This week, we set up a new Slack workspace for DShield.org. This workspace replaces the old workspace we originally configured back in 2016 or 2017. The workspace was originally configured as a free workspace to support the DShield.org community. Over the years, it has had a good following and a good amount of traffic.

Sadly, we learned that none of the "S" in SaaS stands for security or privacy. A couple of years ago, the SANS Institute decided to purchase an enterprise license for its Slack workspace. The details have been lost to time and to a complete turnover of contacts at Slack and now Salesforce. But our DShield.org workspace ended up as part of the Enterprise account, leading to an inflated subscription fee for SANS. As "Owner" of the DShield.org Slack, I was never asked to have the DShield.org Slack merged with the SANS account. As far as I can tell, nobody from SANS asked for it. This was not the only Slack affected. Several smaller Slack workspaces created by SANS instructors for their personal use were merged as well.

Salesforce, the current owner of the Slack brand, offered two options: Keep paying for the Slack workspace (several $ per month per user) or create a new workspace. They repeatedly denied that there is any other option. SANS did consult with me about how to move forward, and I did interact with several contacts at Salesforce to attempt to verify what exactly happened. But none of the Salesforce contacts were familiar with what exactly happened in part due to high turnover. I got various conflicting answers, but they remained consistent in being unable to "undo" the switch that turned the DShield.org workspace into an enterprise account.

SANS did offer to pay the inflated fee, but I do not think it is right to just roll over and pay. Instead, I started a new Slack this week. You can find it here:

https://join.slack.com/t/dshieldusers/shared_invite/zt-3a1peqjyt-UaQPeyPkCBzRE~Ys2ZtMCw

Why did we not just move to another solution? There are various free community communication solutions. We have used several over the last 25 years: IRC and Jabber come to mind. Currently, Discord is a strong contender. Others suggested Telegram, Mattermost, Signal, WhatsApp, and Matrix. I did a quick poll on the old Slack, and Slack won as an option. I know, there is some bias here among existing Slack users. But one goal is not to lose existing community members. Personally, I also try to limit the number of chat clients I am running. Maybe we should go back to IRC or Silk :) 

So for now, we will stick with Slack, cross our fingers, and hope things work out with the new workspace. Existing members of the old Slack should have received an email with the new invite link. I will also do a mass invite in the new Slack later today for existing "old workspace members".

The old workspace will be deleted this Monday.

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|