



Slack has overturned the controversial decision to allow users to send messages to other users through Slack, even if they aren’t using some of the same private channels.

More precisely, the company has tweaked the Slack Connect DM feature to minimize the risk of harassment and misuse. Users can still invite outsiders to join private conversations, but they don’t have the option to send a message in advance.

Slack Connect DM is an invitation system that enables cross-channel communication. This means that you don’t have to be members of the same private channel to communicate with each other through Slack. However, only if both parties first agree. As far as we know, that doesn’t change.

However, initially, these invitations may be sent in a written message. Of course, this can easily be abused to harass people at work or send abusive messages. In particular, Slack doesn’t include tools for blocking others or reporting abuse.

In summary, you can’t block on slack-you can’t block email-the abuser can continue to “invite” in abusive language-even if your workspace disables the ability to accept these invitations, all of the above is true. March 24, 2021

So Slack acknowledged the mistake and returned to its original messaging capabilities.

“After publishing the Slack Connect DM this morning, we received valuable feedback from users on how to use the invitation email to use this feature to send abusive or harassing messages. Slacks Communications and Policies. Jonathan Prince, vice president of charge, told The Verge that he is taking immediate steps to prevent this type of abuse.

“Slack Connects security features and robust management controls are a core part of value for both individual users and their organizations. In this first rollout, mistakes that conflict with product goals and general experience with Slack Connect. As always, we thank everyone who raised their voices and are working to fix this issue. “

I have more to worry about than abuse

Of course, there are other things to worry about. Some of them are already published online, including the risk that people will be able to see which Slack channel a user belongs to when they accept an invitation. Slack has told The Verge that users who receive an invitation can only see the channels they are invited to, and not the others.

There is also the issue that individual companies as a whole can opt in to Slack Connect, and individuals do not have that power. It is also unclear whether it is possible to disable the functionality of individual members of the organization. As a result, users may be struck by Slack Connect invitations and find that there is no way to turn them off.

These messages may not be accompanied by abusive messages, but can be a serious distraction if the wrong person (or more than one person) decides to abuse these tools. There is.

If this is offensive, remember that Slack doesn’t encrypt the message and can store it indefinitely even if it’s inaccessible, and in many cases employers can read and search everything they post DM.https. : //T.co/xojPTurlF820 March 24, 2009

Another issue is which channel administrator can access what. The Slack Plus plan stores everything unencrypted and makes it accessible to channel administrators as needed. In a situation where two members from different organizations are sending messages through Slack Connect, two different management teams may be able to see what they say. I asked Slack to clarify this point.

Second, there is the risk of exposing sensitive corporate information. It’s bad enough if an outside administrator could see this, but the company talks about Slack’s secrets. In fact, last year, Twitter hacks leading to verified accounts tweeting the same crypto scams only occurred because hackers broke into their Twitter Slack accounts and accessed company tools.

As the name implies, Slack Connect DM allows you to send private messages between Slack channels. But it’s a potential security hole, and hackers are a brave group. Who knows what they can stand up to?

Fortunately, Slack will listen to the criticisms and make changes to Slack Connect as needed. Reducing the risk of abuse is very important, but it is still a surface-level issue. Below that, there are other issues that need to be addressed as well. Hope it happens soon, without claiming to be Elon Musk, while someone is trying to get you out of Bitcoin.

