[EpicEng]

It absolutely is. I niether need nor want end to end encryption in slack. Yesterday I searched for a months old message which would not have been possible if everything we're encrypted all of the way through. We're not the CIA and slack is secure enough for us.

[voidmain]

End to end encryption isn't incompatible with full text search.

More to the point, end to end encryption is necessary (but far from sufficient!) to keep communication secure. If you don't need your communication to be secure, that's fine.

The thing about the modern, networked world, is that you don't have to be the CIA to face a sophisticated, global threat model.

[voidmain]

I guess I need to add this to the long list of companies I should start, then? It doesn't seem very hard; I explained how to do it downthread. The cost to the client should be reasonable.

[andkon]

If you can find a way to get a three-year-old Android phone to do full text search on an entire company's years of Slack chat logs, then you definitely should start a company.

[rdl]

There are lots of ways to do this in normal corporate environments more safely than Slack but with decent user experience.

Some data can always be locally stored on the device and searched (maybe anything I've typed myself, or particular forums I search frequently). Some data could be downloadable on demand (if I want to search all of my DMs with a given person, it's reasonable even on a phone to download that entire 5MB chat log locally to do the search).

Another way is to trust an archive/search server temporarily with the decryption; if you trust it right now, you can decrypt your logs on that server, do the search, then wipe it. That's a lot safer than all of those logs sitting around forever for anyone who pops the server at any point in the future.

Another option is an enterprise chat server (e.g. Mattermost), or having some kind of chat log server run by the enterprise which is for searching, but use a hypothetical end to end encrypted Slack for routine communications.

Making this all happen as transparently as possible and as efficiently as possible, with clear user security expectations, is what the "company" level stuff would be.

[jlardinois]

Today I had to search for Slack messages that were sent long before I was hired to solve a problem at work. In an end-to-end model, you're only going to have logs as far back as you were there to receive.

[rdl]

Not necessarily (depends on how you define e2e). One could handle group messaging in a way where membership gives you full historical access vs. only when you were subscribed. In a corp environment you might even require that some groups remain server-side so you can instantly revoke access.

Allowing different security models for different groups would make sense, as long as you could communicate the security models to users and admins somehow.

e2e for direct user to user makes sense.

[hamandcheese]

I’d love to know of an existing end to end encrypted chat platform with a search experience comparable to Slack.

The only way that’s obvious to me is searching locally on your device. This will not be a happy experience for any moderately sized organization.

[zaroth]

God forbid our 7 billion transistor 20 core Xeon CPUs actually search through a few MB of text efficiently! </facepalm>

[icebraining]

grep can trawl through gigs of files in a few seconds (and that's without indexes), so I don't see why would be an unhappy experience. In any case, there are alternatives; one would be to "recruit" a few other clients of the same organization for a distributed parallel search.

[codefined]

The issue comes from the fact that I don't really want to have to download gigabytes of data over my network.

Especially not if I just want to quickly check my messages from a web browser.

[hamandcheese]

Okay, show me an end to end platform I can grep through.

[paulryanrogers]

You do want and have E2E encryption in Slack in transit. And the case can be made that wanting it at rest is just as important as authorities change over time.