It was supposed to be a useful feature that could open up Slack communication to more people that weren’t on the app or part of a particular Slack group, but as usual, humans went and ruined it. The popular work and team communication platform launched a new feature which allowed for a broadcast message to be sent alongside an invite to either an individual or even an entire organisation.
Sounds simple enough. The problem was that someone on the internet realised that essentially the feature could also be used to send potentially abusive or harassing messages that could not be blocked, as the message gets sent from the firstname.lastname@example.org email address which usually bypasses all the different filters that people have in place to avoid people they don’t like.
So, naturally, Slack has quickly withdrawn the new feature out of fear of people abusing it and will need to return to the drawing board of how they approach it. While they wanted to use a generic email to allow for messages to be broadcast to people perhaps on the platform, they will need to find a way of perhaps removing a certain level of anonymity or added security, before doing so. The Verge shared the following statement from the company:
After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages. We are taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone to Slack Connect DMs
Slack Connect’s security features and robust administrative controls are a core part of its value both for individual users and their organizations. We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage. As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue.
Unfortunately, tech companies today need to spend just as much time planning around maliciously-minded individuals as they do coming up with innovative new features. Hopefully, they can consider it a lesson well-learnt and work on making future innovation far more secure and protected from a similar sort of behavior.
Last Updated: March 26, 2021