As an employer, and account holder, I am not a fan of this feature.
My team must feel free to use our internal communication tools to have private, perhaps critical, conversations between each other without worrying about me, or other members of management, from reviewing them.
If the tools cannot be trusted, employee will not use them. If they don’t use, they’ll revert to other methods of communication, which will consume their attention.
This should be an option, and one whose affect is in plain view of users.
Lacking such an option, or clear disclosure, I will be canceling our account, as well as reviewing my companies use of other Atlasssian tools.
Please reconsider this feature, or at least, reconsider its implementation.
I completely agree with you on this. I can't imagine continuing to use hipchat with this change in place.
This was pretty stunning at first, but after thinking about it my guess is simply organizations that use Jira are the kind of organizations that want/need to keep tabs on all employee communications.
Which hey, I get that for some companies they need that for one reason or another.
What it says to me more clearly than anything though, is that Hipchat's core customer isn't small teams any longer.
We run local e-mail and IM servers; the only thing that protects user communications on company owned infrastructure is our company policy. How is this any different?
What I find far more alarming -- and quite hypocritical from SaaS users seemingly suddenly concerned with privacy -- is that when I communicate with companies and individuals that use SaaS providers like Google Apps, the party with which I'm communicating implicitly shares my private correspondence with a SaaS company that engages in massive cross-internet data collection.
By comparison, employers having access to data that flows over employer-owned infrastructure is barely worth mentioning, has been the status quo for decades, and I'm absolutely stunned that anyone is shocked by this.
Thanks for doing this, please keep us updated if you get a response that you can share.
Our team has just switched back to HipChat as we have more and more remote workers. I'm the current owner of the account, and I don't want the ability to be able to read private chats. I don't want anyone else taking over as owner being able to read my private chats.
By all means, allow it as an option for customers that feel the need to spy on their employees, but let us turn it off.
I suppose workers need to assume any communication system that is provided by the company may be read at any time by management.
The bummer about this is probably many people use private communications expecting them to stay that way. They don't realize companies like Hipchat do not have architecture to support data impermanence or encryption between parties.
Nor do these companies go out of their way to highlight this, as people probably did not understand the distinction until recently.
I get what you're saying, but we use HipChat and it's really obvious that it's "your company's chat system." At least, that's how our employees think of it and how it's marketed. I'd be really surprised if someone thought it was more private than their company email address.
Hipchat should have stuck gone the opposite, and made their policy explicitly: "1-to-1 is private".
Mimic the real workplace, I have a 1-1 meeting with someone, it isn't recorded (usually).
It's annoying, because it puts up barriers to communication, people talk differently when they know they are being recorded.
I hope they implement this as an option (like they do room history).
EDIT: Thinking more, it should be an option, and when enabled/disabled, all users should receive an email explaining the change. (If you are reading bitbucket devs, do it! Please!)
This is a pain point for me because HipChat's permissions granularity is really bad: my organization gives everybody admin access so we can configure API tokens, emoticons, etc. Things we want to do pretty often. Now, we'll have to restrict everybody to a normal user and have a single administrator do these very normal operations.
Yep, we have exactly the same issue. This feature decision is a trust-deterrent. Nothing worse when it comes to team communication.
To me this is the final straw. By contrast Slack's privacy policy mentions they "plan to allow team owners or administrators to enable an optional feature which would allow them to view anything inside their teams".
They add: "When this feature is added, notices will be visible to all members on teams where it is enabled."
Keywords: optional & visible.
That's exactly the kind of thoughtful consideration made obvious when you first use Slack. The product direction on HipChat during the 6/8 months we've been paying customers has been disappointing. Instead of working on in-app history search or the other dozen of clamored for features (http://help.hipchat.com/forums/138883-suggestions-issues/fil...), they pilled on a not really necessary audio/video call feature.
I can only hope the HipChat/Atlassian team considers making admin access to private conversations optional and visible as well.
Talk to HipChat, that sounds like something they might be able to change in their service. Perhaps have a super-admin or user groups or something that give intermediate permissions.
Your circumstances don't sound like they would be rare.
The forced arbitration seems a bit odious... general mills just got dinged for that and had to apologize...I wonder if the same thing will happen here. For those who don't know, forced arb basically gives them carte blanche to harm you and have the case handled by their "friends" instead of the justice system.
Forced arbitration is a terrible policy and terrible for consumers[1]. I remember when Al Franken fought to amend the "forced arbitration" policy in the Department of Defense Appropriations Act[2]:
"Jamie Leigh Jones is a courageous woman who stood up to KBR and Halliburton when they tried to force her into arbitration after she was allegedly gang-raped by fellow employees in 2005."
