Just hours after introducing the “Connect DM” feature, Slack was forced to fix it. A decision taken in reaction to criticism from users of the collaborative communication platform, reports The Verge. Indeed, several of them pointed out that this feature could allow malicious people to engage in abusive behavior, and in particular to cyberstalking, without their “victims” being able to escape it.
Connect DM: an attempt to more easily connect users to each other
With its Connect DM feature, Slack, which was recently acquired by Salesforce, wanted to offer its users the possibility of contacting any other user of the platform, even if they do not belong to the same workspace. . The objective is clear: enable businesses to communicate more easily and securely with their customers and partners. A significant step forward to broaden the field of communication for users within the service, and thus get closer to the offers offered by other instant messaging services intended for the general public (Skype, WhatsApp, etc.)
Unfortunately, when it was released, the feature presented significant flaws that users did not hesitate to point out. Among them, the fact that there was no no limit to the number of invitations sent, and the messages accompanying these same invitations could be personalized.
Xiaomi: + 261% profit in the third quarter of 2020
In other words, a malicious user could have sent dozens, or even hundreds, of invitations containing insulting messages to another user, without the platform imposing any limit. Worse yet, no option to filter or block invitations had been put in place. In short, no layer of protection against cyberstalking has been designed to accompany Connect DM.
well that was easy as shit to abuse
– send invite with nasty language
– slack emails you w/ the full content of the invite
– can’t block the emails because they come from a generic slack address that informs you of invites
– abuser can keep inviting w/ abusive language https://t.co/Mw9W5L251a pic.twitter.com/dWEAD7ccRO
– Menotti Minutillo (@ 44) March 24, 2021
Slack listens to its users
Having read the reviews of its users, Slack reacted quickly through the voice of its vice president, Jonathan Price. Asked by our colleagues from The Verge, the man explained: “We are taking immediate action to prevent this type of abuse. (…) We made a mistake during this initial deployment which is incompatible with our objectives. As always, we are grateful to everyone who spoke and we are committed to resolving this issue ”.
Among the measures and corrective measures implemented, the removal of the functionality to personalize a message when sending an invitation. Administrators will also be able to choose to automatically deactivate DMs for all members of their company.
Improvements needed to make Connect DM a more secure feature for all Slack users. We should not expect less from the company, which has always placed security at the center of its policy.