I've been mad at the Go community in particular for continuing to promote Slack for ages, and this is exactly the hypothetical situation I always use to explain why (although there are other reasons too; Slack is a perfect embodiment of everything wrong with this industry, but that needs a fuller writeup). At a previous job we had to start doing this exact same thing when we were considering going public; this is the point at which I started considering leaving.
Using a proprietary protocol that doesn't allow any form of federation is an unacceptable way to build a global community. Please consider using an IRC based service for group chat or an XMPP based service where 1:1, history, rapid reconnects, and other more complex chat features are required (yes, if you're a dev you have to use XML which is annoying, but overall it's a well designed protocol, so get over it). This lets you host your own, and (in the case of XMPP at least) if one person wants to use a U.S. based service and another is in Iran they can just sign up for a Belgian account (or wherever). We can't afford to let he internet splinter off into siloed tiers based on nationality.
I would love to see more things built on open protocols. But for that to be the case, we have to find ways to make better apps built on top of open protocols.
We should start by admitting that Slack beat IRC. Beat it like a cheap hallway rug. IRC was always a terrible experience for novices, and it wasn't a great experience for experts. That it had any users at all is a testament not to IRC, but to what it enabled. Slack found a way to provide the same value but with a much better user experience. And then they rapidly iterated on that experience, making it better and better.
They started out with IRC and XMPP bridges. But they eventually shut those down because they were a drag on improving the product. When faced with the same choice, IRC kept the original protocol and shut down improving the product. This was an understandable choice, but one that set up the situation where commercial developers could come in and do something radically better. Open source needs to figure out how to compete with that, or things like this will keep happening.
I think as ethical, intelligent and conscious individuals, we folks in the developer and hacker community want people to make decisions on the basis of principles, when the reality is that people generally make decisions on the basis of convenience. In fact, people are often willing to sacrifice their principles (to a certain extent) in the name of convenience.
If we want people to use principled technology, then we need to be able to honestly advertise products as "it's just as good as X, and also doesn't violate [your privacy|human rights|the environment|etc.]" If we have to say, "It's not quite as good, but..." then we're dead in the water. (Side note: I switched to Firefox out of principle and I'm hopeful it will hold the line on market share, since it really is just as good as Chrome.)
The issue is that we're dealing with corporations who aren't just rich and powerful, they are also innovative, agile, and laser-focused on providing consumer value. Slack is doing an amazing job at serving their users!
You wrote, "we have to find ways to make better apps built on top of open protocols." It's a really interesting dilemma and I suspect it's one that isn't solved by better technology, better design, etc., but rather by addressing the base economics of the situation. We need a scenario where principled, open-source, ethical technology is generating the kind of investment we're seeing in Silicon Valley unicorns so they can innovate the same way.
If we want people to use principled technology, it has to be usable, full stop. As a developer, being able to say "I'm willing to sacrifice convenience, in the name of principle", is a privileged position - you know how to navigate software when it gets difficult - other people don't.
What I find a lot of people miss when comparing Slack to IRC, is that not everyone using Slack is a developer. The world doesn't consist solely of developers - and if your company is 30% of engineers, and the other 70% doesn't have the reserve to wrestle with XML, then your company is using Slack. Otherwise, you are simply choosing to sell out your friends and family in the name of "principle" as well.
Personally, I'm tired of the comparisons to IRC and XMPP. Both are garbage - time and time again its been show how difficult it is to create greate software on these protocols. Contrary to your final statement, there have been better open source applications - gitter and riot come to mind.
> What I find a lot of people miss when comparing Slack to IRC, is that not everyone using Slack is a developer.
I know plenty of non-technical people who chatted on IRC who were not developers. They just used the mIRC client on windows to do that. They also managed to configure their email and news clients to send and read email and browse usenet.
I simply don't understand where the idea of needing a technical background came from for using something like IRC.
> I know plenty of non-technical people who chatted on IRC who were not developers
> I simply don't understand where the idea of needing a technical background came from for using something like IRC.
You don't have to be a developer but you do need a level of technical background higher than that of the average computer user. There are plenty of tech-savvy, non-developers who can get up and running with things like IRC. There are plenty more non-technical users who can't. Or at least wouldn't given the learning curve time commitment.
I'm the only person in my family who would be able to sign on to IRC in under an hour whereas they'd all be able to have slack up and running in a matter of minutes.
No. I expect a certain competence when using a computer. If this level of competence is not enough to even install a piece of software and configure the most basic settings, then this person should not own a PC, yet use one.
It's amazing that when it comes to computers, it is somehow acceptable to be dumb. It's acceptable to not learn new stuff. It's acceptable to not read in order to understand stuff. As can be read in the comments here.
Do you want to be ‘right’, or actually have users?
The whole ethos of startups and Silicon Valley has been around finding a market for your product. If people don’t want to use it then you can’t blame anyone but yourself.
Feel free to chat with yourself using an ideologically pure system... it’ll be lonely though.
> Because it's the FLOSS devs who need to learn to empathize with the ordinary user.
If you were talking about using these protocols over a telnet session, then I would be more inclined to agree with that statement, but just installing an application, entering a server name and account credentials (the latter of which aren't needed for IRC), and connecting isn't any more difficult than creating an account on slack and connecting by entering the address in the browser.
Of course, but I don't think that Slack has done a better job with this compared to previous solutions. In a lot of ways, it's worse given its performance issues. For example, I never experienced UI lag in a chat application until I used Slack (comparing it with UIs like a GUI IRC application, AIM, ICQ, MSN messenger, Yahoo messenger, Skype, etc). Second, auto-completion and search do not work like they do in previous chat applications (or other applications in general) due to infinite scroll and the default of doing a global search instead of just limiting it to the chat or group. Third, the fact that you're forced to join some channels because you were invited or can't leave a channel because you're the last one in it are other issues that come to mind.
I think this is to enable history and mobile, for example?
Granted, I have not used IRC for a while, but last time I checked, the story for getting message history was "start a irc client inside a screen session on a server you own". And there were no mobile at all.
(I remember writing a script which exported chat logs from my desktop client to text files available over HTTP... I'd then visit those pages from cell phone to see if I had any more messages. This is not the experience I would wish on anybody)
For history, it's either local logging or having an always on client you can connect to (like a bouncer), but most people I knew would just switch their client on, chat for a while, and then close it. They didn't really care much about history.
It was pretty much the same thing with newer chat services like ICQ, AIM, MSN messenger, etc. (though I think they started offering offline messages in later versions).
As for mobile, my older Nokia phone had a Symbian IRC/XMPP client that I could use without any issues.
> being able to say "I'm willing to sacrifice convenience, in the name of principle", is a privileged position - you know how to navigate software when it gets difficult - other people don't.
In the same breath though, saying, "I'm not willing to sacrifice convenience in the name of principle" is also a privileged position, because Iranians who live in the US/Canada are currently being banned. Convenience is something we can address in the future, but bans aren't.
The concerns people raise about Slack -- that until very recently it wasn't blind-friendly, that it takes away control of user data, that it can arbitrarily ban companies and users for any reason; none of those are theoretical deontological postering. They are entirely practical in the sense of, "there are people who are affected by this who can't join your community because you're not using a tool that's accessible to them."
I think that it's easier and preferable to teach my friends and family members to use open tools than it is to use something that blocks people of Iranian descent from participating in my community. Yes, that means my communities will be less accessible to tech-unsavy people. But that's a problem I can try to address in the future. I'm OK making their life harder for right now if it means not permanently banning people based on a random company's whims.
That is selling people out, in the sense that it's making a calculated decision about which people are most important to support right now. But if the Go community is using Slack, they're making the same exact same decisions to prioritize accessibility for some people. They're just choosing different people.
Violating principles and respect for others is a vector for profit, which is why it always feels like a losing race. Its people in their spare time fighting against substantial revenue streams accrued from the violation of the freedoms and principles we want to uphold.
To have competitive apps built on top of open protocols, you need a big investment of time and money, so we need users to ask for it, or at least to reward companies when they invest money in it. For that, we need users to understand what they're asking for.
An example of how it might be possible to push this in the right direction is LEED. It didn't matter what the individual environmental ethics of people manufacturing electronics and designing houses was. Environmentally efficient building practices cost more, and there was no way for all the companies involved to form an opaque conspiratorial cabal to secretly impose the cost on consumers who would rather not pay it. Instead, they created LEED and used marketing to teach end consumers that LEED stood for more environmentally responsible practices.
Right now computer privacy and security are huge in the headlines, and a large number of people in the public and in industry want to do the right thing. But consumers don't know how to make the right choices, and companies aren't going to spend extra on the right thing if users are just as likely to choose something horrible. What companies need in order to invest extra capital in privacy and security is a plausible story of how to get users to choose the right thing and pay a bit more for it, if the industry builds it. They need a LEED standard for privacy and security. Then they can promote it and use it as a way to justify their investment in better, more ethical software. Corporations, schools, nonprofits, and other organizations can be pressured to make public commitments to use, or at least prefer, software that meets the standard. This won't drive horrible software out of the market, but it will create a sub-market where good software can survive.
Obviously laws and regulation are the bedrock, but in areas where consumers have a choice, we need to make it easy for them to make the right choice if they want to.
Matrix.org is really doing a good job of being a Slack replacement (it even has Slack and IRC bridges). It's also federated and has a bunch of other nice features (like e2e which is based on Signal's crypto with some improvements for group chats). I would suggest taking a look (and I would suggest that people start switching to it).
Honestly, at this point, I can't really tell the difference between Slack and most "Slack clones" -- the interface of Slack has basically been copied by most people and to be honest it really wasn't that hard. Mattermost and Rocket.chat both look exactly like Slack to me.
Matrix.org's problem was that they reinvented the wheel (again) WRT the protocol. Now you have a protocol that if the main company goes under, probably can't be developed further and doesn't already have wide adoption and lots of clients written for it (as is the case of IRC/XMPP). HipChat had a better model here where they used XMPP (admittedly, in the worst way possible and completely misunderstood and broke the protocol in lots of places) but build their own service on top of it. You could still use third party clients, the experience just wouldn't be quite as good. If they had enabled federation it would have solved the Slack problem to a certain degree.
Matrix could have done the same thing, but they chose to waste time and money reinventing the wheel (and doing a bad job of it) instead of focusing on the service and the clients.
I could count the number of good, modern, high featured XMPP and IRC clients on one hand. At least compared to their proprietary counterparts. Matrix has at least as many either mature (Fractal, Riot) or up and coming clients as I'd consider usable with anything else, and it has bridges into all that legacy, something I have never seen IRC or XMPP manage well.
If you have legitimate grievances with the protocol and feel you can see flaws in it, make an issue on the tracker now while its still a 0.x release, doesn't have the broad adoption you describe, and while the team (knowingly) can make breaking changes simultaneously released to matrix.org and riot.im and cover 95% of the users still.
Riot is the only client Matrix.org calls stable.[1] I would not call the desktop version good. The only third-party clients that are close to complete are Nheko (which has been abandoned) and FluffyChat (which is for Ubuntu Touch).[2][3]
There are no stable servers.[1] The reference server is being completely rewritten.
Matrix bridges work about as well as XMPP bridges in my experience.
The phone experience for riot is really, really bad (extremely high battery usage, even when the app is not in use. I'm aware of the technical reasoning behind it and I frankly don't care as a consumer). This was (and is) the one barrier stopping me from using it and converting my friends to matrix (they're not platform loyal at all).
Can you give precise examples of the problems? As someone who tried to use XMPP in the past, I found it to be far worse than IRC in terms of connectivity and how things worked. Matrix.org couldn't really have used IRC as a protocol because IRC isn't a very extensible protocol. I've been using Matrix.org for several years now, and it's much better than my experiences with IRC and XMPP (though IRC is still quite usable, and I do still use it regularly).
> Matrix can be thought of as an eventually consistent global JSON db with an HTTP API and pubsub semantics - whilst XMPP can be thought of as a message passing protocol.
Finally someone gets it! A chat service should value each message and it should never lose messages due to connectivity problems.
Thank you for sharing that link, I learned something new today.
How is this a good idea for a chat protocol though? And what makes you think XMPP doesn't do that (it's quite trivial to setup your server in such a way that messages won't be lost even if there is a network partition, client connectivity issue, etc.)
- Person-to-person chat system. This requires offline messages: "when you get to work, please take a look at ABC-1234". Some people have cell phone as well, so this needs multi-delivery to all the clients (so you can read the message on the phone, then read it again from work PC)
- Support system: one person posts "I cannot run TOOL_Z", people who know reply. This requires offline history -- if I maintain TOOL_Z and I come in late, I was to see the question asked, answers, and maybe I want to contribute an answer as well. By the way, slack threads are super helpful for this.
- Knowledge archive: next person to have TOOL_Z problem would search the channel history, and find previous answers.
- Announcement with discussion: someone posts "New version of TOOL_Z is released! New features: ...". People might respond by discussing the new features.
All of those basically require "global database" -- those messages are not volatile things; it is not OK if the announcement is lost, or if you did not see the help request because there was something wrong with the system.
And I know that XMPP does not work for that because back when my workplace used to use XMPP (a few years ago), I went to https://xmpp.org/software/clients.html , installed "gaijim", and found out it has no offline message history, no message searching, and half-broken multi-delivery.
So we ended up building scaffolding - set up our own search engine, archive system, use different methods for communication. This was a lot of pain and very little gain. So when we had to re-do infrastructure from scratch, we went with Slack.
(Note that you can't just say: "I don't need those features". As long as there is a single person in the company who does not have history, the whole company cannot use pure XMPP for support system or knowledge archive anymore -- or that person would be excluded.)
As you said in other messages, things are better now -- there are compliance suites. So "XMPP Advanced Client 2018" does do what you want. Unfortunately, I cannot find a list of clients which support "XMPP Advanced Client 2018".
Also, there are people who confuse matters by saying that "XMPP does everything Slack can, and has tons of clients". No. "XMPP Advanced Client 2018" does everything Slack can but has very few clients. Regular XMPP has tons of clients but does not support everything that Slack can. It is very important to distinguish between the two.
Yeah, I’m normally not a fan of creating a new protocol and further contributing to fragmentation of open source effort, but in this case matrix.org fills a technical need that old protocols like irc and xmpp simply weren’t up to the task for.
I've read that FAQ entry, but it's bogus in terms of chat. Maybe the protocol is more useful for some other thing, I don't know (although I doubt it since XMPP at least can also do very similar sorts of things with pubsub if you need them for some use case, eg. the IoT people do this sort of thing a lot).
The FAQ skirts around the fact that it doesn't matter if they're slightly different: you shouldn't make up your own new thing to force adoption of your commercial product. Use and improve the existing technologies that are "good enough" and stop splitting effort and making yet another standard that everyone has to try and support or run bridges for. This is unacceptably bad engineering. Saying "this is subjective" is true, but just an excuse for "we have not-invented-here syndrome".
XMPP on mobile was always a disaster for data use and battery life - back when gtalk was still XMPP the mobile clients used a proprietary protocol to talk to a google server that unwrapped it into XMPP.
Pure-XMPP simply would not have worked.
(I have my issues with the matrix protocol, mind, but they had good reasons to create a protocol even so)
Edit: I also wouldn't be surprised if this is why facebook messenger switched from XMPP to a custom MQTT-based system.
This is a myth (or one of those things that may have been true at one point but is now repeated as lore even though it was solved 15+ years ago); XMPP is actually pretty good on mobile. Between the persistent TLS connection which can let the radio go to sleep when no data is being sent (without the tail time of creating a new TCP connection constantly) and TLS style stream management it's very battery efficient when you're using a server that's optimized for mobile.
The last time I looked into this (maybe 6 months ago), this could only be achieved using non-standard/experimental server extensions with absolutely no guarantee of stability. This then led me to believe that it was one of those things that was theoretically possible, but not practically possible. Has that changed in the meantime?
