A new Slack extension promises to let you send memes to your coworkers in peace.
Aptly called ‘Shhlack,’ the tool allows you encrypt and decrypt messages ‘on the fly’ so that only the sender and the receiver are able to read them.
Shhlack was created by information security company MindedSecurity and can be installed as a web browser extension or as an add-on to the Slack app.
Information security company MindedSecurity created a tool called ‘Shhlack’ that allows you to encrypt messages sent on Slack. Only the sender and the receiver are able to view them
Slack is used by millions of employees as a messaging app in the workplace.
The tool relies on pre-shared keys, or passwords, that are exchanged between users.
However, it’s recommended that you send someone a pre-shared key outside of Slack, as doing it in the app defeats the purpose of establishing a secret message.
After Shhlack is installed, users can begin an encrypted message by clicking on a colorful lock icon that appears next to the dialog box in Slack.
They can also hold down the Alt and S keys to open an encrypted exchange.
Slack servers and Slack Bots won’t be able to see any messages in clear text, according to MindedSecurity.
The Shhlack tool relies on pre-shared keys, or passwords, that are exchanged between users. Users should take care to exchange the key outside of the Slack app, as that would defeat the purpose of establishing an encrypted message
Only users and bots that have the correct pre-shared key will be able to view unencrypted content. For users who don’t have the key, messages will show up as gibberish
Only users and bots that have the correct pre-shared key will be able to view unencrypted content.
For people without the pre-shared key, any encrypted messages will show up as ‘encoded garbage’, the firm added.
The tool also works in group chats with other users.
For example, if only two users in the group have been notified of the pre-shared key, they’ll be the only two people who can view encrypted messages.
Users with the passkey will see messages that are labeled ‘Encrypted: (First Passphrase)’ and in a distinctive dialog box.
Again, all other users in the chat will see gibberish if someone sends an encrypted message to the group.
Shhlack also supports multiple keys so that users can have more than one key that can be shared with other users, MindedSecurity noted
Shhlack also supports multiple keys so that users can have more than one key that can be shared with other users, MindedSecurity noted.
Unlike other encrypted messaging apps, like Signal or Telegram, Shhlack requires users to manage their own pre-shared keys, which could make the tool less secure than other programs.
Stefano Di Paola, MindedSecurity’s chief technology officer, said he hopes to introduce a version soon that avoids using pre-shared keys, according to Motherboard.
‘Shhlack is an experiment and an ongoing project, definitely not for production, at the moment, but with a very specific goal in mind: An easy-to-use solution for passing private messages without too much worries,’ Di Paola explained.
‘We built the tool for protecting specific messages from being logged by Slack and being exported in cleartext’.
Users with the passkey see messages that are labeled ‘Encrypted: (First Passphrase)’ and in a distinctive box (pictured). MindSecurity said it hopes to add better security features soon
Many people may be surprised to know that their boss can see every message they’ve sent through Slack.
Typically, a company’s IT department has the ability to view and download a record of any messages sent through the service.
And a recent update to the app could make it even easier for them to do this without you knowing.
Previously, Slack would require users to file a ‘compliance report’ in order to get access to employees’ private messages sent on the app.
But the company recently announced that employers who pay to use the service can get access to private messages without notifying their employees.
In the new policy, Slack writes: ‘Workspace Owners can request access to a self-service export tool to download all data from their workspace.’.
‘This includes content from public and private channels and direct messages.’
The option is also available to customers who are not paying for the premium feature as long as they provide certain information.