your company's message server they can read your messages. Why would you think this is any different than email. So don't do that. Use a different server and/or a different chat app.
    Mar 130
  • Facebook / Eng5'6"Indian
    Assume everyone can read your messages/content unless E2EE is explicitly called out.
    Mar 133
    • Amazon / Product
      weяпыс

      AmazonProduct

      PRE
      Microsoft
      weяпысmore
      Even e2ee doesn't protect your from a company that has the local admin password for your machine or root. And generally doesn't protect you from the ISP aka your employer most of the time.

      At an unnamed company where I worked we suspected that an employee was responsible for some abuse of access to servers. Even with an encrypted connection we were able to get a full log of his activity over the network
      Mar 13
    • New nakt50
      With amazon here, this is a very, very naive view of security
      Mar 13
    • Facebook / Eng5'6"Indian
      @Amazon You're confusing several things here. At your previous company, you could see encrypted activity as all phones/laptops have company CA cert installed which allows you to decrypt HTTPS connections.
      ISPs can't listen in to regular TLS let alone E2EE.
      Mar 14
  • Western Digital / Eng
    Olibri

    Western DigitalEng

    PRE
    NetApp, Broadcom Ltd.
    Olibrimore
    From experience, never write anything down that you do not want seen by management without context.
    Mar 130
  • Tableau Zero Cool
    They can also read your emails
    Mar 134
    • Tableau xFjn15
      Dear Tableau HR, pls read my email.
      Mar 13
    • Uber C H O N K
      They can also inspect all network traffic, even HTTPS.
      Mar 13
    • Tableau Zero Cool
      ^but this you can kind of know about
      Mar 13
    • New
      poly

      New

      PRE
      Harvard Business Publishing, Dick's Sporting Goods
      BIO
      sex on the beach
      polymore
      Dear Tableau Recruiter,
      Please accept my LinkedIn request and respond to my cold email
      Mar 14
  • Overstock.com / ProductMoca86
    Heads up. Depending on your employer they can basically access EVERYTHING on your devices that use the the company network, including your phone & text messages. Watch everything you put in writing. It can be used against you both at work & legally.
    Mar 130
  • Microsoft trvlr001
    for fuck’s sake, you are connected to a *company network*, do you realize what this means? it’s not slack specific, slack just has a user friendly UI to do this if the need arises
    Mar 130
  • Groupon / Eng
    9x19pstGZH

    GrouponEng

    PRE
    Crowe
    9x19pstGZHmore
    Don't fool yourself, legal teams normally require venders of such products to allow them access to all chats, messages, logs, etc for a period of 3+ years in case of an evidence request. Most companies have a formal policy on this and it should be strictly followed. Plus as someone who has been tasked with collecting messages of an employee for just a few select days and parties, it's not a fun or easy process. So rest assured, even individuals with access won't waste their time.
    Mar 130
  • Intuit / Eng
    j123x

    IntuitEng

    PRE
    Cisco, Verizon, Oracle
    j123xmore
    Any communication happening in most company's network is scanned and checked for any illegal activities. Your direct or group messages, time spent on websites etc is analyzed, but no one takes any action unless there is a need
    Mar 130
  • OpenDoor MhBB55
    This isn’t really true. Slack admins and workspace owners in SOME workspaces MAY have access to private channels and DMs, depending on a setting. They don’t have access via the regular slack client, the message logs need to be downloaded via an export tool on the slack website admin pages.
    Mar 130
  • Amazon / Product
    weяпыс

    AmazonProduct

    PRE
    Microsoft
    weяпысmore
    And the generally don't not unless they suspect you of something and need evidence one way or the other
    Mar 130
  • Microsoft laug
    Use Microsoft Teams.
    Mar 131
    • New
      poly

      New

      PRE
      Harvard Business Publishing, Dick's Sporting Goods
      BIO
      sex on the beach
      polymore
      Ok I don't wanna see an ad here
      Mar 14
  • Autodesk
    b737max8

    Autodesk

    PRE
    500 Startups
    b737max8more
    Ask your companies to delete your data ( GDPR ) complaint , you have the right to sue them if they don’t comply.
    Mar 131
    • New / Engobfta
      That's not your data. It belongs to the company
      Mar 13
  • Not sure why this is surprising. Long before Slack exist, employers have the ability to check your email. Google Suite have this capability called Vault.