Well, experimental doesn't mean it isn't usable (we are talking about an experimental standard here, not about experimental software).
I run an ejabberd server and for example the Client State Indicator (XEP-0352), which is one of the extensions that improve battery life for mobile clients, was experimental for a long time but at the same time also available for major servers (e.g. community edition of ejabberd) and mobile clients like Conversations (open source too).
So in my experience, the battery consumption of a modern XMPP client is quite good. When people are complaining about the bad mobile experience they are mostly referring to the time before the mobile extensions were built.
It was rather less than 15 years ago I had the conversations with gtalk architects (who liked XMPP and left when google abandoned interoperability) that led to my opinion.
So apparently not everybody shares your definition of
'solved' - I appreciate the alternative opinion, but simply declaring it a myth is, I suspect, unlikely to convince remaining skeptics.
I wouldn't subscribe to the "15 years ago" statement, but we have figured out mobile battery use pretty well, and the respective solutions are avialable in both server and client implementations. Have a look at [0] and [1] for (slightly biased but more detailed) elabortations.
simply declaring it a myth is, I suspect, unlikely to convince remaining skeptics
It's hard to provide specific counter-arguments to anecdotal evidence repeated since back when gtalk was a thing.
The Google Talk people literally never tried to implement any of it as far as anyone could see publicly (eg. stream management, compression, client state indication, etc.). I'm not sure if it was a problem with discoverability, or if they just didn't want to, but their feedback was always that things they needed didn't exist, and then stony silence when someone would point out the thing they needed.
If FLOSS developers started building their software products like businesses built their products, then they would have to turn into businesses. You see this in pretty much every segment, I'm looking at you, Canonical.
More to the point, there is always going to be some value-added service a profit-seeking enterprise is going to be able to provide over what's freely available. If we built IRC 2.0, then Slack 3.0 will provide what everyone hates about IRC 2.0 and then the dynamics of profit seeking will drive Slack 3.0 to divorce from the free alternative.
We see this pattern over and over and over again. It doesn't happen necessarily because businesses are being ruthless, but because there's always going to be a market space, even in the face of a fantastic free service. That's just how a market economy works.
Right. I'm not saying open-source developers have to start building in the same way as for profit companies. I'm saying they have to build products that are, from the user perspective, as good as the for-profit ones.
A good example here is Firefox. When it started out, it was better than the competition. Chrome pulled ahead for a while, but Mozilla responded and now it's competitive again. And Firefox has done this while advocating energetically for an open web.
Another one that interests me is WhatsApp. They built a messaging product that was clearly superior to the alternatives. They eventually sold out for billions. But there's no reason they couldn't have done that as a nonprofit. And Signal has shown that a nonprofit can still jump into the space and do good things.
Word. I don't love Slack, but IRC is awful, and an open protocol replacement for Slack would have to make easier many of the features that Slack has and IRC lacks.
What features does IRC lack? The messaging, chat rooms or PMs, private servers, file sharing, etc has existed forever. You can also build any sort of tool for integration with it.
I guess it lacks persistence and access to history? But there are surely ways to solve that.
persistence, history, search, rich formatting, image previews, synchronization between devices, usable mobile clients, group/here/channel mentions, channel directory/search, channel descriptions, file upload/sharing (XDCC is not this), multi-line/expandable messages (eg, paste code or logs without flooding the channel), user status (away/DND).
Some of this can be approximated with bots, of course, but there's a lot of extra work then required to make that work (namely, setting up, writing and maintaining the bot). Some of this can be done client-side, but then you have inconsistent experience.. you don't know if the other user is going to get the image preview or if their client understands markdown or some other formatting, or is going to interpret and display your message using some other markup format. Some of this you can also work around with one of those persistent IRC connection proxies, provided each user gets one and that is also maintained by somebody.
Eventually someone packages this stuff all together for simple deployment.. and basically creates a bad clone of Slack, but with 10x maintenance requirement and so many more things that can break.
As long as you’re willing to run a bouncer (and an organisation could run one for all their users), there are usable mobile clients with synchronization between devices, persistence, user status and even profile images.
For example my app https://quasseldroid.info/ which requires you to run the https://quassel-irc.org/ bouncer, but provides all that. As well as IRCCloud and Weechat-Android, which are also very awesome and provide a similar amount of functionality.
This is kind of my point though, especially for a company: this is kind of a pain to setup for technical users that want to get the functionality. It's basically a complete barrier for the types of users who still primarily use e-mail, phone calls and in-person meetings.
I agree — the current usability is still very suboptimal, and we need to work on it a lot. But compared to where we’ve been a few years ago, it’s already gotten better.
I wish I could do more, but in the end, I’m just a single developer improving the usability of a single app in my free time.
For open source non-centralized solutions to compete with the proprietary options, you need lots of devs and even more funding. Matrix/Riot.im has that, and even they aren’t close to where Slack is. Most of us IRC devs are either getting nothing, or, as e.g. in my case, the donations don’t even cover the server costs.
In the end, if people want open solutions to grow, they need to put their money where their mouth is.
irccloud is great and solves many of these issues. I'm not suggesting it's an alternative to Slack because of course then you're paying them $5/user/mo instead of paying Slack $6.67/user/mo and you're right back where you started, but if you're an IRC user looking for history/synchronization across devices, image previews, a mobile client, and drag-and-drop image sharing, irccloud is IMO totally worth it.
It's been a while since I've used IRC daily, but I think I remember the basics...
Doesn't IRC file sharing involve directly connecting to individual users to transfer the file, instead of those users choosing to download it at their leisure? And if you happened to be offline at the moment the user shared the file, can't you never download it unless you ask them to resend? For large, asynchronous groups, that is untenable. Slack's file sharing works because Slack hosts the file.
Also, basic messaging features are indeed missing from IRC. How do you do a private group chat? Like an SMS group thread? Doesn't it only support channels and then individual 1:1 DMs? Slack has ad-hoc group DMs. On IRC you'd have to make a new channel every time. It's like getting a conference room every time you want to talk to more than one person at once.
Slack also does voice and video calls, and screen sharing, and it's really quite good at it (feels light, not bloated). Sometimes talking with someone needs to turn into a face-to-face call.
Checkout IRCCloud.com ... it's an online service for connecting to IRC and can also connect to Slack too.
The obvious advantages versus classic IRC clients: it's always online and the connection happening through their servers you get good push notifications on mobile.
The obvious advantage versus Slack: they don't own the IRC networks you're connecting to, so if you have issues with IRCCloud you can just change to another client.
It has some missing features, most notably search in archives, but they are working on it.
>> "admitting that Slack beat IRC"
Sure but are we talking about a fundamental limitation of the IRC protocol, or are we simply talking about implementation details that can be fixed?
Not necessarily disagreeing but could someone provide some solid examples of IRC being a terrible user experience? Whenever IRC comes up, people say it lost and it’s not the right technology. When pressed, they wave their hands around saying “...because, uh, user experience reasons!” As a longtime user of IRC, I’m probably blind to these issues. What’s so bad about it that causes people to put up with these inadequate “cloud” re-implementations?
Too hard? I installed mIRC on my own at age ~12 in the late 90s and I don't remember having any issues, the only thing you had to do was to type a nickname and choose a server. Nowadays it's even more simpler since you don't even need to install a client (qwebirc, kiwiirc, etc.).
Sure. 12-year-olds who go on to be software developers can install it. That says nothing about the user experience of the bottom quartile of users in terms of technical aptitude.
I'd agree that it's possible there are some discoverability issues, but i don't see where '/server irc.(efnet|freenode|etc.)' is bordering on impossible.
Threads have been super useful for us, we have a few channels that are forums by social agreement where long running discussions are recorded to make it easy to reference. We found this style to be easier to review then breaking off separate channels per topic and we generally use it for initial feature exploration. Once something moves into the category of "We're doing this" we split off a channel and isolate the discussion.
You need a bouncer if you need access to history, that is a deal breaker for most people. Also, being able to ping somebody via a push message on their mobile is also a nice thing when working in a remote team. Apps on mobile are also not that nice.
That being said, I wish there was a better open source alternative.
The only problem with IRC is that iOS doesn't allow background processes. Otherwise it could be extended to support anything Slack or whatever does. If not in an open way, in an interoperable way.
In which world does it beat IRC? Number of users? That's not even sure, since there are dozens of thousands of IRC servers worldwide. And that's not even counting the private, self-hosted IRC servers.
IRC runs everywhere and does not need a fat browser or a RAM-and-CPU hungry application to enable "chat".
As for the user experience, this would merit a whole post in itself, but Slack sucks in many ways: threads are completely unusable, channels are hard to discover unless you know about them, and now Slack makes you pay for searching thru your past messages.
I'd say there is a lot more to this topic than "Slack beat IRC".
So my best guess is that Slack has at least an order of magnitude more users.
But users is not exactly the metric I'm thinking of. It's when people say, "We need some way for us to communicate," Slack is the popular option. Even though I'd rather not use it, I'm in 8 right now. If you look through this thread, you'll find plenty of people concerned about how prominent it is in the open-source world, IRC's home ground.
> IRC runs everywhere and does not need a fat browser or a RAM-and-CPU hungry application to enable "chat".
I get this in theory. But RAM and CPU power are fantastically cheap. Conserving them to get a worse user experience is optimizing for the wrong thing.
> but Slack sucks in many ways
Sure. There are no perfect things. But Slack doesn't have to be perfect. It just had to be better than the competition. And for most people it manifestly is.
How about user count? Isn't that the only metric that really matters for the question of who won? Slack beat IRC for work-related chat. It hasn't beat email for general written communication.
Yes, this attitude is a clear part of why Slack crushed IRC. "It was easy for me, therefore anybody who finds it hard is dumb and we can ignore them."
I too figured out all sorts of computer things at 12. By standardized tests, I'm also in the top 1% of ability for things like that. And my dad was a programmer then, so I had a leg up.
At some point, I realized I had a choice. I could feel smug about my (narrow) genius and focus on tools for my (narrow) cohort. While grumping, of course, about how stupid everybody else was. Or I could recognize my luck and use it to make things that were good for everybody.
You know what helped me make this choice? Realizing how bad I was at so many other things. And how generous other people were in not only putting up with that, but helping me along.
In my middle school (late 90's, the age of ICQ) all the self-described "non-technical" girls spent their breaks on mIRC in the computer lab gossiping or whatever teenage girls do. If we're talking about a developer audience (the readers of Hacker News) it really isn't difficult at all.
It was definitely IRC. As boys who had a prerogative to tease girls, we installed NetNanny to block launching mIRC (and then the trial period expired and the school computers got infested with registration reminders...). AIM had zero mindshare in Europe at the time, it was all ICQ and later MSN.
Our school had nothing blocked, and the computers weren't locked down at all.
Yep. It's not hard. People are pretty clever and will work things out if they need to. It's just that we hand feed them shit like slack and tell each other that they're surely too dumb to use anything else.
An effort is underway to standardize E2E encrypted group messaging in the IETF with the MLS [1] protocol. Open-source participants include Wire and Matrix. Commercial participants include Facebook, Cisco, Google and Apple.
How is Wire developed and funded? This was my biggest problem with Matrix (unsustainable funding model for the protocol and no proper standards body).
Why not just use XMPP? Yes, everyone hates XML, but the protocol is well designed, has sustainable funding (via the IETF and XSF), and there's lots of experience out there, and it's flexible enough to develop services like Slack on top of.
"XMPP is an example of a federated protocol that advertises itself as a “living standard.” Despite its capacity for protocol “extensions,” however, it’s undeniable that XMPP still largely resembles a synchronous protocol with limited support for rich media, which can’t realistically be deployed on mobile devices. If XMPP is so extensible, why haven’t those extensions quickly brought it up to speed with the modern world?
Like any federated protocol, extensions don’t mean much unless everyone applies them, and that’s an almost impossible task in a truly federated landscape. What we have instead is a complicated morass of XEPs that aren’t consistently applied anywhere. The implications of that are severe, because someone’s choice to use an XMPP client or server that doesn’t support video or some other arbitrary feature doesn’t only affect them, it affects everyone who tries to communicate with them. It creates a climate of uncertainty, never knowing whether things will work or not. In the consumer space, fractured client support is often worse than no client support at all, because consistency is incredibly important for creating a compelling user experience."
I don't think Moxie's right though; you can still do your own thing, and have it work best with your clients which support all the features, and then allow it to federate or optionally allow third party clients on your server with limited functionality. Naturally, you can also contribute back new extensions that you develop too so that other clients and services can adopt them if you want.
But I do tend to agree in general that we need fewer features and less complexity and to push more for basic profiles that everything should implement and that have a clear compliance label.
He wrote that after most messaging had already moved to proprietary networks. That happened primarily because Facebook and Google wanted to lock in users. The most popular desktop clients were multi-protocol clients that were slowly neglected. The most popular mobile clients were hobby projects.
Now we have uncertainty around which networks people use, which devices they use them on, and which features each network supports.
Because XMPP itself is not enough. If you want to deploy XMPP-based chat service in your org, and you want everyone to have same features (offline, mobile, images), you will have a hard time.
You cannot just tell people "go choose any XMPP client, and it will work fine". Instead, it is more like "get XMPP client, but make sure it supports XEP-1111, XEP-2222 and XEP-3333". And if you have multiple platforms (Android, iOS, Win, Linux), let's hope you can find a client for each.
I agree to a certain extent, but I don't think you need to support everything, just the subset of features that a particular user cares about. We should have some form of baseline that's more than the basic protocol, and the Compliance Suites will hopefully help there, but in general as long as basic chat works it should be fine. The first party clients can support everything and give you the best experience, the third party ones are juts in case you can't run the first party clients or need eg. better accessibility support or similar.
For example, I used to use Mcabber with HipChat at work. Mcabber doesn't support even basic modern XMPP things (history, for example), but it was plenty good enough for me to chat with my coworkers.
Its not user thing, it's a community thing. For example, if I have users who cannot see images, it means I cannot post screenshots and expect to get meaningful advice on it.
For your work: Are you connecting Mcabber to HipChat server? Do you use native HipChat client as well?
That seems like enough of a reason not to pick it as a good shared base protocol, even if technically it's good. It's nice that they're funding MLS though; looking forward to the results of that effort.
> It is not a goal of this group to enable interoperability/federation between messaging applications beyond the key establishment, authentication, and confidentiality services. Full interoperability would require alignment at many different layers beyond security, e.g., standard message transport and application semantics. The focus of this work is to develop a messaging security layer that different applications can adapt to their own needs.
I'm curious, have you followed those discussions, and have you noticed say Google or Facebook do anything to "nudge" the protocol towards being "more convenient to use" (read: less secure) and less privacy friendly than it was originally intended to be?
This is a software space that could really use more devs. IRC is fine but many people can't use it because it's too technical. We need more user friendly XMPP clients with features that non-technical people want. I hate Skype but damn if the non-techies I work with don't love it.
I tried to download and run Jitsi a couple months ago for a project and it's voice quality was terrible. Skype just works. I sometimes have weird quirky bugs with Adium, and it's getting harder to justify telling my team to use it.
WRT XMPP clients: Dino.im is getting there (although it's still too early and buggy to say it's there yet, I think). I'm still not aware of any decent web clients though, unfortunately. The ones that do exist tend to be developed by individuals and full of security issues, even if they are nice looking and easy to use.
I tend to think that we don't need more small community projects, we need one or two entire services like Slack to build themselves on the base protocols and federate. Even if they only allowed their own clients so that they controlled the entire experience, if they just federated with other servers it would give users a choice and largely solve the Slack problem.
I've heard Matrix might be a good IRC replacement. But it also still looks rough to me. I only tried it once, but didn't continue as I didn't need it for anything.
