Slack Says Letting Anyone Message Anyone With Few Limits Was ‘a Mistake’

On Wednesday, Slack launched a new feature that allows users to message anyone else via direct messages, even if the receiver is outside of the sender’s organization. In other words, the feature allows anyone to connect with you privately on Slack. Critically, even if the feature is turned off on your Slack, you’ll still get an email notification and message from anyone trying to connect with you—including people who don’t work with you and can use this feature to sneak harassment into your inbox.  

After experts in content moderation, and several other people, complained about this risk, Slack is already backtracking and limiting the feature, admitting it “made a mistake.” 

Before Slack changed it, I tested the feature, called Slack Connect, with a friend at another news organization, whose Slack I am not part of. My friend got a notification within Slack, and an email that contained the message I sent them.

slack-connect-test.jpeg
Screen Shot 2021-03-24 at 11.47.31 AM.png

Screenshots of the email and the Slack notification that my friend received. (Image: Motherboard)

My friend wasn’t able to respond to me via Slack, as his company has the Slack Connect feature turned off. But he still got a notification. And, most importantly, he still saw my message in his emails. 

After Motherboard reached out to Slack asking about how the company planned to mitigate the risk of people getting harassed with this new feature, the company backtracked on it. 

“After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages. We are taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone to Slack Connect DMs,” Jonathan Prince, Slack’s vice president of communications and policy told Motherboard in an emailed statement. “We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage.”

Before this change, a target of harassment would have seen the harassing message in their emails, even if they couldn’t respond within Slack. 

When Slack introduced the feature today, it hadn’t implemented any features that can help someone who gets harassed. There is no block button or built in mechanism to report the message to Slack or your company’s Slack administrator. 

Caroline Sinders, the founder of Convocation Design + Research and an expert in content moderation, criticized Slack’s new feature.

“It’s irresponsible to build this global feature without having there be any guardrails for safety. By guardrails, I mean basic [User Interface] tooling we see in other social networks and platforms like blocking, like harassment reporting, like keyword muting and blocking,” Sinders told Motherboard in an online chat. “All of those tools and features help make people safer. So I think it’s very strange to have rolled out this Connect feature without having created any harassment mitigations around it.”

Before Slack changed course, hiding the content of the messages sent via Slack Connect, the company was telling people complaining about the risks that the solution was for administrators to disable the feature.

For Sinders, this was not an adequate solution.

“When you create new forms of messaging, you need better ways for people to mitigate harm, without having to opt in or out COMPLETELY of a feature,” she said. “It shouldn’t be so binary, is what I’m saying. Because those facing harm will have to turn it completely off.”

Subscribe to our cybersecurity podcast CYBER, here.

This post has been read 20 times!

0 0 vote
Article Rating
Like
Like Love Haha Wow Sad Angry
guest
Not Optional
Optional
0 Comments
Inline Feedbacks
View all comments