Slack Connect Removes New DM Feature: Potential for Abuse Exposed

Slack Connect Removes New DM Feature: Potential for Abuse Exposed
Slack is pulling back the new DM feature added to its platform less than a day after its release. Photo : Scott Webb / Unsplash

Slack is pulling back the new DM feature added to its platform less than a day after its release. This is due to the concern that the new system could be exploited and people can send abusive or harassing messages to others with ease. The company's vice president, Jonathan Price, is thankful to receive feedback from its users and has taken immediate steps to prevent these kinds of abuse.

Slack Connect DMs is a feature that lets Slack users privately message employees inside and outside their company alongside an invite. It is designed to introduce working with new partners or clients, as well as message friends and other companies. The Connect DMs work by emailing a person a special link to start a conversation. However, this might require Slack admin approval, depending on how your organization has been programmed in Slack.

Slack Connect DM Issues

Twitter user @44 Menotti Minutillo raised the first concern that the feature was too easy to abuse by malicious individuals. The feature did not have any robust opt-out protections that prevent emails from being spammed to an individual.

Slack Connect bypasses any filters or protections users have placed in their inboxes. Appatently, with the new DM feature, a person sending an invitation link can include a personalized message to it--which is not hidden. While there is certainly no ill purpose to it, asthemessage perhaps is meant to be a way to properly introduce the person inviting, it can be used to send hate and other abusive messages.

Unfortunately, the receiver of the said email cannot easily filter this message out. This is because blocking Slack's direct email might filter out other important Slack emails.

For what it's worth, Tech Crunch reported that the DM feature is an opt-in, giving users a sense of discretion from indiscriminately sending messages to people inside their company. However, the individual user does not have active control over those who could DM them. Also, there is no filtering or monitoring in the message text body that could prevent someone from sending hateful messages. The list of abuses that Slack Connect DM could be exploited with involve: spam emails, sales cold calls, stalking, and harassment.

Read Also: Google Top Searches in 2020: 'Hug,' 'Panic Attack' and More See Massive Spike

Fixing The Issue

The Verge talked with the company's vice president Jonathan Pierce and reported that Slack is doing some repairs to their system. Pierce said that Slack is taking steps to prevent this abuse, starting with the removal of customized messages in user invites from the Slack Connect DMs.

Pierce also mentioned that Slack Connect's security was built with robust administrative controls that take value for individual users and their organization's rights. As such, they are making amends for the program's lapses.

Slack Connect was designed as a premium feature for enterprise users, paying $8 per month (or $6.67 if you chose the annual plan) to enjoy certain administrative features to contact employees or new customers with ease. However, this feature could be intrusive, and exploiting it affects both free and premium users. Slack ensured that they are doing their best to maintain their communications platform as a safe and secure program.

Related Article: 2021 Digital Detox Challenge: Company Paying $2,400 for 24 Hours Without Technology-How to Join

© 2017 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost