Photo via Roman Kosolapov/Shutterstock.com (Licensed)
With their expanding integration and customization capabilities, collaboration-messaging apps such as Slack and HipChat have carved themselves a nice niche as indispensable management tools, especially in media and tech companies.
But as team messaging becomes more and more integrated into company workflows, we will inadvertently start to share sensitive business—and sometimes personal—information on them.
While these apps are renowned for their extremely efficient functionality, security and privacy are not their biggest strengths. Anything you write or share in a Slack channel or a HipChat chatroom can fall prey to hacking attacks or government surveillance. If you think you have nothing to worry about, just take a look at how hacked Slack accounts cost three Rhode Island teachers their jobs.
So if you want to enjoy the benefits of collaboration apps and don’t want to give up on your privacy, you might want to consider these secure alternatives.
Semaphor is an open-source team messaging app developed by SpiderOak, a company whose applications have gotten the security thumbs up from Edward Snowden. The platform offers secure versions of many features you find on Slack, including group conversations, private messaging with team members, file-sharing, and trusted third-party integrations.
Semaphor uses Zero Knowledge security, ensuring everything is encrypted before being sent from a device and is only decrypted on devices that possess the proper keys. This means conversations remain completely private—no unencrypted data is stored on servers, and even a rogue system administrator with full access to the company’s servers will be unable to decipher your data.
Semaphor is only available as desktop or mobile application and has no web interface. While this might tie your hands a bit in terms of accessing your account from any device, it was a design decision made with security in mind and aimed at protecting users against browser-based attacks.
The tool replaces user-generated passwords, often the cause of account hacks, with multi-word passphrases. Semaphor has also removed email invitations in order to neutralize the threat of phishing attacks.
You might be disappointed to see that Semaphor will not provide URL previews or email digests, however, but again, it’s for your own protection.
Semaphor comes with a limited free edition as well as a personal and pro plans, which will cost you a monthly $6 and $9, respectively.
Wickr Pro users can set self-destructing timers as short as a few seconds for their conversations, and messages will be automatically deleted after the time elapses. The creators of the app believe this is what sets their platform apart from the competition. Indeed, old records of conversations have done a good deal of damage on several occasions, and not having to worry about deleting your chat history can be a convenience, if not a game-changer.
Wickr Pro’s end-to-end encryption applies to chatrooms, shared files, and audio calls, and the self-destruct feature applies to both individual messages or entire rooms. If you want to keep a history of specific conversations, Wickr Pro offers a silent bot feature that records chats without giving access to employees. This might be convenient for organizations that need auditable records of chat logs.
As if end-to-end encryption and self-destructing messages weren’t enough, Wickr also provides perfect forward secrecy, which means encryption keys change with every message in order to make cracking communications even harder.
The one downside to Wickr Pro, which is still in beta, is that it’s not open-source, a fundamental requirement of secure messaging. This means the programming code has not been made publicly available for scrutiny, and no one—except for the company itself—can guarantee that it hasn’t been inflicted with a government backdoor. However, this might change in the future, as a spokesman for the company said to Wired in a recent interview.
Another factor that might make Wickr Pro less attractive is the pricing. A typical installation of the app will cost $50,000 a year for a company with a hundred employees, three times the price of Slack Premium. But nobody said privacy would be cheap.
What if you want to continue Slack?
Old habits die hard, and there’s a likely chance that you want to continue using Slack as your team collaboration platform but still want to improve the security. In that case, you might want to take a look at Cyphor, a secure web extension developed by two Canadian students.
Cyphor adds a layer of encryption to communications on web platforms, and handles the keys separately, giving users an added degree of security and preventing data breaches or unwarranted data access to spill out your sensitive information. The application integrates seamlessly with most famous platforms such as Gmail, Facebook, and Slack.
Whether you want to move on to a new platform or stick to Slack, you should be more careful on what you store on your collaboration platforms and how you store it.