07.20.19

Gemini version available ♊︎

Slack Committed a Very Major Crime That Can Cost Many Billions If Not Trillions in Damages for Years to Come

Posted in Security at 5:32 am by Dr. Roy Schestowitz

Bankruptcy must follow, maybe arrests as well (the company’s logo gives away the company’s real worth and values)

Slack's new logo is a penis swastika

Summary: The inevitable has happened to Slack, which no longer deserves to exist as a company; moreover, the people who ran the company must be held criminally accountable

TO say that Slack got merely “compromised” would be the understatement of the decade. Yes, it did in fact get compromised, but it’s a lot worse. It’s far worse than a compromise per se. We’re going to explain, starting with the basics.

Slack is malware. Not just the ‘app’. Their Web site hardly works with any Web browser – they want the very worst and privacy-hostile browsers to be used for extraction of data. It’s a resource hog because it’s malware disguised as an IRC ‘clone’.

“It’s a resource hog because it’s malware disguised as an IRC ‘clone’.”Slack the ‘app’ is literal malware. It follows you around if you install it on a phone. The browser side is also malicious, but it’s less capable of geographical/location tracking. They use it for data-mining. See the source code (page source at least). It’s malware. GDPR should be applicable here and we suspect that EU authorities have not assessed that aspect just yet.

Slack is not a communications platform but a data harvester with an interface that looks like a communications platform. What it is to users isn’t what it is to Slack, the company. The Electronic Frontier Foundation (EFF) issued strongly-worded warnings about Slack and even Microsoft, the NSA back doors giant that kick-started PRISM, outright banned Slack for security reasons! Yes, Slack is really that bad. We won’t even call this ‘anticompetitive’ on Microsoft’s behalf; Microsoft does have a few engineers and they very well understand what Slack is and why it must be avoided. Even unqualified Microsoft hacks can understand that. Slack was always a ticking time bomb, which I warned about before, e.g. here in Tux Machines. I very much foresaw the latest disaster. I did all that I could to spread information about it, at the very least to ensure people are forewarned. Now I feel vindicated, but how much damage will be done for years if not decades to come? It’s difficult to assess or measure because it’s almost impossible to track the sources of rogue actors’ data.

“It’s the complete doomsday scenario, an equivalent of having one’s own Jabber server completely and totally hijacked, and all communications in it (names, passwords) stolen.”Slack did not have a mere ‘incident’. It was a CATASTROPHE! They knew about it for quite some time (at higher levels, too). It’s the complete doomsday scenario, an equivalent of having one’s own Jabber server completely and totally hijacked, and all communications in it (names, passwords) stolen. But in the case of Slack millions of businesses are affected. In one fell swoop. Just like that. Even the public sector. Military, hospitals, you name it…

Slack got totally ‘PWNED’, but they won’t admit that. They will lie about the extent of the damage, just like Yahoo and Equifax did (each time waiting months before revealing it was orders of magnitude worse). They game the news cycle that way. People must assume that all data is compromised. Everything! Slack sold everyone out and gave everything away. Even those who paid Slack (a small minority) were betrayed.

This is a major, major, MAJOR catastrophe. Businesses and their clients’ data is on Slack. Even HR stuff, which gets passed around in internal communications. Super-sensitive things like passwords, passports and so on.

Who was Slack data copied by? Mirrored or ‘stolen’, to put it another way? Possibly by rogue military actors that can leverage it for espionage and blackmail, as many do. Covertly. You rarely hear about blackmail because that’s just the nature of the blackmail. It happens silently. It’s like ‘hush money’.

Some would say Slack got “hacked” (they typically mean cracked). But it’s actually a lot worse than getting cracked! We’ll explain further…

About a month ago Slack got to its IPO milestone, the legendary capitalist pigs’ initial public offering (which one can reach even while making massive losses like Uber does). Big day for Slack! These people can pretend to be billionaires ‘on top of the world’. But they’re not. Especially as they’re not profitable at all and there’s no business model other than spying…

So for years these people consciously covered up this massive incident. Slack is therefore a criminal organisation. It must be shut down as a matter of law. These operations are illegal.

“Slack didn’t just “mess up”. It broke the law; yes, it committed an actual crime by not informing the customers.”To prevent the company from totally collapsing Slack lied to millions of people and businesses. That’s a fact. To save face…

So the only justice now would be federal and private lawsuits, forcing this company to shut down. Will anyone be arrested? Unlikely. White-collar crimes are ‘special’. No jail time (or rarely any, except as a symbolic token to the public, e.g. Madoff after the financial collapse more than a decade ago).

Slack didn’t just “mess up”. It broke the law; yes, it committed an actual crime by not informing the customers. They would change passwords etc. had they known. But Slack did not obey the law. It did not inform customers. It announced all this after the IPO, in order to make shareholders liable, and it did so late on a Friday (to minimise press coverage about this likely crime). The shareholders too should sue for concealment of critical information.

