cross-posted from: https://infosec.pub/post/12406642
Body of the toot:
Absolutely unbelievable but here we are. #Slack by default using messages, files etc for building and training #LLM models, enabled by default and opting out requires a manual email from the workspace owner.
https://slack.com/intl/en-gb/trust/data-management/privacy-principles
What a time to be alive in IT. 🤦♂️
ah ok, so if it’s not at rest and it’s not in transit, what else is it?
vibing
In their database lol. I’m sure whatever file storage they use is encrypted but doesn’t matter when you have the keys and can view all the data unencrypted.
is it that easy to sell this shit to the average CTO?
Unfortunately corporate security is a joke in many aspects.
there is a type of leader out there that takes gartner magic quadrants seriously and makes decisions from that information
and they’re not rare.
I’ve done UX on a few B2B SaaS things and the U meant CTO in most (sanctioned) cases
As long as you can check the boxes to an auditor.
you see, your data can never be at rest if they’re constantly using it to train LLM models and exploiting it for other marketing purposes
…god this is stupid enough that I’m very sure I’m going to hear it in earnest from some AI shithead next time one of our threads hits all
at rest, in transit, in plunder
…in perpetual motion
they use it for their matrix screensavers
out jogging: that’s you keep data fit. gotta keep it moving. unfit data quickly starts falling into bitrot. that’s what you get by buying a slack subscription - crosstrainers for your data!
trade secret tho, don’t tell anyone