This change to Slack is a detail for you, but for security it means a lot

by Kelvin
By the way, why is Slack called Slack?

This (small) change in the management of images on the Slack communication platform strengthens the protection of its users in the event of a data leak.

This is a small change, which offers significant additional protection: the American site Techcrunch has noticed that Slack now removes the location of photos uploaded by its users.

  

When you take a photo with your smartphone, the image is far from the only data you generate. The system notes the date and time at which it was taken, as well as the location (precise GPS coordinates) or the model of your smartphone. This set, the metadata, make it possible to organize the photos, and to use the tools to better find them. And some platforms use it to improve their user experience. For example, when you go to upload your latest vacation photos to Instagram, the social network will suggest that you indicate where the photo was taken, from the GPS data included in the metadata.

When you take a photo with your smartphone, a whole set of data is assigned to the image. // Source: Numerama

An image is therefore a real nest of information, which can be exploited for malicious purposes if it falls into the wrong hands. From photos, for example, we can find someone’s home or workplace, and therefore easily identify them. Whether it is a photo of a sexual nature that was intended to remain private or a compromising photo, the metadata poses a privacy issue.

To protect information, Slack just doesn’t take it

Conversely, without the metadata, it will be much more difficult for an investigator to trace back to the person who took the photo. And among Slack users are people (activists, executives, journalists), who could exchange images containing this critical data without realizing it.

By removing GPS data from photos as the user uploads to Slack’s server, the company is minimizing the potential effects of their image database leaking. It would be much more difficult to trace a source, an activist or a whistleblower for example. This information leak could be caused by a configuration error, an attack from the outside or a request from a government. And the best way not to leak information is not to have it.

Techcrunch hasn’t identified what prompted Slack to make this small change, but it got confirmation from the company that it was indeed in place. If the images no longer contain GPS data, they keep other metadata.

CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep any record of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market. Learn more about CyberGhost’s VPN solution