Matrix the protocol is pretty awful, and I'm not a huge fan of the "official" clients, but YMMV. The real problem with it though is that unlike IRC and XMPP the protocol itself isn't developed in a sustainable way by a standards foundation with a reasonable funding model. The protocol itself doesn't really matter that much though as long as we pick one that will be maintained and won't just go bankrupt (so IRC or XMPP depending on what you want to build) and then build nice services that support it. Remember, Slack is a service and a protocol, XMPP/IRC are just protocols. You still need good services like conversations.im or Freenode built on top of them for it to be usable. Unfortunately, we don't have many good services like Slack that have commercial backing but use an open protocol.
In all fairness to Matrix, this tends to be XMPP and IRCs biggest fault too. Although I tend to think the protocol needs to be developed by an independent standards body that really only focuses on that (which is the problem with Matrix, it can't go anywhere because it's fettered by a commercial entity that doesn't actually know much about protocol development). IRC and XMPP on the other hand have a standards body, but need to stop advertising them as if only the public network is usable: they need companies on board building their own services that use them (and possibly federate, or possibly allow third party clients).
It's ironic that Golang.org is not accessible from Iran because of app engine.also several non proprietary repos like sourceforge. The only way to get go lang's source code is through github.
It is only a matter of time untill Microsoft decides to block github for Iranians as well.I don't know why github is not currently blocked but I would not be surprised if it gets blocked.
None of the Google developer-oriented resources are accessible from Iran. For example, you have to use a VPN to download Android Studio or access Google educational materials. Golang is just yet another Google project that has blocked Iran.
My intention was to show that in reality it doesn't matter whether a software is open source or proprietary like sourceforge .golang has nit blocked Iran .I highly doubt anyone among go community and creators would think or know about this issue . it is only blocked because of app engine just like many other non-google websites which use app engine.
Try to propose running your own chat server at any medium to large company. No VP of engineering or CTO wants to worry about that and the possible security risks. If Slack messes up they can blame Slack but if you mess up and expose some Healthcare data to the outside world because of your chat server they are screwed.
I've seen that too, but it's usually the same people who just reject anything hosted somewhere else with statements like "we're not doing airquotes The Cloud" and think all tech companies are conspiring against us.
This is true. If you are in the EU you might not even legally be able to use a US hosted solution depending on what data you are sending over the chat...
I've had the opposite experience; at my last job (a medium sized tech company that you've heard of and probably use tangentially on a daily basis) they wouldn't hear of using anything cloud based because then someone else could potentially leak their data.
I wonder if part of the reason we don't have any great open source Slack competitors (yes I know about Mattermost, Zulip, etc.) is that so many open source developers (or at least commenters here) seem to be under the illusion that IRC is a reasonable alternative to Slack.
Just terrible UX in general, and a very bloated & power hungry client. Search is borderline useless, and it's difficult for me to find anything that was talked about a couple weeks ago (meanwhile I can easily grep IRC logs for things that were said years ago). People at work turned off mobile notifications because they sometimes work, but usually not when you want them to work. I wish we'd just switch to IRC.
What protocol does Mattermost use? I was under the impression that it was XMPP, but I can't find anything that says that now that I'm glancing at it. Did they invent their own as well?
There's a move to work on ircv3 as well. Not sure how far we are from these sort of changes, but I would love to see rich IRC clients. I've seen IRC clients that preview images and such, so Slack isn't any more special in comparison (in my opinion anyway). Since it's all things a client can just support.
Google for "Telegram Security" or "Telegram Moxie" to see why Telegram / mtproto might not be the best choice. This is repeatedly the topic on Hacker News as well.
That’s pretty much the point of sanctions, what did you think was going to happen, people of sanctioned countries getting a medal? The point is to put as much pressure on those countries as possible and there is no better way to pressure a country than to pressure its people to force a change. The question should be whether or not Iran should be sanctioned. But if you agree that it should then this is an example of a perfectly reasonable outcome.
Wait, so sanctions against a country should affect all people who share the common ethnicity in that country regardless of citizenship status or location in the world? So essentially it's a sanction against an ethnic group, not a state. Are you sure that's a reasonable idea?
How did Slack figure out this guy's ethnicity / citizenship / status? Why are they allowed to access that information and unilaterally act on it? Sounds like there's a valid question being asked here to me.
They didn't figure out anyone's ethnicity, according to their press statement they banned all accounts which were accessed via Iranian IP's. While seemingly a little heavy handed IMO, they are trying to comply with US laws. They also provided a way for people to send an email to address their specific accounts if they feel they were terminated improperly.
Slack is protecting their multi-billion dollar business and their investors which are both based in the U.S. If they do not, they could run into trouble and put far more at risk. This does not only affect Iran, it affects other countries too which the U.S. has active sanctions against.
Not just a little heavy-handed. If that's what they did, they probably picked up users that just happened to use the service from one of the countries at some previous point in time. And, at that point, the sanctions may not even have been in place.
Now, I admit that visiting the countries on the list aren't on my to-do-list, but if for example I decided to make a vacation trip to Cuba I really shouldn't lose my account at any US-based service just because of that.
That's a question for Slack how they found out and that is a great question, but there seems to be much conflation of that question with justification of sanctions in the first place, which I wanted to address. It's a question of nationality and citizenship if Slack determined one of those to be the case then they simply followed the regulations set forth by the sanctions.
The status of being a student does not expunge your status of being a citizen of your country of origin nor does it cut all your ties with said country. Part of sanctions is to pressure citizens of sanctioned countries in order for them to seek change in their governments.
So it seems that Slack is going through their log files and closing down accounts that have used IP addresses that are considered to be in embargoed countries. I base that assumption on various comments here and on Twitter.
If true, it is definitely the worst way to do. It doesn't take into account any circumstantial evidence that could explain the use of such an IP address (vacation, VPN, BGP or a mistake in the geolocation data used) and Slack doesn't seem to offer any way to appeal or even inform other users about what happened to their contacts.
Slack should offer a configurable notification that could contain other contact methods to the banned user. Slack could also give those users at least sth like 48 hours to inform their contacts about what is going to happen. And it could offer banned users a downloadable archive of all content created to make sure no data is lost.
But the way Slack is doing it right now means that you can't trust them and one should really think about relying on their services in the future.
I am still on IRC and XMPP (Jabber) for good reasons ;)
This is very disturbing for ways that some folks might not realize. One of the servers I've leased was assigned an IP address range whose reverse DNS (i.e., PTR records) ended in .ir.
I only discovered this because I was trying to use Google's CLI tools and got blocked, with the shocking message that access from embargoed countries was not allowed. I was utterly confused given that my server, myself, and anything to do with my hosting was all contained completely within the US. After studying the message and finally figuring out after some time the problem, I reported it to my host and they promptly submitted a correction to that, and the issue was resolved.
But had I somehow used this host to access Slack, I would find my own account deleted, if what is being deduced here is correct.
Deleting or disabling accounts is completely the wrong approach. The absolutely maximum that could be done is BLOCKING ACCESS (i.e., actually embargoing) from these restricted IPs. Disabling or deleting accounts is stupid and shows that Slack has a profound MISUNDERSTANDING of how the Internet works, i.e., it's not perfect. This is exactly akin to using an IP address for identification. IP addresses, and hostnames, are not identification of people and cannot nor should be used for these kinds of heavy-handed, punitive punishments.
Wow. But yes. I recall news from a year or two ago, about hosting providers not cleaning up old PTR records. Also, I gather that there's quite the market now for IPv4 blocks, so geolocation is an iffy thing.
So the next time someone attacks BGP they should divert slack traffic through Iran to get all users automatically banned? Or just think if slack accounts are compromised and a hacker logs-in through a proxy in Iran.
> Slack should offer a configurable notification that could contain other contact methods to the banned user. Slack could also give those users at least sth like 48 hours to inform their contacts about what is going to happen. And it could offer banned users a downloadable archive of all content created to make sure no data is lost.
The government could argue that any of these options is "doing business with" an identified, sanctioned individual.
I'm not saying it's right, I could just see a company attorney wanting to minimize potential federal liability.
But sanctions do not just happen from one day to the other (usually). At least in the case of Iran my understanding was that there was a political declaration to withdraw from the Nuclear Deal and impose sanctions, but not immediately. So business did have the opportunity to prepare a transition.
Cuba is one of the most popular destination for Canadians, can't ever imagine what would happen if they actually ban everyone that had their IP over there at some point in the last few years.
And yet some people are wondering why GDPR has a data retention policy that aims at keeping personal data around for the least amount of time necessary.
Companies should be made accountable for such blatant abuse of user data.
They may have the data, but they have no incentive to care whether or not their inferences are correct. This is a common problem with ostensibly data-driven companies.
i am starting to become scared that my accounts with different companies will be closed retroactively. I have, through work, toured most of the free and some parts of the non-free world (including Iran, Cuba and sudan). That apparently makes me fair game to have my US accounts closed. Had I been a slack user I, by the look of it, probably would have had my account closed today, even though I have lived within the EU for all my life.
I am pretty certain I have logged into my mail, PayPal account and Digital Ocean account from countries embargoed in the regions my providers operate. PayPal I could lose without much fuzz, but jeez how I'd hate to lose access to my email.
I worked in webhosting forever and I've never heard of a company until this post actively digging through a users access to services to block them. What we'd do is use products like Maxmind where if you tried to sign up and pay from Iran, etc, you'd be automatically denied. I've never, ever heard of audits to SSH logs to track this stuff down. We'd audit ssh logs if there was a server that was hacked, etc, usually to see if they hacked other servers so we could take them all down at once or find out (they'd often have irc running) what groups they were in to get more info on how they did it, etc.
This is absolutely ridiculous. I've opened up Slack while in Cuba to check on work things at my American company who does no business there. I don't have anything to do with our Slack bill and I'm a US citizen. So if someone goes to see their family in Iran/etc and just happens to open Slack they'll get banned? That's hamfisted as all hell.
While it's perfectly legal for your wife, a Canadian, to go to Cuba, it's still embargoed by the U.S., and Slack as a U.S. company must comply with the embargo (even though your wife has done nothing wrong per Canadian law).
That's true, but why does that mean they need to shut down her account just because she visited Cuba? Would that mean a grocery store would then have to refuse to sell you their goods because you visited the country once?
The guy's wife didn't do anything wrong. Slack broke the law by providing an embargoed service to someone in Cuba. I'll bet money that when this was discussed with their compliance officer, the lawyers and engineers and everyone else agreed to use certain metrics (like source IP) to determine whether someone fell under the embargo. Otherwise, Slack would have to spend a lot of time and money validating people's identity, etc., in order to comply. I don't really fault them for taking this path because their exposure is huge and compliance is hard.
Your analogy about grocery stores doesn't really work because logging into Slack isn't the same thing as walking into a grocery store, because buying from a grocery store isn't the same thing as exporting food across a national boarder, and because neither food nor medicine is embargoed.
They didn't shut down their account because she visited Cuba, but because her account was created _from_ Cuba. It's unfortunate but I guess it's the only way Slack has to "know" where an account is from.
They should never have allowed the account to be created from Cuba in the first place. Slack when it was younger, didn't have good policies in place to actually follow US law. As such, now that they are reviewing their old records they realized they committed illegal actions that they need to clean up.
Yes, it harms their customers, but that harm and the resulting damages to Slack' reputation (and maybe legal costs), is what they must pay for being negligent in the past.
They did offer an appeals process, but that can be safely assumed not to be a process for appealing the US law and their interpretation of it — it’s much more likely a process for appealing technical errors committed by accident during bulk work, such as “you identified my IP as Cuba when it’s Florida” or “I was hacked and we discussed that back then, please recheck your logs excluding the hacker’s activity”.
So they are absolutely offering recourse and resolution, but only where it is in their power to do so.
TLDR: Don’t expect Slack to be responsive to arguments that contain “please ignore US law for my individual circumstances”.
What other life-long punishments does she deserve for doing that horrible deed? Completely removed Google account with all her data? Permanent ban from any grocery store? Revoked driver license? Lifelong ban from Amazon, HN and other US services?
Slack could just block access to IPs from banned countries. Why are they retroactively blocking accounts? Sounds like Slack is punishing regular people who visited those countries.
The appeal process is filing a lawsuit against Slack, provided the person wronged didn’t already agree to give up that right when accepting Slack’s TOS.
Even if it wasn't given up, what would the lawsuit complain be, and what would one gain from it if it succeeds? Isn't Slack legally entitled to shut down any accounts at any time?
IANAL but cutting you off your everyday job and crucial documents (causing stress, money problems, hopefully not: unemployment) only because you happened to open an account in a random country seems like a reason good enough for a lawsuit. What to gain: compensation, and that damn' account.
Well that's not strictly true. Presumably there is a contract of some sort, and Slack must abide by it, entitling users to Slack's infrastructure to some degree.
It's not completely arbitrary. Plus there're notions of estoppel potentially at play.
I'd pretty much guarantee their terms of service stipulate they can terminate an account at any time for any reason. It's how most Internet services operate. The only likely addition to that, is a monetary refund if warranted based on the account context.
One, no, you are not legally entitled to shut down accounts on the basis of race or national origin, if that's what they're doing.
Two, they may have to at least return the data: if I let you use a desk at my place and you start doing business there, I am pretty sure I cannot legally refuse you entry and hold on to your papers.
Three, even if they are, we're also legally entitled to call Slack incompetent losers, and to tell our employers that we should not switch to Slack if we wish to continue being co-workers with Iranians. I will be telling my employer that shortly. (One fascinating aide effect of using Slack is thst the entire company must conform to Slack's policies. You cannot hire someone whom Slack won't create an account for, nor someone who won't agree to Slack's ToS, because if they're not on Slack they can't get work done.)
> no, you are not legally entitled to shut down accounts on the basis of race or national origin, if that’s what they’re doing.
That’s not what the parent comment said, you’re twisting it with an assumption. Slack is not legally obligated to provide Slack accounts to anyone, that was the point.
> they may have to at least return the data: if I let you use a desk at my place and you start doing business there, I am pretty sure I cannot legally refuse you entry and hold on to your papers.
Your analogy is rather confused. The data Slack has isn’t equivalent to your papers that you dropped on their desk. When you sign up for Slack, you enter into a contract outlined in their Terms of Service that detail explicitly what they agree to be responsible for. In particular, here’s the agreement relating to your data:
“Following termination or expiration of a workspace’s subscriptions, we will have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in our systems or otherwise in our possession or under our control.”
> "will have no obligation to maintain or provide any Customer Data..."
I have to admit that this case (and some others I read in recent days, e.g. MailChimp account deleted: https://news.ycombinator.com/item?id=18715866 ) made me aware that the terms of some popular services can be much worse than I would expect. I should really start reading those terms. Thank you for helping me reduce my naivety.
> Slack is not legally obligated to provide Slack accounts to anyone, that was the point.
And this point is untrue. As long as Slack provides accounts to the general public, they are required by law not to discriminate when doing so on the basis of race or national origin. They can stop serving everyone. They can firewall access from Iran, or identify actual persons covered by the sanctions. But they are legally obligated to serve Iranians as much as they serve anyone else.
> Following termination or expiration of a workspace’s subscriptions
One, this is an individual account, not a workspace. The workspace remains active.
Two, terms of service don't override law. There may or may not be law that overrides this and says that certain rights cannot be signed away. (For instance, if you're subject to the GDPR, my understanding is it would override it.)
> As long as Slack provides accounts to the general public
Slack does not provide accounts to the general public, in any legal sense. Slack is a private business, not a public service. Please read the terms of service to understand the terminology.
> they are required by law to not discriminate
Well, they are required by law to discriminate against traffic to Iran.
But, again, you've twisted my meaning to make your own separate point. I wasn't talking about discrimination. Slack is not compelled by law to provide accounts to someone. They can legally refuse service to someone who lives in Iran, or connects to Slack from servers located in Iran.
> But they are legally obligated to serve Iranians as much as they serve anyone else.
