Slack rolled out a new feature this week named Connect DM. It allowed people to send direct messages to people they don’t even work with. A few hours later, the company was already regretting this decision because people showed just how easy it is for harassment and abuse to proliferate.
Slack rolled out Slack Connect in 2020, which allowed companies to create channels and share them between different Slack servers to help with business operations.
For instance, two companies working on the same project could create a channel where they could talk to each other easily.
Backfired
In what was an attempt by the company to position itself as the global chat platform of choice, Slack added a feature that allowed anyone in the world with a paid account to send Direct Message requests to any other Slack users in the world (paid account or not).
Ilan Frank, the VP of product at Slack confirmed that the company is deliberately trying to be the chat app of choice. He said that when someone opens up their phone, they connect with friends and if they’re connecting with co-workers, regardless of where they work, they should be clicking on Slack.
The loophole
Slack did put some thought into it but it missed something. The company considered the potential for bad actors to use the platform for harassment and abuse.
Slack put up a gate in place with a pretty huge ‘doggy door’. Connect DMs are opt-in. Someone makes a request that you can accept or not. However, when making the request, users can send a message of up to 560 characters (the doggy door) to go with it. So, even before you accept the messages, someone already could say a lot of mean things to you in 560 characters. Which opens the door for harassment and abuse.