cloud network hunting note: Slack is office communication platform for companies, confidential chat with user security Toth is responsible for defending user privacy don’t leak. The specific content of Slack never read information, but to monitor the user’s behavior. At present, the Slack is going through a security policy change, the future may according to the law will information management to the customers.
Anne Toth in the first week of Slack, suffered a crisis now she jokingly called the episode “group house”.
last October, science and technology media claimed that Slack this all the way from Google’s popular to Nordstroms office communication platform is leaking potentially sensitive information. In the home page of Slack type with the company domain email address can see all the names of the team, the company they sometimes exposed employee’s work content. Some shirt is black and white, like what the business income group; But some team exposed the dark secret projects or private acquisitions. Google, for example, have an office in Slack group called “wearable tribe”, is actually a wearable technology specializes in tracking activity of small companies. Valleywag jokingly gossip a way: “does this mean that Google has acquired the ‘wearable tribe?”
Toth in Yahoo dry for 13 years of secrets and user trust, and on Google and other big companies as privacy, head of the department. She has been hired Slack, responsible to avoid leaking company secrets or calm after the leakage situation to reduce losses. Only 97 employees of small companies such as Slack will usually confidential outsourced company outside law firms are responsible for, but Slack felt it necessary to set up a full-time privacy and security department.
after all, this involves the company big stakes. In less than a year, Slack has become a big company, media agencies and guardians of the nonprofit group talk workplace safety. Slack as billions of dollars worth of enterprise, is the job of the 365000 people to choose dialogue platform, the Slack will users complain, errors in the E-mail, gossip about the company, future planning, and removed from the private data and join the Slack of cloud services. Imagine, if tomorrow BuzzFeed, Apple, Amazon, Uber, Gawker, HBO and the Wall Street journal’s secret Pal pours into the public eye what it’s like to be! Slack confidential and security group is responsible to confirm all these companies can peep the feeling of the other companies such as SONY pictures.
Anne Toth in Slack office
Slack points out that the name is named after employees working content team in order to attract new users to register and setting function, is not a “bug”, in spite of this, the company was soon to change the team way of naming. Toth said: “before I had finished my blog, an engineer corrected it, stay in the Slack this small company benefits is keen and quick, high work efficiency.”
Slack is an amazing company assistant. Its ease of use of addictive, instant chat with colleagues experience is much better than email, and a lot less pressure, so it is created in the first year of rapid development. But because of Slack users don’t have email and email users are in their own server, so they chat involved in sensitive and private data is naturally flow to Slack in the cloud services.
Toth employed by Slack before the summer, Slack to a boring reason to decision analysis of cloud services of all kinds of information — want to find out its 100000 users emoticons in common use and use frequency. The results showed that the expression symbols used a total of more than 1600, 1600 times the least commonly used as ordinary white box (?) , it appears only in the office chat record 35 times. Slack released a tweet:
data science group studying the application of emoticons, which is the least popular? — “?” Is also! In 16.37 million times of emoticons, it appears only 35 times.
Slack CEO Stewart Butterfield said: “we don’t want to set a precedent, or because the study the user’s information and make them feel sick.” Slack or not shall be investigated for copyrighted material or uploading child pornography, despite many such as Google and Facebook chat platform will check carefully, but they don’t Slack. Toth active filtering of content is difficult, expensive and conservative. Butterfield said: “we do not check any information, we don’t want to read information from anyone.”
