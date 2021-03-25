



The messaging platform Slack yesterday unveiled a new feature called Connect DM. This allows you to send direct messages to anyone who uses the service, whether they are part of the same company or workspace.

Slack was forced into an embarrassing partial U-turn so quickly that it “made it possible” in the past. For some reason, the company was unaware that such a feature could be abused, and it was up to the user and the media to point this out. Within hours, important changes were introduced to ConnectDM to eliminate spam and abuse.

It’s unclear why Slack somehow overlooked the fact that ConnectDM could be used for spam and harassment. This feature was released as a (certain) opt-in element of the platform, but had the drawback of being able to send messages of up to 560 characters to strangers.

These custom messages are sent to the contact person and you can choose to accept or ignore the communication request. However, they receive invitations in the form of email, opening up the possibility of mass unwanted and potentially abusive communications.

Within hours, Slack noticed an error in that method. In a statement given to Verge, Jonathan Prince, Vice President of Communications and Policy for the company, said:

After publishing the Slack Connect DM this morning, we received valuable feedback from users on how to use the invitation email to use this feature to send abusive or harassing messages. We’ve removed the ability to customize messages when a user invites someone to Slack Connect DM, so we’re taking immediate steps to prevent this type of abuse.

Slack Connect’s security features and robust management controls are at the core of value for both individual users and their organizations. In this first rollout, I made a mistake that conflicted with my product goals and the general experience of using Slack Connect. As always, we are grateful to everyone who has raised our voice and are working to fix this issue.

Closing this hole within a few hours could make ConnectDM one of the shortest-lived features to date in its original form.

Image credit: rafapress / Shutterstock

