Slack’s Top 5 Privacy Mistakes Competitors Can’t Make

Everyone makes mistakes. I do too. But when it comes to privacy, uses should keep their guard up and most businesses who collaborate online will appreciate it.

Slack is a great product and people love it. I get it. I think it’s great fun too, but it’s just not suited for business collaboration.

There are some popular features in Slack that competitors should avoid if they care about user privacy.

1. The Browser “Playground”

Your browser is a vulnerable place. Think of it as a public playground where every website you’ve ever visited has left its germs and viruses. There are countless security vulnerabilities with deploying an application through the browser; everything from the browser itself, to your security settings, plugins, extensions, the code from every website you visit, and the cookies that track you. With one click, malware can easily get installed on your computer so while there are things you can do to try to protect your activity online, sometimes that’s just not enough.

2. Integrations

Integrations are small applications that extend the functionality of a platform. Slack impressively boasts both a marketplace and investment fund to get more Integrations built for Slack. Most every Integration people use is hosted by Slack meaning every bit and byte that comes through an Integration can be read by Slack. (But I guess if you’re already using Slack heavily, you’re already okay with their ability to read every bit and byte).

3. Inline Pixie Dust

Most collaboration tools will overload posts that include URLs with metadata like images, titles, source content, and icons. This is also true of fun features like Giphy. While it might make the timeline more visually interesting, because you deserve, competitors should not offer this feature.

Here’s the issue: By implementing inline pixie dust, all of this content would get automatically downloaded to your device and you couldn’t control it. Clickable URLs are fine since the user is in control since meaning you choose when you want to visit a site.

4. Email Digests

For those not familiar, lots of products use email digests as a way to summarize a day’s worth of conversations into one quick scannable list sent to your inbox at the end of each day.

The problem? When a team has a conversation, it would be a critical privacy compromise that one/some/all of that team now have those same messages sent over the internet in an email. Email is one of the most vulnerable methods of communication, with a 789% year-over-year spike in malware and phishing. People set weak passwords, which are easily hacked and constantly stolen (remember the 1.6 billion passwords stolen two years ago?). All you need to do it look at the news for the latest email scandal (this week, the DNC was hacked and the Russians stole and exposed their opposition research on Trump).

There is certainly value in having a quick way to “get back up to speed” and we plan to build a “While you were away” feature in Semaphor that gives users the same benefit without compromising the privacy of your conversations.

5. Presence

Is so-and-so online? Presence allows users to passively know if another user is on/offline. Unlike the above features, we are giving serious thought to adding this feature to Semaphor — it is quite handy. That said, it will most certainly be implemented in a privacy-minded way. Does everyone on your team want everyone else on the team to know they are online? Should this summer’s intern know the CEO of your multinational company is “In a Meeting?” This level of transparency has benefits, but it needs to be controlled by users. Defaults should be set to Hidden, and only the user should be able to opt-in to such a feature.