Journalists, how private are your Slack messages really?

avatar-kunal.jpg

Digital Security Training Intern

no-privacy.jpg

It's time to rethink your privacy on Slack. Adam Levine via flickr.

Slack has become a key part of work in many newsrooms, and recently went public with a valuation at $23 billion. Nieman Lab even suggested that there might be more newsrooms that run Slack than use Microsoft Word—it’s everywhere. Yes, even here at the Freedom of the Press Foundation, we use Slack for coordination across multiple teams.

So this is a good time to remind everyone, while Slack can make communication and team coordination easier: your Slack messages are not as private as you may think.

In a recent op-ed in the New York Times, the EFF’s Gennie Gebhart summed up the problems with using Slack:

"Right now, Slack stores everything you do on its platform by default — your username and password, every message you’ve sent, every lunch you’ve planned and every confidential decision you’ve made. That data is not end-to-end encrypted, which means Slack can read it, law enforcement can request it, and hackers — including the nation-state actors highlighted in Slack’s S-1 — can break in and steal it."

To make informed decisions about how to use Slack safely, especially for journalists working on sensitive stories with at-risk sources, it’s important to know who exactly can read your messages.

Your legal adversary

As a U.S. company, Slack will hand over its records upon request from government agencies like the FBI or even your local police department, following a warrant, subpoena, or other court order. And while Slack will attempt to notify users before handing over user data, the company’s broad exceptions to this user notification rule did not garner credit in the EFF’s 2017 “Who has your back?” report.

Your Slack messages might contain discussions about confidential sources, future story ideas, or seemingly unimportant office gossip.

No one knows the consequences of this more than the former employees of Gawker. During the Hulk Hogan lawsuit against Gawker (details about the case), chat transcripts from Gawker’s internal work chat (hosted on Campfire, a similar tool to Slack), were read in the courtroom as evidence.

Former Gawker editor-in-chief Max Read felt so strongly about his internal office jokes becoming a matter of public record that he wrote a piece for New York Magazine titled “Hulk Hogan Taught Me Never to Make a Bad Joke on Slack Again.”

In the United States, there are different policies about what kinds of data Slack is legally required to hand over. In civil discovery, “non-content” metadata records such as user identity and location are fair game without the presentation of a warrant or other court order. Our friends at the EFF have some more details about the differences.

One way to mitigate the impact of this is to control how long your messages are available in Slack channels and private message logs. This can be seen on the same page from earlier, “Retention & Exports.” All Slack data is held for the entire lifespan of the workspace unless otherwise restricted, and non-paid users must switch to a paid plan before they can add fine-grained deletion rules. In addition to these limits, Slack says they will delete all backups from their servers within 14 days.

2 slack admin retention.png

Slack admins can set custom data retention rules in your workspace's settings.

Consider asking your Slack workspace administrators to lower the retention period of messages so it becomes more ephemeral. We recommend setting it to a maximum of 30 days for all messages and files. After setting a responsible retention period, administrators can prohibit workspace users from extending the timeframe by disabling the “Let workspace members override these settings” checkbox.

1 slack_retention.png

Limit your data retention period to a responsible length. We recommend 30 days maximum.

If your workspace administrator chooses not to lower retention settings, but you have the ability to override the settings - take advantage of it. In a DM or private group chat, click the settings gear and select “Edit message retention…” to use a lower, custom retention setting for your messages.

3 slack retention convo.png

If your Slack admin doesn't enforce a responsible retention period, you may be able to set custom retention lengths on channels and direct messages.

Your email provider

By default, Slack enables email notifications that include the text of messages. If someone mentions you by saying your @username while you’re away, the text of those messages will end up in your inbox. This potentially defeats the advantage in having low retention settings in Slack since that same content might be saved in your email.

If you receive Slack notifications on your mobile device and don't need them in your inbox, disable them in your preferences under “Notifications.”

4 slack_notifs.png

Uncheck the box that grants Slack permission to send email notifications for missed messages.

If you choose to keep email notifications enabled, be aware of how long your email provider retains them, even if you regularly delete them.

Slack employees

According to their own security practices, Slack employees do have access to look at user data when “it is necessary to do so.” The same is true for any communication service, whether it’s Gmail, Facebook or others, when the service is not end-to-end encrypted.

Slack says that any such access is logged, and told Gizmodo that accessing user data would trigger alerts and reviews from superiors. Despite these controls, users have little choice but to trust that Slack will use their access responsibly. Unfortunately, there’s clear precedent for abuse among large tech companies. For example, Uber employees abused similar access in their “God view” mode, spying on celebrities, politicians, and exes. If you’re a reporter covering Slack the company, consider staying off the platform entirely while doing your story.

Your boss

In 2017, administrators of CNN’s Slack instance notified reporters that they enabled a “feature” that would give them unfettered access to read any messages, including private DMs, from then onwards. Later communication from their Slack administrators announced, “The company has certain legal preservation obligations which required this feature to be active.”

5 slack_cnn.png

The message that CNN reporters received from their Slack administrators.

splinternews.com

Newsrooms may need to retain reporters’ Slack conversations for compliance reasons, but you don’t see companies placing audio recorders at physical water coolers.

Some journalists end up covering the parent company that owns their news organization. Be extra careful when doing this in case you are worried executives may attempt to peek at your communications.

This feature is available to workspaces on the “Plus” or “Enterprise” plans, and Slack has made it straightforward for any user to figure out what policy your instance has, just visit https://<your-instance-name>.slack.com/account/workspace-settings and click “Retention & Exports.”

6 slack_export_good.png

Check to see what export privileges your workspace's admins and owners have in your settings.

If that had included “private information,” workspace administrators would have been able export DMs and private chats.

Even if you’re on the lower “Free” or “Standard” plans, you’re not necessarily in the clear. Another route that workspace administrators could use to access your messages is through third-party apps.

6 slack_app.png

Some third party apps grant sweeping permissions to your Slack data.

In this case, the app could read DMs and private messages, potentially logging them. You can see which apps your workspace has installed by going to https://<your-instance-name>.slack.com/apps/manage and filtering based on permission, such as “Access type: Can access messages”.

What should you do?

Slack is still an incredibly useful tool for newsrooms. For resource-strapped newsrooms, Slack can be easy to set up, and it just works. But it’s important to be mindful of the limitations that Slack as a platform provides. For some types of conversations, moving to a different platform will help ensure your messages stay private.

If you’re discussing confidential sources, documents, or stories, consider using an end-to-end encrypted messenger (e.g., Signal).

If you feel like privately talking to a coworker to discuss a gripe with management, instead of Slack, consider instead speaking in person or over an end-to-end encrypted channel. If you’re already using Signal for messaging or calls, it can fill this need as well.

Longer-term, it may be worth entirely moving your Slack workspace to end-to-end encrypted alternatives like Matrix and Wire. And while not end-to-end encrypted, Mattermost is another Slack alternative that can be self-hosted, preventing a third party service provider from seeing any messages.

Read more about Security

First major study looks at how SecureDrop is used in newsrooms in North America

Today the Tow Center for Digital Journalism at Columbia Journalism School has published a first-of-its-kind study on how newsrooms are using SecureDrop, our open-source whistleblower submission system that is now ...

Publishing the unredacted SecureDrop 0.3.4 audit report

In July, we announced the release of SecureDrop 0.3.4 and published the accompanying security audit by iSEC partners (now NCC Group). The audit found 10 issues, one of which ...

US officials have no problem leaking classified information about surveillance—as long as it fits their narrative

In the past few days there have been a flurry of stories about the Russian plane that crashed in the Sinai peninsula, which investigators reportedly think may have been caused ...