    Most company won’t willy nilly read your email and Slack DM, but they have the ability to do so for various legal reason. It’s their asset, not yours. There’s no expectation of privacy at work.
    Mar 130
  • TrueCar / Eng3n1gma
    Duh?
    Mar 130
  • IBM chuttar
    But thats why Blind was invented ;)
    Mar 130
  • Target mbmS00
    Anything on work software, work computer, or even work network assume your company can get a record of it
    Mar 130
  • Sure. Slack accounts are admined by employers. Pretty common knowledge.
    Mar 130
  • Amazon / Product
    пысTaker

    AmazonProduct

    PRE
    Microsoft
    пысTakermore
    I lost track of the sub thread but someone said something about how helpful e2ee encryption was and mentioned tls / SSL was a protection

    I just wanted to point out that ssl/tls works because your computer uses the public key of the site to encrypt the first part of the hand shake and give a key to the site to use to talk back to you. This is cool because the communication is never unencrypted and it is more complex than this the SSL handshake has about 8 steps. The issue is that if your company has admin access to your machine they just need to log the pre encrypted first message and they then everything else can be derived from network traffic.

    Sure your app could implement it's own e2ee stack and that would be good for maybe a month or two before the weakness is found. Ee2e like DRM has a lot of people who want to break and newness helps but even then it will only be fool proof for a short time. Ironically it is basically the same people breaking both only difference is one is taking a paycheck at and least clai.s publicly that they gave up hacking security when not being paid.
    Mar 141
    • Twitch birbmemes
      iMessage stores its msg history in an unencrypted sql-lite database in the users dir. Food for thought.
      Mar 14
  • Turner blacmagic
    Who cares! Just don't be talking about stupid and inappropriate shit and you good!
    Mar 131
    • JCPenney Pano
      It only presents a problem if you do something stupid. Or if you have a micromanaging boss (though that is a GTFO situation). Or if someone gets clever and hooks the oversight capabilities up to some AI / machine learning that alets the powers that be (e.g. HR) of questionable content.

      The last one is the one people have valid reason to fear. Harmless flirting, condoned office romance, and general shit talking with friends or peers could all trip you up with an all seeing eye.
      Mar 14
  • Procore tbradysuxs
    At work assume there is no privacy
    Mar 150
  • Indeed cyhy46
    Assume that literally everything you do on a work device, on a work network, or on a work VPN can be read by your employers

    Assume that it will be read if they're given any reason to.

    Some reasons include:

    * They're sued and have to give it over for discovery
    * you're underperforming and they want a pretense to get rid of you
    * You did something to get negative PR onto the company
    * Somebody with administrative access in IT hates you and isnt shy about abusing their authority
    Mar 140
  • Eventbrite uEQo20
    It's possible but not easy. First, they need to pay for the most expensive plan. It's twice what the next one down is, and the only extra is the "compliance export". That lets an admin do an export of all channels and chats, it has to be every one of them, so it's huge. Even then, it's in a super unfriendly json format, so your average hr person is going to have trouble reading it.
    Mar 130
  • Nutanix
    op25

    Nutanix

    PRE
    Palo Alto Networks
    op25more
    Pretty sure they can view everything you do on their laptops. They just choose not to most of the time. If your manager wanted to they could probably check your internet history and chat logs.
    Mar 130
  • Worker Privacy protections are almost non-existent in the US, especially when compared to EU member states like Germany and France.

    Your reasonable expectation of privacy does not extend to corporate-owned equipment and channels.

