Vital Privacy Settings Slack Forgot
October 5, 2020
Return to Learning Center
In this new COVID-19 Work From Home Era where many professionals are doing their daily tasks from the comfort of their home office, digital communications tools such as Slack are now being pushed to their limit by companies all over the world. Somewhat like social media giants: Slack probably knows a lot of your secrets. Everything from your DMs to coworkers ripping your boss, your business plans, random ideas you sketched out, and more are all in this San Francisco-based company's servers. While Slack is a great, modern application, there are steps you can take to be safer in all apps. This means checking out your privacy settings regardless of the platform or service. Your private data might just be waiting to be viewed by a nosey CEO or supervisor, a skilled hacker, or even the entire world if there's a bad bug or data breach. The communications platform that many have come to rely on for both work and staying in touch with friends is a potential privacy disaster waiting to happen. And while you may not have a choice in whether you use the tool, you do have the ability to lock its privacy settings down to limit negative fallout before anything bad happens and reduce your changces of negative problems.
1. Supervisors can read your Direct Messages. If you're using Slack for work, your boss might be able to read your direct messages. Figuring out if this setting is enabled is the first step in keeping your DMs secret. Thankfully, there's a way to do this. While signed into Slack in a web browser, head to slack.com/account/team and then click on "Retention and Exports." Scroll down to "What data can my admins access," and you'll have your answer. If the page only says that public data can be exported, your DMs are safe from your boss. However, if it says that "Workspace Owners can also export messages and files from private channels and direct messages," then your corporate overlords have the ability to pull your direct messages. You should probably just be smart and not rip your boss in writing where it can come back to bite you. For the best safety, wait for watercooler gossip to return in real life meetings and then tear your boss a new one.
2. Retention settings. OK, so you now know that your boss has the ability to read your direct messages. That sucks, isn't the end of the world. There are still several ways to protect yourself, or at least reduce the harm that will inevitably come from this. For starters, you should tweak the so-called retention settings on all of your direct messages. Slack gives workspace owners (i.e. the person managing your company's Slack account) the ability to determine how long public and direct messages are saved. That could be for 90 days, for example, or forever. You can adjust this setting in your own direct messages. If your boss is looking for cause to fire you, it's better if only your past 24 hours of DMs are accessible. While in a direct message conversation, click on the gear icon in the upper-right corner, then select "edit message retention." Next, select "Use custom retention settings for this conversation," choose one day (the shortest period of time you can do), and then select save. You should still be careful about what you say in a work environment, but you can feel a tiny bit safer. Your messages will now automatically delete after 24 hours. Notably, this doesn't necessarily mean they are off Slack's servers once they're a day old (they are likely not), but the messages should no longer be within reach of the aforementioned workspace owner once a day has passed. Unfortunately, you may have to do this for every single direct message conversation, but it's a quick change and definitely worth it.
3. Use Encryption. It's a bummer, but Slack does not give you the ability to individually encrypt your messages. There's a way around that, however, in the form of a free browser extension called Shhlack. The Chrome extension lets you and your coworkers encrypt any and all of your messages. This means your private convos won't be viewable in cleartext when your boss or hackers somehow gets access to your messages. Like anything else in life, don't believe that this type of encryption is perpetually foolproof, but it's a little extra layer of security that could save your bacon.
4. Get off Slack. This isn't technically a privacy setting, just a bit of wisdom. If you want to say something that you'd regret if it was made public, don't send it via Slack. Trade phone numbers and communicate verbally. Meet in a bar. Even communicate sensitive comments over a Skype video call. This could be much safer than having sensitive comments stored perpetually in writing.
5. You can't edit away problems. Editing Slack messages after the fact may seem like a surefire way to remove any potentially problematic statements that could get you in trouble. Unfortunately, some Slack accounts track edits and maintain records of the messages before they were edited. Knowing if this setting is enabled will help you avoid making the mistake of thinking you're in the clear when, in fact, the only thing you've succeeded at is making it obvious you're trying to cover your tracks. While logged into your slack account, go to https://my.slack.com/account/workspace-settings and click "Retention and Exports." You'll find the answers you need there.
6. Use MFA. Keeping your account private means keeping it secure. Protecting your account with multi-factor authentication is a great way to keep hackers and snoopers out. To set it up, when signed in, head to my.slack.com/account/settings. Next, click "Two-factor Authentication" and follow the necessary prompts. You'll need to have an authenticator app downloaded on your smartphone to make this work, but there are tons of safe choices that work with Slack. Using Multi-Factor Authentication is always one of the smartest things you can do to ensure that hackers will have a much harder time accessing your account and your IT department is slacking (no pun intended) if they're not mandating this.
7. A clean slate. Let's say you want to leave Slack, or you're leaving a company and will no longer be using that Slack account. You might assume that removing and deleting your account takes care of any personal data of yours in the system, but that is definitely not the case. Instead, you actually have to ask the workspace "primary owner" to ask Slack to delete your profile info. They might not want to do this (in case they need any of your messages and chats for workplace documentation or goals but if you're concerned about privacy you might want try.) That primary owner must then email Slack at email@example.com with a specific deletion request, noting "the member's email address and your workspace URL." Once you've taken that step, your data will be a bit safer.
We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.