Skip to main content

SlackSlack deliberately chose not to implement end-to-end encryption, prioritizing enterprise management over privacy

Despite widespread use and privacy advocates calling E2E encryption essential, Slack has never offered end-to-end encryption. In 2018, Slack's CISO stated paying customers were more interested in enterprise key management than E2E encryption. Slack encrypts data in transit and at rest but data remains accessible to Slack's systems and personnel, with workspace owners able to monitor all chats including private ones.

Scoring Impact

TopicDirectionRelevanceContribution
Encryption & Privacy-againstprimary-1.00
User Privacy-againstsecondary-0.50
Overall incident score =-0.429

Score = avg(topic contributions) × significance (medium ×1) × confidence (0.57)

Evidence (1 signal)

Confirms Statement Jan 1, 2021 documented

Mozilla Foundation flagged Slack's lack of end-to-end encryption and employer monitoring capabilities

Mozilla Foundation's Privacy Not Included guide noted Slack lacks end-to-end encryption and allows workspace owners to monitor all chats including private ones. Slack's CISO stated in 2018 that paying customers preferred enterprise key management over E2E encryption.

Mozilla Foundation(opens in new tab),Salesforce Ben(opens in new tab)

Related: Same Topics

Apple · Apple refused FBI order to create iPhone backdoor in San Bernardino case
Apple · Apple launched Advanced Data Protection with end-to-end encryption for iCloud
Signal Foundation · Signal threatened to exit UK rather than comply with Online Safety Bill encryption backdoor requirements
Signal Foundation · Signal's response to federal grand jury subpoena demonstrated minimal data retention - only account creation date and last connection date
Proton AG · Proton pushed back against Australian eSafety Commissioner's demands for user data access