At my work people delete slack messages and recall emails occasionally. It is almost always for one of two reasons: there was an error in the message or it was sent to the wrong channel / group. By deleting or recalling the message they're showing respect for other people's time. In general, I trust my colleagues to use this power benevolently. If I felt otherwise, I'd probably be looking for another job rather than installing something like this.
If this is an entirely corporate offering, with supporting EULA - you could accept it as simple monitoring requirements. But without that clear separation of corporate, and potential end user devices, this feels more to me perverse - like spying - than anything.
You are removing the right for someone to make a mistake.
That being said; the idea of a system to which a conversation is mutually engaged (“contract”), but to which a single party can immediately and entirely redact their contributions is flawed at best.
Feels like some kind of in-between is required - hopefully with clear end user understanding.
Slack already does offer an in-between, as you can allow edits and redaction for a specific time frame, after which the chat history becomes immutable to all non-admins.
> You are removing the right for someone to make a mistake
You aren't stopping them from making a mistake, and you aren't even stopping them from removing evidence from their PoV. You're merely retaining all communication on your side.
I understand OP's sentiment, and even share it to a degree.
It's 50% FOMO, and 50% a certain arrogance of "It made it to my client desktop, the bits are HERE, therefore they're mine now. How DARE you reach out remotely and remove them." Feels like a violation.
But these feelings are silly, and life is too short to worry about such things. There are better things to optimize for and spend time on.
This is a cool tech demo, but anyone who's thinking of using it PRACTICALLY should consider why they also don't root through their building's trash for nuggets others threw out.
See I'm pro freegan nugget liberating but as you said, definitely anti-this. I had a friend w an IM client in 2010 or so (maybe trillian?) with a plugin that notified him if I opened his profile to chat w him, as well as telling him whether I was really invisible, and finally one that gave a desktop notif if i was typing to him (NOT the typing indicator in a chat window with me).
We were both into computers so he acted like it was a funny/novel piece of tech but he used it in daily life. Felt like stalkerware. You don't stalk your friends, and you don't violate their consent in the same way that friends dont use a patched snapchat client that disables screenshot notifs/keeps photos. Thats creeper shit!!!
I imagine the intent of something like this is not really that people should install it, just a fully working PoC to show that your deleted messages are not really deleted and you should act appropriately if you type something you shouldn't have. It's just smart practice anyway, as even if the delete was foolproof you don't know who managed to see the message before you deleted it.
(I will admit to an illicit thrill when I click no on the outlook pop-up that informs me someone wants to recall their message...)
One thing that really doesn't help here is that Unix password entry traditionally hides the input text completely, instead of showing bullets. Normally you would notice pretty quickly if you're typing in the wrong place, since nothing is showing up where you expect it, but Unix terminals train users to expect no feedback when typing passwords, so they're more likely to type the full thing and press enter before noticing anything is amiss.
It astounds me that people use notification sounds for messenger and e-mail clients. How do you get anything done when being repeatedly distracted all day?
Some clients / chat services will have a delay on notifications, which is probably the way to go; chat shouldn't be about "you have to be aware of this within one second".
When building a chat system with notifications, it's also important that you can recall notifications. Wouldn't want someone's accidentally pasted password to be retained in notifications.
I hired a contractor on Upwork once and he worked alongside us in our Slack workspace. He did great work for a few weeks and then I suspected him of outsourcing his persona to someone else. The smoking gun was that the presumed guy behind the scenes sent a PayPal invoice via his Slack account and immediately deleted it. I have regretted not having fast enough fingers since then and wish I had this.
I did end up catching him- the app he was working on enabled geolocation and he went from Chatanooga, Tennessee to Romania in an hour. I'm surprised he accepted geolocation! I also later confirmed IP addresses via Firebase deployments in the same region.
EDIT: since a lot of people are commenting saying that this is fine by IRS laws of subcontracting etc I should clarify:
1. This wasn't a legal matter, but a business matter. I needed to federate access to sensitive infrastructure for this project, and this person failed to disclose (or denied) any additional involvement.
2. The work was not up to spec which is why there was a problem.
3. The reason for using a 1099 as opposed to a w2 in this case had nothing to do with trying to flout benefit obligations. I don't think saying you need to know who's touching your codebase and hiring someone on a contract basis is trying to have your cake and eat it too. This type of contract is much more expensive for us than a full-time employee.