It's a way for corporations to avoid being held legally liable for criminal behavior against consumers and employees. So if Atlasssian screws you, either as an employee or a consumer, you're forced into arbitration instead of being able to challenge them in court.
General Mills got banged up because they tried to claim that performing such actions as "Liking their facebook page" indicated your agreement to those terms. That was the part that was extreme.
Forced Arbitration is anti-consumer but unfortunately it's also pretty common these days. I'd wager you've already agreed to it with you cable, home internet, and phone providers.
It has stormed the front immensely in the last 10-15 years. Almost all contracts have an arbitration section to bypass the courts which has many to blame.
It is a strange world when we live 'free' but our companies are dictatorships/feudal while using military tribunal type justice in arbitration, but it is a byproduct of ludicrous overstepping of the bounds with lawsuits so the other side gets wacky.
I actually bought a shaver once, from a retail store, that included an unannounced forced arbitration contract thay claimed implied consent by using the shaver. It's ridiculous.
Surely I can still take them to court and argue the forced arbitration is part of my grievance. IANAL but surely one can argue that removing the judicial system from anything is illegal?
I'm not sure why people hate on forced arbitration.
Outside of the occasional ridiculous damages award that happens, it's actually often better for consumers.
It's cheaper, doesn't require a lawyer, company usually pays, etc.
I'm not sure who their "friends" are. The arbitrators i've met in my time tended to be fair, unbiased folks. I'd expect in general civil cases, it's a mess.
The only claims that get preempted by forced arbitration are these small little $1-2 per person claims. But then people complain when lawyers litigate them as class actions, and settle for $1-2.
I'm sorry for the way we presented this information. We definitely should have explained these changes more clearly, because they do NOT mean that admins can browse your 1-1 chats. Our blog has been updated with a better explanation: http://blog.hipchat.com/2014/04/25/hey-were-changing-our-ter...
If you still have questions or concerns, feel free to email me directly (address in profile here) and I can answer them or put you in touch with someone who can.
We trust our employees. I don't feel the need to access personal communications between employees.
We also give some oef our senior guys admin access so they can manage other users - I don't particularly want them to read my private communications with other employees either.
I love Atlassian (go aussies!) and Slack is expensive. Bummed.
I guess it depends on how it was being used. If your employees came up with a great idea over chat that six month's later lead to a patentable invention, its nice that there is a record of all that information.
> We trust our employees. I don't feel the need to access personal communications between employees.
It's not really a matter of trust.
When a legal discovery request arrives and your company replies 'we don't know what the employees said in that context because it's private' - that's when the problems start.
Somewhat tangential to this story, but we recently moved our team over from HipChat to Slack [1]. I initially thought that we'd miss the sheer number of integrations HipChat offers, but Slack seems to cover almost all of the ones we use regularly and some HipChat doesn't yet offer, like Asana.
Our team tried out Slack, but the Mac app isn't native, just a rather weak wrapper around the normal web page. And the web experience just isn't as good as HipChat.
Also, no in-app voice/video integration that I could find. HipChat's one-on-one video is great, although waht I really wish for is conferencing built in. Google Hangouts is just too annoying to set up (first it pesters me about signing up for Google Plus, which I don't want, then it shows a blank screen with a "start a hangout" button, then it opens a GH video in a separate window, which is just stupid), and doesn't have a desktop app.
Why do you care? If you ran the chat server locally, you'd have the ability to snoop already.
Atlassian themselves could snoop on your traffic; the only thing stopping them is their terms of service. All you have to do to protect your employees is publish clear guidelines on when and how your company will access employee communications on company-owned infrastructure -- bingo, problem solved.
At a previous company a round of firings were commenced with evidence contributed from HipChat logs... That was followed by a rash of everyone using the XMPP interface so they could encrypt their chats- I thought that was a bit much but now their paranoia has been proven wise...
People were typing incriminating things in a chatroom on your company's HipChat server?
I could believe that they were surprised management decided to track what they were saying, but I can't believe anyone thought HipChat would protect chatroom logs against the account administrator.
I don't see how this is relevant, if it was bad enough to warrant being fired, logs or lack of them wouldn't have helped. Sure they might have acted as evidence but there was probably other evidence of the actual action?
All they had to write was "It’s been two years since HipChat joined the Atlassian family"... the rest is obvious. IMHO Atlassian is a company focused on helping enterprises control users of their software, not help them. JIRA's maddening UX is Exhibit A.
