So yesterday I talked about Slack’s new Connect option, and I classified it as a Business Strategy story. Today, let’s talk about it as a security story. Why? Well, it’s got a ton of problems that allow for harassment.
The feature has been rolled back because the way email invitations are being sent could be used to send harassing or abusive messages. That includes sending foul language and the inability to block those emails – or make them ever stop. A user can’t filter for them, and if you’re in a free slack… you can never remove them.
Why do we care?
Well, that’s not great. My statements yesterday about the why all stand, and now we get to ask the “why didn’t they think of this?” question.
I pose this thought often – why aren’t companies considering how things can go badly? I call it the Black Mirror test. Assume your technology is going to appear on the show, twisted and abused by creative science fiction writers. I could dial up the snark and say “this is called testing, people”.
Long term the direction is clear – short term, proceed with caution.
Source: The Verge