"The general rule is that an individual is an independent contractor if the payer has the right to control or direct only the result of the work and not what will be done and how it will be done."
independent contractors are free to sub out work. this is the law. they also probably should not be on your slack unless you're considering the whole thing a consulting arrangement.
i understand where you're coming from, especially in trying to make use of upwork in some actually useful way for your business. but you should also be aware of the law.
> independent contractors are free to sub out work. this is the law.
I’ve never seen a contracting agreement that didn’t specifically prohibit subcontracting without the explicit written consent of the client. It’s not that it wouldn’t be federally legal, it’s that it would violate the specific contract with the client.
> independent contractors are free to sub out work. this is the law.
Practically speaking, there is no way a software contractor can sub out work without violating a litany of contractual obligations in the contracting agreement. Even minimalistic contracting boilerplate agreements will have clauses that cover these situations.
For example, if you sign an NDA with a company covering the work and then turn around and send the codebase to a contractor in Romania to work on it, you've very clearly violated the terms of the NDA.
So no, the law doesn't automatically allow engineering contractors to do whatever they want with the work.
The original commenter didn't say what happened as a result, just that he caught the contractor subbing out work.
If it were me, I would not renew a contract with someone who sub-contracted work out to someone I don't know and didn't approve without informing me. Whether it is or not, it certainly seems shady, and I don't want to work with people who have violated my trust.
When I was a contractor, our clients usually had a number of clauses in the contract that would have allowed them to end the engagement early for pulling something like that.
And, of course, in the end they could always just have said "go to hell, we're not working with you anymore," and it would come down to who wants to go to court the least.
Yeah I get this and it doesn't apply here. The payer in this case did not have the right to control only the result of the work which is the crux of the situation.
The law, nor the linked resource, stipulates that any 1099 relationship can be subcontracted out by anyone, let alone without disclosure. If that were the case the explicit option to hire onshore vs offshore on sites like Upwork would be meaningless, or a matter of arbitrage.
They can be, provided that disclosure is handled up-front and the contract is structured for it. Dropping that on someone who had every reasonable expectation - and possibly even contractual language - about you doing the work yourself is quite a different matter.
They certainly can be the same. In this case the contract I had with this person stipulated that they would be doing the work and this person denied having another person involved ahead of time. Moreover, there were security clearances associated with this person and expanding the footprint was a relevant consideration for the project.
The person or entity who hired the prime contractor is also on the hook. If you are in that position, it is better to detect and stop a contractor doing things behind your back than it is to explain that you didn’t know that a contractor subcontracted the work to the person who installed the backdoor.
> In construction, parts of projects are routinely subcontracted out. The primary contractor is on the hook for ensuring quality.
> I don't see why software projects can't be the same.
Contractors can't automatically give subcontractors access to the plans, the construction site, and so on. The contracting agreement will have provisions about who can access the site, how they get approved, on what terms, and so on. Becoming a construction contractor doesn't give someone carte blanche to invite other people to a site without regard to the terms of the contract.
Likewise, a software contractor can't just decide to share your codebase and design documents with a subcontractor because it almost certainly violates many of the contractual clauses they agreed to.
This is so unethical and sadly not rare. I have had people reach out to me (twice, recently) on LinkedIn to interview for them (using names and credentials of people who have work authorization for USA) and the offer is usually a fixed rate + commission per job per month for the lifetime of the job. They hire skilled engineers to secure the jobs for them while outsourcing the actual work. So the scam can go further than just outsourcing the work to people with potentially far lower skills.
I've been working remote for almost a decade, and most of the companies I've worked for have pulled me into the office at some point. All expenses paid of course. No, it does not stop an employee from outsourcing work, however a decent contract will.
Employers should also not frown upon those that have this type of behavior unless they specifically call this out in a contract or the employee handbook.
Note that I've never attempted to outsource my work since I like writing code and I get paid an awesome enough salary as it is, but I don't blame those that do unless they are breaking the rules.
