What I don't get about Slack or any other 'chat as a service' system is why tech companies would willingly backdoor themselves with a surveillance system to harvest all their most private in-house discussions.

All those chat logs must be worth quite a bit to the right buyers.

but seriously, somewhere between 2000 and 2019 the IT industry seamlessly transitioned from

"we provide precision engineering tools, your data is yours, you should not need to trust us or anyone, mathematics is your guarantee, crypto 4 ever. "


"give us your data. all of it. give. no secrets. hold nothing back. in return we will... train AIs on it.. and provide unspecified 'services'... for someone, who may be you... that can change at any time... and we are funded by, uh. Look, a unicorn!"

Show thread

I'm so old I remember when the entire tech industry FREAKED THE HECK OUT at the idea of 'Total Information Awareness' and now it's just 'yeah, that's literally our business plan, what's wrong with it'

Show thread

Of course 16 years have elapsed since TIA was first proposed and in tech, I guess that's an eternity; an entire generation have probably retired and the new kids don't even know who George W Bush was, the even newer ones probably don't even know about Edward Snowden, the really new ones haven't heard of Donald Trump

Show thread

@natecull think of all the API keys included in the logs!

@natecull Even suggesting Slack is a firing offense at my day job.


Because when there's money to be made... disregard security.

@natecull At least in the automobile industry I haven't seen anyone using using it. We were using selfhosted HipChat but are moving to Zulip, and I introduced Mattermost and at our customers. Would love to use instead but it seems not polished enough yet for really big companies.

@natecull And if anyone finds out about it (including Slack employees — consider the leaks), they are done for.

@ivan I am sure that carefully considering the future cost of their actions is a very high priority for social media companies

(stares at Mark Zuckerberg, then at fourth wall)

@natecull I'm not so sure that Slack's network effects are *that* high. :)

@natecull I think the lawyers find contracts more reassuring than tech. I honestly don't know if that's crazy or not.

@natecull The new kids probably grew up in a completely different culture, too -- probably one with fewer anti-authority and anti-establishment memes.

@natecull The problem was that literally the only reason they were freaking out was because it was the government talking about doing it. They never had any problem with private industry doing it for private ends.

@freakazoid @natecull Personally, I'd prefer for the government doing it. There I have, at least in theory, a vote.

@woland @natecull their logo that they made themselves is the illuminatti watching the whole world

it’s impossible to be paranoid after that

@natecull Yeah, but like… when the government does surveillance they hoard the data for themselves and that’s just like SOVIET RUSSIA and BAD but when private companies do it they sell it and that’s CAPITALISM and GOOD!

@natecull Turns out the reason they freaked the heck out was the government was keeping them out of the loop. They wanted to do it for high margins. The government was proposing cutting them out of the gravy train.

@natecull This pretty much simultaneously happened with:
2000 Customer: Great service, here's $$$$
2019 Customer: It's great service, but we can get Crappy service from the other guy for free.

Nobody likes to admit that you get what you pay for.

@natecull this happens because these days, everyone and their dog has gone into IT-related fields. It's not that there are fewer idealists around, it's just that IT has transitioned from a fringe phenomenon to a core pillar of business and industry and suddenly there are dozens of average joes for each traditional crypto nerd. This skews the narrative away from the deeper issues and waters down awareness. Add in economic forces and the result is ... depressing.

@natecull lots of sysadmins suddenly realised their jobs could get a lot easier if they said:

@paul @natecull I want to push our team at work to switch away from Slack.

We're on the free plan and used up the whole 5 GB (seriously) and I want to propose switching to Riot / Matrix / Synapse before buying a Slack plan. The Slack plans actually look more expensive than just slapping Synapse on a cheap VPS.

Anyone know how Riot compares? I've been running it at home but only for chat, not files.

@CharredStencil @natecull I've never used Matrix/Riot/Synapse so couldn't give you an answer on that. Have boosted for visibility in case anyone else knows

@CharredStencil @paul @natecull my limited experience with Matrix has been a bit of a nightmare. I understand Synapse is a huge resource hog, and the clients definitely are (of memory, processing cycles, and especially network throughput). If it's just going on a bunch of workstations in buildings with good networks, then it's probably fine, but anything off-site is gonna be rough.

@diodelass @paul @natecull I only use it within our office, but I don't know how the sales team uses it. Slack's client is offensively bad, I switched to Chromium to appease it and it's still slow.

The only thing that does worry me is Synapse's RAM use. I've been running it on my desktop for a while and it's around 112 MB "res" according to top.

@CharredStencil @paul @natecull I don't think Riot is likely to be a lot better than Slack's client?
The ""native"" app is still Electron and the code seems perennially excessively inefficient.

@diodelass @paul @natecull The newest Riot runs great for me in Firefox. Again, desktop with piles of RAM. Firefox says the Riot page is 83 MB. But at least it isn't Slack, which still runs poorly in Chromium.

If I can go back to Firefox at work I'd be happy.

I'm not gonna use Electron ever if I can help it

To me Slack is just one of those "ooo lookie, corporate option!" kinda products. The kind of product middle managers and hack tech leads pitch to higher ups b/c it makes them look 'relevant' and 'with it'.

You can easily run an XMPP server and take care of your 'company-wide communication' issue, but that requires work and know-how.

@natecull that's why Uber built their own thing I guess

@natecull also there are RocketChat and such which big companies use to not pay

@natecull I strongly suspect my employer is not the only large tech company where support and dev routinely use Pidgin and OTR alongside Skype and Teams...

@natecull It's different to mail as a service or cloud document storage or private cloud code repos how?

@galaxis It's equally as evil as the first two, and we are going to regret those two HARD.

The third one - if the cloud truly IS 'private', ie, physically local, provably not subject to mass untraceable at-will automated data harvesting by unknown third parties - is much less evil.

@natecull Yeah, sorry, wrong choice of words. Should have used something like "non-public".

@natecull why would tech companies use jira or github? Same concern but data sovereignty doesn't matter anymore to the people in charge. Or the convenience is so great that it outweighs protection of their most valuable asset. Sad!!

@natecull @qyliss I always think about how Slack has three tiers: the free tier only gives you access to a small amount of your collected info, the cheap paid tier gives you access to all of it, and the expensive tier lets you actually delete it.

Apparently their complete archive of all your user data is worth $7/user/month to them, because that’s how much more it costs to be able to delete it.

@natecull I'm pretty baffled by that yeah. Also folks who fantasize they are competing with google and use corp gmail...

@natecull I'm less worried about Slack itself and more worried about who might break into their servers if they happen to log this stuff.

@natecull Because marginal cost of self hosting is perceived to be bigger than the risk of stolen discussions

@ayy There's gonna be some exciting times ahead for startups then.

@ayy In a world where maybe three companies control every computer of significance in the world?

I wish good luck to anyone competing with one of those three companies.

@ayy It only takes a single buy-out.

I mean if your company has no secrets of any commercial value to a large competitor, I'm sure it's fine and will remain being fine forever.

@natecull Anyway I'd personally self host for my company!
Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!