Hacker News new | past | comments | ask | show | jobs | submit login

Just as a heads up on this, slack doesn't even use HTTPS! Your employer can certainly read all private slacks on your work network, even if it's a non-work-slack workspace



Pretty sure it uses HTTPS, but if you're on a corporate network on corporate hardware, there is a real chance that there's a corporate MITM proxy that is capable of reading all of your HTTPS traffic.


Only if you have their root certificate trusted


From experience, if the org is doing https mitm then it almost certainly also has network device authentication (eg Cisco ICE) that would only allow corporate whitelisted devices. Usually with custom builds that would already have the corp root cert trusted.


You have to do that if you want to do any work.


    curl http://slack.com -v
    < HTTP/1.1 302 Found
    < location: https://slack.com/


This is absolutely not true, as a cursory examination of your browser's dev tools will reveal.


Do you have a source for this? That sounds very surprising if true.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: