Elon Musk’s Twitter takeover is a reminder that Slack is never private

The chaos at Twitter, with Musk posting employee messages and Tweeps finding public channels, is a reminder that anyone can snoop on Slack.

Elon Musk peering

In the world of remote work, Slack and Microsoft Teams messages are accessible and ripe for the picking.

Photo illustration: Corbis; Dimitrios Kambouris/Getty Images for The Met Museum/Vogue; Protocol

When Elon Musk bought Twitter, he also bought a treasure trove of internal Slack messages. Just three days into his tenure, he exercised that access, tweeting a Slack message that Twitter safety and integrity head Yoel Roth sent in May.

The tenor of Twitter’s Slack changed overnight with the acquisition, a current Twitter employee told Protocol. Formerly outspoken employees fell silent. Submitting a tough question for “ask me anything” town halls became unthinkable.

“We definitely talked about Elon command+F-ing ‘Elon Musk,’” the employee, who requested anonymity to protect against retaliation, said. “A group of us were saying, ‘Oh shit, what did I ever say about Elon Musk on Slack?’”

Twitter did not respond to a request for comment. Slack declined to speak on the record.

In the days of the in-person office, the new company leaders may have had to set up discreet conference room confabs to get the full workplace scoop. In the world of remote work, Slack and Microsoft Teams messages are accessible and ripe for the picking. Idle gossip in the hallway has turned into direct messages to your team of co-worker confidants; personnel changes, once announced during town halls, became blasts in the #general channel. The good, bad, and ugly of the working world lives inside a single, searchable workplace app — which is why Slack, often the chosen tool of Silicon Valley, becomes the main character in workplace meltdowns.

Slack creates transparency, but with that transparency comes an inherent lack of privacy. Nothing can stop co-workers from taking screenshots or bosses from infiltrating private channels. In Twitter’s case, the new leadership is getting a taste of the Slack panopticon as well — engineers from Musk’s other companies (which use Teams instead of Slack) initially created public channels that Tweeps quickly found. Slack channels are not private by default.

“I don’t think many people predicted that — which is obvious in hindsight — the new owner would start combing through past messages once the acquisition went through,” former Twitter software engineer Manu Cornet told Protocol. “I certainly wasn’t smart enough to think about that. Some might, but we’ll never know because they were smart enough to keep quiet.”

Why we expect privacy on Slack

Slack, resembling the instant messaging of our personal lives, lulls some into a false sense of security. It feels more casual and ephemeral than email.

“When you're texting a friend or co-worker versus when you're emailing somebody, you assume the texts are mostly private,” said Anshu Sharma, CEO of data privacy platform Skyflow. “That's how all these people get in trouble. Slack feels like texting to people, especially direct messages.”

But direct messages and even deleted messages are accessible to employers if they seek that data out. “Someone can request direct messages from Slack if they have the right administrative privileges,” said Patricia Thaine, CEO of privacy software company Private AI. “This is all within their right because there is no real privacy law protecting employee data, unless it’s health care data.” Even if a company admin set up a 90-day Slack purge, a copy of this data might be accessible to a CIO.

A cursory command+F search of public Slack channels is an easy lift, and might yield useful information. Matt Haughey, a web designer and former senior writer at Slack, said one of his first moves as a new hire at the company was to search for his own name. The effort of scouring the entirety of a Slack workspace is another story, and not worth it for most employers. Of course, Musk isn’t “most employers,” but with four other companies to run and Twitter advertisers to woo, scouring Slack likely isn’t his first priority.

“Can my boss read my DMs?” Haughey asked. “Technically yes, but it's a giant pain in the ass and you have to get a massive data dump of everything ever said, and then you have to search for just that channel or person. It's needles in haystacks.”

Despite the potential for surveillance, many tech companies have thriving Slack ecosystems. Twitter was one of them. The company has historically prized feedback and openness in its culture. “We do have a very active Slack,” the current Twitter employee told Protocol. “A lot of people say things that they probably shouldn’t say in general on a company Slack, especially not when someone like Elon Musk takes over.”

Twitter post-Musk quickly became a very different place, where uncertainty reigned and layoffs loomed. Former Twitter employee Cornet, sensing he would soon lose access to his account, created a Chrome extension allowing employees to grab important documents. He then shared the message on Slack, which was ultimately deleted from the channel. Cornet thinks that message contributed to his firing on Nov. 1 (along with his subversive Twitter comics).

One of Manu Cornet's Elon Musk comics.Comic: Courtesy of Manu Cornet

Cornet might not be the only one whose Slack messages got them in trouble. Musk has access to critical and sensitive communication that could have helped him decide who to dismiss in Friday’s layoffs, though the current employee Protocol spoke to is doubtful Slack messages played a role.

“With how massive these layoffs were, it feels like there’s no rhyme or reason to it,” the employee said. “Honestly, if he was doing that, I would have been laid off.”

Your Slack messages aren’t really yours

The law is pretty clear when it comes to workplace messaging: Companies own all communications taking place on company-sponsored platforms. Lee Adler, a professor with Cornell’s School of Industrial and Labor Relations, said while it’s illegal for companies to forbid discussion of organizing, for example, the record of those discussions still belongs to the company.

“The workplace privacy that workers might have — unless they are protected by specific laws like the [National Labor Relations Act] or an analogous state law — in the digital archives of the ‘selling’ company is virtually none, in a union or non-union company,” Adler told Protocol.

Lynne Hook, an employment lawyer who has led company investigations that dredge up employees’ messages, reemphasized that workers should have no expectation of privacy. Employers typically make this clear in employee handbooks, though Hook recommends reiterating it during live onboarding sessions too. Employers’ reach can actually extend beyond Slack and into personal text messages, depending on the legal situation.

“If employees are engaging in workplace discussions — particularly discriminatory or harrassing or illegal workplace discussions — on their personal devices, an employer can actually reach that if necessary,” Hook said.

If workers have little control, what about executives? It’s highly unlikely that outgoing leaders would decide of their own volition to delete or protect sensitive Slack data. At Twitter, a Slack setting automatically forbids employees from deleting any sent messages, according to the current Twitter employee. That policy, plus the now-moot pending litigation against Musk, means Twitter’s Slack archives likely remain untouched.

In the absence of official communication this past week, Tweeps turned to Blind and Signal for more candid conversation. They crowdsourced information from the accidentally public Slack channels and executive team calendars. Communicating via anonymized or encrypted channels is a common tactic for workers seeking privacy, especially those looking to organize their workplace. Forrester analyst Will McKeon-White recommended employees also avoid using company devices for sensitive conversations.

“If you're worried about sensitive information from your work account being shared out with the organization, that is information that probably should not have been shared on that channel in the first place,” said McKeon-White.

The Twitter acquisition will forever change the way employees at the company communicate — and should remind workers everywhere to think before you Slack. The current Twitter employee told Protocol his messages will be strictly professional from now on. He’s wary of using even Twitter DMs to share personal thoughts with co-workers.

“I have no faith that our Slack is safe,” the employee said. “[Musk] is going to have to prove us wrong there.”


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories