this post was submitted on 17 May 2024
68 points (100.0% liked)

TechTakes

1427 readers
115 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS
 

cross-posted from: https://infosec.pub/post/12406642

Body of the toot:

Absolutely unbelievable but here we are. #Slack by default using messages, files etc for building and training #LLM models, enabled by default and opting out requires a manual email from the workspace owner.

https://slack.com/intl/en-gb/trust/data-management/privacy-principles

What a time to be alive in IT. 🤦‍♂️

you are viewing a single comment's thread
view the rest of the comments
[–] fasterandworse@awful.systems 12 points 6 months ago (2 children)

What does this mean regarding their claims that data is encrypted at rest and in transit? https://slack.com/resources/why-use-slack/slacks-enterprise-security-features

[–] mawhrin@awful.systems 22 points 6 months ago
  • ‘at rest’ → we're using filesystem encryption
  • ‘in transit’ → we're using TLS

neither is end-to-end encryption, the data is not private to the service provider.

[–] cooljacob204@kbin.social 13 points 6 months ago* (last edited 6 months ago) (1 children)

That's just a fancy way of saying they use tls, like the rest of the world.

They decrypt it once it hits their servers and do whatever they want with it.

[–] fasterandworse@awful.systems 6 points 6 months ago (5 children)

ah ok, so if it's not at rest and it's not in transit, what else is it?

[–] cooljacob204@kbin.social 10 points 6 months ago* (last edited 6 months ago) (1 children)

In their database lol. I'm sure whatever file storage they use is encrypted but doesn't matter when you have the keys and can view all the data unencrypted.

[–] fasterandworse@awful.systems 5 points 6 months ago (3 children)

is it that easy to sell this shit to the average CTO?

[–] cooljacob204@kbin.social 6 points 6 months ago

Unfortunately corporate security is a joke in many aspects.

[–] froztbyte@awful.systems 4 points 6 months ago (1 children)

there is a type of leader out there that takes gartner magic quadrants seriously and makes decisions from that information

and they're not rare.

[–] fasterandworse@awful.systems 4 points 6 months ago* (last edited 6 months ago)

I've done UX on a few B2B SaaS things and the U meant CTO in most (sanctioned) cases

[–] Evotech@lemmy.world 3 points 6 months ago

As long as you can check the boxes to an auditor.

[–] self@awful.systems 8 points 6 months ago* (last edited 6 months ago) (1 children)

you see, your data can never be at rest if they’re constantly using it to train LLM models and exploiting it for other marketing purposes

…god this is stupid enough that I’m very sure I’m going to hear it in earnest from some AI shithead next time one of our threads hits all

[–] fasterandworse@awful.systems 9 points 6 months ago

at rest, in transit, in plunder

[–] mawhrin@awful.systems 7 points 6 months ago (1 children)
[–] fasterandworse@awful.systems 8 points 6 months ago

they use it for their matrix screensavers

[–] froztbyte@awful.systems 4 points 6 months ago

out jogging: that's you keep data fit. gotta keep it moving. unfit data quickly starts falling into bitrot. that's what you get by buying a slack subscription - crosstrainers for your data!

trade secret tho, don't tell anyone