Slack now lets you DM anyone — and that's a problem

Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Slack is going to start letting its users direct-message people outside of their company with the new Slack Connect DMs feature.

The service was originally announced back in October, but it’s only just started rolling out. The goal is to ensure companies working with partners or clients can communicate, though there are so many more possibilities than that.

• Check out these 7 Slack tips and tricks to master the business chat app
• Give Slack Connect the boot by using one of the best encrypted messaging apps
• Plus: iMac 2021 launch now looks imminent — here's why

However, it could also be regarded as a bad move, much like how publishing your personal email address on 4chan could be considered a very bad idea.

Connect DMs functions through Slack’s Connect feature, which launched last year and was built to help businesses collaborate through shared channels. Adding DMs into the mix is the latest part of that. 

The good news is that it’s not like email or text messaging, where anyone can send you a message provided they have the right address. 

Connect DMs work by sending a special link and force both sides to start the shared conversation. Depending on how a business has set up their Slack channel, it may require admin approval as well.

Connect DMs could have security and privacy issues

A lot of the outrage against this feature on Twitter has focussed on the risk of abuse and spam that stems from letting outsiders send messages to private Slack channels. Those concerns are because Slack has no options to block or report other users.

But there are, rightfully, concerns about security and privacy, such as the fact that Slack doesn’t encrypt your messages, and stores them indefinitely. That includes direct messages, which can be accessed archived and exported if your employer has a Slack Plus plan. 

That will likely include direct messages sent between companies, and presumably those conversations would be available to admins on both sides.

But personal privacy isn’t the only issue, because it could expose company’s sensitive information.

Remember the big Twitter hack from last year? The one that had celebrities tweeting out an almost-identical Bitcoin scam? 

According to a New York Times investigation, it all happened because a hacker managed to get into Twitter’s private Slack channel. Once there “Kirk”, as he was known, was able to access a service that gave him access to Twitter servers. Access that was then reportedly used to launch the crypto scam.

The story hasn’t been confirmed by Twitter, which declined to comment at the time. But it does go to show how something could go wrong if you give private Slack access to someone with nefarious intentions. 

Last week, an 18-year-old Florida man was sentenced to three years in prison for the hack, which took place while he was a juvenile. Florida authorities said he convinced a Twitter employee that he also was a Twitter employee and deserved access to Twitter's internal systems.

Connect DMs won’t give outsiders unfettered access to a private Slack channel, but it does mean there's another potential hole in security. Slack may not be the most obvious target for hackers, but we’ve already seen what can happen if they manage to access the wrong conversations. So Slack admins take note.

Slack Connect DMs is rolling out to paid users today, and will eventually come to free users “soon”.

• More: These are the best video chat apps you can download right now