This is a very, very major scandal for Slack and if the company survives at the end, then it only means one thing: crime pays! Crime pays off. Just that. Because they committed a very major crime. Consciously. Now they need to hire PR people and lawyers. Maybe they can also bribe some journalists for puff pieces that belittle the severity of this mere ‘incident’.

As we said at the start, Slack is technically malware. Slack is surveillance. This is their business model, which isn’t even successful (so they will likely get more aggressive at spying or holding corporate data hostage in exchange for payments). For example, scrolling limits. This is like ransomware. It preys on businesses desperate to access their own data. They try to ‘monetise’ separating businesses from their data/infrastructure. It’s inherently unethical. It’s like a drug dealer’s business model/mindset.

“Companies may never know if past system breaches, identity thefts etc. were the fault of Slack.”Slack basically bet on being a ‘spy agency’ (without all the associated paperwork). And later they got cracked, passing all their surveillance ‘mine’ (trove) to even more rogue actors than the company itself. The Slack ‘incident’ doesn’t affect just Slack. Companies everywhere can now be held legally liable for having put their information on Slack servers. It’s an espionage chain. Centralisation’s doomsday in action…

Companies may never know if past system breaches, identity thefts etc. were the fault of Slack. It’s hard to prove that. But it’s guaranteed to have happened. Moreover, there are future legal ramifications.

Slack knew what had happened and why it waited all this time. This waiting makes the crime worse. This scandal can unfold for quite some time to come. The ramifications are immense! And we might not even know the full extent of these (ever). Privacy-centric competitors of Slack already capitalise on this very major scandal and use that to promote themselves; Keybase for instance…

It would be wise to move to locally-hosted FOSS. However, that would not in any way undo the damage of having uploaded piles of corporate data to Slack and their compromised servers.

Are managers at Slack criminally-liable? Probably. Just announcing this scandal after an IPO and late on a Friday when many people are on holiday won’t save Slack. They need to go bankrupt faster than the time period since their IPO. Anyone who still uses Slack must be masochistic.

“Just announcing this scandal after an IPO and late on a Friday when many people are on holiday won’t save Slack.”In the coming days many companies will come to realise that for years they tactlessly and irresponsibly gave piles of personal/corporate data to Slack and now a bunch of crackers around the world have this data.

“Trusting our data with one company isn’t feasible,” one person told me this morning. “The data lasts forever & we must expect that our worst enemies will have it or get it with small time delay. Otherwise encrypt everything which slows everything down & complicates everything making those “safe” uncompetitive.” That’s now how Slack works.

“These troves of Slack data are invaluable to those looking to use them to blackmail people, take over servers, discredit people, and generally cause complete chaos, even deaths.”We expect Slack to stonewall for a while, saying that it’s the weekend anyway. Slack lied to everyone for years. They’re a bunch of frauds. Anyone who now believes a single word that comes out of their mouths is a fool. They also committed a crime (punishable by law) with these lies. When it comes to Slack, expect what happened with Yahoo; First they say it’s a small incident; Months pass; Then they toss out a note to say it was actually big; A year later (when it’s “old news”): 3 BILLION accounts affected. Anyone who now believes the lies told by Slack’s PR people deserves a Darwin Award. These scammers lost millions/billions for years just pursuing an IPO (others bearing the losses); They lied, like frauds (like Donald Trump), just to get there (the IPO). Now, like Yahoo, they will downplay scope of impact. A lot of companies can suffer for years to come (e.g. data breaches, identity theft). These troves of Slack data are invaluable to those looking to use them to blackmail people, take over servers, discredit people, and generally cause complete chaos, even deaths. We’ll soon do a series of articles showing how Microsoft caused deaths at hospitals.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. IRC Proceedings: Monday, December 06, 2021

    IRC logs for Monday, December 06, 2021



  2. [Meme] Rowing to the Bottom of the Ocean

    The EPO‘s Steve Rowan (VP1) is failing EPO staff and sort of “firing” workers during times of crisis (not at all a crisis to the EPO’s coffers)



  3. EPO Gradually Reduced to 'Fee Collection Agency' Which Eliminates Its Very Own Staff

    Mr. Redundancies and Mr. Cloud are outsourcing EPO jobs to Microsoft and Serco as if the EPO is an American corporation, providing no comfort to long-serving EPO staff



  4. Linux Foundation 2021 Annual Report Made on an Apple Mac Using Proprietary Software

    Yes, you’re reading this correctly. They still reject both “Linux” and “Open Source” (no dogfooding). This annual report is badly compressed; each page of the PDF is, on average, almost a megabyte in size (58.8 MB for a report of this scale is unreasonable and discriminates against people in countries with slow Internet connections); notice how they’re milking the brand in the first page (straight after the cover page, the 1991 ‘creation myth’, ignoring GNU); remember that this foundation is named after a trademark which is not even its own!