“we don’t want to read information from anyone.”
although Slack don’t read the user’s information, monitor their behavior. Such as a Slack users with Slack sent 1 million messages every day and will be a few tweets is set to automatically import. Butterfield said: “they are using the space is far more than the money they paid, so we cancelled their rights.” Sometimes, the surveillance of behavior is good for users; Slack is raised more than $100 last year to more than two weeks no active users for a refund.
the sustainable development of Slack knew I depend on to be able to prevent hackers steal user chats and gossip. Slack in the process of transferring information to information encryption. It security audit on a regular basis and to found white hat the vulnerability of the bonuses. (so far, most of the white hat hackers are found in the user group of malicious molecules, they try to grab this shouldn’t be out of other users’ information.) Butterfield promises a two-step authentication, the user login is need password and need to input verification code sent to mobile phones, though he has yet to release date of certification, but under the bid. Slack his employees and users, Google must use double certification single sign-on (sso). The company hasn’t security crisis. Toth said: “the customer to security’s main source of concern is a work with Slack for the last fifteen years of contractor’s Slack accounts need to be changed hands ownership.”
Slack also limit their employees shall not be infringed upon the interests of users, last year there was a Uber staff reporter peeping a harrowing stories by rows. Hierarchical access system means that a few employees can access information database, and most employees can access the user name, group name and channel name. Any engineer wants to set a new code (for example, can affect some of its users over their privacy code) is other group members agree. Butterfield said: “the whole process of employees with access to customer information is recorded and censorship.” Toth added: “it is a combination of technical constraints and policy restrictions. All the big companies are asking the same security issues, we can have the answer to their satisfaction.”
but it is worth noting that the Slack economic model can’t guarantee well not paying users’ privacy. Only paying customers can enter chat archives and shall have the right to delete the past chats. Not paying users (most Slack users are not paying) can only see their recent ten thousand messages. After all of this information is filed Slack in stored in inaccessible areas. Not paying the user want to delete the past information must pay by credit card or close and delete the account. This confusing, so Slack launched a “group Settings” page, each user through the web site can query their information. Butterfield said: “people are hard to put all the nuances of privacy in their heart, so we have to put these different clearly displayed.”
panel reserves and delete policy
user retention policy is only applicable to the payment. By default, the Slack will keep your data for life. Make Slack no longer record set the edit and delete user information.
Slack “paid to ensure the safety of privacy” mode of
the irony is that due to Toth is confidential departments, since the moment she stepped into the Slack of the biggest task is to protect the user in the case of not exposed privacy using Slack. In the past, companies that intimate conversation or face to face to scold and colleagues don’t worry about their colleagues or boss read their words. Slack administrator can’t read these private information or to obtain illegal channels. Butterfield said: “we, too, with a Slack, we always want others to see the information we send. I want to talk with a co-founder of the not seen by other co-founder.”
however, advanced users now, still can pull up an account of all information, including those who be edited or deleted. Slack of some potential users, such as Banks, for complaints and regulatory reasons need the permissions. Toth said: “we have to overhaul the privacy and security policy, because we provide the service and the function of the team should be inconsistent. Private conversation in the collection, in the company can’t get by anyone, otherwise it is deprived of the rights of the user. We must be aware of the real and do it.”
“Slack a place to vent emotions calm yourself, we want them to know who to help users to calm down.”
Toth in confidential work began in the accident. Yahoo in the late 90 s for web mail business for the first time hired a Toth to dig mail data mining economic data. But in her career in 1998, regulators gradually lose control on data collected from technology companies, such as when children playing online games to play in the middle will be asked about household income, so Yahoo’s general counsel for Toth to figure out what is the company cannot do chat data, it is the opposite of her previous work. So she nervously into the privacy of Yahoo management and user trust work. She said: “I never thought it would be my lifelong career.”
Toth and Butterfield cooperation for the first time in 2005, when Yahoo Flickr has just bought a Canadian company, all data it needs to be moved to the United States. Toth said: “this is a big project, because users in Canada (rightly) worried about the U.S. government will find their beauty as privacy.” Her leaving Yahoo to join Google in 2011, the management Plus it has a complex privacy control of social network users’ privacy, but she only spent a year in Google. Toth said: “I need to resign to take care of my mother.” Then she started to work and startups. She said, “are generally in privacy braved difficulties and painful active come to me.” nullnullnullnullnullnullnullnullnull