How is JIRA's UX maddening? It's so highly configurable that it really depends on how it is set up, and what the patterns of use are within your organisation.
Really disappointing move. If you don't trust your developers, maybe you shouldn't have hired them in the first place.
Our team loves HipChat, and they will probably end up feeling the opposite because of this. Please provide a way for us not to activate that "feature".
> If you don't trust your developers, maybe you shouldn't have hired them in the first place.
Companies are basically required by law to store all the communications of their employees, it has nothing to do with trust. I forget the entire reason, but basically Bill Clinton cut some crazy deal with radical feminists in order to get reelected whereby he signed some sexual harassment law that basically required employers to monitor all employee communications. Jeffrey Rosen has a book about it called The Unwanted Gaze.
I'd expect an organization who pays for the service should have access to their data in it. If you fear the change, you really fear the people who are or will someday become a service administrator. If you fear that, perhaps you should consider if you're really happy where you are. I'd suspect you either have trust issues with your corporate or IT management, or you work at a place that moves too slow for IT to have anything better to do than troll through private chats.
In many cases, IT can already do a lot of other things like span your port, read your e-mail, shadow your terminal, capture all printer output, etc. But in practice, this kind of permission is usually used when someone is stuck and an employee unreachable or out on vacation, or an employee is terminated and you need some critical piece of information they might have in their chat history.
I pay for the service for my company. I trust my employees. I don't want them to think I'm snooping on their personal conversations between each other.
This seems like an appropriate time to remind everyone that your work email belongs to your boss, not to you. Don't send private emails from your work account. Likewise, your work laptop isn't yours, it's your employers. Don't do personal work on it.
My team tested out HipChat, and it's rad, but I had trouble convincing anyone it was worth the cost over terrible Lync, which we already have, despite it's complete lack of stability on the Mac. We're now secretly using Slack, and enjoying it pretty well. The "native" client is also really nice, bringing just enough native experience to a web view.
This is garbage. We have over 250 people using Hipchat and we use the 1:1 as the way to vent outside of the rooms that we're also part of. Better? I'm an admin and I'm so pissed that they decided to change a feature that I sung praises of for so long. Just like another company tool, we'll start to use another outlet to "really" communicate to each other while the HipChat rooms will be relegated to PMs and business owners fishing for updates.
I don't know if you can blame Atlassian for being "anti user" here. In some businesses and government settings data retention is a regulatory requirement. It's not ideal. It doesn't fit human patterns of communication. There are obvious back-channels. So systems like that catch only the dumbest violators. But Atlassian probably has customers who are required to specify communication systems that can be monitored.
I wish there were more companies that were more worried about doing the right thing than serving their paying customers. Especially when those customers are businesses who want to snoop on their employees, or ad agencies that want to sort through your mail.
I'm tired of constantly being screwed over by any company that I'm not paying directly.
While this is probably helpful in some situations, my expectation is that like monitoring interwebs traffic, most tech companies don't care and won't bother.
This is really only something that probably matters if company has to take legal action and needs the CYA.
Probably true, but I think a lot of Atlassian customers (maybe most) aren't tech companies, but tech departments within big enterprises. I think most big companies actually do have web and email monitoring in place.
[+] [-] etchalon|12 years ago|reply
As an employer, and account holder, I am not a fan of this feature.
My team must feel free to use our internal communication tools to have private, perhaps critical, conversations between each other without worrying about me, or other members of management, from reviewing them.
If the tools cannot be trusted, employee will not use them. If they don’t use, they’ll revert to other methods of communication, which will consume their attention.
This should be an option, and one whose affect is in plain view of users.
Lacking such an option, or clear disclosure, I will be canceling our account, as well as reviewing my companies use of other Atlasssian tools.
Please reconsider this feature, or at least, reconsider its implementation.
Thank you.
[+] [-] awicklander|12 years ago|reply
This was pretty stunning at first, but after thinking about it my guess is simply organizations that use Jira are the kind of organizations that want/need to keep tabs on all employee communications.
Which hey, I get that for some companies they need that for one reason or another.
What it says to me more clearly than anything though, is that Hipchat's core customer isn't small teams any longer.
It's large enterprises with lots of seats.
[+] [-] teacup50|12 years ago|reply
We run local e-mail and IM servers; the only thing that protects user communications on company owned infrastructure is our company policy. How is this any different?
What I find far more alarming -- and quite hypocritical from SaaS users seemingly suddenly concerned with privacy -- is that when I communicate with companies and individuals that use SaaS providers like Google Apps, the party with which I'm communicating implicitly shares my private correspondence with a SaaS company that engages in massive cross-internet data collection.
