Slack just backtracked on the worst idea ever

Slack connect dms backtrack
(Image credit: Shutterstock)

Slack has now reversed its controversial decision to let users message anyone else via Slack, even if they aren’t part of the same private channel.

Or more accurately the company has fine-tuned the Slack Connect DMs feature to minimize the risk of harassment and abuse. Users will still be able to invite outsiders to join them in a private conversation, but now there’s no option to send any messages beforehand.

Slack Connect DMs is an invite system that enables cross-channel communication. That means people could communicate with each other through Slack, despite not being members of the same private channel, but only if they both agreed to it first. That’s not changing, as far as we can tell.

Initially, however, those invites could go out with a written message. Naturally, this could easily be exploited to harass people at work or send them abusive messages. Particularly since Slack does not include tools to block other people or report abuse. 

So Slack has admitted its mistake and backtracked on the initial messaging feature.

“After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages. We are taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone to Slack Connect DMs,” Jonathan Prince, Slack’s vice president of communications and policy, told The Verge.

“Slack Connect’s security features and robust administrative controls are a core part of its value both for individual users and their organizations. We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage. As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue.”

There’s more to worry about than abuse

Of course, there are still other concerns to worry about. Some of them have already been debunked online, like the risk of people able to see which Slack channels a user is part of when they accept an invite. Slack has confirmed to The Verge that users receiving invites will only be able to see which channel they’re being invited to, and nothing else.

There’s also the problem that whole individual companies will be able to opt-in to Slack Connect, individuals have no such power. It’s also not clear whether it’s possible to disable the feature for individual members of an organization. So users may find themselves bombarded with Slack Connect invitations, with no way to turn them off.

Those messages may not come with abusive messages attached, but they could prove to be a serious distraction if the wrong person (or people) decided to exploit those tools.

Plus there’s the problem of which channel admins have access to what. Slack Plus plans store everything, without encryption, and make it accessible by channel admins if they wish. In a situation where two members of different organizations are sending messages via Slack Connect, there are two different admin teams that may be able to see what they’re saying. We’ve asked Slack to clarify this point.

Then there’s the risk of exposing sensitive company information. It’s bad enough if outside admins could potentially see this, but companies do talk about sensitive stuff in Slack. In fact, last year’s Twitter hack, which led to verified accounts tweeting out the same cryptocurrency scam, only happened because the hacker managed to infiltrate Twitter’s Slack account and gain access to company tools.

Slack Connect DMs are what the name suggests, and just let people send private messages between Slack channels. But it is a potential security hole, and hackers are an intrepid bunch. Who knows what they might be able to get up to.

Fortunately, Slack seems willing to listen to criticism and will make changes to Slack Connect where needed. Reducing the risk for abuse is very important, but it’s still only a surface-level problem. There are other issues underneath that need to be addressed as well. Let’s just hope it will happen soon, and without someone claiming to be Elon Musk while trying to fleece you out of Bitcoin.

TOPICS
Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.

Read more
Slack
Slack was down — latest updates on massive outage
How to tell if you've been blocked on WhatsApp
The best WhatsApp alternatives in 2025
An illustration of a person holding a smartphone with a padlock in front of speech bubbles on the screen
The best encrypted messaging apps in 2025
Elon Musk holding chainsaw at CPAC
Musk's DOGE faces massive backlash and 12 data privacy lawsuits — how safe is your data?
Telegram being used on a smartphone, with large Telegram logo in background
Telegram data sharing has increased by 6,000% since CEO's arrest
woman in office video chatting on a Mac
Best video chat apps in 2025
Latest in Instant Messengers
How to delete TikTok
8 TikTok alternatives — where to go if the app gets banned
How to tell if you've been blocked on WhatsApp
New WhatsApp green screen bug is making the app unusable
The WhatsApp logo on a screen in front of a laptop
WhatsApp starts rolling out Events planning feature for group chants — here’s how it works
The WhatsApp logo on a screen in front of a laptop
WhatsApp looking to add AirDrop-esque feature to iPhones — what we know
The WhatsApp logo on a screen in front of a laptop
WhatsApp drops surprise design update — it's rounder and darker now
WhatsApp logo on iPhone
How to rejoin a group chat on WhatsApp
Latest in News
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
Nintendo Switch 2 promo image
Nintendo Switch 2 patent hints at a major improvement — and it could be the reason for the mysterious “C” button
Cruel Intentions on Prime Video
Amazon cancels 'Cruel Intentions' after one season on Prime Video
(L-R) Adeline Rudolph and Jack Kesy in "Hellboy: The Crooked Man" (2024).
Hulu top 10 movies — here's what you need to be watching right now
How to tour the Super Bowl stadium virtually with Google Maps
Google Maps glitch is purging Timeline data — what we know
The iPhone 17 Air next to an iPhone 16 Pro Max
iPhone 17 Air could be this thin — new photo vs iPhone 16 Pro Max