One company I worked for used to have an unofficial “ex-company” slack setup, where people would get invited to by others that have already left and were in there, it was kinda nice since you form bonds with people and suddenly they’re just gone. You might have not managed to connect with them in any other form. But you login to “ex-company” slack workspace and here they are - everyone that went through the company. I mean lots of people would stop responding after a while, but there was enough time “buffer” to allow people to connect with other means.

I am in a Discord of full people that all got laid off from the same place in 2019 (I actually left on a Wednesday for a new job, and everyone else got their pink slips Friday that same week). At first it was pretty lively, as you can imagine, but its settled into a wonderfully cozy online space and I'm so glad I'm a part of it. It's good to have connections to people with whom you have shared experiences but no real ongoing professional relationship (these are called "friends"). It's also good for networking, since we're all in the same industry. In some ways it just feels like a continuation of the Jabber rooms we all shared when we worked together, but it's also something more.

I am a part of one such group! It started as a WhatsApp group for all ex-employees, but has now morphed into a discord server. It's a great way to remain connected to friends you make at work, and recently, it has also become a way to share job openings to your network to help laid-off people.

Anybody have connection to the ex-google one if there is? I just left and didn't see it referenced in any of the leaving guides.

Leaving guides? I imagine a pamphlet.

"We wish you well on your departure; as you embark on new adventures your about to open your eyes for the first time.

This may be a shock to some of you as you may discover that the world is more dystopian than you've may of seen from your altered reality mind-implants.

We would like to thank you for your service as a tool at the corporation."

"Handbook for the Recently Terminated"

As long as it doesn't read like stereo instructions ....

You could rewrite Plato’s Cave for some companies, especially the insular ones where there’s some culture shock when you get into “the real world”.

Plato’s cave needs to be rewritten anyway

time to just acknowledge that its an overly long arduous convoluted setup that can be vastly simplified for the message it creates

if Plato's cave were rewritten today, it would probably be from the perspective of the cave

Tempt me with a good time lmao. "Imagine someone spends their entire life in a dark room with only an ebook reader..."

https://xoogler.co/ has a xoogler slack

This seems common now, I’m part of two such groups and it’s a nicer experience than trying to keep up via LinkedIn.

Only a recruiter would think keeping up on LinkedIn would be the route to take

> One company I worked for used to have an unofficial “ex-company” slack setup,

More than one for me.

Fortunately in Europe what the said boss did is illegal and this can end with a criminal prosecution.

The rules on this vary across Europe, though broadly speaking accessing an employees mailbox is “something you only do after speaking to legal”.

The patchwork of national laws and national interpretations of EU regulations is quite interesting, and rather confusing especially if you do offensive security work or DFIR.

As an example, when doing consultancy we would do the usual phishing as part of an assessment. Usually this is followed by dumping the users mailboxes to look for further credentials/access to corporate resources (eg: are they emailing passwords around?) - but in some countries such as Germany that’s often explicitly ruled out due to fear of breaching privacy regulations.

> The rules on this vary across Europe

Not really, ECHR has already ruled on this.

It's pretty much only allowed if there's an important reason for it. For example, to recover something invaluable (contract, code, report) that isn't available somewhere else and cannot be replaced. In that case that's also the only thing that them employer can look for. They can't open obviously unrelated e-mails. So before talking to legal, make sure you have a valid reason.

What mechanism is there to prove who looked at what emails? And who would be there to enforce it, especially at a small business?

Difficult, very difficult on deed. As with most corporate and whize collar crime, the investigation rate is extremely low. That being said, worker councils and unions. The former has to involved in these things, if the exist. The latter pushes for the former.

That is valid for Germany.

There really is none. A smart company would work with the 4 eyes principle though (still no guarantee).

However, if a company does find an unrelated e-mail they want to use against you (which is what most people fear), that makes them liable.

What? First, Europe isn't a single country and there are large difference between legal systems.

Second, what you said is just plain wrong in at least one. In France (which is known for strict worker protections) the employer can go through any employee's mailbox or files on their work computer/account provided 1. that the messages/files in question aren't clearly marked as personal 2. that the conditions for the access are laid down in advance with proper notice. When an employee is let go, they need to be given time to empty their mailboxes etc of private correspondence or files. https://www.cnil.fr/fr/lacces-la-messagerie-dun-salarie-en-s...

I had some DM’s which were of personal nature that were rifled through after a contract ended. How do you "clearly mark a DM as personal"? It was creepy, and further illustrated that anything you say in Slack can and will be viewed by the whole company. If not literally, then that’s how you should treat it.

You might be right that it’s not illegal, but it would be nice to have those kinds of protections. Trying to talk to anyone at work in the WFH era is a field of landmines, because you never know at any given time whether what you say will make it back to the person you’re discussing. Discussions like that are a normal and healthy part of socializing with coworkers, and it happens at every company. Except in the WFH era everything you’ve typed is a permanent record, whereas previously you’d be able to say something to a coworker without worrying that someone else will someday hear it.

But, it’s a new era. It’s easy to adjust. Just don’t get personal at work. It sucks, but work is designed to suck, or else it wouldn’t be work.

The way this was communicated to me in the past was "don't say/write anything using company resources that you don't want to see on the front of <insert major news publisher>". All communications on employer-operated platforms are subject to discovery.

Senior leaders tend to skirt this by using the telephone or video calls predominantly. However the infiltration of machine learning and AI means transcripts of calls, etc are now possible too.

In addition, the growing use of "disappearing" messages despite litigation holds has come up in more legal cases recently.

A video call on a company account isn't ironclad but, unless you're discussing something actually illegal, it's probably good enough for most purposes. Maybe not as good as personal cell phones or in-person, but a lot better than anything written--especially on company systems.