That statement is true in the sense that Slack is under no legal obligation to provide their service to anyone, outside of the agreement they created. That is separate from and irrelevant to whether or not they're allowed to discriminate against the people Slack agrees to provide service to, under their terms of service contract.
> they are required by law not to discriminate
BTW, what law are you talking about specifically? I'm aware of civil rights for US citizens, and anti-discrimination employment law in the US, but not of a specific law that bars online discrimination. I personally believe discrimination online would be wrong and bad, but are you certain that it's illegal?
Keep in mind we're talking about someone in Canada connecting to a US service, with a plausible decent chance that he connected from Iran or through an Iran server and just forgot about it. I'm not aware of specific US anti-discrimination or civil rights laws that would protect Amir in this case.
Slack doesn't even know someone's race or ethnicity, thus can't discriminate against that. They are just disabling accounts based on the IP they were created from, which was the best they had to go by to abide the sanctions. This is for sure inexact and bound to have false positives though.
It’s not quite that simple. A case could be made that other variables are a proxy for race or national origin, and travel to specific countries is one of them.
Of course that argument has an opposing side as well, but it seems prima facie plausible as a cause of action.
> Slack is not legally obligated to provide Slack accounts to anyone
Slack is legally obligated to provide Slack accounts to people who pay, with 30 days notice for termination in most cases. There is this stipulation:
> We may terminate the Contract immediately on notice to Customer if we reasonably believe that the Services are being used by Customer or its Authorized Users in violation of applicable law.
However, if they are terminating accounts based on ethnicity that doesn't seem like a reasonable belief they can use to justify applying export controls.
> Slack is legally obligated to provide Slack accounts to people who pay
Rather, Slack agrees to provide accounts to people who pay and agree to the contract in return.
That little stipulation is exactly what is in effect here. Slack believes the users are in violation of the agreement, and under the legal rules that Slack established and controls, they enforce immediate termination.
> if they are terminating accounts based on ethnicity
This defending of the argument based on wild assumptions that Slack is ethnically profiling is a bad place to start from. That hasn't been shown, nor is it very likely.
On the other hand, Slack is legally obligated to block traffic to Iran, and it's within reason to assume an account that ever had any traffic in Iran broke the law. It's certainly possible that Amir forgot that he used an Iran proxy, or traveled there. It's possible that someone on his team broke the rule without his knowledge. It's also possible that Slack made a mistake, which can and does happen from time to time at many companies when trying to enforce international laws using only IP traffic logs. None of that points at Slack intentionally terminating accounts based on ethnicity.
(Maybe this a stupid question) Why should they be entitled if you are a paying customer? Do they give you a backup of your activity on their platform before closing the account?
Honest question: if I go to McDonalds and pay for a burger can they refuse to serve me? I understand that they can refuse to serve me before paying, but after I pay their service and goods too?
GDPR has the force of law in its area of jurisdiction. If Slack can't comply with it, then they'd better not do business in that jurisdiction. That's how the law works; there isn't some hierarchy of one country's laws overriding others'.
Are you suggesting the US go to war with the EU to force them to repeal the GDPR, so that Slack can do business in the EU? I know HN typically takes a pro-business angle politically, but that seems beyond even the most rabid line that I usually see here.
If not, I am totally confused about how your response connects to what I wrote.
Other way around. The EU is the one who bears the burden of forcing American companies like slack to comply with their laws. Though jumping straight to a shooting war feels like an overreaction. Maybe start with a fine and ban the company if they don't pay.
Wow the Twitter thread and the experiences which are mentioned here sound so extreme and crazy that I am seriously confused to what believe.
- Is this all made up to prove some point?
- Is this just how the US ticks right now?
- Is Slack just completely gone mad?
- Is this what companies believes is acceptable nowadays?
- Is this the future of the web?
The fact that I am not sure what to believe and that I wouldn't be surprised if this is all true or equally all made up is what really scares me. Ten years ago I would have had a lot more confidence and faith in the world that this must be either a big mistake or something fishy, but today I feel like anything goes and in a week's time nobody will care again :(
It's the dystopia of the film Brazil: someone makes a typo in a database, someone else's life is dramatically inconvenienced, and it's impossible for them to access any means of redress.
Which is great for politeness, but largely rubbish for working out what people might be up to, given that people not only regularly disguise malice as stupidity, but in some cases find it highly entertaining. Hence the existence of - https://www.reddit.com/r/MaliciousCompliance/
This is also the future of blind faith in a few companies that control substantial things you depend on personally/professionally. You don't really think about how much damage something like Slack (or god forbid, Google) could do to you by shutting down your account until something like this actually happens.
Add to that the dark side of being "data driven," which is that stories like this one are just part of the 1% of edge cases. These companies also try to move away from actual customer service as much as possible because human labor doesn't scale as well as automation, so you'll fall through the cracks as long as the news that it happened to you doesn't get enough press to make it worth an engineer's or VP's time.
I know that sounds extremely cynical, but having been on the inside in situations like this, I saw how these dynamics converged despite good intentions. Stuff like this is why sending engineers through front-line customer support rotations tends to dramatically motivate engineering teams to make quality of life improvements. Once you lose the detachment that indirection from the user gets you, suddenly those 1% cases feel more important.
For more than a decade, Section 230 [1] has protected internet platforms from censorship of user-generated content. Why is Section 230 not applicable here, or is a similar law needed with wider scope?
>
It is the policy of the United States—
(1) to promote the continued development of the Internet and other interactive computer services and other interactive media;
(2) to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation;
(3) to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services;
Because this isn’t about content, it’s about OFAC designations. That’s the office in the US Treasury department that says who Americans can’t do business with. They’re the ones that enforce sanctions and Iran is on their list.
Penalties for noncompliance are stiff and there are no safe harbour provisions.
(IANAL but I have implemented systems to check OFAC lists at other companies and seen it result in similar situations)
Even if what you say is technically true, Slack appear to have interpreted that as saying that they can't do business with anyone who as ever in the past opened up the Slack app in a designated country, whatever their nationality and/or reason for being there. At the very least, that is a shoddy algorithm.
They have information from which they conclude that; this information is fallible and conclusions are not certain, but that's true of virtually all “knowledge” about the material world.
One of the replies to the OP in tweeter says "anyone who is legally an Iranian citizen". That basically covers all naturalized American citizens who emigrated to US from Iran.
The U.S. government doesn't care what Iran recognizes. The correct quotation would be "anyone who is legally an Iranian citizen in the eyes of the U.S. government."
When an Iranian citizen becomes a naturalized U.S. citizen, their Iranian citizenship is no longer valid in the U.S.
There is a limited number of nations that have dual citizenship agreements with the United States, and Iran isn't one of them.
Maybe it's time for Congress to help companies differentiate between:
(a) the objectives of laws prohibiting large commercial flows to sanctioned countries and
(b) the objectives of laws encouraging many tiny information exchanges on the internet, taking place outside of sanctioned countries
Is it worth burning down Internet commerce in the hope of catching a few individuals? Did Congress intend to create a Do-Not-Speak list, or one such list for every Internet company? Should Internet UGC platforms now relocate outside the USA, when Congress is also encouraging companies to repatriate assets to the USA?
Is it worth burning down Internet commerce in the hope of catching a few individuals?
What's happening here isn't an attempt to catch a few individuals. The goal is to put pressure on the entire government of Iran. This is done by making doing business hard for large businesses, as well as individuals, so that pressure to change is put on the Iranian government from above (businesses) and below (the people).
This sort of thing is a temporary blip before everybody figures out decentralised solutions for everything.
Decentralisation is clearly the end game as long as politics causes problems like this. A decentralised solution will continue to "just work", while centralised solutions continue to boot people off. It's pretty obvious which one is going to win.
Except looking at the past 20 years or so it seems clear that the trend is going the other way around. Slack itself is an example of that, not long ago it would've been a set of self-hosted tools. People have ditched IRC in favor of Discord and friends, they've ditched decentralized forums, BBSs and mailing lists for social networks, everybody hosts everything using the same four or five cloud providers, streaming and direct download is much more popular than BitTorrent etc...
Maybe this trend will reverse eventually but I don't really see the signs yet. The Cryptocurrency crowd keeps shouting "decentralization" but they still fail to create applications that can compete with the centralized alternatives in terms of usability, performance and cost. There have been many attempts at making decentralized social networks but they failed to gain mainstream adoption. IPFS works pretty well but again, hardly anybody uses it.
I'm all for decentralization but there's no denying that there seems to be a path of least resistance towards centralized solutions. They're easier to develop, easier to maintain, easier to upgrade and often easier to use.
So for me decentralization is the objective, but unfortunately it's not "clearly the end game".
Exactly. I understand the desire for decentralization. There is certainly a lot of hype, and in the cryptocurrency world it verges on religious belief. But I haven't yet seen any examples of the trend reversing.
Even most of the very technically competent people I know are gradually moving toward central services. I'm part of a co-op of people with collocated servers. We started in 2000. We haven't had a new member in years, and we are gradually losing them. I'm at the point where I should replace my server, and I'm having a hard time coming up with reasons to justify the large capital expense and significant time cost versus moving it to somebody's cloud. And that's not even considering the benefits of moving to hosted services. Not worrying about spam, email deliverability, security patches, et cetera, ad nauseam.
I think part of the problem is that the "decentralize!" crowd is willing to put up with a lot of practical inconveniences as long as something conforms to their ideological desires. Their ideology may be perfectly correct, but until it has practical consequences, most consumers won't shift. So they're going to need to come up with competitive services that are better than the existing ones. Better not just to them, but to regular users.
This is a bit of a shameless plug, but I just made a Show HN post about Glowing Bear, which is a web front-end for the WeeChat IRC client: https://news.ycombinator.com/item?id=18725038. It's entirely implemented as client-side javascript, and you can easily self-host it without any requests being made to other servers. For me, it solves the problem of accessing IRC wherever I am without having to fumble with ssh on my phone or monospace text. And it doesn't have the limited functionality of these modern web IRC clients implemented in node because it's just a front-end for WeeChat, which is one of the most powerful IRC clients around.
Regarding your note on the path of least resistance leading to centralized solutions---Glowing Bear/WeeChat is definitely more work to set up than just signing up for Slack. You need a machine that runs WeeChat and get a TLS certificate so that the browser will let you connect securely. That definitely limits it to a somewhat nerdy demographic, even among the HN readers ;)
But I think for these solutions to gain more mainstream appeal, we’d need to make the setup much simpler, and work on ideally making it a single-click solution for an organization to set this up for their members. And maybe even provide hosted services (similar to IRCCloud) for the many users that would rather pay than run their own servers.
Yes, you're absolutely correct. Setup is indeed more complicated than it should be for Glowing Bear. I would love to have an automated solution for it, I just don't want to be the one to build it :)
20 years is a small timeframe in my opinion. Every new technology you exemplified is better in almost every way to the predecessor except for the fact that they hand the keys to the castle to a small group of people which the ordinary users don't care about until it starts hurting them, which has already started.
Now I suspect we'll start seeing clones of facebook / slack etc but with a decentralized backend while offering all the features users care about seamlessly. This might take a while but it'll eventually come.
It will take time before decentralised services become mainstream. It's slow right now and we are still learning, we need things to be easier. The backend is basically figured out at this point and we need to focus a bit more on UX.
Regarding torrents, many game clients will use torrents for their downloads, the user simply doesn't see and deal with the torrenting.
Don't confuse self-hosted with decentralised, not the same :)
>It will take time before decentralised services become mainstream.
Again, this is looking at things backwards IMO. You seem to imply that there's a slow momentum from a centralized web to a decentralized one when in fact there's been a rather fast momentum in exactly the opposite direction over the past decades.
To me what you're saying sounds like "horses are about to become a very common way of moving goods". Maybe you're right but merely looking at the trend it's clearly not going that way at all.
>The backend is basically figured out at this point and we need to focus a bit more on UX.
You'll have to tell me more specifically what you have in mind there because that sounds very optimistic to me. We've had decentralized "backends" for as long as we've had the internet. The web is mostly decentralized by design. Even DNS is distributed across plenty of authorities for the various TLDs (even if each of them is effectively centralized and not anybody can become an authority).
Email is decentralized. BitTorrent is decentralized. IRC is decentralized. We're collectively moving away from these technologies, not towards them. I'm personally still a heavy user of all three of these things but it definitely feels niche now (email obviously isn't but self-hosted email is).
>Regarding torrents, many game clients will use torrents for their downloads, the user simply doesn't see and deal with the torrenting.
Which is pretty much irrelevant in this conversation then. It's about the technology people use to share content with each other, not about how Blizzard chooses to update your WoW client. It's a locked-down, vendor-approved way of distributing software from a centralized authority.
>Don't confuse self-hosted with decentralised, not the same :)
It's not the same but it's related. In general if something is truly decentralized then it becomes self-hostable otherwise it's more distributed than decentralized. Anybody can host their Bitcoin node, their Bittorent peer or their email server. I can't host a Facebook node.
Until taking part in a decentralized system is a crime by itself due to potentially illegal content and your possession and distribution of that content.
The distributed system does not stop to work then, but the user might risk punishment for using it, which might be even worse than not being able to use it.
I've been thinking about running a Mastodon server so I'm in control of my social media, but I'm worried about letting anyone use it because of the GDPR.
When decentralized systems are illegal, only criminals will use them. Anonymously. And very likely, using your devices as botnet slaves. But pretty much, you get what you select for.
It will also drop the userbase below a useful threshold. Sure, there will be the technical possibility of still managing to use it illegally and undetected--but there will be no herd immunity, there will be no effects of scale that make the system particularly useful or affordable compared to proprietary, centralized, and more performant alternatives. People can and do still use bittorrent illegally, but it doesn't have even close to enough market share to make centralized streaming services nonexistent or non-competitive. Basically the same idea.
The fact that you can't decentralize legislation and physical governance is not insignificant. You can't block the influence of preexisting powerful actors. Those factors do have the power to destroy the decentralization movement, and most likely will.
Some of us don't particularly want the "herd". The Internet was a better place before Eternal September. And it arguably would have become a far better place, without commercialization.
Maybe those "powerful actors" could prevent decentralization from becoming mainstream, but they can't kill it. Consider marijuana, for example. Use has been demonized for decades by the US and its allies. But that didn't stop an appreciable fraction of the US population from using (or at least, trying). And now it's becoming legal in more and more states.
For Internet decentralization, the driving factors will almost certainly be porn, gambling and prostitution. To the extent that they're driven off the clearnet, demand for them will fuel growth of alternatives. Freedom of expression is essential, of course, but it will be just a side benefit.
The more decentralization is suppressed by "powerful actors", the more it will be dominated by other "powerful actors". That is, by organized crime.
It will never happen, at least not on a scale that will affect significant web traffic.
There is another model, not decentralised but a practical middle-ground: the WordPress model.
Consider the following: Wordpress is an example of a profitable open source app that can easily be installed on countless shared hosting platforms or on a VPS. It's easy to switch hosting providers when you want to (and to take your data with you). It's popularity means that one-click installs are widespread.
Unfortunately, there is no common standard for software installation on the server side, and this lack of an easy installation process for everyone else severely limits self-hosting websites and apps.
Many developers think deploying a server-side web app is a non-issue, or they erroneously think that installing Cloudron/providing Docker instances/typing command line instructions are all "easy". Have you seen the server deployment instructions for "web friendly" languages like Ruby and Python? It's ludicrously complicated. And still developers seen nothing wrong in such install procedures. It's so frustrating.
I wish there was some momentum or traction in making server-side web app installation as universally simple as a one-click Wordpress install. It would also unlock countless opportunities for developers to reach more users or customers. But maybe some developers secretly prefer the complexity? It certainly makes selling a SaaS solution much more attractive over the stupidly complicated self-hosting option.
Decentralisation has costs, and note that booting off ""disruptive"" users (however defined - spam, abuse) is an absolute necessity of running a communications service. These costs are part of why USENET died.
