It absolutely is. I niether need nor want end to end encryption in slack. Yesterday I searched for a months old message which would not have been possible if everything we're encrypted all of the way through. We're not the CIA and slack is secure enough for us.
End to end encryption isn't incompatible with full text search.
More to the point, end to end encryption is necessary (but far from sufficient!) to keep communication secure. If you don't need your communication to be secure, that's fine.
The thing about the modern, networked world, is that you don't have to be the CIA to face a sophisticated, global threat model.
I guess I need to add this to the long list of companies I should start, then? It doesn't seem very hard; I explained how to do it downthread. The cost to the client should be reasonable.
If you can find a way to get a three-year-old Android phone to do full text search on an entire company's years of Slack chat logs, then you definitely should start a company.
There are lots of ways to do this in normal corporate environments more safely than Slack but with decent user experience.
Some data can always be locally stored on the device and searched (maybe anything I've typed myself, or particular forums I search frequently). Some data could be downloadable on demand (if I want to search all of my DMs with a given person, it's reasonable even on a phone to download that entire 5MB chat log locally to do the search).
Another way is to trust an archive/search server temporarily with the decryption; if you trust it right now, you can decrypt your logs on that server, do the search, then wipe it. That's a lot safer than all of those logs sitting around forever for anyone who pops the server at any point in the future.
Another option is an enterprise chat server (e.g. Mattermost), or having some kind of chat log server run by the enterprise which is for searching, but use a hypothetical end to end encrypted Slack for routine communications.
Making this all happen as transparently as possible and as efficiently as possible, with clear user security expectations, is what the "company" level stuff would be.
Today I had to search for Slack messages that were sent long before I was hired to solve a problem at work. In an end-to-end model, you're only going to have logs as far back as you were there to receive.
Not necessarily (depends on how you define e2e). One could handle group messaging in a way where membership gives you full historical access vs. only when you were subscribed. In a corp environment you might even require that some groups remain server-side so you can instantly revoke access.
Allowing different security models for different groups would make sense, as long as you could communicate the security models to users and admins somehow.
I disagree, corporate chats still have plenty of reason to want access to historical user-to-user chats. Ignoring the cynical reasons, institutional memory isn't confined to channel chats.
grep can trawl through gigs of files in a few seconds (and that's without indexes), so I don't see why would be an unhappy experience. In any case, there are alternatives; one would be to "recruit" a few other clients of the same organization for a distributed parallel search.
You do want and have E2E encryption in Slack in transit. And the case can be made that wanting it at rest is just as important as authorities change over time.
it sounds great in concept but in practice it gets really lame after extended periods of time