That seems like it would be a much larger constraint than you're making it out to be.

> anything you say in Slack can and will be viewed by the whole company. If not literally, then that’s how you should treat it.

Anyone thought otherwise?

Most large companies will tell you two contradictory things:

First of all, they'll tell you that even the most junior helpdesk workers can remote onto your machine, reset your password, disable your 2FA, and monitor all your web browsing and chat history.

Second of all, that this unannounced product, this not-yet-filed patent, this big planned layoff, this prospective hire background check result, these upcoming financial results, this employee's reason for needing medical leave, this pentest result document, and this forthcoming change to pricing are Strictly Confidential. You shouldn't discuss them even with your own boss, unless you've first confirmed they're on the need-to-know list, and that certainly doesn't include level 1 helpdesk workers.

Most large companies, to address this contradiction, will say access is possible but rarely used, tightly controlled and carefully audited.

It is still strange to me that:

1) people think that anything sent on an employer system isn’t visible to the employer

2) people send private DMs from work accounts

In private DMs?

In company Slack?

Private != personal. At least I never ever imagined one could even assume DMs on work IM are personal private conversations. They're organizationally grouped as chat between to accounts, as opposed to group chat, but they're at work, for work, using work-provided tools...

Or put another way: why would anyone consider work Slack to be different in this regard than company e-mail? Much like with e-mails, the difference between DMs and group chats is whether the number of participants is > 2.

I guess the cognitive dissonance is that I used to be able to say things to a coworker in-person which wasn’t recorded and tracked, using my voice. This was always a normal part of work, and I didn’t give it a second thought until it was gone. Nowadays it feels like someone is constantly standing over your shoulder whenever you’re at work, and there’s never a private moment. This is especially strange during holidays, since personal conversations tend to spontaneously happen around those times.

You’re right of course. I just wish we had something to fill the void that was left by in-person interactions vanishing. I think I’ll be doing WFH pretty much the rest of my life, and I absolutely hate going into an office in general, but there are definitely some aspects I miss. Being able to chat off the record with a coworker is one of them.

That's funny, because as someone who has worked mostly remotely, I consider the recording of every chat a feature. For example, I have been able to use this to figure out why code I wrote a decade ago is the way it is.

Call! Yes, most communication can be done with chats in slack or teams, but take the excuse to call and chit chat a bit before getting down to business.

Unless all calls are transcribed and recorded, it’s pretty “watercoolerish”.

At that point, the bigger risk is that someone repeats something to someone that you wish they hadn't. But I've had that happen with an in-person conversation.

What the said boss did sounds to me like impersonation, which is not only illegal, but a crime. Accessing records kept on company assets is one thing, logging in to someone's account in a communication software is another.

> Europe isn't a single country

Correct, but it does have a single ECHR. Even though some countries still ignore them.

What ECHR principle are you referring to here?

The "article" is published by the French data protection authority. They update them when regulations change. They didn't update this one. Make a deduction, now.

> However, since France is in E.U. what you describe should be illegal.

What's the regulation or directive you're talking about?

It's completely legal in the US and often mandated by regulation. In some US industries, even your phone calls are recorded by law.

You can’t get private Slack messages easily if you don’t have direct access to the account. There is an audit feature on the Enterprise version that allows it, and you can appeal to slack to open the messages due to a crime or similar - but AFAIK on the normal plans you are out of luck of you want to read private messages as workspace owner.

Request access to former employee’s corporate email and reset the password.

Hah, that would be the trick wouldn't it. My old manager used to get all of his former employees work emails forwarded to an account he had access to. Ostensibly it was a precaution against accidentally missing anything critical from a vendor or partner.

Yep. That’s how it happened for me.

Ouch. My takeaway is that I should probably delete my slack account before leaving the company.

The takeaway is that no message on Slack should be considered private.

I'd extend that way beyond that, to anything done on a company system/network/device.

If you need privacy, use your personal phone (and don't connect it to the company wifi)

Why would anyone consider a company provided messaging service as private? Or even a company provided laptop, cellphone, etc.

People have terrible opsec.

Because private messages carry an expectation of privacy.

They're different parts of speech from the same root word, after all.

The only expectation of this is in your head. It is a fantasy that doesn't exist.

I know that legally, employee data has no expectation of privacy. But I'd like to gently push back here.

The word "private" means "having privacy" in the normal, everyday sense. Using that word to describe something that isn't private is lying. You and I both know there do exist many people who suffered consequences for not understanding the definition of that word.

In my opinion, the ethical thing to do is to use a different word when no expectation of privacy applies. And the upside is powerful: transparency gains trust.

Slack did this well: they call them "direct messages".

There’s no legal obligation of privacy on a work system though. Not in the US at least.

Slack keeps those messages even if you delete the account when you leave. It's a data retention setting.

Deleting company data before leaving probably won't end well.

The correct mental security model here is “if you used an account on a company issued laptop/phone/any hardware” == “the company technically already has or can get access to the data”. There are so many ways for a company to do that.

Granted, some of these ways might be legal or not depending on jurisdiction, but then lots of company will thread or cross the legal fine line if they are happy with the risk/benefit trade off.

And all but extremely early startups or cheapskate companies have the Enterprise version.

I haven't checked in a while, but I think there's also an API for it too.

I think admins don't need to log into an account to see private messages. Was like that at two of my previous jobs.

It’s usually an additional step as admin to access messages, but “login as” can be easier/simpler.

Learned that Office 365 now has a “login as” for email which is convenient for setting out of office, deleting calendar invites, or email snooping.

Wow, that is creepy.

> Their accounts would periodically go green when he logged in as them.

The new dystopia will be when an LLM steps in to reply like them.