[fpvracing]

> Slack also has a disastrous "feature" wherein any user can cause the SlackBot to send a message to another user. In an open instance (which Slack seems wont to discourage), this means that a user can easily impersonate another user and purport to be sending messages in an official capacity.

Could you tell me more about that? How is that done and is there a way for workspace owners to prevent it?

[mffnbs]

It's not as disastrous as this person makes it seem. It's a rest call you can use to have slackbot do or say whatever you want for integration purposes. You can customize the name of the bot as well as its icon, which would allow you to "impersonate" someone.

The slackbot has limitations in that it looks different from a regular user and will identify it as slackbot if you click on it, as well as tell you who created the webhook to allow the integration.

It's not a problem.

[markmark]

And since we're talking about Slack's use in business, if someone does that you fire them. It might be a problem for people using the free version to host public communities, but that's not Slack's target market.

[jMyles]

> we're talking about Slack's use in business

> t might be a problem for people using the free version to host public communities, but that's not Slack's target market.

But these two are not mutually exclusive. Many business use cases eventually require a public community chat, and Slack is a dead-end for them. Discord on the other hand has served us well.

[ec109685]

They have since marked messages from an integration in a way that distinguishes them.

[snarfy]

We use the api in our CI/CD pipeline to send messages to the teams about build status.