I actually got laid off from a job because the lead programmer on my team was doing this. He had 3 folks working in India full time. He told me about it prior to the layoffs over beers. 3 folks on my team were let go. Note that we all found jobs within a month. The last time I spoke with him, he was still doing it. The only time he does any work is when the company has meetings he is asked to attend.
I can practically guarantee (without bothering to check) it's against Upwork's rules, and in many jurisdictions a form of fraud.
1. Legal/compliance/tax problems
2. If Upwork were to allow this, it effectively allows bad actors to reset their reputation whenever they want
3. If you're willing to lie about this, do I really want you working for me?
4. Just because you approve of them and think they're safe doesn't mean I do, and you're sending my confidential company secrets and source code to them
None of these are problems if you're upfront about it, but lying and claiming you're doing the work when you're actually outsourcing it is very bad.
This against their rules. And I had the same thing happen.
Hired an “American” contractor named Jeff. Had a video meeting with him, everything started off great.
Then when we got him into slack, his English went way down hill.
I tried to get a phone number for him and he resisted and gave excuses why he couldn’t talk right now.
So… because I suspect this is getting to be very common… Get a phone number for your contractor and call them periodically. Insist to speak with them on the phone about something they have done recently.
Even if the work would have been good, I won’t pay a liar like that.
Combining this with my bot that makes me “is typing…” any time anyone begins typing at me will surely make my Slack experience even more passive aggressive.
For what it's worth, I find the availability & typing indicators in Slack to be unreliable. When someone "is typing" for a long time I assume it's lying. In this circumstance, it's likely they needed more information or otherwise weren't able to answer your question right away, and they have deleted their message & are not actively typing.
The most awkward one is if someone is typing in a thread, it also shows the is typing in the main channel. You can be having a long conversation in a thread and it'll look as if you're typing some incredibly slow message to the main chat.
I'm definitely guilty of that one. Though it's usually because if e.g. the question is "Will X software do Y", the answer is often "Usually, but watch out for somewhat complicated Z".
A while back i left my computer overnight running with an afk macro in a game. somehow discord got focus and i woke up to amused messages as i had been "typing" for 10 hours.
Those indicators aren't super accurate. I have had two accounts on Telegram and can see the other one "Typing" for quite a long time after I touched the input and exited the chat
A couple of lifetimes ago, when I was a videogame developer, we were having issues with a publisher. I sent them an email explaining why I felt that a certain situation was unfair to us, etc, etc.
A few minutes later I got an email from the producer, but obviously intended to be read by one of his colleagues, who I had CCd on my email. It said something to the effect of "you know, they kind of have a point, blah blah"
This was almost immediately followed by a plain-text email that said "recall" IIRC. I assumed this is how Outlook implements recalling an email internally, except that I was using some Linux email client that was blissfully unaware of this. I chuckled. Just seconds later yet another email begging me not to read the original email as it had been sent by mistake, apologies, etc.
I guess the moral of the story, if there is one, is that you can't really un-deliver a message once it has been delivered. Think twice before you send!
I've met a couple teens who, for Discord on mobile, have the hilarious workaround of just leaving screen recording running 24/7. This obviously gives you a complete log of every pixel you see, at the cost of having to go in and manually delete the files fairly often.
Somewhat relatedly, the Tweetdeck client for Twitter appears to be write-only, because I'll routinely see two or three instances of the same tweet where the author deleted to fix a typo, and other more embarrassing tweets, including at least one that was obviously meant to be a DM.
This applies to Twitter iOS and probably Web and Android too. If a tweet is in your feed and gets deleted, it’ll stay in your feed (but show “This tweet has been deleted” if you try to reply or look at replies)
This highlights one of the problems with treating chat clients as casual conversation by abusing that trust. Not sure I like this; it’s a problem that deserves a solution, and I guess calls attention to it.
I have never been able to accidentally broadcast my impolite opinions on the lukewarm breakfast burritos to everyone in my company in a casual conversation.
Slack probably doesn't care about this, but I do find it slightly disingenuous that Signal offers a "delete message" feature, given its focus on security and not misleading the user that they're doing something that protects them. What's saying that I couldn't similarly patch Signal, and read all of my friend's deleted messages?
I think it's pretty obvious to anyone that your correspondant can read a message before you delete it. And no one assumes that deleting it from signal deletes it from people's brain.
