The Rise Of More Secure Alternatives To Everyone's Favorite Chat App, Slack

from the well-this-could-get-interesting dept

Like a ton of people and companies, we've been using Slack here. While we saw some folks claim it was revolutionary, we found it to be a nice, but somewhat marginal, upgrade to our previous use of Skype chat rooms. But, over time, it has certainly gotten comfortable, and there have been some nice feature add-ons and integrations that have made it a pretty cool service overall -- though if you really want to use it to its fullest extent and switch to the paid version, it can get pretty pricey, pretty quickly. I also am in a bunch of other group Slack chats, as it's basically become the platform of choice for group discussions.

However, in these days where hacked emails are in the headlines, I can see why some might get nervous about using a tool like Slack. Not that there have been any known breaches of Slack that I'm aware of, and I'm sure that the company takes security very seriously (it would undermine its entire business if it failed on that front...), it's been interesting to see other options start to pop up, which might be more appetizing for those who are extra security conscious.

Just as we've been encouraged to see greater use of encryption on mobile phones, email and on websites, it's good to see new entrants trying to take on Slack with a focus on security and privacy. The most recent, and perhaps most interesting, player in the space is SpiderOak, which recently launched its Semaphor Slack competitor on the market. I've been playing around with it -- and while it's early on, it certainly has potential. SpiderOak is the company you should already know of that provides an encrypted "zero knowledge" cloud backup solution. Since you keep the keys, even though it's hosted in the cloud, SpiderOak has no way to decrypt your files should anyone hack in, or should the government come calling. It's now taken that approach to Semaphor, which obviously takes its inspiration from Slack (and feels quite similar), but with the same zero knowledge encrypted setup. You get a key and that encrypts all of the data in your group messaging.

There are some limitations there -- of course -- because any team member might leak their key (though whoever gets in would just have access to whatever that team member can see). And, because of this setup, it's not as easy to do "integrations" with third-party apps and services, which is a key selling point of Slack. Semaphor is apparently trying to work its way around this limitation by creating bots that act as their own users within Semaphor (something Slack has also), but where the bots themselves become the key to integrations. It's a bit more clumsy, but if it helps keep things secure, that seems promising.

SpiderOak also, kindly, makes the Semaphor client source code available for anyone to audit, which is necessary if anyone's going to take their encryption seriously. Of course, Semaphor is, like Slack, working off a Freemium model, where additional features require per user fees, which can add up. One nice feature of Semaphor that Slack doesn't have: the ability for individuals to pay their own way. That is, there are lots of Slack groups that are general interest groups around certain topics, and not a company's own internal group. Those groups are never going to use a paid option, because there's no "company" to pay for all users. Semaphor offers an alternative, where each user can just pay their own way -- which might be appealing to some user groups.

The other alternatives that have been getting some attention lately are a couple of attempts to basically create a truly open source Slack clone that can be self-hosted. The two big players here are Mattermost and RocketChat. Both have built open source, self-hosted Slack clones (and both try to make money by offering paid hosting for those who want it). Mattermost is quite upfront that it's building a Slack alternative -- it's all over its website -- though it also points out that it's tried to improve on some things in Slack. RocketChat doesn't seem to mention Slack, and, frankly, feels a bit behind Mattermost in development (though it also announced that it's about to run a Kickstarter campaign to jumpstart more development.

Now, whether or not a self-hosted open source alternative is more secure than Slack... may depend. If you're doing the self-hosted version then you're basically relying on your own ability to keep the implementation secure. That might work. Or, whoever you have securing your installation might not be as good or as responsive as, say, the security team at Slack. But, using an open source solution that you host obviously does provide you with a lot more control and the ability to make any changes you think are necessary.

As someone who talks quite frequently about how competition drives innovation, it's great to see all of this happening. I don't think any of them will harm Slack's place in the market, which has become pretty standard in a lot of companies, but as more and more companies are realizing that they need to really think through security of their communications tools, it's a very good thing to see competition popping up. Hopefully, these competitors get stronger as well, and help drive more overall innovation -- including the focus on security and encryption -- across the entire market.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: chat, cloud services, encryption, messaging, open source, security, work
Companies: mattermost, rocketchat, slack, spideroak


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    John, 3 Aug 2016 @ 6:15pm

    IRC

    I'm hanging for someone to make a kickass GUI for IRC. I've found a few promising ones - like KiwiIRC - but I'd love one that takes full advantage of the browser like Slack does.