> Decentralisation is clearly the end game as long as politics causes problems like this.
Only techies care about decentralization. Most people would rather follow a Twitter feed rather than an RSS feed. Most would prefer a mega forum like Reddit rather than multiple, standalone forums with separate accounts. There are also network effects that give centralized platforms more of a competitive advantage.
I keep hearing people talk about the need for decentralized social media, but nobody knows how to make it an attractive, viable option for the masses...especially when such a solution wouldn't be as profitable (or as frictionless) as Facebook, Twitter, etc.
Controversial opinion incoming: decentralization isn't going to be a silver bullet that fundamentally solves anything. These services are still going to depend on large amounts of expensive hardware and infrastructure that must exist in the real world, much like cryptocurrency. That hardware is still vulnerable to control and influence from strong corporate or state actors, so the decentralized stuff running on them is always going to be under influence as well. Even with strong crypto, methods to manipulate it either directly or through side channels will be developed. It's absolutely inevitable. Somebody controls the power plants generating and pricing all that electricity, somebody owns the internet backbone hardware, somebody can afford a much higher hashrate, somebody controls tech legistlation, and somebody is on the bleeding edge of cyber-warfare with a DOD budget. Sure, some of the hardware will be in private ownership, but not the majority. If it ever becomes widespread enough to be of great significance, traditional power structures will absolutely contrive a way to seize it.
What this all really does in the end is create a technical caste system and obfuscation of ownership. People fortunate enough to have access and be up to speed on the latest technology (or hire people who are) will reap the rewards of decentralized systems which still belong to authoritarian actors, yet it will be extremely difficult to prove that ownership--especially to laymen. It will always have a nice hazy deniability, and it will be almost impossible to hold anyone accountable for their actions, or prevent or even identify exploitation.
This is absolutely the future of the web. Perpetual and stealthy non-neutral manipulation by the technically advanced and financially powerful is here to stay. I think that as engineers our tunnel vision and intellectual hubris have given us a false sense of security as we developed this hideous system, because we thought it was some kind of purely digital realm where we have real control and real comprehension of what we are doing. But nothing is purely digital. Everything is built on top of the real, analogue world where strong actors have already divvied up and taken ownership of everything.
I wish you were right.
But so far the winner takes all effect and commercial benefits pushed most things to big companies. Even the archetype of decentralization, email, is being pushed to big players by spam control.
I'm an Iranian-American and Coinbase did something very similar to me in 2017. Here is the notice they sent me: https://i.imgur.com/xnJe0kd.png
We were very convinced it was name/ethnically based as I hadn't been to Iran for a few years before. The general counsel at my last job sent a strongly worded email suggesting they may have been using names to do this (thanks AA!). The email quickly resulted in my account being reinstated without any commentary on their methodology.
This is what centralized silos are like, have always been like, and will always be like.
Unfortunately centralized silos also allow unprecedented convenience and ease of use. Nobody's figured out yet how to duplicate that in a decentralized or federated system.
I mean, Slack recently announced that they would give employees complete access to employee's private conversions.
When a company starts thinking this way, you know there's no turning back, and more such (censorship/surveillance-friendly) actions will be taken in the future.
It's not about visiting a country, it's about where your Slack account was created. If you created your Slack account from an embargoed country, regardless of your citizenship or ethnicity, they will probably disable it.
>- Is this just how the US ticks right now?
>- Is Slack just completely gone mad?
>- Is this what companies believes is acceptable nowadays?
>- Is this the future of the web?
Iran has sanctions against it right now. Slack, and other companies that have done this sort of thing with Iran, Cuba, etc the past few years, are trying to stay on the right side of the law. To avoid imprisonment, fines, etc. If you think what they did is wrong, start a company and risk serving prison time to stand up for your what you believe in by creating a similar product and offering it to customers that have direct geographical ties to sanctioned and embargoed countries. I'm serious, imprisonment is a very real risk with dealing with sanctioned and embargoed countries.
Doing business with Iran, or a citizen of Iran, can open the door for all sorts of government investigation from fines, to being shut down for an investigation, to having data from other users compromised, to criminal prosecution of employees/officers of the company.
It's a lot easier to just immediately sever ties with anyone that has had dealings with an IP geographically connected to Iran than to go one by one "hey, you an enemy of the state? You sure you aren't? Promise? Cross your heart and hope to die? Ok, we believe you, we'll just hope you're telling the truth!"
Then there's the fact that Slack uses encryption at rest and in transit, there may be a LEGAL REQUIREMENT not to allow users with ties to Iran to use the product under CFR title 15 chapter VII, subchapter C. Or they may at least suspect they are at risk of running afoul of the cryptography export laws as they stand and simply decided, they don't want to risk it to protect the company and other users.
I highly doubt this is some Islamaphobic/Iranaphobic move on Slack's part, this is simply a cover-our-ass move so we can stay in business and not risk prison time.
Heh. Seems everyone has decided to shoot the messenger.
You may disagree with the policy, but ryaymercer isn't wrong. Living in startup land where everything is light, you move fast, and things get broken, it's very easy to overlook that there is this 500 lb gorilla in the corner just waiting to smash you into pulp for doing the wrong thing.
My guess is that something internally at Slack has triggered this. It seems likely that they're in the midst of contracting with a Federal agency, or something of the sort. When you do business with the Federal government, all manner of hell is unleashed on you in the form of paperwork and due diligence. "Negotiation" boils down to litigation, and litigation is god damned expensive.
I am not saying what's happening is right. I'm simply pointing out that this is the culmination of decades of policy and momentum within our government. Wagging our collective fingers at Slack isn't going to change a thing. What can Slack do? Let's say they pass on whatever opportunity is driving this ridiculous witch hunt. So then what? Some Federal agency doesn't get to use their messaging platform? Who cares? Nothing changes.
It all starts with asking the right questions, and ryanmercer's post likely contains the answers to a number of questions that few people are asking: what's motivating this change, who is responsible for the policy, and how can our community affect change to prevent it in the future?
You've been breaking the guidelines a whole lot by posting unsubstantive flamey comments. Please stop—we ban accounts that keep on, especially if that's all they've been doing.
I disagree with the way Slack handled this, but by now it’s clear (even the original poster seems to have realised) that Slack banned everyone who accessed the service from an Iranian IP, irrespective of who they were or where they were from.
It’s pretty clear that’s it not motivated by race or any kind of profiling.
Slack has no incentive to boot more people off their platform than necessary, so this overly broad ban could be a result of either misunderstanding the US governments mandate, or that might be just what they were asked to do.
Who asked them to do this ? I have serious doubts that this action was directly recommended in any official government communication otherwise we would have had someone leak it and debate about it. My hunch is this isn't directed by a national security letter or anything like that with mandated secrecy otherwise we would see similar actions from other tech service providers. As far as I know Facebook isn't deleting the accounts of everyone who has connected from Iran or Syria. My suspicion is that this is the result of a shoddy communication between the legal department and some coders and I suspect that Slack will be stuck in a hard place explaining it and justifying it. As far as I know there was no official explanation or blog post, the suade velvet secret slack police just started causing people to disappear in the night. It will also be hard for them to walk back this action because they have set at least an internal precedent and opened themselves and other companies up to attack by opportunistic regulators if they now say they were wrong.
This is hard to explain to anyone who hasn't done business with the Federal government, but your visions of national security letters are very much on one end of a broad spectrum. At the other end of the spectrum is the mundane.
The mundane includes things like contracting with the Federal government or even certain government contractors. Our company just contracted with PAE, and PAE contractors must agree to much of the same Federal Acquisition Regulations as someone doing business directly with the Federal government. One of the vendor forms was 37 pages long, and it contains sections explicitly requiring certifications that your company will comply with sanctions. The form binds the signer to personal culpability for failure.
So if you're a company contracting in this process you're tasked with preventing delivery of your product to Iran, and the Federal government gets to set the bar, not you. If you fail to meet the bar, you end up in Michael Flynn's shoes, only far less public. How long of a bet is it to expect a Federal bureaucrat will interpret compliance the same way you do? Are you willing to risk inquiry if your opinions differ?
I don't like what's happening here. I don't like it at all, but I know just enough about dealing with the Federal government that I can smell the odor from here.
It's not inconceivable that Slack's general counsel saw the headlines about Trump campaign officials being investigated for circumventing Iranian sanctions, evaluated their position, and recommended this action just to be safe.
Except it isn’t because of ethnicity. There are thousands of people from Iranian descent that use Slack in the US each day and they aren’t getting banned. Nor has anyone else been banned “because of their ethnicity.” That is absolutely ludicrous. The guy who was banned is being banned for something beyond his ethnicity.
That's not what happened at all, that's why it's hard to take him seriously. He makes it look like Slack went out of their way to look at all of their users and check of what race they are to ban those who are Iranians, when they just made a geoip check.
If they're just doing GeoIP checking, wouldn't it have made more sense for them to just block access from those countries, which would be an inconvenience to their users, instead of retroactively removing their accounts?
> That's not what happened at all ... when they just made a geoip check ...
It sounds as though you have access to data that the rest of people on HN do not. Would you care to share your source? Are you certain he would not have been banned by Slack if he were not an Iran citizen (just Canadian) but would have (possibly) used Slack when travelling to Iran?
Assuming that for some reason I should take your word over his, banning for "having logged on in Iran at some point" is, effectively, banning for ethnicity.
It only is if you think someone who has ever set foot on Iran is an ethnic Irani. You just have to look at this HN thread to see that is false, as this problem also applies to other embargoed countries.
> It only is if you think someone who has ever set foot on Iran is an ethnic Irani.
We're both adults here and I assume we both can realize that splitting these hairs doesn't make my statement that banning everyone that's ever logged on Iran from slack is, in effect, a ban on Iranian ethnic users?
No it’s not. There are millions of Persians in the US that haven’t been to since the 1970s. Those are of the same ethnicity as someone living in Tehran. There are millions of Persians living in Europe as well — also ethnic “Iranian” who would be unaffected by a geo-ban.
So no, a ban based on signing in from a specific locale has zero to do with ethnicity or race.
On one hand, yes, but it's fair because it's an embargoed country. I mean, it's not fair in my opinion, but Slack is forced to abide by the laws of the United States. This approach they've chosen of banning everybody who's ever connected from Iran is stupid and ham-fisted and they are being rightly ridiculed for it.
On the other, the author of the thread is accusing Slack of profiling him racially. What he's implying is that a human proceeded to stalk him around the Internet, on social networks, etc to check if he is an actual Iranian and ban him based on that. And that is a very, very grave accusation.
Just because he said that he has no connection to Iran does not make that true. If you carefully read the tweets, Amir says that he travelled to Iran. It might be that Slack did something ridiculous, but that can't be seen from the data.
Aside from the obvious wrong of blocking people based on their origin, what's up with these companies closing accounts with no warning and no recourse? I know they're private companies and they _can_ do it, but just because you can doesn't mean you should.
Why not give the user even a few days notice so they can communicate with support to try and clear things up? Taking the OP's story at face value, Slack should easily be able to verify with him that he lives in Canada. Instead, they simply block it and bye. I find this extremely hostile.
> I know they're private companies and they _can_ do it, but just because you can doesn't mean you should.
Actually, if you look at the image, Slack is beholden to US law, export regulations and economic sanctions - companies doing business with countries they shouldn't are in big trouble. See also: Huawei, who despite sanctions continued to do business with Iran, which caused the US to give them a huge fine. I don't know how that works given how Huawei is a Chinese company, but there you go.
To clarify: private companies are not and should not be above the law.
This is another strong case for open source software development along with open, publicly available, standards and protocols.
This isn't about Slack, it isn't about US sanctions law. It is about any private entity creating closed sourced, remotely hosted software. Everyone knows that APIs can be pulled at any time (Twitter, Facebook, etc.) Spying can be mandated whether it is the US government, China, or anyone else.
As end users it is never clear what is going on behind the curtain. It is never certain the product will be here tomorrow - whatever the reason. No one would build a high rise where all of the elevators could suddenly vanish, yet we are increasingly putting the critical pieces of our businesses and our lives in the hands of entities that only need to flick a switch and everything instantly vanishes.
To put a finer point on it: open communications protocols driven by free software and end-to-end encryption both are and should be above the law, at least where the law purports to create national boundaries on the internet.
Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.
That's a nice fantasy but the reality is that humans and computers still have to physically exist inside national boundaries. Flesh and steel still count for a lot.
Buying and installing your own permanent elevators is too difficult and expensive. Think of what happens in 25 years when they need to be replaced. You'd be a fool not to pay a monthly fee for elevators-as-a-service.
But to clarify, they gave a service to people/teams who maybe they shouldn't have. Did the people signing up/using Slack know that? Maybe. Who's responsible to ensure it's enforced?
This is not about blocking accounts of people in Iran, which is a totally legit thing to do. This is about blocking someone who is of Iranian origin, but claims to live in Canada for years and has no business connections with Iran whatsoever. Probably it's some automatic filtering hitting a false positive, but question is how that works, what criteria they use to search for "suspicious" accounts? Have they been given the list of accounts by some US agency or they track and profile their users? There's a lot of confidential business info floating through Slack channels, so it's a huge deal for all of us if they data-mine on that in some way.
The part that's clearly wrong is stopping innocent people from engaging in harmless trade. If it weren't for the sanction, it would probably be illegal for slack to deliberately block Iranians just because of the country they're from.
And something doesn't have to be morally good for stopping it to be morally bad. For example, playing chess is morally completely neutral, but it would be morally bad to attempt to ban chess.
Likewise, Iranians using slack isn't obviously morally good, it seems morally neutral, but enforcing a slack ban against Iranians is obviously morally bad.
Are you being deliberately obtuse? Canada doesn't have anything to do with this. Amir's account was closed because of his Iranian ties, not his Canadian ones.
Simple: it costs them money and resources to go through the process you described, whereas it costs them almost nothing to directly close the account and send an automated message.
The value of that intangible asset is called 'goodwill' and the market gives it a value. Worldcom had to slash around $80 billion dollars in lost 'goodwill'.
At least give them access to a downloadable archive of all their content and maybe inform other users that interacted with this user about alternative methods of contact.
I wonder if it's like being fired, they are concerned that you may fly off the handle with your last bit of time so they confiscate all your tools as quick as possible.
>Aside from the obvious wrong of blocking people based on their origin
How is that an 'obvious wrong'? That's how sanctions work. Sanctions are laws that prevent companies in one region from doing business with companies from another region.
>Taking the OP's story at face value, Slack should easily be able to verify with him that he lives in Canada. Instead, they simply block it and bye. I find this extremely hostile.
That I agree with. Slack should do better. But doing better means doing more investigative work and you probably don't want to delegate that to your frontline tech support worker, so it means it's expensive and not particularly scalable.
No it’s the companies fault. Export restrictions can’t be applied indiscriminately. Laws are open to interpretation and they have interpreted this law in letter not in spirit.
Wow. This seems rather unprecedented and unnecessary, based upon the lack of action in this regard by other companies I don't know why Slack would do this. If for instance this kind of arbitrary action took place on GitHub I could see it having a detrimental impact to free software projects. This is another good reason to choose Zulipchat and other self-hostable platforms instead of proprietary SaaS solutions.
"Neutral" countries also have to conform to sanctions; Switzerland is mentioned a few times but "the sanctions regime in place is based on the Federal Act on the Implementation of International Sanctions" and "Does Switzerland implement UN sanctions? - Yes."
Switzerland hosts, among other things, the EFPL, which does a great deal of technlogical achievement. The EFPL itself leads the Scala language development, among a lof of other stuff !
I'm not familiar with other countries as neutral as Switzerland which has a successful track record of staying neutral during two world wars on their borders, but I suspect there should be actually quite some. I _think_ that for example Kazakhstan is currently trying to follow a similar neutral political path.
Wire is a Swiss Slack alternative that’s open source. Do note the comment close to this one mentioning that Switzerland would also have to comply with the sanctions.
EULAs already sometime shad rules to excluded people based on the country they were a national of. Those one could simply ignore. With SaaS this is a different story.
I'm not familiar with Zulipchat specifically but unless you're running a community with thousands of concurrent users then you could easily host most self-hostable chat platforms on a low powered devices (eg Raspberry Pi) on a home broadband internet connection.
Obviously this is a less than ideal solution, but my point is you're not reliant on AWS / OVH / Digital Ocean / whoever you choose for hosting.
Zulipchat offers free SaaS for open source projects and also provides you with the ability to export your data and choose to self host at any time in the future. I've found it to be superior to Slack but it just doesn't have the same level of name recognition and thus people are less inclined to use it for some reason. I hope this builds into a real campaign to have free software projects choose a more ethical alternative.
Because you don’t need a hosting provider to self host. You don’t even need a domain name either.
But in all honesty, there are hundreds of registrars and thousands of hosting providers around the world. Not all of them fall under US jurisdiction. But if you’re really really paranoid of getting shut down, there’s also .onion sites or distributed systems like IPFS.
You can not prevent people from communicating on the internet any more than you can prevent people from writing letters.
> I am not sure where you live, but in many places you can't host your own servers from your room because of ISP restrictions.
We have those restrictions in the UK but I've never once known any ISP act upon them. But in any case, I did also list other options that wasn't reliant on your ISP as well.
> Also, there are not a lot of places where you can find data centers that rent servers out for personal uses.
Sure there are. Hosting providers don't care if you're a business or private individual - they just want your cash. There's even serval places in Europe where you can send them a Raspberry Pi and they'd host that for you (obviously for a monthly fee). There really isn't a shortage of places to host bare metal nor VMs.
> I did also list other options that wasn't reliant on your ISP as well.
However that aside, you could nitpick solutions until the cows come home but it’s unproductive because self hosting is still more resilient from takedowns than a SaaS solution. And that’s what matters. Self hosting gives you options that you simply don’t have with SaaS.
Frankly, I’m amazing anyone is even arguing against that point in the first place.
From my experience with Rocket Chat I'd argue it's about a 30% implementation of Slack when it comes to features and polish.
My favorite gripe with it is that quickly typing half a username and auto completing will select the first (or some random) user that's doesn't have anything to do with what you typed. It's a real pain if you're a fast typist.
Welcome to the brave new world of the "cloud": you data, business, money, most intimate secrets and livelihood is at the whims of a foreign corporation that will stop at nothing if it means 2 cents more on their bottom line, or gets them on the good side of a government entity.
You have no rights, you have no intrinsic human valuu and you have no means to fight for yourself.
>at the whims of a foreign corporation that will stop at nothing if it means 2 cents more on their bottom line, or gets them on the good side of a government entity.
Or if it gets them out of a flash-in-the-pan PR issue fomented by the latest political outrage mob, or a couple 'woke points' to score with their ideological allies.
The tech community had its chance to stand firm and demand openness and liberty of use when it comes to accessing communication services provided by mega-corps. They instead let themselves be seduced by "it's a private company they can do whatever they want go build your own platform" when it was being wielded against less sympathetic targets.
If you don't hold it, you don't own it. HN types seem to not get this, at all, they think companies should indefinitely preserve all their data and make it available on demand, no matter what, in-perpetuity. The MailChimp thread yesterday now this one and the gods help you if you suggest people backup their data regularly instead of relying upon a 3rd party to always have it available for them.
Remember yesterday’s thread from the guy who lost his MailChimp account suddenly? Nobody learns, and we’re going to keep reading these articles over and over while “cloud” is still a thing.
This kind of thing can kill Slack or other networks because if you have a team of 100 people and just one can't use the platform, you'll switch. The network effect seems likely to work in reverse in this case.
What, complying with national and international sanctions and erring on the side of caution? Losing part of your customer base is preferable over getting fined to the tune of hundreds of millions of USD.
If the sanctions demand this, then the sanctions are outrageously unethical. If the sanctions don't explicitly demand it and banning ethnic Iranians is just "erring on the side of caution" then yes, sorry, but Slack is being outrageously unethical. Even if the sanctions do demand it, to me this is a reason to seriously consider either moving Slack to another jurisdiction like Canada, the EU, Switzerland, etc., or proudly face the fine.
What's the alternative? Just hide your Iranian/Persian colleagues and friends under the digital rafters? It's plain wrong, and I refuse to be on that side of history.
If Slack needs to risk a massive fine then that's their duty, so yes, face the fine, take it to the Supreme Court. To be honest, doing anything else is unpatriotic as well as unethical.
> then that's their duty, so yes, face the fine, take it to the Supreme Court
No, it's definitely not. What's with the hyperbole? Do you consider every single person and company in the US unpatriotic and unethical then because these sanctions exist?
We need less corporate involvement in politics. If you don't like the laws then you are free and welcome to participate in the government to change them but expecting a private company to go to the Supreme Court (!) over sanctions is just ridiculous.
She/He makes a valid argument so I think a downvote is uncalled for.
As someone else pointed out: if anything is unethical here, it is the sanctions. Ensuring your company operates within the law is a business decision and not everyone has the ability to go toe to toe with the government.
The brigade here is too strong to listen to any reasons against this.
If it were my company and the potential downside of not closing accounts was personal jailtime, I'd absolutely err on the side of caution and close any account that seemed like it might land me in jail. Yes, people would get pissed off. But I'm not going to jail for them.
The real problem here is that Slack's support is horrible and there's no way to talk to them about an account closed in error.
A couple of our employees from Syria also got blocked today. They were using Slack from Syria though.
EDIT: I don't understand why they ban/block the account rather than "simply" block access from IPs from the country. This seems really strange and overreaching.
This doesn't excuse anything. People in Syria are people too.
This is similar to how people were calling for websites to block access to Europe over the copyright thing. The internet is a place where you don't even need to have a nationality. It is a place where we can all exist as pure thoughts. Why are we letting politics fuck it up?
The Syrian ban comes from a U.S. federal sanction. Not arguing that the sanction is right, or that Slack is correctly implementing its adherence, but this is not a similar situation to people calling for a boycott to make a point.
Yes, I can imagine it's hard for Slack to ignore those sanctions, but it does appear overzealous to ban individual accounts after having logged-in from Syria/Iran, instead of implementing a country ban from accessing slack. The latter would be far simpler from a technical standpoint, and I would imagine just as compliant with the sanctions.
The internet is not a place. It only functions to connect people and places which exist in physical locations that are bound by national and regional laws, and the transfer of data between locations is subject to these rules.
That's true of snail mail, or telegrams, or even phone calls. But I'd argue the internet is so fast, and so high bandwidth, and so always-available, that it is a qualitatively different thing from merely a transfer of data between physical locations.
It is a place where things happen that aren't just transfers of information between physical places. For example, Hacker News is a place within the wider place that is the web.
You can argue that it is something other than a "place" (maybe "community"? or "society"?) but then you can just substitute "community" or "society" where I wrote "place" in my previous comment and everything still holds.
I think the important point is that it's bound by laws, and nations will (and must) enforce their laws.
Right now, it means revendicating parts of that place that is internet as waving their flags, and holding accountable individuals and companies powering those parts.
You can argue that there are no nationalities on the internet, bust most nations beg to differ.
I don't see what the velocity of the transfer has to do with the rules. Seems rather arbitrary.
Hacker News isn't a place because you're just requesting data from their servers with a well-known DNS name. In fact everyone who "visits" is technically getting a private copy sent to them, and it's all data being transferred between borders. You can clearly see it reflected in internet routing where transit is defined by political and business connections, and things like the Great Firewall of China.
Calling it a community fits better sure, but that just describes a group of individuals and doesn't create any political sovereignty. People still live in physical locations which are bound by laws, there's no way around that.
We're not a US company (I hope there are no sanctions in our own country. I somehow doubt it, but I'm not entirely sure to be honest, so I won't mention the country to avoid getting us in potential trouble... Anyone knows which other countries enforce similar sanctions on Syria??).
I'm not a lawyer, but I am not aware of any restrictions to employ people from Syria, unless they were involved in military or related to the government etc.
I said that I'm not sure, but that I doubt it. I then spent some time checking, and couldn't find anything to support your claim. If you have any sources that EU countries are forbidden from employing "normal" Syrian people (now or even before 2014), I'd love to see them. Otherwise, it really feels like you're just trolling to be honest.
When a company gets large or important enough it realizes that it has to follow some inconvenient laws.
In the US there's OFAC (https://www.treasury.gov/about/organizational-structure/offi...) which lists individuals and entities that companies cannot do business with. Implementing these rules is a nightmare for companies so they use a 3rd party services which produce a huge number of false positives. Middle eastern names tend result in many false positives.
My guess is that Slack is scrambling to clean house ahead of the IPO and they don't have a user friendly way of dealing with this. In fact most companies don't. This is the same crap that bites people who inadvertently end up on no-fly lists with no way to get off.
Don't like this? Call your representative. Build a better way to implement OFAC and similar laws.
It seems most likely that Slack has geolocated IP addresses from account access logs, and closed accounts with hits from sanctioned countries. Perhaps going back years.
That in itself seems over the top. But it doesn't constitute ethnic profiling.
But if someone has a counterexample, that would be OK too.
OP here. I would partly agree. But at the time I posted the link, I only had examples from Iranian people that are living in other countries using Slack and getting banned. Now that I have heard more stories about people from Syria and even one US person, I wouldn't post it again with that description.
I'll leave it to the mods to change the description accordingly, if they feel inclined to do so.
UPDATE: The mods have changed the description to "Is Slack shutting down accounts of those ethnically associated with Iran?"
I meant no criticism. I'm just trying to understand what they're doing. And damn, just the realization that they have access logs going back years is mind-boggling. If they didn't have the logs, they'd arguably be better off.
But the focus ought to be on banning based on access logs from years ago. With potentially unreliable geolocation. And IPv4 addresses that may have been announced from many different autonomous systems, over the years.
A lot of racism and ethnic profiling is exactly like this -- actions that are individually justifiable, but somehow end up focusing on a particular race or ethnicity despite everyone "not meaning it that way".
Focusing on intent can help us feel better about ourselves when we unintentionally contribute to these problems, but if we actually want to fix them, we can't focus only on the intentional racism or intentional ethnic profiling. We have to understand and find ways to avoid the unintentional stuff too.
Slack doesn't even know their users race, ethnicity, or country AFAIK, thus they can't discriminate on that basis. I think this is just a badly handled case of abiding by the US embargo law. They seem to be disabling people who created their accounts from embargoed countries, probably checking by IP, which is inexact and bound to yield false positives
That's a bit scary. As a developer, I often test websites performances / features using a VPN. Since Slack is the platform developers use to communicate, it often stays open as I test "from other countries". My Slack IP log likely has accesses from all over the world.
Agreed. I avoid using public sites like Facebook and Google+ while on it because of possible geolocation issues.
Slack was the exception because it's the tool people use when developing, so I somewhat blindly expected them to be alright with it. Especially since there are public answers to VPN issues on Twitter (https://twitter.com/slackhq/status/510137942296518657?lang=e...).
Yeah, they're clearly not checking the ethnicities of everyone using their service, but this still seems rather harsh, and with no appeals process too?
This is the danger when our lives become increasingly dependent on digital middlemen who are not regulated as utilities, where legislation has not caught up, who can proudly declare themselves "just a private company you have no say" and use nebulous ToS violations to shut people down.
When people violate actual law, we know which specific sentence in the written law was violated. We have a chance to defend ourselves. We have (supposedly) impartial judges and juries to help determine the truth.
Tech companies are building parallel institutions for judgment and execution, but building it for themselves and they have no plans to let their users have any say or transparency. It's a digital version of "rule of men" rather than "rule of law" -- "you're condemned because I, the King, say so."
This will continue until external powers (regulation) force the quasi-digital-fiefdoms to open up. Hemming and hawing about "gee, this is kinda harsh" won't have an effect on them.
The lack of an appeals process seems like the norm, sadly enough. Maybe, if there's enough of a backlash, they'll restore accounts for people who don't currently access from sanctioned countries.
That's a plausible inference, but the effect to anyone not equipped to make such an inference is that it's ethnic profiling. A geeky inference isn't a good excuse. An ethical lapse is what it looks like. Nobody has a duty to make excuses on Slack's behalf when Slack could just explain themselves in public and to the people affected.
If they are just deleting accounts where someone logged in from a treasury-barred country’s IP, I wonder what happens if you BGP hijack a small amount of that address space, somehow get admins or high profile users to connect via this (run WiFi? Some kind of proxy?), and then observe the chaos.
If you work for an American company, get a bug report from a user you know to be in Iran against an open source project you work on during company time and fix it as a result, can the company be considered to be engaging in commerce with Iran?
But that's one reason dumping the account of a PhD student in Canada is puzzling -- there is no evidence of exchange of value.
I suppose the argument is that the person in question visited Iran and presumably had to pay for food at some point and thus "did business with Iran" -- and that would cover the American vacationing in Cuba as well. And that's probably why they're not just banning IPs originating in the small set of sanctioned countries, and instead dropping users. But I don't like it.
Sourceforge actively DID block interaction with countries under sanction by the US. even though they're garbage malware distributers now it is a data point
They're still garbage malware distributors in the hearts and minds of most people. People don't just forget the atrocities associated with the sourceforge name. I know I'm not going to trust them any time soon.
From a technical standpoint what they're saying is if your IP matches any of these countries, we cannot allow you on our services. It's got nothing to do with ethnicity if a Puerto Rican guy from Orlando goes to Iran and gets banned, it's all about the IP not the person.
Seems they might want to tone down their bans starting from the moment the policy came to be vs doing it from the dawn of Slack's time, not sure how the policy is written and I'm not a lawyer so maybe they went off from legal advise.
This would be perfect opportunity for some enterprising gray or blackhats to wreak havoc.
We know people reuse passwords. I'm sure there are a lot of weak accounts known, or at least suspected. So... if you had a large number of compromised slack accounts, and a complete lack of morals, you could log in with each of them to Slack through Iranian/Syrian proxies.
If Slack are indeed shutting down all accounts that have ever logged in from Iran or Syria, the above could be a brutal denial of service. Followed by a massive PR s##tstorm.
Disclaimer: I don't advocate doing anything like that. I just point out that there might be a way to weaponise the backfire...
> if your IP matches any of these countries, we cannot allow you on our services
That's misleading. It might be more accurate to say "if any IP you have ever used matches these countries..." but there seem to be other cases where even that doesn't explain the bans.
I believe that the only party that suffers from those sanctions are actually the populations living in those dictatorships who don't have a say about who is their leader. Who does actually benefit from them and who do they really harm?
I frankly never quite understood the extremely high stance against Iran.
Iran has not really stage any offensive wars since 1856 (and most of the XIXe century wars were in fact to recover/maintain control over the Persian Empire which was slowly eaten by the Russian and the UK).
Since 1940, Iran was constantly meddled with by foreign powers, first being invaded during the WW2 by the Allies and the Soviets, with the Soviet reluctantly leaving the country after 1945.
Then the democratically elected Mosaddegh was deposed by the MI6 and the CIA because of "precious Oil". A "Pro-Western" dictatorial government was was put in place. This regime was of course brutal but also at odds with the population and its traditions, leading to a revolution in 1979.
In the midst of this revolution, Irak, another "Western backed" dictatorship tried to profit from the chaos to invade the country which lead to costly a 8 years war leaving ~1 Million people dead. This war is probably the last high intensity conventional war between 2 roughly equals and relatively developed countries to date.
And then in the 2000, it has seen two countries at its borders being invaded by historically hostile powers. And then these countries collapsed into chaos (And I'm even forgetting the Soviet invasion of Afghanistan in the 80ies).