Isn't the whole point of disappearing/delete-able messages that you leave the meaning in your recipient's brain but not on your phones? So if a third party later tries to read your chat logs they won't see anything (sensitive).
I think it's assumed that your recipient is not malicious. I swear at some point there was a warning saying that if you enable disappearing messages it wouldn't prevent your recipient (or you) from simply taking a screenshot of the messages.
If you do this (anywhere, in any context, not just Slack — a notable example is Discord where a lot of people have mods that keep deleted messages), you are uncool. If I delete something I want it gone and if you install mods like this I see that as disrespecting me
That’s probably best handled as a people problem rather than a technology problem. Ie some combination of Confront the moderator/abandon the forum/accept the moderation as is.
There will always be outliers. Life isn’t a binary system.
Readit News
If this is an entirely corporate offering, with supporting EULA - you could accept it as simple monitoring requirements. But without that clear separation of corporate, and potential end user devices, this feels more to me perverse - like spying - than anything.
You are removing the right for someone to make a mistake.
That being said; the idea of a system to which a conversation is mutually engaged (“contract”), but to which a single party can immediately and entirely redact their contributions is flawed at best.
Feels like some kind of in-between is required - hopefully with clear end user understanding.
You aren't stopping them from making a mistake, and you aren't even stopping them from removing evidence from their PoV. You're merely retaining all communication on your side.
I understand OP's sentiment, and even share it to a degree.
It's 50% FOMO, and 50% a certain arrogance of "It made it to my client desktop, the bits are HERE, therefore they're mine now. How DARE you reach out remotely and remove them." Feels like a violation.
But these feelings are silly, and life is too short to worry about such things. There are better things to optimize for and spend time on.
This is a cool tech demo, but anyone who's thinking of using it PRACTICALLY should consider why they also don't root through their building's trash for nuggets others threw out.
We were both into computers so he acted like it was a funny/novel piece of tech but he used it in daily life. Felt like stalkerware. You don't stalk your friends, and you don't violate their consent in the same way that friends dont use a patched snapchat client that disables screenshot notifs/keeps photos. Thats creeper shit!!!
(I will admit to an illicit thrill when I click no on the outlook pop-up that informs me someone wants to recall their message...)
A bit mean to systematically retain.
Worst ever is one of those apps where you do /funny cat and a meme pops up.
Did one once. And this crazy offensive thing popped up. Like sort that can get you fired. Learned that there was no way to delete it.
I hate when that happens.
It astounds me that people use notification sounds for messenger and e-mail clients. How do you get anything done when being repeatedly distracted all day?
When building a chat system with notifications, it's also important that you can recall notifications. Wouldn't want someone's accidentally pasted password to be retained in notifications.
I did end up catching him- the app he was working on enabled geolocation and he went from Chatanooga, Tennessee to Romania in an hour. I'm surprised he accepted geolocation! I also later confirmed IP addresses via Firebase deployments in the same region.
EDIT: since a lot of people are commenting saying that this is fine by IRS laws of subcontracting etc I should clarify:
1. This wasn't a legal matter, but a business matter. I needed to federate access to sensitive infrastructure for this project, and this person failed to disclose (or denied) any additional involvement.
2. The work was not up to spec which is why there was a problem.
3. The reason for using a 1099 as opposed to a w2 in this case had nothing to do with trying to flout benefit obligations. I don't think saying you need to know who's touching your codebase and hiring someone on a contract basis is trying to have your cake and eat it too. This type of contract is much more expensive for us than a full-time employee.
independent contractors are free to sub out work. this is the law. they also probably should not be on your slack unless you're considering the whole thing a consulting arrangement.
i understand where you're coming from, especially in trying to make use of upwork in some actually useful way for your business. but you should also be aware of the law.
https://www.irs.gov/businesses/small-businesses-self-employe...
I’ve never seen a contracting agreement that didn’t specifically prohibit subcontracting without the explicit written consent of the client. It’s not that it wouldn’t be federally legal, it’s that it would violate the specific contract with the client.
Practically speaking, there is no way a software contractor can sub out work without violating a litany of contractual obligations in the contracting agreement. Even minimalistic contracting boilerplate agreements will have clauses that cover these situations.