    Ie:
    * can copy/paste a picture and it uploads to a image host, and then pastes the link in.
    * looks really nice and easy to use
    * gives people the option to hide all the IRCy stuff, and just make it point and click.

    Anyway, good to see some competition!

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 3 Aug 2016 @ 7:25pm

    Usenet still exists, you know

    I realize that many uneducated newbies don't know about it and haven't bothered to learn how to use it -- but anyone who isn't using Usenet is simply not Internet-literate.

    And there are ways to use it that are far more secure than the rubbish that Slack et.al. are peddling. Not surprising: you don't make things more secure by adding code, you make them more securing by removing code. Usenet's infrastructure has the advantage of a 35+ year head start and an architecture that was built to survive routine connectivity problems that were far worse than anything we see today.

    No, it's not fancy. But it works, it requires minimal computing resources, it's massively scalable, it's very difficult to attack, it's also difficult to DoS, it's easy to use anonymously, it's built on open source (and open standards), and it's not susceptible to manipulation by court orders, NSLs, or anything else -- a major advantage over services like Slack, which will of course roll over and hand over all user data in their possession the moment a government agency asks them for it.

    We don't need more competitors in the Slack "space", so to speak. We need more people taking the time to learn fundamentals that have long since proven themselves vastly more enduring and clearly superior.

    link to this | view in thread ]

  3. identicon
    Vlad, 3 Aug 2016 @ 8:25pm

    Re: Usenet still exists, you know

    Hell, I'm old enough to remember when Comcast gave their users 10gb Usenet traffic a month. Flame wars were real, but now the internet is a shell of itself. Echo chambers are everywhere and Verizon is going to hoover and monetize more eyeballs & data than GOLIATH post AOL/Yahoo. Tis sad, really.

    link to this | view in thread ]

  4. identicon
    Gadzooks, 3 Aug 2016 @ 8:51pm

    EFF recommends OTR

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 4 Aug 2016 @ 5:23am

    Slack??? Slack??? What the hell is Slack?

    Eh!! Can't you just pick up the old tin can and call your neighbour over that?

    link to this | view in thread ]

  6. icon
    Mike Masnick (profile), 4 Aug 2016 @ 10:47am

    Re: Usenet still exists, you know

    We don't need more competitors in the Slack "space", so to speak. We need more people taking the time to learn fundamentals that have long since proven themselves vastly more enduring and clearly superior.

    Er, yes, more competition is always good.

    And usenet, frankly, doesn't really suffice as a tool for work groups. And, yes, I know how to use it -- I was a regular on Usenet in the early 90s before the web came around. I lived in Usenet and IRC.

    But this is for a different kind of thing.

    link to this | view in thread ]

  7. icon
    Mike Masnick (profile), 4 Aug 2016 @ 10:49am

    Re: EFF recommends OTR

    FWIW, OTR is a protocol, not an app. And it's generally more for one on one chat, which is a very different use case than Slack and the others above, which are for persistent groups working together on projects.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 4 Aug 2016 @ 5:01pm

    TD's OS choice?

    Do you TD peeps run Windows, Mac, Linux, or other?

    link to this | view in thread ]

  9. identicon
    racyanne, 4 Aug 2016 @ 6:41pm

    It's yet another proprietary app

    where we have to trust, the corporation that owns the code, that there are no backdoors. That security issues are actually dealt with, and where we have no means of validating the code.

    link to this | view in thread ]

  10. icon
    Mike Masnick (profile), 6 Aug 2016 @ 8:05pm

    Re: It's yet another proprietary app

    Wait. Did you not actually read that all the products we discuss are open source?

    link to this | view in thread ]

  11. icon
    frank87 (profile), 9 Aug 2016 @ 2:33am

    Re: Usenet still exists, you know

    In computer industry, reinventing the wheel is an art form.

    We used to say that the specs of every application will eventually include e-mail-functionality.

    link to this | view in thread ]

  12. icon
    frank87 (profile), 9 Aug 2016 @ 2:44am

    Re: Re: Usenet still exists, you know

    That's true. It isn't the tool, it's the user base. Every tool breaks down with enough flaming trolls, or too little serious users.

    Some filtering can be used to handle lot's of messages, but that has it's limitations too.

    In the end, it's only a tool to communicate with a community. And communities can be time consuming.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 6 May 2018 @ 11:56am

    I like Discord myself.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.