Email or username:

Password:

Forgot your password?
Mark Newton

Slack is now using all content, including DMs, to train LLMs.

They offer a thing they're calling an "opt-out."

The opt-out (a) is only available to companies who are slack customers, not end users, and (b) doesn't actually opt-out.

When a company account holder tries to opt-out, Slack says their data will still be used to train LLMs, but the results won't be shared with other companies.

LOL no. That's not an opt-out. The way to opt-out is to stop using Slack.

slack.com/intl/en-gb/trust/dat

 We offer customers a choice around these practices. If you want to exclude your Customer Data from helping to train Slack global models, you can opt out. If you opt out, Customer Data on your workspace will only be used to improve the experience on your own workspace and you will still enjoy all of the benefits of our globally trained Al/ML models without contributing to the underlying models.
84 comments
Briala

@NewtonMark Someone raised it in our internal Slack support channel this morning and someone in IT Security responded. I suspect Slack are about to get some sharp questions from our reps about this in the next day or so. I can unhesitatingly say it goes directly against our IT Security and Privacy policies :) since we had mandatory training about that in the past 2 weeks.

Tom Dullemond

@static @NewtonMark “hey slack bot what would be a plausible credit card number for our corporate account?” “Hey slack bot what could the CEOs salary be?”

KeyJ

@static @NewtonMark So, according to your IT Security and Privacy policies, using a third-party cloud service for internal communication of trade secrets is fine, but using the data for LLM training is where you draw the line? Not gonna defend Slack's shitty move, but that reasoning seems to be a bit arbitrary too.

If you're handing over *any* amount of data to a third party, you can consider that data public. Even without LLM training stuff, there *will* be some kind of breach eventually.

Ian

@KeyJ @static @NewtonMark there's a huge difference between handing over your data for storage and having your data actively scanned. Not to mention it's on by default and opting out is a high-friction affair.

Briala

@KeyJ @NewtonMark It's a balance-of-probabilities thing as to whether internal company traffic traversing a third-party service might ever be subject to a security breach. Companies like Slack sell their services on being secure and private. They don't want a breach; their customers don't want a breach.

This LLM thing is quite different. For a start, it is quite deliberate. Secondly LLM training is explicitly mentioned in the policy. We're not forbidden to use them, but sending confidential data to them requires approval. That's the sort of conversation that will be happening now.

@KeyJ @NewtonMark It's a balance-of-probabilities thing as to whether internal company traffic traversing a third-party service might ever be subject to a security breach. Companies like Slack sell their services on being secure and private. They don't want a breach; their customers don't want a breach.

Stephen Thorne

@NewtonMark ever since my first experience with the anti-abuse measures on slack (there aren't any: you have to escalate to admins) I stopped using it for any reason.

I feel very validated, seeing this as well: They just don't understand abuse, human or robot.

Luyin

@jerub @NewtonMark I'm wondering how to get the huge corporation I'm working for to stop using it though. Will they care if a single employee says "I can't agree to these terms"?🙄

Stephen Thorne

@luyin @NewtonMark I'm so sorry. While I have the option of simply not participating in community spaces on slack, you don't have that luxury.

I don't yearn for the time when email was the only method of communication, but I do appreciate how it remains relevant.

linjari

@NewtonMark ...okay back to internal irc server.

Mark Newton

@linjari Do you think they know how replaceable they are?

trusty falxter 🧠

@NewtonMark
Sure. But they will assume that those who haven't left yet will accept anything.
@linjari

Martin A. Brooks

@NewtonMark I don't think this is new. I'm almost certain I saw this in their T&Cs several years ago.

mjt

@mart_brooks @gdinwiddie @NewtonMark my god, corps are willing to turn everything into shit to make money. And how to stop them? Market power ain’t what it’s thought to be, never was. So the paroles are perfectly and truly screwed. Again.

eberhofer

@NewtonMark are they replaceable? What do you recommend?

Mark Newton

@eberhofer Self hosted Mattermost? IRC? Google Chat? Teams? Depends on your use case, but Slack didn’t exactly move in to an empty field.

⠠⠵ avuko

@NewtonMark @eberhofer on-prem Mattermost has been used at some places I’ve worked.

eberhofer

@mirabilos @NewtonMark I was thinking the same.

Self hosting seems to be the only way to hopefully get around it and tbh I'm not sure it's worth it.

ahoyboyhoy

@eberhofer @NewtonMark I'll third Mattermost as a pretty seamless drop in replacement.

Stephen Beitzel

@NewtonMark @eberhofer As well as the other suggestions, there’s Matrix.

FeralRobots

@NewtonMark the nature of #LLM training is that all training data is inherently shared with all users of the LLM. So their "opt-out" is Frankfurtian #bullshit. I'd love to see what precisely they're claiming to do for the customers who "opt out."

grahamsz

@FeralRobots @NewtonMark I think you could reasonably fine tune an LLM on a per-customer basis. I'd personally like our slack search to work better and thing that could be a really compelling business tool. But I've already opted our company out from the general models, because I can't see how it won't share at least some data.

FeralRobots

@grahamsz @NewtonMark
That's why I'd like to know what they're promising. The disclosure in the ToS is pretty vague. I'm having a hard time imagining how they make non-pooled training work cost-effectively, so my bias is going to be to assume it's possible to prompt hack to get at a company's Slack chat content.

grahamsz

@FeralRobots @NewtonMark You can definitely fine-tune a pre-trained GPT model pretty cost-efficiently. Considering my mid-size company spends 5 figures a year on slack I expect they can afford it. Though I suspect if it's any good there will be a hefty upcharge for it.

FeralRobots

@grahamsz @NewtonMark
Right, but
a) is fine-tuning enough? we've been told before that tuning would keep stuff from showing up that neverthless keeps showing up.
b) how much will that surchage be?
c) will that surcharge actually end up covering cost? I.e., are Slack setting themselves up for an fall in a couple of years?

grahamsz

@FeralRobots @NewtonMark Fine-tuning will definitely stop stuff coming up in other people's results, because you make an extra layer over the existing model with new weights.

You also maybe wouldn't even need that, you could use an embedding model to place each conversation into a high dimensional space, then when you ask a question of the model it searches all relevant conversations to build a better prompt. For a lot of use cases i think that could work just fine.

@overflow 🏳️‍⚧️

@grahamsz @FeralRobots @NewtonMark Even if you could train an LLM per workspace, there's a possibility of prompt injection attacks leaking private messages+channel within the workspace. (And the privacy policy doesn't allow you to opt out of that.) #Slack

ladyteruki

@NewtonMark : I saw someone point out yesterday that this de facto breaks NDAs signed by companies using Slack.

Mark Newton

@ladyteruki Maybe using slack in the first place did that. If you’re posting NDA’ed artifacts on a third party service, you might need a business risk assessment.

ender

@NewtonMark how is that legal??

i feel like they forgot some EU law or something...

T Chu 朱

@NewtonMark

LOL. I had to call my bank recently to replace a card. They said the voice data would be used but I could opt out anytime.

I waited, but there was no mechanism to opt out.

Whitney Loblaw

@chu @NewtonMark gives a completely different meaning to the classic disclaimer "this call might be recorded for training purposes"
- training humans.... or models?

Leon Bambrick

@NewtonMark I, for one, would like to apologise to the LLMs of tomorrow for the content which I have, unwittingly, provided. I feel bad; I should feel bad. Never, and I mean this, never ever use giffy the way I used it in the early 2020s.

Steven Bodzin bike & subscribe

@secretgeek @NewtonMark future LLMs will be able to talk a lot about "birbs" while posting ORLY OWL images

that's in between their going on about "value prop" and other 2020s biz gibberish

Leon Bambrick

@stevenbodzin @NewtonMark humans use a bunch of "anti-languages", argots, patois designed to befuddle outsiders, LLMs are no exception.

My fave anti-language is prison speak. real prison speak: by the time it's known it has changed.

Steven Bodzin bike & subscribe

@NewtonMark ah yes, instead you can use Teams, which will fail to alert users to DMs, will hide most group chats from most users, will have the ugliest emojis ever, and of course, will ALSO use all your info to train an AI

ah, the internet. It's the technology of the future

and it always will be

Debora Weber-Wulff

@NewtonMark
There's an open source system that is similar to Slack, Mattermost. It can run on your own servers, so no one is harvesting your text.

Cassey Lottman

@NewtonMark

I'm honestly still kinda confused about this huge push of every single company to shove AI features into products.

There are things about slack I see people complain about or that could be improved.. but the list of proposed features on that page about AI models is not any of those. None of the proposed "improvements" using AI seem actually useful or like they will really make a difference to most users' experience of Slack.

Mark Newton

@cassey It’s all just a big science experiment. None of these companies have any idea what they’re doing, they’ve just worked out that they can juice their valuation by squirting “AI” everywhere.

P Stewart

@cassey @NewtonMark I assume most of it at this point is shareholders thinking "we were told 'AI' makes the line go up, so it's the company's duty to cram it into everything right away before everyone else who was told the same thing does."

C++ Wage Slave

@pstewart @cassey @NewtonMark
It's even worse than that. A year ago, we had customers asking how we were going to use "AI" in our products: not "how can you solve this problem", not even "could 'AI' solve this problem", but just "we want to use 'AI'." Frankly, it's pathetic. But we did what our customers wanted, and we forced "AI" into every crevice we could find.

I blame FOMO.

