Slack has launched a new direct-messaging feature that allows people from different companies to talk to one another. No problems there, right? The service is opt-in, in that you’ll have to approve anyone attempting to bother you on your work Slack before their messages appear — thank god. But that’s not the only quirk about Slack’s “Connect DMs” worth knowing about.
First, and most obvious, is that your company’s Slack admins have complete control over whether you can even use Connect DMs or not. The option is completely grayed out for me on my Lifehacker Slack account, but I do see that it’s available on other company Slacks I can access.I you can’t try it out yourself, it’s possible your Slack overlords either haven’t set it up or are purposefully prohibiting you from accessing it. (Back to normal text messaging you go — which isn’t the worst thing, since at least you can effectively block people you don’t want to talk to.)
Second, know that Slack admins — really, your company — retains an incredible amount of power over the content that’s shared over your company Slack. You might think that a direct message is private exchange between you and another person from another company, facilitated over this magical no-man’s-land between your two corporate environments. In actuality, your chats are still tied to your company’s existing policies.
As David Pierce describes in this Protocol article:
“Each company controls its own messages, which means in essence that a shared channel is actually two separately-owned spaces smashed together in Slack’s UI. Either side’s admins can nuke all their messages without touching the other side’s. Slack is also verifying most Connect-using organisations, to help ensure that the [email protected] you’re Slacking with is the real deal.”
Remember, your admins don’t have to save this message-deleting step for when you quit your job or are laid off/fired. Your company (or a rogue Slack admin) might decide that Slack’s DMs are totally fine right now, only for that permission to be stripped away, and your messages deleted, at some future point.
If you’re having a conversation where the details are critical, consider screenshotting or copy/pasting your chat elsewhere at regular intervals. Or take it to email. Don’t just assume that what’s fine one day will remain fine forever — corporate life isn’t always that clear cut. And, of course, any changes to your company’s retention settings will also affect your DMs.
People are going to use it as a tool for harassment and abuse, while Slack clients will use it as a surveillance tool (there will absolutely be naive leakers who end up getting fired or even arrested over this) https://t.co/DGZrbb5GvW
— Tim Marchman (@timmarchman) March 24, 2021
Finally, and most importantly, know that anything you send in a Connect DM isn’t necessarily private. While Slack administrators have to jump through some big hoops to get access to what people are saying in a company’s Slack — whether in public or private channels, internal DMs, or, now, Connect direct messages — it’s something they can and will do if they feel they need to.
A Connect DM might feel like it exists outside of your company’s “space,” but it doesn’t. Don’t share information that would violate your company’s policies, heck, you might not want to share anything that isn’t work-related, period. You never know who’s going to be reading it.
PSA for Slack users, and the privacy lawyers who love them. Also, in-house law: if you think your tech colleagues aren't using Slack because it hasn't been approved for use in your enterprise …. ask. https://t.co/aMw2GAFTbs
— Carol Brani (@CarolOnAdvLaw) March 24, 2021