    Go offline with ephemeral messaging apps or text with close co-workers if you want to gossip and complain. 😉
    Mar 130
  • Salesforce / OpssQfm63
    If you're using company provided equipment or services I just assume someone up the chain can see it.
    Mar 130
  • Tinder rool
    I've heard of people talking about comp in slack dm, and later being reprimanded. If you're saying something sensitive, use your own slack org or use a different messaging platform. Company Slack is not safe, just like Yahoo messenger and Barracuda weren't back in the day
    Mar 133
    • Groupon / Eng
      9x19pstGZH

      GrouponEng

      PRE
      Crowe
      9x19pstGZHmore
      reprimanded about comp? If it's an individuals own comp details, they can share that information with whoever they want; it's a federal protected right. Now talking about others comp or comp process details are gonna be confidential though. #fightthepower
      Mar 13
    • Tinder rool
      they were talking about their own comp with each other and one of them was complaining that they deserve more and stuff like that. Manager then mentioned it in a way that made it clear the messages were read
      Mar 13
    • Amazon _binch_
      Reprimanding employees for discussing wages is a very clear-cut NLRB violation.
      Mar 14
  • New / SalesLadyCloser
    Damn where’s the Slack Eng to chime in????
    Mar 132
    • Amazon / Product
      weяпыс

      AmazonProduct

      PRE
      Microsoft
      weяпысmore
      Where is the chime engineer to slack in
      Mar 13
    • New / SalesLadyCloser
      😹
      Mar 13
  • Centene Kvasir
    Don’t use company comms to complain about your company. That’s why Telegram, Signal, and even Blind exist.
    Mar 131
    • New
      poly

      New

      PRE
      Harvard Business Publishing, Dick's Sporting Goods
      BIO
      sex on the beach
      polymore
      Lol blind is not anonymous, blind still knows who you are
      Mar 14
  • Intuit / Eng
    j123x

    IntuitEng

    PRE
    Cisco, Verizon, Oracle
    j123xmore
    Safest is WhatsApp in your phone on your personal network without any company app installed including VPN access to tokens
    Mar 131
    • Amazon _binch_
      You misspelled "Signal"
      Mar 14
  • Pure Storage orangeg769
    Unless you’re an employee causing major legal/hr issues or work at some startup where founders are paranoid - nobody is reading your messages. People got shit to do, nobody cares about DM’s.
    Mar 140
  • Amazon / Engopgadget
    Btw, Cisco Jabber and IM&P log all messages in a PostgreSQL or Oracle database in clear text that just requires a well formulated SQL Query to extract. So while you are complaining that Slack is horrible for allowing data to be exported by only empowered individuals within an organization other companies make it freely available for anyone with access to a database to read. So tell me how horrible Slack is now, especially when they aren't the only company that allows you to export compliance details.
    Mar 130
  • BOLD attahaas
    1st rule of fight club : you don't talk about fight club
    Mar 130
  • Jack Henry / EngQbAH11
    Any admin on Slack can access all the messages. It's nothing new.
    Mar 130
  • Pandora / OtherMattMurdok
    The article is a year old
    Mar 130
  • Oscar 🐨koala
    Yes. Answer is yes. Even if it’s hosted company can request...
    Mar 130
  • New LoUe76
    It doesn’t matter who’s computer they have the ability to read. Shame on slack for making this happen! Zero trust.
    Mar 133
    • Amazon / Engopgadget
      It's always been possible on self hosted and enterprise solutions with a compliance report. The only thing new about this is it allows companies to export their data if they choose to leave slack or need to archive it for compliance and/or policy reasons.
      Mar 13
    • New nakt50
      I mean it’s literally like assuming that your company will take over and read your previous emails when you leave.
      Mar 13
    • New LoUe76
      No they read it while you are still with the company too. 🤔
      Mar 13

Join verified employees in our anonymous social network!Download the app!

close