  5. Links 7/12/2021: OpenIndiana Hipster 2021.10 and AppStream 0.15

    Links for the day



  6. Microsoft “Defender” Pretender Attacks Random Software That Uses NSIS for installation; “Super Duper Secure Mode” for Edge is a Laugh

    Guest post by Ryan, reprinted with permission



  7. Links 6/12/2021: LibreOffice Maintenance Releases, Firefox 95 Finalised

    Links for the day



  8. “Wintel” “Secure” uEFI Firmware Used to Store Persistent Malware, and Security Theater Boot is Worthless

    Guest post by Ryan, reprinted with permission



  9. No Linux Foundation IRS Disclosures Since 2018

    The publicly-available records or IRS information about the Linux Foundation is suspiciously behind; compared to other organisations with a "tax-exempt" status the Linux Foundation is one year behind already



  10. Jim Zemlin Has Deleted All of His Tweets

    The Linux Foundation‘s Jim Zemlin seems to have become rather publicity-shy (screenshots above are self-explanatory; latest snapshot), but years ago he could not contain his excitement about Microsoft, which he said was "loved" by what it was attacking. Days ago it became apparent that Microsoft’s patent troll is still attacking Linux with patents and Zemlin’s decision to appoint Microsoft as the At-Large Director (in effect bossing Linus Torvalds) at the ‘Linux’ Foundation’s Board of Directors is already backfiring. She not only gets her whole salary from Microsoft but also allegedly protects sexual predators who assault women… by hiring them despite repeated warnings; if the leadership of the ‘Linux’ Foundation protects sexual predators who strangle women (even paying them a salary and giving them management positions), how can the ‘Linux’ Foundation ever claim to represent inclusion and diversity?



  11. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him

    Balabhadra (Alex) Graveley has warrant for his arrest, albeit only after a lot of harm and damage had already been done (to multiple people) and Microsoft started paying him



  12. The Committee on Patent Law (PLC) Informed About Overlooked Issues “Which Might Have a Bearing on the Validity of EPO Patents.”

    In a publication circulated or prepared last week the Central Staff Committee (CSC) of the EPO explains a situation never explored in so-called 'media' (the very little that's left of it)



  13. Links 6/12/2021: HowTos and Patents

    Links for the day



  14. IRC Proceedings: Sunday, December 05, 2021

    IRC logs for Sunday, December 05, 2021



  15. Gemini Space/Protocol: Taking IRC Logs to the Next Level

    Tonight we begin the migration to GemText for our daily IRC logs, having already made them available over gemini://



  16. Links 6/12/2021: Gnuastro 0.16 and Linux 5.16 RC4

    Links for the day



  17. Links 5/12/2021: Touchpad Gestures in XWayland

    Links for the day



  18. Society Needs to Take Back Computing, Data, and Networks

    Why GemText needs to become 'the new HTML' (but remain very simple) in order for cyberspace to be taken away from state-connected and military-funded corporations that spy on people and abuse society at large



  19. [Meme] Meanwhile in Austria...

    With lobbyists-led leadership one might be led to believe that a treaty strictly requiring ratification by the UK is somehow feasible (even if technically and legally it's moot already)



  20. The EPO's Web Site is a Parade of Endless Lies and Celebration of Gross Violations of the Law

    The EPO's noise site (formerly it had a "news" section, but it has not been honest for about a decade) is a torrent of lies, cover-up, and promotion of crimes; maybe the lies are obvious for everybody to see (at least EPO insiders), but nevertheless a rebuttal seems necessary



  21. The Letter EPO Management Does Not Want Applicants to See (or Respond to)

    A letter from the Munich Staff Committee at the EPO highlights the worrying extent of neglect of patent quality under Benoît Battistelli and António Campinos; the management of the EPO did not even bother replying to that letter (instead it was busy outsourcing the EPO to Microsoft)



  22. IRC Proceedings: Saturday, December 04, 2021

    IRC logs for Saturday, December 04, 2021



  23. EPO-Bribed IAM 'Media' Has Praised Quality, Which Even EPO Staff (Examiners) Does Not Praise

    It's easy to see something is terribly wrong when the people who do the actual work do not agree with the media's praise of their work (a praise motivated by a nefarious, alternate agenda)



  24. Tux Machines is 17.5 Years Old Today

    Tux Machines -- our 'sister site' for GNU/Linux news -- started in 2004. We're soon entering 2022.



  25. Approaching 100

    We'll soon have 100 files in Git; if that matters at all...



  26. Improving Gemini by Posting IRC Logs (and Scrollback) as GemText

    Our adoption of Gemini and of GemText increases; with nearly 100,000 page requests in the first 3 days of Decembe (over gemini://) it’s clear that the growing potential of the protocol is realised, hence the rapid growth too; Gemini is great for self-hosting, which is in turn essential when publishing suppressed and controversial information (subject to censorship through blackmail and other ‘creative’ means)



  27. Links 4/12/2021: IPFire 2.27 Core Update 162 and Genode OS Framework 21.11

    Links for the day



  28. Links 4/12/2021: Gedit Plans and More

    Links for the day



  29. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day



  30. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts