Updated Slack, which became popular as a team chat app in part because it's not email, is now letting users invite anyone, via email, to correspond using direct messages in the Slack app.
The collaboration biz, in the process of being acquired by Salesforce, announced the service, called Slack Connect Direct Messages, last October and made it available on Wednesday. It's part of Slack Connect, which provides a way to bring as many as 20 separate organizations into a single Slack channel.
Slack says the capability is available to individuals on Free, Standard, Plus, and Enterprise Grid plans, though the ability to manage Slack Connect settings and permissions not available to those on the Free plan.
Slack has entered the Matrix: Element builds a bridge to realm of encrypted, decentralised commsREAD MORE
"Slack Connect allows you to send direct messages (DMs) to people outside your company, providing an easy way to work with your partners," the company explains in a help center document. "Once an invitation has been sent and accepted, you can begin exchanging messages with someone from another organization, just like you would in other DMs."
In Slack's desktop client, the process involves clicking the compose button in the top left-hand corner of one's workspace and entering the recipient's email address in the To: field. The recipient will receive a unique link in an email that can be used by one person, and a customized message if one was included by the sender.
Or at least that was the way it worked when it debuted. Word of the change has prompted some alarm among those who adopted Slack primarily because of its high signal-to-noise ratio.
Hello, users here!
"It could potentially suck," observed John Paul Minda, professor of psychology at Western University, via Twitter. "The only reason I pay for and use @SlackHQ is [because] it’s a closed system with my students [and] lab. The very first sign of getting an unsolicited message from anyone outside my lab (a.k.a. Spam), I’ll cancel and just switch to [Microsoft] Teams."
To which Slack, mindful of social media chatter, responded that Slack Connect DMs can be deactivated by workspace owners and administrators, if your plan allows for it.
Accepting an emailed Connect DM invitation requires the receiving party to opt-in by clicking on the link and may require further approval from one or both admins responsible for the communicating parties, via the Manage shared channels menu.
Nonetheless, there's concern about the potential for abuse, particularly given Slack's past refusal to implement a muting or blocking capability to silence workplace harassment and its reiteration of that policy on Wednesday.
A feature to block members isn't on our roadmap currently, however we really appreciate you letting us know it's something you'd like to see in future iterations. For now, you can mute DMs with members by using the /mute command in the message input field and hitting enter.— Slack (@SlackHQ) March 24, 2021
Confronted with evidence that invitations with customized text can easily be weaponized to spam people with harassment and abuse, Slack has committed to dropping that capability, even though the company appears to have been aware of the issue a week ago.
In other words, you can still send invites, you just can't stick your rude messages in them, as the invite wording, from the get-go.
And that doesn't resolve other issues, like the corporate policy complications that arise when people working for different organizations open a channel to one another or the fact that while Slack messages are encrypted in transit and at rest, they may still be accessible to account owners and administrators, depending on whether the account is free or paid.
To win over the unconvinced, Slack may find that further marketing is necessary... ®
Took about 4 hours for our security & IT team to disable Slack “Connect DMs.” We don’t need a shittier version of email to exist in probably the worst email client imaginable without any of the security tools to protect employees. Hard pass.— Mitchell Hashimoto (@mitchellh) March 24, 2021
Updated to add
“After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages," Jonathan Prince, communications and policy veep at the chat app, said in a statement.
"We are taking immediate steps to prevent this kind of abuse, beginning with the removal today of the ability to customize a message when a user invites someone to Slack Connect DMs. Slack Connect’s security features and robust administrative controls are a core part of its value both for individual users and their organizations.
"We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage. As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue."
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Microsoft 365
- Microsoft Office
- Microsoft Teams
- Palo Alto Networks
- Visual Studio
- Visual Studio Code
- Web Browser