At some point during my career sharing files and links in email became a security concern. There were all sorts of malware problems and issues that spread throughout organizations because someone unknowingly clicked on or forwarded a malicious item. At a couple of large organizations, we had to turn off email for days while we cleaned out systems. Fortunately, antivirus and other types of scanning software improved to prevent most of these problems.
It seems that not all developers learned the lessons of the past. Microsoft Teams has a few vulnerabilities inside it based on link sharing in the chats. One of the issues is that the preview features aren’t well implemented, though Microsoft security doesn’t think this is a problem as a user would notice the link would be incorrect. I think that’s a huge leap and not a very safe one to make.
I don’t use Teams often, and as a Slack user, I find it rather confusing, busy, and unintuitive. I know lots of others that like Teams and find it very productive in the Microsoft world, and I’m glad we can have the choice of a way to collaborate with others. However, no matter which type of communication mechanism is used inside of your organization, the security protections ought to be very strong. We are often busy with work and distracted. We are often expecting the information in Slack or Teams to be safer than browsing sites on the public internet. Perhaps that’s not the way things should be, but it is.
Attack vectors that use code inside a webpage are very common, and I dislike many of the “preview” features that I’ve seen in various pieces of software. They slow down the application, especially on a mobile network, and take up unnecessary space. As someone that often can see bandwidth constraints, I’ve prefer that all of these features were optional. Let me decide if I want a preview.
The trend to build richer experiences in applications and pre-fetch data can make the experience better, but there is a tradeoff. There are potential security concerns, but apart from those, these features can make the experience more enjoyable or unnecessarily slow things down and interfere with the way we use an application. More isn’t always better, especially when the pattern for an individual user might not match what the majority does. If 51% of users often use a feature, I’m not sure the other 49% view this as a positive way of architecting the system.