Robert Thau

@NewtonMark There are a bunch of alternatives, FWIW. Some try to copy Slack's features and affordances, but what won people over at $dayjob is Zulip, whose "topic" system does something a bit like Slack's "threads" a *whole* lot better. (Also installable on-prem, though metadata -- not content -- for mobile notifications does go through the mothership; avoiding even that is possible, but a little bit voodoo.)

⠠⠵ avuko

@NewtonMark

There is a part in there which is demonstrably bullshit:

Slack can’t access the underlying content. We have various technical measures preventing this from occurring. Please read our security white paper for more info on these controls that protect the confidentiality and security of Customer Data.

Nothing in the linked security white paper states how “Slack can’t access the underlying content”. Besides, there is no underlying content to “Customer Data (e.g. messages, content and files) submitted to Slack as well as Other Information (including usage information)”. That’s all your (as a customer) data right there.

Get out while you can!

@NewtonMark

There is a part in there which is demonstrably bullshit:

Slack can’t access the underlying content. We have various technical measures preventing this from occurring. Please read our security white paper for more info on these controls that protect the confidentiality and security of Customer Data.

Ben Smith

@NewtonMark Am not a fan of where this is headed but have they explicitly said they're training *LLMs*? I can't find it if they have.

wasabi brain

@NewtonMark this is bad but I keep wondering what’s the point of using low quality data like slack? Unlike using something like The NY Times website which is copy edited and has some connection with ground truth, slack is mostly ungrammatical, informal communications. How does this make an LLM better?

justforfun

@virtualinanity @NewtonMark
The following is not an endorsement of “AI” or LLM , bit rather my attempt to answer your question. The language part of LLM theoretically would benefit from exposure to work related terminology, vernacular, informal communication. The latter, I think will make it easier to mimic how people communicate outside of formal articles or grammatically correct posts. As for being grounded in truth, in my opinion, this is not a concern for those building LLMs.

wasabi brain

@justforfun @NewtonMark thank you. Very well put. I think if they put care into how they integrate these data sets it might make sense. But if they’re just kinda throwing it all together, mixing nytimes with slack messages, I could see it causing issues

immibis
@virtualinanity @NewtonMark they need metric fucktons of data and they've already run out of public data
immibis
@virtualinanity @NewtonMark also they're using slack data to train a *Slack* AI
Syphist :verifiedtrans:

@NewtonMark@eigenmagic.net the only sensible solution is to make a shell company that uses slack that has hundreds of "Employees" all talking to each other said "employees" are just LLM chatbots generating slop to poison the well.

Dr Ro Smith

@NewtonMark not surprising, but so disappointing.

Luke Bergen

@NewtonMark oh what the fuckity fuck? I hope they get enough pushback that they 180 on this, toot sweet.

Otherwise, any way to poison the waters? How do we get "slack stocks plummet", "slack bankruptcy", etc trending and all over folks slack DMs?

Josh

@Xoriff @NewtonMark Slack is owned by Salesforce, unfortunately; their pockets are probably deep enough to weather anything.

Dave "Wear A Goddamn Mask" Cochran :donor:

@NewtonMark @hacks4pancakes strongly encourage everyone to swear as much as possible to actively fuck over the process

(i'm sure they can just manually filter it out, but goddammit I'm gonna do something)

Tim Hergert

@dave_cochran @NewtonMark @hacks4pancakes maybe start copy and pasting scripts for Disney movies (or other equivalently viciously litigious copyright holders) into channels.

I interspersed, of course, with euphemisms that would knock a buzzard off a shit wagon.

Salacious Crumb

@cjust @dave_cochran @NewtonMark @hacks4pancakes Might I suggest mixing in some of the more tasteful quotes from Trailer Park Boys?

Tim Hergert

@salaciouscrumb @dave_cochran @NewtonMark @hacks4pancakes to be fair, perhaps also from another beloved Canadian curse-laden show as well?

I'm sure we can figure it oot.

Tristan Colgate-McFarlane

@NewtonMark they finally found the missing link in the Underpants Troll's business plan.

Jonathan Irons

@NewtonMark They sort of already had permission to do this according to their privacy policy. “We may disclose or use aggregated or de-identified Information for any purpose.” It would have surprised me if they weren’t doing this.

Michael Chrisco :rootaccess:

Well darn I was hoping to add this to lemmy via fedi but didnt work. Oh well.

I wonder how this is all going to work under copyright. If a company employee CANT opt out (AKA pay for the privilege) can they be liable on what the LLM spews out later on?

your auntifa liza 🇵🇷 🦛 🦦

@NewtonMark yet another reason why i made Twitter the last corporate social media i joined. never ever again.

Harald

@NewtonMark it's also unclear what Slack will do with free instances since those aren't technically customers.

Deadly Headshot

@NewtonMark
I suspect this breaks EU GDPR (but not necessarily UK GDPR, sadly)...

Go Up