By comparison, employers having access to data that flows over employer-owned infrastructure is barely worth mentioning, has been the status quo for decades, and I'm absolutely stunned that anyone is shocked by this.
[+] [-] jsmeaton|12 years ago|reply
Our team has just switched back to HipChat as we have more and more remote workers. I'm the current owner of the account, and I don't want the ability to be able to read private chats. I don't want anyone else taking over as owner being able to read my private chats.
By all means, allow it as an option for customers that feel the need to spy on their employees, but let us turn it off.
[+] [-] bredren|12 years ago|reply
I suppose workers need to assume any communication system that is provided by the company may be read at any time by management.
The bummer about this is probably many people use private communications expecting them to stay that way. They don't realize companies like Hipchat do not have architecture to support data impermanence or encryption between parties.
Nor do these companies go out of their way to highlight this, as people probably did not understand the distinction until recently.
[+] [-] eli|12 years ago|reply
[+] [-] bdunbar|12 years ago|reply
We use hipchat at work. I've been assuming since day one my employer can read everything I write. They are _paying_ for it after all.
[+] [-] sorahn|12 years ago|reply
Also then we're already in the right program to paste code bits around when we need.
[+] [-] 1stop|12 years ago|reply
Mimic the real workplace, I have a 1-1 meeting with someone, it isn't recorded (usually).
It's annoying, because it puts up barriers to communication, people talk differently when they know they are being recorded.
I hope they implement this as an option (like they do room history).
EDIT: Thinking more, it should be an option, and when enabled/disabled, all users should receive an email explaining the change. (If you are reading bitbucket devs, do it! Please!)
[+] [-] zacwest|12 years ago|reply
[+] [-] olivierlacan|12 years ago|reply
To me this is the final straw. By contrast Slack's privacy policy mentions they "plan to allow team owners or administrators to enable an optional feature which would allow them to view anything inside their teams".
They add: "When this feature is added, notices will be visible to all members on teams where it is enabled."
Keywords: optional & visible.
That's exactly the kind of thoughtful consideration made obvious when you first use Slack. The product direction on HipChat during the 6/8 months we've been paying customers has been disappointing. Instead of working on in-app history search or the other dozen of clamored for features (http://help.hipchat.com/forums/138883-suggestions-issues/fil...), they pilled on a not really necessary audio/video call feature.
I can only hope the HipChat/Atlassian team considers making admin access to private conversations optional and visible as well.
[+] [-] sukuriant|12 years ago|reply
Your circumstances don't sound like they would be rare.
[+] [-] rmanalan|12 years ago|reply
The new API allows you to request personal tokens or room tokens (you'll need to be a room admin for that).
[+] [-] dccoolgai|12 years ago|reply
[+] [-] debt|12 years ago|reply
"Jamie Leigh Jones is a courageous woman who stood up to KBR and Halliburton when they tried to force her into arbitration after she was allegedly gang-raped by fellow employees in 2005."
It's a way for corporations to avoid being held legally liable for criminal behavior against consumers and employees. So if Atlasssian screws you, either as an employee or a consumer, you're forced into arbitration instead of being able to challenge them in court.
[1]http://www.franken.senate.gov/?p=issue&id=211
[2]http://www.naca.net/issues/forced-arbitration
[+] [-] eli|12 years ago|reply
Forced Arbitration is anti-consumer but unfortunately it's also pretty common these days. I'd wager you've already agreed to it with you cable, home internet, and phone providers.
[+] [-] drawkbox|12 years ago|reply
It is a strange world when we live 'free' but our companies are dictatorships/feudal while using military tribunal type justice in arbitration, but it is a byproduct of ludicrous overstepping of the bounds with lawsuits so the other side gets wacky.
[+] [-] nitrogen|12 years ago|reply
[+] [-] 1stop|12 years ago|reply
Surely I can still take them to court and argue the forced arbitration is part of my grievance. IANAL but surely one can argue that removing the judicial system from anything is illegal?
[+] [-] DannyBee|12 years ago|reply
I'm not sure who their "friends" are. The arbitrators i've met in my time tended to be fair, unbiased folks. I'd expect in general civil cases, it's a mess.
The only claims that get preempted by forced arbitration are these small little $1-2 per person claims. But then people complain when lawyers litigate them as class actions, and settle for $1-2.
[+] [-] powdahound|12 years ago|reply
I'm sorry for the way we presented this information. We definitely should have explained these changes more clearly, because they do NOT mean that admins can browse your 1-1 chats. Our blog has been updated with a better explanation: http://blog.hipchat.com/2014/04/25/hey-were-changing-our-ter...