And lately, after lengthily and complex negotiations, an international accord was signed, just to be thrown out of the window 1 year later by the US, the US then bullying other signatories into not abiding by said accord.
No wonders Iran government stance can be a bit tense at time and that they want the Bomb to be at peace.
> Then the democratically elected Mosaddegh was deposed
Mossadegh was not democratically elected. He was appointed by a dictator. The only part of that process that was even slightly democratic, was indirectly via Majlis vote. The people of Iran never specifically elected Mossadegh.
> No wonders Iran government stance can be a bit tense at time and that they want the Bomb to be at peace.
How does being at peace square with constantly calling for the genocide of Israel across decades and very aggressively funding terrorism & militias? The Iranian people have been protesting their military adventures in Syria as one recent example. Iran is every bit as dirty as the US and Russia when it comes to such activities over the decades in the Middle East.
Mossadegh was appointed Prime Minister, by the Shah, after a nomination from the Iran Majlis (Parliament). The system of representative democracy that allowed his appointment is similar to many countries around the world today, where the people do not select the leader, the people vote for the members of Parliament, who in turn select the leader (such as Australia).
The Shah carried out the appointment, only after the democratically elected parliament members nominated Mossadegh in an overwhelming majority vote).
This could be considered "slightly more democratic", only if you consider the Australia to be "slightly more democratic" than a dictatorship such as North Korea.
I'm not going to attempt to untangle your final paragraph, only to say you have made some very large claims without any sources to back up your claims.
I do agree that the successive Iranian governments and the Iranian regime is far from a saint in this story, specially since the Islamic revolution.
Calling Israel a "cancer" or a "little satan" (with the US as the "great satan") is an atrocious way to do diplomacy...
The Iran hostage crisis was a really bad starting move. with long lasting consequences.
Iran is also quite active militarily, but the goal is more to maintain security at its border (Iraq), or maintain the few allies it has in the region (Syria, Lebanon). There are reasons behind these adventures, even if that doesn't excuse them.
I think it's also worth noting that Iranians have no possibility of renouncing their Iranian citizenship. So even if they wanted to cut any possible connection to Iran, they will never be able to get rid off their citizenship.
OP here. Dear mods, you have now twice changed the description, which I understand. But would it be too much to ask to have an indication that shows that someone who is NOT the OP has changed the description? The way it is currently worded are simply not my words and I have no way of showing that. Could potentially be bad for me.
Iran's been on my list of "wanna go" destinations for a while (Food and architecture mainly). Looks like I'd have to choose between that and having any connection with a US based company. Great.
Everyone I have ever met that has been to Iran absolutely raves about it. I've never met a single person that didn't extend their stay, and doesn't rate it as hands down the best country they have ever been to.
It's very, very high on my list. But if you have an American or British passport you currently can't go without an escort.
(I'm an Overlander, I drove AK-Argentina and am now driving right around Africa. I've met 200+ people that have been to Iran)
Iran is an amazing country and the people even more so, never ever met people more kind, giving (even when they don't have anything they give you all they've got), helpful, funny and down to earth. The fauna, flora and architecture alone is worth it, the people is just the icing on the cake.
So I saw an interesting little travel show, where Norwegian presenter Line Elvsåshagen was trying to travel on the "kindness of strangers": she'd post on instagram that she was looking for people to meet/eat/stay with, and film the result.
This worked even in Iran, and she met up with a Norwegian-Iranian family; but her government assigned minder/'translator' wouldn't let her sleep in their house. She counted as a journalist and there's no way Iran would let a loose journalist float around their society interviewing unsupervised ordinary people for the TV.
Pity, it does look like an interesting place to visit.
Oh, extending is super-common. Once you're in a country it's really easy to extend your visa, even if was hard to get in the first place.
I extended in Angola when getting a visa there was hard, I extended it in Mali, Zimbabwe, just looked into it in Ethiopia, etc.
Of course, as Overlanders we have our own vehicles are I'd say 50% of us are not time limited [1], so we just stay as long as we want in countries we like.
[1] NOTE: Many of us - me included - are money limited, not time limited.
I am laughing because i am from Iran and no one here thinks people are nice.
My country people treat foreigners nicer than their own people because for some reason they believe that foreigners are rich and foreigners might give them reward or smth.
It's a common belief that foreigners are rich and locals aren't.
Same way if you are rich in Iran being a local isn't a problem people treat you extra nice
Once one foreigner brought an iPad for my friend.
It might seem odd to foreigners that in East simply looking rich/ or having money can earn you their nice behaviour.
Sure, so your option is "uninstall app" or "never visit country/region I've always wanted to".
Tough choice.
I'm not defending slack or practices like it (hell, I have a blank phone I use whenever I leave the country) but it's not quite the choice you're making it out to be.
The problem is "which app?". Short of a factory reset on both my phone, laptop and kindle it seems I would be in danger of tripping a switch somewhere.
Yeah but my laptop is more problematic. I'm responsible for a dozen client websites so I need to take my work environment on holiday with me in case of emergency. I guess I could take a Chromebook or something and rely on ssh but I really hate coding without my pet IDE and I've never got the hang of Vim.
OFAC's General License D-1 provides Slack with exemptions to offer their services even to users based in Iran:
(a) Effective February 7, 2014, to the extent that such transactions are not exempt from
the prohibitions of the Iranian Transactions and Sanctions Regulations, 31 C.F.R. Part 560
("ITSR"), and subject to the restrictions set forth in paragraph (b), the following transactions are
authorized:
(1) Fee-based services. The exportation or reexportation, directly or indirectly, from the
United States or by a U.S. person, wherever located, to Iran of fee-based services incident to the
exchange of personal communications over the Intemet, such as instant messaging, chat and
email, social networking, sharing of photos and movies, web browsing, and blogging.
As an outsider, I am really surprised by how deep-rooted America's hostility is towards Iran. Shi'ite Iran certainly has human rights issues, but as far as terrorism is concerned the majority of them are orchestrated by Sunni groups. 9/11 hijackers, Al Queda, Islamic State, Paris attackers - are all Sunni.
Iran is an easy enemy for the US government to offer to its citizens.
Because of the fairly harsh anti-US rhetoric circulated by the Iranian government to its citizens since the revolution (itself because of our previous support of the Shah and current support of Israel) for purposes of maintaining power, it's easy to say "Look, Iran hates America."
The Shia / Sunni distinction is largely lost on the average American.
And just as a personal note, almost every Iranian I've met in the US has been an awesome person. They've got a fascinating history and culture.
To be completely fair about the last point, immigrants you meet in the US are not a representative sample. I say this as an immigrant myself. The Bangladeshis and Pakistanis I’ve met in the US are educated and relatively liberal, having gotten through our immigration filters. But the beliefs and attitudes of people back in the country are totally different. For example, American muslims are slightly more liberal than americans as a whole on homosexuality, and 60% of Americans say society should accept homosexuality. In Pakistan it’s 2%: http://www.pewglobal.org/2013/06/04/the-global-divide-on-hom...)
(Some) Pakistani-Americans I’ve met who’ve grown up here have told me that my parents should be executed for being Ahmadis once an Islamic State has been established (but graciously offered them a one time chance to repent). So much for the immigration filter.
But I think the defiance is why the US elite hates Iran. They successfully kicked out a US-backed leader, humiliated Carter's rescue plan, fought off a US-backed Iraqi invasion, defied the US over nuclear proliferation. Refusing to follow US orders enrages the US.
Ironically there has been extensive on-the-ground cooperation between the US and Iran while fighting ISIS in eastern Syria.
Americans don't even understand the distinctions among Christian groups. If you actually went inside a Methodist church and asked people how their doctrine differs from Presbyterians' (or vice versa) you'd get mostly blank stares. So it should hardly be surprising that they don't recognize divisions in other religions. What they do understand is countries, and the US relationship with Iran has long been marked by enmity on both sides. Also, Iran's relationship with Israel is even worse, and that alone would ensure US enmity.
Hate towards certain ethnicities and countries is a tool used by the leaders (political and business) of the US to further their economic interests, either for selling weapons or sewing discord to take advantage of other people’s natural resources.
Kind of ironic when you consider the leaders of a country using patriotism for their personal gain. It’s so weird seeing all the flag toting, national anthem singing population in the US tow the line when they can’t even be bothered to learn their country’s history or participate in the civic process and hold its leaders accountable.
Most Americans have as their only understanding a picture of Iran in their minds of the overthrow of the shah and IEDs in the past 14 years of war. Very few Americans would even understand that Iran isn't like the rest of the ME and has a very different history.
Americans in general aren't well educated about the ME and the ethnic and religious differences there -- even the past 17 years of war there haven't tipped the education system to give them better knowledge about it.
Most americans would be surprised that the situation for womens' rights, while not ideal, is significantly better in Iran than in the nation of our "good friends" Saudi Arabia. By very nearly any metric: Number of women with professional educated jobs, number of women with bachelors degrees or masters degrees from large, recognized universities, number of women who drive their own vehicles independently around their home cities without male accompaniment, etc.
This. It's funny that the West is blaming Iran 24/7 for terrorism while 3/4 of terrorist attacks are just Sunni against Shia mainly in Syria, Iraq, Afghanistan and the other 1/4 is Sunni against non-muslims.
> 3/4 of terrorist attacks are just Sunni against Shia
I think people are talking past each other here because "Sunni vs. Shia" is a distinction that has great meaning to those on the inside of that religious or regional context, but means absolutely nothing to most on the outside - especially but not only those in the US.
Imagine that there was a wave of Buddhist terrorism. Would people in mostly-Christian or mostly-Muslim countries notice or care about mahayana vs. hinayana (vs. other)? Big nope. If they made any distinctions at all, those would be on the basis of country/region or skin color or just about anything besides doctrinal differences. More likely they'd just tar all Buddhists with the same brush. Do people in Iran pay attention to factional differences in the US, or are we all "Americans"?
So it is with US vs. Iran. Sunni vs. Shia might well be important, might be highly visible to you, but to at least one half of the people making geopolitical decisions it's just not part of the equation. Maybe that's a good reason not to have the ecclesiastical and secular authorities so intertwined, as it makes such confusion almost inevitable (cf. Israel vs. Judaism).
As an insider, I have no hostility towards Iran, and would prefer that our government ally itself with them instead of Saudi Arabia (if it has to choose at all). However, our government is a representative government, meaning it favors those whom it profits most to represent. Sometimes this works in favor of the common American, sometimes it doesn't.
On the other hand the regime supports destabilizing groups throughout the middle east. They want to contend to be the main influence there along with Saudi.
They also from time to time threaten oil supplies and threaten Europe with restarting their missile programme. They’ve been quite nettlesome.
However, with more energy independence the present US administration seems to be disengaging from the ME, in contrast to the last two admins,
>On the other hand the regime supports destabilizing groups throughout the middle east. They want to contend to be the main influence there along with Saudi.
Right. So they say we’re bad, we say they’re bad. I’m all for letting them work things out on their own and stay out of their local disputes so long as they keep it local.
But unfortunately with the weapons they’re willing to use against each other it may be hard to just sit on the sidelines.
Any case OP was painting them as being “innocent”.
Active US involvement in the war in Yemen continues. The only difference of having Trump in power is that the news is full of his twitter remarks and news about prosecution of his accomplices, rather than what's actually happening elsewhere.
You just have to see those anti-Israel boycott clauses that people have been talking about recently. And on the other hand, no problems with Saudi Arabia because they are friends with Israel. America is Israel's whore. It's sad when you come to think of it.
In the case of suspending these accounts, this isn't something just Slack has done. A crypto exchange was wholesale closing accounts in the past 3 years if people even opened the app while on holiday in Cuba and rightly so. You do NOT want to have to deal with the government if they suspect you, or a customer, of dealing with a sanctioned or embargoed country. You just don't. It's going to be messy and long and expensive especially as a finance or communication company.
It isn't a "oh you're a Muslim/Iranian/Cuban/resident of Kiev, banned!" thing it's a "Oh, you could cost us millions and millions of dollars in legal trouble, exposure of our other customer's data, etc, sorry but we have to sever ties with you immediately to reduce our risk to very serious government investigation and litigation".
Given Slack also uses encryption at rest and in transit, there may be a LEGAL REQUIREMENT not to allow users with ties to Iran to use the product under CFR title 15 chapter VII, subchapter C.
> Shi'ite Iran certainly has human rights issues, but as far as terrorism is concerned the majority of them are orchestrated by Sunni groups
It doesn't matter what religious sect has perpetrated acts, the current government is reliably documented to a laundry list of terrorist attacks, cyber attacks, imprisoning/lashing/executing members of the gay community, at least 15 assassinations on foreign soil (US, FR, DE, CH, SE etc), a recent president was a staunch holocaust denier and the government even sponsored an anti-holocaust conference.
We impose sanctions, embargoes etc on COUNTRIES not religious sects. We hold COUNTRIES responsible for war crimes and genocides, not specific religious sects. The current government of Iran in this instance has a history of doing bad things for its entire existence, as such the U.S. government has decided they are both a threat to nation and worthy of sanctions for various reasons. I suspect the powers that be at Slack simply are trying to minimize risk to the company and other customers by eliminating users that have shown a connection to IPs geographically connected to the nation of Iran.
I think this highlights the precarious situation most people find themselves in today when it comes to communication channels and data that is being stored in the cloud. We tend to assume that we have rights and that wrongs will eventually be righted. But in practical reality this isn't necessarily true.
Speaking of which, are there any open source alternatives to Slack which anyone could recommend?
Zulip chat is open source, free, can be self hosted and there is no limit on the number of chat messages. Zulip even has a usable mobile client and a healthy user community. Their support is excellent. Also Zulip has proper threading of messages to avoid notification fatigue. Much better workflow even it's otherwise almost identical in terms of features.
There is also matrix (riot.im) which is fully decentralized though the UX still needs a lot of work last time I checked.
Me and some of my colleagues are also Iranians living abroad, and this morning our account was deleted! We were already thinking to move to a self-hosted solution (rocket.chat likely), and this is a good reason to prioritize it.
We have people confuse it in my office actually, new hires will just assume Ireland is 'IR' not 'IE' and enter stuff into the system as country of origin 'IR' which throws off all sorts of red flags in our system, similarly when they see 'KR' as country of origin they freak out thinking it's North Korea not South Korea.
This is why we all should not be using these kinds of services, at least in a production setting. We should run our own services based on open source software, federate them, share and improve them, and never depend on any third party.
First off, as many know, this is not a single incident. This has happened to many of us (including me) from "sanctioned" countries. (I am from Iran, but live in Germany)
But this makes me think. Many of the services I use are from US companies. Most notable are: Gmail (Google Drive, Google Calendar, etc.), Github, Dropbox, Trello and Toggl. Should I be worried? Should I actually start switching away from these services before they close my accounts and remove all my data without notice?
Toggl is not US, it's from EU. But even as an European I feel uneasy when dealing with US companies, because the political landscape there seems to be quite unhinged.
Internal communication: "Hi John, We need to ban users from Iran, NK, Cuba, Syria or else we'll be ruined by Treasury Department.*
Not a conspiracy, IMO, just taking shortcuts to be "better safe than sorry." So what a few thousand users are incorrectly banned? We'll restore many of them one by one but at least we'll be fine with the US Gov. Plus, depends on what the government says "users" mean. If you used Slack in Iran...what's Slack to do?
It's mildly satisfying to play the world's tiniest open-source violin[1] again, but nothing will change, HN outrage notwithstanding.
Unaffected orgs will just keep on using slack, as will many affected orgs, and Free alternatives and irc will be mocked and laughed at by next week for being inconvenient and old in comparison to yet another proprietary solution, or even slack itself.
If you rely on communication, and you don't control your communication, you can't rely on that communication.
There'll be a reminder in 2025.
1. https://xkcd.com/743/ (and it really should be a Free Software violin now. If you ever wondered about the difference outside of licenses: this is it.)
As far as I remember Slack does not ask/hold any information about your nationality. I wonder if he created his account when he was visiting one of the listed countries and for some reason, Slack is just using that information to block accounts.
Sanctions are a very blunt instrument; sanctions will always harm people we like, indeed often the very people we want to help with the sanctions.
You can disagree with the idea of sanctions based upon this, but this is how sanctions work. Companies need to comply with sanctions and the repercussions of not complying can be severe.
I'm not sure WHY Slack chose this method to respond to the sanctions, nor why they've chosen to do this at time. Slack may have received a shoulder tap from a US agency that forced their hand or their legal department got cold feet. Until we know for sure, this seems like a overly cautious approach but not some kind of nefarious scheme.
An iranian friend, living and working in Berlin, also lost his accounts today. He received the same email and lost access to all his accounts, no prior notice. That's really infuriating.
This appears to be the state of play. User is accused of doing violating TOS and gets auto banned. No appeal, no recourse, no way of getting their info. Imagine kicked out of somewhere, like a hotel, based on an accusation and then not even being able to get your stuff. While property law allows us opportunity to have our possessions returned, requiring the other party to return it to us, in cases like these however, who owns the text messages, emails, photos? How can we retrieve them?
The vast majority of Slack accounts are tied to a paying employer[^1], and yet most of the responses we've seen are individuals (justifiably!) upset they've been barred access from their work tool. I'm curious to see how companies respond to Slack disrupting the productivity of their salaried employees.
^1: Well, hmm, I wonder what % of active instances are on a free tier, but that's a separate unrelated question
If anyone did notice the hashtag on his twitter. Iranian permanent residency applicants in Canada are being thoroughly scrutinized before granting them permanent residency in Canada and hence the hashtag. AFAIK, citizens from a couple of nationalities undergo this vetting process by Canadian immigration before being granted permanent residency in Canada. This is probably a call to get attention for the campaign.
This is almost certainly the result of adding a new compliance product feed (which may have false positives). I remember having to implement one for an acquired ecommerce site. The feed by it's nature was prone to false positives (it matched on name). However, there was an internal appeals process with the ability to override whereas if this is new to slack they are probably overwhelmed
It's not always your choice, and getting an organization to switch may be quite hard. Although Slack seems to be trying to help by pulling a stunt like this.
If I were in charge of an organization that used Slack for communication, I would immediately search for and start using an alternative service which would be hosted on premises.
This is really concerning. Slack is starting to worry us like FB has continued to do. The good news is there are alternative services that I see that can do most, if not all of what Slack does with better security, privacy, and performance.
I’m getting fed up with paying for a bloated Electron app with nice colors and now improved with tracking of it’s users.
By the way, I am currently investigating an issue were auto-upload of my holiday pictures in Iran to OneDrive is somehow not possible. All those pictures are location-tagged by my iPhone. Maybe it is just an coincidence with a bug, but it is strange. I am now in Germany (I am "pure" German), so in general it should work.
I mean, the exact same thing happened before WW2, where countries were gathering regular census data on their citizens. Surely filling out your nationality or religious affiliation could never be used against you, right?
Well, guess what kind of treasure trove that census data was for the Nazis later.
My point is - it's not just "this modern age". In every age sharing too much information about yourself is potentially dangerous, even if you can't see the danger yet.
Good luck guessing ethnicity for Iran. There will be many who look less middle-eastern than your average "Californian with a tan". You'd have the same problem with most near-east or Mediterranean countries. Being at the crossroads for a few millennia will do that to a place.
This holds up if you imagine the profiling as done by humans. However, neural networks already surpass human ability in some computer vision tasks. The features the trained models come up with can go way past what we might consider visual likeness. The algorithmic method might eventually become 99.999% efficient at racial profiling with the help of something as ridiculous as fingerprinting eyebrow strand distribution & orientations. The right way forward is to fully consider the ethical implications when shaping these policies, regardless of technological ability.
Oh, just correlate with a heuristic for the user's first and last name and their browser's language preference headers to improve the matching in case the face recognition algo is unsure.
One of the personal projects of mine was to put on a map the nationalized buildings that used to be owned by Jewish owners (I live in a former Easter-European communist country, we did nationalize a lot of stuff immediately after WW2 ended). That was pretty simple: I just got the nationalization order/law from back in the day (it included the names of the building owners and the addresses), I inputed it in a database and then I matched those owners' names against a public database containing only jewish names, meaning this one [1]. It was a lot more difficult to exactly geo-locate those buildings on a map (a lot of street names had changed in the last 70 years) than it was to guess the ethnicity of a lot of people on that list.
Again, this was part of a personal project that I had built in order to better know the history of the local Jewish community, but I could see the same "technique" (meaning just plain name matching against a known database with positive ethnic identification) being used for nefarious reasons in other circumstances and places.
1) Is there a way to sync your Slack with a Mattermost or similar? It's nice to have both public and private in case one dies.
2) The US has a reputation for being quite aggressive with certain things. Can't be surprised if some firms take steps that seem overkill. Not that it makes it better, but rocks and hard places.
There is an unofficial solution called matterbridge but it's not great. I would just recommend taking regular backups of your slack data, you can export it to Mattermost.
Its quite simple: don't use Slack. Its a walled garden and there will always be incidents like this for as long as people don't appreciate that these companies don't have any commitment to you, for as long as you are just using their services for free.
1. The export control regulations apply to companies and individuals who do business with any of the sanctioned countries.
2. Discrimination based on ethnicity, religion or political views is forbidden by law.
In the absence of proof that this user had business with Iran (or any of the other sanctioned countries) through Slack's platform, the export control regulations do not apply.
If the user has business with Iran outside of Slack's platform, Slack can not invoke the export control regulations to justify their action.
Ergo, the only thing left here is that Slack broke the law that forbids discrimination based on ethnicity.
If the USA fails to punish Slack for it's illegal behavior, and Slack successfully avoids prosecution elsewhere, other country have the right to block access to Slack completely, from within their own borders.
Personally, I think US citizens should be more concerned with what their government does, especially to and with other parts of the world. For eventually, the will feel the consequences of those actions on their own skin.
>2. Discrimination based on ethnicity, religion or political views is forbidden by law.
>Ergo, the only thing left here is that Slack broke the law that forbids discrimination based on ethnicity.
There's no evidence that's the case. Most likely it's done based on IP geolocation. A white (for lack of a better term) Canadian who was using slack in Iran would probably be banned as well.
>In the absence of proof that this user had business with Iran (or any of the other sanctioned countries) through Slack's platform, the export control regulations do not apply.
Banning based on IP geolocation is not perfect by any means, but what's the alternative here? That you ask suspected Iranian users to check a box saying "I'm not an Iranian, pinky swear!"?
> Banning based on IP geolocation is not perfect by any means, but what's the alternative here? That you ask suspected Iranian users to check a box saying "I'm not an Iranian, pinky swear!"?
The export regulations apply to business. In order for it to apply, there needs to be proof of a business relationship. Simply being Iranian or having non-business related communication with Iran, which is the only thing IP geolocation on its own indicates, does not warrant invoking this law.
> Ergo, the only thing left here is that Slack broke the law that forbids discrimination based on ethnicity.
That's not how it works. Even if Slack is mistaken in their belief that export regulations apply, their action is still taken in that belief, which is not legally-discriminatory.
The moment Slack decided to apply a law to justify their action, it became responsible for understanding and correctly apply said law. Their beliefs are irrelevant. If they misunderstood, they are still in violation of the law against discrimination. It is their action that counts here, not their beliefs.
Would you say that robbing a bank is okay, if the robber believes that it's okay?
I'm always impressed by the real discussions that take place here in the HN comments section. They're characterized by civility, respect, and intelligent perspectives; great community to be a part of, for sure.
Great time and reason to migrate to a self-hosted mattermost solution. Time and time again these incidents show that centralized services cannot be trusted with company service infrastructure.
This kind of treating user accounts and data like a Recycle Bin should be abandoned.
If you , Slack , could do whatever u like with the things you don't create, you're a trash, too.
We have the same problem in Ukraine. Today many Ukrainian account was blocked with the reason "originating from Crimea region of Ukraine". But they are not from this regions ...
I wonder if this was one of the things that shook out as they started IPO prep. I imagine there's some checklist provided by the banks they're working with and this was on it?
Use a VPN? We Americans have to use them to get around dumb laws and help protect our privacy, too. There is almost always a digital solution to digital problems. Bypass them.
However, I am sympathetic when you're talking about software that needs to be run server side. Because in that case, you almost always have to deploy and manage the infrastructure yourself (or know somebody to do it that you trust), which is just too much for most people.
With chat specifically, you might be able to avoid self-hosting by using something that supports federation. Personally I'm rooting for Matrix to establish itself here.
If Slack has a presence in France, they can be sued for this. And I think in any country with anti-discrimination laws which I thought included many US states?
Highlight doubt that. France and Europe have similar sanctions.
We had an alumni from my university who opened a company and sold some stuff to a client in a middle east country. Hardware parts, not software. One shipment got stopped at the border for a random control, before the police showed up at the office and arrested everyone. Turns out there are sanctions. Couldn't sell there.
The main issue seems to be that they are not only blocking people actually in embargoed countries, and furthermore not only nationals of that country, but everyone who has ever used the service from an IP geolocated - or otherwise - associated with embargoed countries.
If former nationals are more likely to have visited an embargoed country, it could conceivably fall under discrimination laws.
But it is probably even more problematic if using a service from an country specific IP actually should triggers the embargo from a legal point of view?
Then we have a problem, because suddenly you won't be able to use your phone, even turn it on at all while traveling an embargoed country if this starts to be applied broadly.
Furthermore, it would imply that things like a single BGP route hijack could kill all of a company's accounts on any US service, without recourse.
If this would be the case, using any service from a country interpreting embargoes this way becomes an impossibly risky proposition. Which was probably not the intent of the embargo.
Agreed. It's very obvious that Slack has zero experience dealing with regulations. They totally went overboard with deleting any account that ever connected from a restricted location.
There is no conflict with discrimination though. Sanctions takes precedence over pretty much everything else.
Don't expect your phone and applications to be usable when you travel to Iran/Syria, many services won't work. There was a news not long ago about Google Cloud blocking network access from Iran.
Without spending a lot of time on this, I don't believe that Slack just used ethnicity to ban this account. Could the OP have been using VPNs or something that led Slack to believe his IPs were coming from IRAN? I don't see Slack doing anything differently, and all this "outrage" seems to be unfounded at this point.
Edit: one thought, hopefully they can open a new Slack account with IPs originating in Canada and Slack can copy/move/reinstate the account.
Not sure why the downvotes? It's pretty obvious there's a lot of jumping to conclusions in the first 10 comments (that's all I read) on that Twitter thread, basically implying that Slack is using ethnicity to close the account and not something more technical like an IP address that was tied to Iran at one point in time.
It seems from reading other comments that this Slack team was created when he was in Iran from an Iranian IP. And they used originating IP when the team was created and not access to determine. We can debate the proper technical solution to base the rule when you apply it across your SaaS-based application at world-scale, but implying that Slack did this on race is pretty absurd at this point.
That’s pretty much the point of sanctions, what did you think was going to happen, people of sanctioned countries getting a medal? The point is to put as much pressure on those countries as possible and there is no better way to pressure a country than to pressure its people to force a change. The question should be whether or not Iran should be sanctioned. But if you agree that it should then this is an example of a perfectly reasonable outcome.
I’m sure there are thousands of Iranian Americans working on Slack that also visit their relatives back home at some point, including ones working at Slack HQ. How far can this logic go?
The jewish propaganda machine is really after Iranian people wherever they are. A man proud of his Jewish heritage, may be connected to his peoples ideology. A proof, of course not, a correlation, maybe!
What do U.S. sanctions have to do with somebody who isn't in Iran?
Is Twitter, Google, Microsoft behaving the same here?
P.S. On a side note, if these sanctions are really about 'punishing the regime', blocking mediums for Iranians to speak on isn't a way to do it, but what do I know.
Few days ago i was in UAE and saw fishing boats carrying gadgets like iPad, iPhones and Macs into Iran.
Obviously, looking from outside you can't tell that this rotten boat is carrying expensive gadgets. I saw this because my friend owns a wharehouse and he had to put some of his stuff into same boat.
Funny thing is Tinder is available in Iran and i used it there when i was at home for vacation.
Goldman Sachs has been the central player in major financial scandals in the past, proven documented, well known.
I don't think they do anything completely cleanly, so I question the thinking for Silicon Valley Unicorns using them to head their IPOs
Greece
the 2008 crisis buyouts
1MDB
Look at the 1MDB scandal, where we are only now seeing charges coming against GS - The 1MDB and Greece scandals are very similar in the sense that GS had information regarding both situations which they knew was criminal, but chose to profit from it as opposed to prevent it. Knowing that their profiting would outweigh the consequences.
They are the antithesis of "in good faith" actors - and as such, I personally question the integrity of the companies and company founders who put their IPOs in GS' hands.
Look at FB... we know where their integrity lies.
I am reminded of the "How I built This" episode on Slack, and how it grew and the values of its founder -- which I now take with a grain of salt given that they are going with GS.
Throwing out an idea for one reason this could happen: Perhaps Slack received a legal order that only specified names (such as some kind of watchlist), and they had no choice but to comply.
This is probably just one of many PR attempts from Slack. All closed accounts are probably owned by their PR team, or they prefer buzz over users. What about Google, Facebook and Twitter, are they closing down Iranian accounts too !?
The notion that the US conducts military operations “only” to exploit oil is a popular one but it’s not very nuanced thinking, and dances close to extremism. I haven’t spent the time to read what else this guy espouses but I suspect the ethnicity card is being played to hype up some drama when there are other issues at play.
FYI US export controls generally apply to nationals of an embargoed country even when they are outside of that country. Is the person in question an Iranian national or does slack have reason to believe? Then they are required to not provide their export controlled product, service or knowledge. The us government does not offer a “graceful” stoppage of service allowance.
Yes this is annoying but probably not slacks fault.
This is almost certainly related to the user's travel to Iran, and not any form of racial profiling. Everybody please remain calm.
It's emblematic of today's society that at the first mention of ethnicity, everybody grabs their anti-racism pitchforks. I agree racism is a problem, but let's treat it appropriately. We need to look at it more like drug addiction today (an invisible psychological problem that can be healed), and less like drug addiction 30 years ago (a moral failing that must be punished).
As bad as it may sound, but from what I can read in the tweets, he did violate the sanctions by using slack while being in iran.
Well, that is called breaking the law and I fully understand why slack terminated his account when he broke the law and violated their terms of service.
For example, other services or tools (like cisco anyconnect) clearly state, that you are not allowed to use them when in embargoed contries.
I’m not sure that’s how export controls work. If I ship a weapon to Iran, I’m the guilty one, not the recipient.
If Slack allows connections from embargoed nations, that’s on them, not the individuals who might happen to connect from an embargoed nation. Slack is responsible for their own export, and if a user accesses Slack from an embargoed nation, it indicates that Slack is enforcing the embargo improperly. More importantly, blocking that user doesn’t fix their export issue.
Banning people because of the country they were born in is not "smart", it's abhorrent.
That the US, supposedly the leader of the free world, is threatening prosecution and jail to those who want to treat everyone in the world equally, is a ludicrous state of affairs.
Using a proprietary protocol that doesn't allow any form of federation is an unacceptable way to build a global community. Please consider using an IRC based service for group chat or an XMPP based service where 1:1, history, rapid reconnects, and other more complex chat features are required (yes, if you're a dev you have to use XML which is annoying, but overall it's a well designed protocol, so get over it). This lets you host your own, and (in the case of XMPP at least) if one person wants to use a U.S. based service and another is in Iran they can just sign up for a Belgian account (or wherever). We can't afford to let he internet splinter off into siloed tiers based on nationality.