For example, if you sign an NDA with a company covering the work and then turn around and send the codebase to a contractor in Romania to work on it, you've very clearly violated the terms of the NDA.
So no, the law doesn't automatically allow engineering contractors to do whatever they want with the work.
If it were me, I would not renew a contract with someone who sub-contracted work out to someone I don't know and didn't approve without informing me. Whether it is or not, it certainly seems shady, and I don't want to work with people who have violated my trust.
When I was a contractor, our clients usually had a number of clauses in the contract that would have allowed them to end the engagement early for pulling something like that.
And, of course, in the end they could always just have said "go to hell, we're not working with you anymore," and it would come down to who wants to go to court the least.
The law, nor the linked resource, stipulates that any 1099 relationship can be subcontracted out by anyone, let alone without disclosure. If that were the case the explicit option to hire onshore vs offshore on sites like Upwork would be meaningless, or a matter of arbitrage.
I don't see why software projects can't be the same.
> I don't see why software projects can't be the same.
Contractors can't automatically give subcontractors access to the plans, the construction site, and so on. The contracting agreement will have provisions about who can access the site, how they get approved, on what terms, and so on. Becoming a construction contractor doesn't give someone carte blanche to invite other people to a site without regard to the terms of the contract.
Likewise, a software contractor can't just decide to share your codebase and design documents with a subcontractor because it almost certainly violates many of the contractual clauses they agreed to.
Deleted Comment
Employers should also not frown upon those that have this type of behavior unless they specifically call this out in a contract or the employee handbook.
Note that I've never attempted to outsource my work since I like writing code and I get paid an awesome enough salary as it is, but I don't blame those that do unless they are breaking the rules.
I actually got laid off from a job because the lead programmer on my team was doing this. He had 3 folks working in India full time. He told me about it prior to the layoffs over beers. 3 folks on my team were let go. Note that we all found jobs within a month. The last time I spoke with him, he was still doing it. The only time he does any work is when the company has meetings he is asked to attend.
Deleted Comment
1. Legal/compliance/tax problems
2. If Upwork were to allow this, it effectively allows bad actors to reset their reputation whenever they want
3. If you're willing to lie about this, do I really want you working for me?
4. Just because you approve of them and think they're safe doesn't mean I do, and you're sending my confidential company secrets and source code to them
None of these are problems if you're upfront about it, but lying and claiming you're doing the work when you're actually outsourcing it is very bad.
Hired an “American” contractor named Jeff. Had a video meeting with him, everything started off great.
Then when we got him into slack, his English went way down hill.
I tried to get a phone number for him and he resisted and gave excuses why he couldn’t talk right now.
So… because I suspect this is getting to be very common… Get a phone number for your contractor and call them periodically. Insist to speak with them on the phone about something they have done recently.
Even if the work would have been good, I won’t pay a liar like that.
Combining this with my bot that makes me “is typing…” any time anyone begins typing at me will surely make my Slack experience even more passive aggressive.
A few minutes later I got an email from the producer, but obviously intended to be read by one of his colleagues, who I had CCd on my email. It said something to the effect of "you know, they kind of have a point, blah blah"
This was almost immediately followed by a plain-text email that said "recall" IIRC. I assumed this is how Outlook implements recalling an email internally, except that I was using some Linux email client that was blissfully unaware of this. I chuckled. Just seconds later yet another email begging me not to read the original email as it had been sent by mistake, apologies, etc.
I guess the moral of the story, if there is one, is that you can't really un-deliver a message once it has been delivered. Think twice before you send!
Somewhat relatedly, the Tweetdeck client for Twitter appears to be write-only, because I'll routinely see two or three instances of the same tweet where the author deleted to fix a typo, and other more embarrassing tweets, including at least one that was obviously meant to be a DM.
On the other hand, maybe it's best they can't be deleted, since that will force people to rotate them.
Not everything is meant to be permanently recorded.
Dead Comment
https://support.signal.org/hc/en-us/articles/360007320491-De...
I think it's assumed that your recipient is not malicious. I swear at some point there was a warning saying that if you enable disappearing messages it wouldn't prevent your recipient (or you) from simply taking a screenshot of the messages.
There will always be outliers. Life isn’t a binary system.