We posted recently about our concerns with using Slack for team communications.
Here’s the thing: A lot of us love Slack. It is life-changing software that makes team collaboration roughly 1.3 gazillion times easier. And if you’re a geek, the API integrations are heavenly. Slack is great…for work or to organize a neighborhood barbecue.
Slack (and nearly every other piece of cloud-based software) is not so great if you have any concerns about the privacy of your users or the security of your information. Which, as we head in into authoritarian rule, is a concern.
There are more secure Slack alternatives, like Semaphor, which we are exploring. But for now we’re using Signal, which is free and easy to use.
But… Signal is not Slack. It’s much simpler, more like a group-text app, with none of Slack’s bells and whistles or API integrations. So…
To make Signal be more Slack-y, here are some steps you can take:
- Disable notifications. Signal is exactly like SMS text messaging, which, if you’ve ever been part of a family group text around the holidays, you know can be annoying. The minute more than six people are in a Signal group, your phone’s buzzing will get out of hand.
- Keep groups small. Think of them like Slack channels. Not everyone needs to be in every channel. Also, unlike on Slack, Signal has no group moderation. In other words, you can’t boot people from a group. Another reason to keep groups small and manageable.
- Don’t be afraid to create new groups. Just like on Slack, where there’s a Fear of Creating Channels (FoCC), you don’t need to shoehorn conversations into existing groups just because the group was set up that way. Create a new group, even if you’re only going to use it for a day or two. There is no limit to the number of groups you can create.
- Use 1-1 communication whenever possible. Not everyone needs to know everything. Just like Slack, Signal is great for private, one-to-one conversations. And don’t forget to set messages to disappear!
Now, because you are probably going to use Slack despite what we recommend, here are some steps to make Slack more Signal-y.
- Admins can set their teams to require two-factor authentication (2FA) for everyone on the team. This is the very first step you need to do when setting up your team. If you are logging into Slack without 2FA, do not participate on that Slack team and notify your admin immediately. This is very basic, Security 101 — but it’s a step toward making Slack more Signal-y.
- Set messages to disappear. This feature is configurable at the channel and individual level, and its important that you do this right now. Choose whatever time period makes sense (a day? a week?) for your needs. This is not 100% secure (your messages will still be stored in the cloud somewhere, and presumably available via hacking or subpoena), but at least if someone swipes your phone they can’t search your entire message history.
We’re still exploring these issues and would love your feedback. What security concerns do you have in Trump’s America? What precautions are you taking? Let us know in the comments, or… on Signal.