If you still have questions or concerns, feel free to email me directly (address in profile here) and I can answer them or put you in touch with someone who can.
[+] [-] nedwin|12 years ago|reply
We also give some oef our senior guys admin access so they can manage other users - I don't particularly want them to read my private communications with other employees either.
I love Atlassian (go aussies!) and Slack is expensive. Bummed.
[+] [-] coolsunglasses|12 years ago|reply
[+] [-] mixologic|12 years ago|reply
[+] [-] dingaling|12 years ago|reply
It's not really a matter of trust.
When a legal discovery request arrives and your company replies 'we don't know what the employees said in that context because it's private' - that's when the problems start.
[+] [-] Kiro|12 years ago|reply
[+] [-] notatoad|12 years ago|reply
>I don't particularly want them to read my private communications
either you trust them, or you don't. It doesn't seem like atlassian's problem that you don't trust your senior staff to not read your chat logs.
[+] [-] shravan|12 years ago|reply
[1]: https://slack.com/
[+] [-] lobster_johnson|12 years ago|reply
Also, no in-app voice/video integration that I could find. HipChat's one-on-one video is great, although waht I really wish for is conferencing built in. Google Hangouts is just too annoying to set up (first it pesters me about signing up for Google Plus, which I don't want, then it shows a blank screen with a "start a hangout" button, then it opens a GH video in a separate window, which is just stupid), and doesn't have a desktop app.
[+] [-] vodo|12 years ago|reply
[+] [-] teacup50|12 years ago|reply
Atlassian themselves could snoop on your traffic; the only thing stopping them is their terms of service. All you have to do to protect your employees is publish clear guidelines on when and how your company will access employee communications on company-owned infrastructure -- bingo, problem solved.
[+] [-] cjbarber|12 years ago|reply
I'm working on compiling a list of alternatives right now, and will edit this comment in the next few minutes.
Edit:
https://github.com/cjbarber/hipchat-alternatives
[+] [-] leetrout|12 years ago|reply
At a previous company a round of firings were commenced with evidence contributed from HipChat logs... That was followed by a rash of everyone using the XMPP interface so they could encrypt their chats- I thought that was a bit much but now their paranoia has been proven wise...
[+] [-] eli|12 years ago|reply
I could believe that they were surprised management decided to track what they were saying, but I can't believe anyone thought HipChat would protect chatroom logs against the account administrator.
[+] [-] matthewcford|12 years ago|reply
[+] [-] epayne|12 years ago|reply
[+] [-] samhoggnz|12 years ago|reply
[+] [-] sylvinus|12 years ago|reply
Our team loves HipChat, and they will probably end up feeling the opposite because of this. Please provide a way for us not to activate that "feature".
[+] [-] Alex3917|12 years ago|reply
Companies are basically required by law to store all the communications of their employees, it has nothing to do with trust. I forget the entire reason, but basically Bill Clinton cut some crazy deal with radical feminists in order to get reelected whereby he signed some sexual harassment law that basically required employers to monitor all employee communications. Jeffrey Rosen has a book about it called The Unwanted Gaze.
[+] [-] seanmcelroy|12 years ago|reply
In many cases, IT can already do a lot of other things like span your port, read your e-mail, shadow your terminal, capture all printer output, etc. But in practice, this kind of permission is usually used when someone is stuck and an employee unreachable or out on vacation, or an employee is terminated and you need some critical piece of information they might have in their chat history.
[+] [-] nedwin|12 years ago|reply
[+] [-] eddieroger|12 years ago|reply
My team tested out HipChat, and it's rad, but I had trouble convincing anyone it was worth the cost over terrible Lync, which we already have, despite it's complete lack of stability on the Mac. We're now secretly using Slack, and enjoying it pretty well. The "native" client is also really nice, bringing just enough native experience to a web view.
[+] [-] mullethunter|12 years ago|reply
[+] [-] Zigurd|12 years ago|reply
[+] [-] Maxious|12 years ago|reply
https://en.wikipedia.org/wiki/Libor_scandal shows the value of logging private IM in a financial context.
[+] [-] alexnking|12 years ago|reply
I'm tired of constantly being screwed over by any company that I'm not paying directly.
[+] [-] nedwin|12 years ago|reply
[+] [-] kyleknighted|12 years ago|reply
[+] [-] balls187|12 years ago|reply
This is really only something that probably matters if company has to take legal action and needs the CYA.
[+] [-] eli|12 years ago|reply