[seanhunter]

I always felt these kind of integrations ask for so much access in return for so little additional functionality. Do I

A- give you access to all my documents so you can make a thumbnail when I attach a document or

B- not do that and not get a thumbnail, so I just look at the document outside of slack before attaching it?

That's never been a complicated decision for me.

[jjice]

Agreed and I think it's due to two things:

- The app just requests may more permissions than required. Often times you'll see an app that just requires read access that is requested read, write, personal email, and blood of your first born.

I worked on a service that integrated with a lot of services that store data that one would deep business sensitive. When I'd always minimize permissions while setting up development, I had PMs/decision makers require that we ask for maximum permissions so future changes are easier. Felt wrong to me.

- The service (OAuth2 provider) not have fine-grained enough permissions. Sometimes there would only be the option for "read" or "write". Sometimes you'd get access to "read documents", but you couldn't restrict the type of documents. The more options there are, the more confusing it can be, but the more control and security the user has and I think that's much more important than development confusion.

I will say that I really appreciated what Notion does where they'll give you the ability to approve access to individual pages and while querying for pages you'll only ever see ones you've been granted access. The other side is that now a user has to approve each next page. The is also the option to allow everything existing and going forward. I think that's a great middle ground that gives control to the user. Whether the average user takes advantage of that is another question all together.

[Obscurity4340]

> Blood of your first born

I mean, that's just straight-up reasonable. There's no free lunches on this world /s

[gorlilla]

Soon enough every thumbnail will just be [THIS PAGE HAS BEEN LEFT INTENTIONALLY BLANK] once legal realizes and has IT push new corporate templates onto everyone.

[chinathrow]

Don't worry, the algorithm will find the most suitable page to minify for you.

[ilyt]

And the worst part is that before web that just worked - file managed did the thumbnails (or custom open dialog) and nothing needed to be sent to cloud...

[madeofpalk]

Right - before you shared things with other people, it didn't have the problems of sharing things with other people.

[paxys]

The key feature of the integration isn't the thumbnail, but that Slack indexes your Google Drive files so they show up in search. That is absolutely worth it IMO.

[ceejayoz]

That's similarly bad, though, at times.

If I search "Draft performance improvement plan for ceejayoz" and a document I don't have access to comes back, that's a fairly significant data leak.

[prng2021]

Except that’s not how it works. Your search results only include the documents you have access to.

[oooyay]

Disclaimer that I work at Slack.

The search you experience runs against permissions so something like that doesn't happen.

[Y_Y]

> Disclaimer that I work at Slack.

I suppose by this you mean that you do work at Slack, but that's not really a disclaimer, is it? More of a "claimer".

[SoftTalker]

The proper word here is "disclosure" not "disclaimer." I see this mistake all the time.

[ceejayoz]

If Slack is already checking those permissions, fixing the thumbnail issue should be fairly straightforward, yes?

[mlhpdx]

Does that mean Slack has implemented, correctly, Gmail’s complicated permission model? Glad I’ve never enabled that integration.

[theolivenbaum]

It probably just uses Google drive search API and includes the results into slack's own results.