Apparently direct messages can be read by your employer on slack. Did everybody know about this? This seems very concerning...
Flagged by the community.
Flagged by the community.
- New / HRKBJM57It’s a company asset being used on the company network using company hardware. They can do whatever they want
- Microsoft people, can employers read Teams DMs? Because I've said a few things forgetting it's a work chat, but usually edit the comment then delete haha
- Assume everything you type on your work computer or through a service provided by your employer can be read by them.
The thing on your side is that it is a shit ton of data and no one wants to. This only really happens when you otherwise draw attention to yourself and cause an investigationMar 1333
- Microsoft not-a-devJust FYI, editing then deleting should not help. Everything (even deleted stuff) is kept on records for years.
And in general no one will want to read your conversations unless they have a reason for that. Like, you did something bad. Or someone is suing the company and you work on the product involved. EtcMar 144
- Pandora mbnbbI don't think they do but they can if they need to. Company servers= company apps.
- Plus, I always assume my Employer has access to anything I do on company resources so I don't do or say things that could cause problems if the wrong person saw them. Be smart people.
- It's not possible without pulling a report or data export on a specific user or set of users and the permissions for that report are typically very restricted, I can't imagine a sane reason to grant that privilege level to Managers because it's a global permission not "per team".
- HashiCorp Re3Bh1Can only be done with a workspace audit/compliance report - only workspace/grid owners can pull these.
- Assume everyone can read your messages/content unless E2EE is explicitly called out.
- Even e2ee doesn't protect your from a company that has the local admin password for your machine or root. And generally doesn't protect you from the ISP aka your employer most of the time.
At an unnamed company where I worked we suspected that an employee was responsible for some abuse of access to servers. Even with an encrypted connection we were able to get a full log of his activity over the network
- Don't fool yourself, legal teams normally require venders of such products to allow them access to all chats, messages, logs, etc for a period of 3+ years in case of an evidence request. Most companies have a formal policy on this and it should be strictly followed. Plus as someone who has been tasked with collecting messages of an employee for just a few select days and parties, it's not a fun or easy process. So rest assured, even individuals with access won't waste their time.
- OpenDoor MhBB55This isn’t really true. Slack admins and workspace owners in SOME workspaces MAY have access to private channels and DMs, depending on a setting. They don’t have access via the regular slack client, the message logs need to be downloaded via an export tool on the slack website admin pages.
- Autodesk b737max8moreAsk your companies to delete your data ( GDPR ) complaint , you have the right to sue them if they don’t comply.
- Gusto 🙇💥☠️💀DeathNot sure why this is surprising. Long before Slack exist, employers have the ability to check your email. Google Suite have this capability called Vault.
Most company won’t willy nilly read your email and Slack DM, but they have the ability to do so for various legal reason. It’s their asset, not yours. There’s no expectation of privacy at work.
- Turner blacmagicWho cares! Just don't be talking about stupid and inappropriate shit and you good!
- JCPenney PanoIt only presents a problem if you do something stupid. Or if you have a micromanaging boss (though that is a GTFO situation). Or if someone gets clever and hooks the oversight capabilities up to some AI / machine learning that alets the powers that be (e.g. HR) of questionable content.
The last one is the one people have valid reason to fear. Harmless flirting, condoned office romance, and general shit talking with friends or peers could all trip you up with an all seeing eye.
- Indeed cyhy46Assume that literally everything you do on a work device, on a work network, or on a work VPN can be read by your employers
Assume that it will be read if they're given any reason to.
Some reasons include:
* They're sued and have to give it over for discovery
* you're underperforming and they want a pretense to get rid of you
* You did something to get negative PR onto the company
* Somebody with administrative access in IT hates you and isnt shy about abusing their authority
- SAP UbermenschWorker Privacy protections are almost non-existent in the US, especially when compared to EU member states like Germany and France.
Your reasonable expectation of privacy does not extend to corporate-owned equipment and channels.
Go offline with ephemeral messaging apps or text with close co-workers if you want to gossip and complain. 😉
- I've heard of people talking about comp in slack dm, and later being reprimanded. If you're saying something sensitive, use your own slack org or use a different messaging platform. Company Slack is not safe, just like Yahoo messenger and Barracuda weren't back in the day
- Amazon / ProductпысTakermoreI lost track of the sub thread but someone said something about how helpful e2ee encryption was and mentioned tls / SSL was a protection
I just wanted to point out that ssl/tls works because your computer uses the public key of the site to encrypt the first part of the hand shake and give a key to the site to use to talk back to you. This is cool because the communication is never unencrypted and it is more complex than this the SSL handshake has about 8 steps. The issue is that if your company has admin access to your machine they just need to log the pre encrypted first message and they then everything else can be derived from network traffic.
Sure your app could implement it's own e2ee stack and that would be good for maybe a month or two before the weakness is found. Ee2e like DRM has a lot of people who want to break and newness helps but even then it will only be fool proof for a short time. Ironically it is basically the same people breaking both only difference is one is taking a paycheck at and least clai.s publicly that they gave up hacking security when not being paid.
- Safest is WhatsApp in your phone on your personal network without any company app installed including VPN access to tokens
- Eventbrite uEQo20It's possible but not easy. First, they need to pay for the most expensive plan. It's twice what the next one down is, and the only extra is the "compliance export". That lets an admin do an export of all channels and chats, it has to be every one of them, so it's huge. Even then, it's in a super unfriendly json format, so your average hr person is going to have trouble reading it.
- It doesn’t matter who’s computer they have the ability to read. Shame on slack for making this happen! Zero trust.
- Centene KvasirDon’t use company comms to complain about your company. That’s why Telegram, Signal, and even Blind exist.
- Mode DvVM00yes but they would only review them if you were accused of something like hostility