All the Ways Slack Tracks You—and How to Stop It
From changing privacy settings to putting limits on those infuriating notifications, here’s how to take control of Slack.
THE GLOBAL REMOTE work experiment shows no sign of ending anytime soon. As Europe struggles to contain a deadly second wave of Covid-19, many forward-looking companies have confirmed that their employees will largely be working from home for at least the first quarter of 2021. That means that Slack, Microsoft Teams, and Zoom will continue to dominate the lives of office workers.
As you settle down for a long, cold winter of trying to ignore Slack, it’s important to get things in order. From changing privacy settings to putting some limits on those infuriating notifications, here’s how to get some control over Slack.
Slack’s Data Collection
Slack’s business model is very different from the tracking- and advertising-heavy setups of Google and Facebook. Slack makes money by selling premium-tier subscriptions, though there are also free accounts that have limits placed upon them.
What Your Boss Can and Can’t See
Part of Slack’s success comes from it being a useful store of information—quick updates and messages, which can later be searched and revisited, don’t have to clog up an email inbox anymore. Key to this is Slack not deleting anything. Ever. “By default, Slack never deletes your messages or files, so they’re always accessible,” the company says. (This also applies to free accounts, but only a certain number of messages are searchable).
Control of the messages you send is given to the workspace owner—in most cases this will be your employer. Slack says that it has strict measures, tools, and audits in place to stop employees from accessing messages and other company information.
Workspace owners can decide how long messages are stored for and set limits on what information can and can’t be accessed by your employer in the future. There’s the option for a workspace admin to select messages and files to be automatically deleted after a set amount of time. This can be customized by each channel or direct messages. It’s possible to see your company’s Slack data-retention settings by heading to [Slack channel name].slack.com/account/workspace-settings#retention.
There are also controls on who can access messages within a company. Slack says conversation data can be exported in some circumstances—such as conducting investigations into harassment, following court orders for disclosure, requests under GPDR’s subject access rights, or for audits.
How data is extracted can depend on the type of Slack subscription a company has (if any). It’s possible to check what your company’s settings are for data exports at the bottom of the page on the URL above. Typically it’s possible for workspace owners to export messages and files that are shared in public channels. These are exported as text logs, not in the typical Slack user interface.
It gets harder for someone to export your messages and files once they’re in private channels or DMs. In these instances a workspace owner must contact Slack and apply for permission to export the data. Slack can grant an owner permission to use a “self-serve data export tool.” “Each org owner must ensure that (a) appropriate employment agreements and corporate policies have been implemented, and (b) all use of business exports is permitted under applicable law,” the company says in its guidance on exports.
It’s possible for anyone on Slack to see how much a person uses it. The analytics page [Slack channel name].slack.com/stats shows how many messages have been sent on a workspace and the most popular public channels. It is also possible to search for individual people and see how many messages they’ve sent in the last 30 days and for how many of those days they’ve been active.
Slack has a pretty good record when it comes to data breaches. In March 2015, when the company had just half a million daily users, it was hacked, and some user data was compromised. Since then, no other hacks have been reported.
The biggest risk for many people using Slack is bad passwords and a lack of two-factor authentication. By using common, repeated passwords, accounts are vulnerable when passwords from previous data breaches are used. Failing to use a password manager could put an entire company at risk. Turning on Slack’s two-factor authentication will also help to protect accounts.
While good password management and two-factor can help, it’s also worth considering what you’re sharing on Slack. Operational security is key—you should think about what you’re sharing and with whom. When you add a new person to a Slack channel, they can see past messages and files, including any gossip about them.
You should also consider whether Slack is the appropriate platform for the messages you’re sending. If you wouldn’t say something out loud at a meeting with a colleague, you probably shouldn’t be sharing it on Slack. Even private channels and DMs could eventually have their messages revealed during a legal case or other similar types of investigation. If you really need to send that bitchy message during these times of remote working, it may be worth considering a different, encrypted platform. Or really, just not saying it at all.
Finally, if you’re spending time going over Slack’s privacy settings, you should really sort out your notifications. You’re probably already getting more Slack notifications than you need—especially if you’ve still, for some reason, got email notifications turned on.
In the app’s settings and preferences menu, you can alter what you get notifications about: all new messages, direct messages, mentions, and keywords are the options. These can also be adapted for mobile, so you only get the notifications that matter when you’re on your phone.
You can also set periods where notifications aren’t sent. In the settings menu you can set up the option to pause notifications between certain times of the day. This will stop messages coming through when you’re not working—allowing a little separation between sitting in your working chair and sitting in your non-working chair.