Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy

User Outcry As Slack Scrapes Customer Data For AI Model Training (securityweek.com) 34

New submitter txyoji shares a report: Enterprise workplace collaboration platform Slack has sparked a privacy backlash with the revelation that it has been scraping customer data, including messages and files, to develop new AI and ML models. By default, and without requiring users to opt-in, Slack said its systems have been analyzing customer data and usage information (including messages, content and files) to build AI/ML models to improve the software.

The company insists it has technical controls in place to block Slack from accessing the underlying content and promises that data will not lead across workplaces but, despite these assurances, corporate Slack admins are scrambling to opt-out of the data scraping. This line in Slack's communication sparked a social media controversy with the realization that content in direct messages and other sensitive content posted to Slack was being used to develop AI/ML models and that opting out world require sending e-mail requests: "If you want to exclude your Customer Data from Slack global models, you can opt out. To opt out, please have your org, workspace owners or primary owner contact our Customer Experience team at feedback@slack.com with your workspace/org URL and the subject line 'Slack global model opt-out request'. We will process your request and respond once the opt-out has been completed."

This discussion has been archived. No new comments can be posted.

User Outcry As Slack Scrapes Customer Data For AI Model Training

Comments Filter:
  • by smooth wombat ( 796938 ) on Friday May 17, 2024 @01:14PM (#64479629) Journal

    It's one thing to say you're scraping the messages. It is quite another to admit you're scraping people's data, particularly data which could possibly have PII or other restrictive issues, not to mention the usual confidential information.

    I'm presuming common sense or legal considerations doesn't enter into business decisions any longer.

    • by Midnight_Falcon ( 2432802 ) on Friday May 17, 2024 @03:14PM (#64480003)
      The fact they decided to make opt-outs a manual process requiring an email -- when literally everything else is an app setting or button -- means that the Product person sat down and very consciously decided not to include an easy way to opt-out. They probably had a conversation with the security leadership and asked what was the minimum legally viable option, and which they decided a manual e-mail works as having people send postal mail would be too inconvenient for them to process.

      Come on slack product and security teams. Stop being evil. You know what you did, and you know you intentionally worked around major privacy concerns to help this company (which will lay you off one day) make more money.

      • Honestly I wouldnâ(TM)t be surprised that the reason for the e-mail is no one thought about it, realized it was an issue (or thought someone else was managing it) and are now scrambling to manage it, and donâ(TM)t have time to add an automated opt out process yet.

        • Nah, this is Silicon Valley Tech company. Everything begins with a sprint/JIRA ticket, and the PMs get first crack at the spec. Just siphoning the data into AI would've been a ticket item, and there's no way this didn't have a bunch of eyes on it. I'd say it's far more likely that someone came in and said "Leadership wants to get our data used in AI training as fast as possible." and then this charade ensued.

          You code, right? Adding an automated opt out is basically boolean in a column for each customer

    • One reason I've tried to discourage its use, among many others. As I wrote in 2016:
      https://pdfernhout.net/reasons... [pdfernhout.net]
      "As a summary, the main issues in using Slack for free/libre software projects include:
      * Proprietary vs. Free; free alternatives exist like Mattermost and Matrix.org and others
      * Sending the wrong message about free software communications out of convenience
      * Reduces interest in free software and public standards for communications
      * Changeable Terms of Service
      * Arbitrary termination of access p

  • by Bongo ( 13261 ) on Friday May 17, 2024 @01:17PM (#64479637)

    "All your data is being processed securely."
    -- ChatGPT

    again

    "All your data is stored in the cloud."
    -- ChatGPT

    again as a joke

    "All your data are belong to us."
    -- ChatGPT

  • by account_deleted ( 4530225 ) on Friday May 17, 2024 @01:17PM (#64479639)
    Comment removed based on user account deletion
    • by Rademir ( 168324 )

      You think Discord isn't doing this, or about to?

      There are other options. Mattermost, Signal...

      • Uhuhhhhhhhâ"- whoosh?!!?
        • There is nothing to be wooshed here. We live in a world of people who don't read terms of services and who then make knee jerk reactions by moving to other services for which they also don't bother reading the terms.

          Considering the OP's post a wooshable joke would imply that humanity has some kind of base intellect, something which we have objectively demonstrated we don't have.

      • Comment removed based on user account deletion
        • I have never heard of Mattermost and am researching it now.....

          There is also Jitsi (https://jitsi.org/), which is Free Software and can be hosted on your own servers if you're so inclined. If you're not so inclined, you can use their servers.

    • Discord seems to be the destination for slack refugees. php-ug slack expects to shut down in the next month. MS Teams is our next stop.
  • The company insists it has technical controls in place to block Slack from accessing the underlying content ...

    Meaning, while Slack doesn't have access to your corporate data/secrets, our AI does. But don't worry, nothing could go wring with that. AI's can't be tricked into leaking training data. [Someone whispers in his ear.] Wait! what?

    To opt out, please have your org, workspace owners or primary owner contact our Customer Experience team at feedback@slack.com with your workspace/org URL and the subject line 'Slack global model opt-out request'. We will process your request and respond once the opt-out has been completed."

    We double pinky-swear that you'll really, actually be opted-out for-sure. ;-) ;-)

    [ Disclaimer: Excluding any data already scraped. ]

  • "We do not develop LLMs or other generative models using customer data. To develop non-generative AI/ML models for features such as emoji and channel recommendations, our systems analyze Customer Data"

    "such as" is a bit iffy though. That could include mining your data for better stock picking in their insider trader bot or whatever.

    If I were them, I'd use the apologies for this PR fuckup to announce E2EE.

  • "We will process your request and respond once the opt-out has been completed." So you submit your request and then your slack channel goes to the front of the line for processing before its opted out.
  • Training a LLM on publicly available scraped web data is one thing. But training it on non-public data is a completely different story.

  • And only IT-tards and their PHBs ever thought it was.

  • The two are not the same. A user in the free tier is not a customer, they are the product.

  • When the Internet was redesigned for the cloud, it was in the interest of large companies. It concentrated a huge power in their hands, and now they become every day less shy in finding new ways of abusing their customers.
  • The GDPR and similar laws should be updated to make training opt in, with disagree being the default with financial compensation for agreeing. Of course the darknet markets will ignore it as usual, they already make deepfakes trained on revenge porn.
    • by Bongo ( 13261 )

      Under GDPR you're not allowed to collect a bunch of data for one purpose and then one day change or add another propose, especially if the new purpose surprises people, in the sense that they would not have reasonably expected the new thing to have been in the scope of the original purpose.

  • Microsoft doesn't have Youtube, Google search, Gmail, Facebook or Instagram.

    Microsoft will use Onedrive data and windows desktop data to train its AI.

    • by alcmena ( 312085 )
      Don't forget Microsoft Teams and Outlook. Especially since many places basically forced Teams because it was "already included" when they signed up for Outlook.
  • It's Salesforce (Score:4, Insightful)

    by SAU! ( 228983 ) on Friday May 17, 2024 @02:58PM (#64479951)

    Slack is owned by Salesforce now, so why is anyone surprised by this? They've been harvesting customer data for years...

  • If you don't want Slack, FB, (insert Tech firm here), to look at your data, then don't give it to them. Otherwise, enjoy the suck knowing you are helping some MBA who greenlit the unauthorized use of your data buy another vacation home.
  • We have what's needed to run virtually everything self-hosted and/or decentralized, at this point I think it just begun a must rather than an option.
  • But that means that there's any error in training and your corporate secrets can bubble up somewhere you do not want

All theoretical chemistry is really physics; and all theoretical chemists know it. -- Richard P. Feynman

Working...