Apr 25, 2014 ·
3 mins read
Update 27 April 2014:
HipChat ammended its blog post to clarify the issue about who may access the 1-to-1 chats. Scott from HipChat also commented on this post (see below). They state (emphasis mine):
The new terms allow customers to request chat history from us, and allow us to provide it, if the customer has the right to view the communications of their employees. Those rights are very often granted through a company’s employee handbook or policies. So, for chats occurring after the terms become effective (May 27th at the earliest), if an account owner contacts us and requests their 1-to-1 chat history these new terms allow us to provide it to them.
Curiously, they do not state how they will confirm that the customer has the right to view these communications. There appears to be an assumption being made that the “account owner” is also an individual who holds these rights. This is not necessarily the case. For very small teams, it is conceivable that the account owner is either a supervisor, team lead or other individual that does not have these kinds of rights in a large organization. In my example, I authorize the purchase and am listed as the account owner on our instance of HipChat, but my organization does not grant me the right to view employee communications (even if they are my own subordinates). In fact, this right is not granted to anyone except for instances where there may be a legal matter at stake or to investigate a possible security breach.
Bottom line, I still don’t like it, but I can’t say I fully blame them either.
Up until today, I was a big fan of Atlassian’s products. In our organization, we’ve deployed both their project and issue tracking software, Jira as well as their collaboration and wiki software, Confluence. I’ve also recommended their products to many colleagues. Over the past year, our team has been experimenting with various asynchronous chat/collaboration tools, finally landing on HipChat in the fall of 2013.
When Atlassian acquired HipChat in 2012, I had high hopes they were going to bring the same kind of polish present in both Jira and Confluence. In fact, the product has grown tremendously since then, with the inclusion of 1-to-1 Video and Screen Sharing that arrived in March of this year, the future of HipChat was looking good.
And then today happened.
Today, Atlassian has modified HipChat’s Terms of Service (TOS), effectively screwing over their users. The first:
The Atlassian terms require binding arbitration for disputes. As HipChat grows, we need to have a cost-effective alternative to going to court. Our terms now mandate that we resolve disputes via arbitration. We expect binding arbitration to help contain legal costs and offer a faster path to resolution for both parties.
Translation: If we get sued, we’re screwed so we’re changing our policy to ensure we don’t get sued.
This is exactly what Dropbox did back in February of this year. Except with Dropbox, existing users had the opportunity to opt-out, not so with Atlassian’s terms. This protects Atlassian against any legal suit, for example a privacy breach where all your user’s data gets stolen. Sorry, you can’t sue anymore - it’s all going to arbitration (and chances are an arbitrator friendly to Atlassian).
But even worse, there’s this doozy:
Translation: Joe down the hall who introduced you to HipChat can now read all your private messages, even though he may not have authorization to do so.
While it may be true that most corporate policies about employee communications does indeed stipulate this fact, there is a massive distinction to be made between traditional corporate systems such as E-mail, and a tool such as HipChat.
E-mail is often heavily protected and accessible only via the most trusted of System Administrators. Also, corporate policy will typically only resort to reading other people’s mail in the event of a legal obligation or possible security breach. There are also internal policies for dealing with situations that require access to this “private” data. This is a far cry from a small collaboration tool such as HipChat which is often introduced in these organizations from bottom-up or grassroots methods.
Let me make this clear, anyone can create a HipChat team under the guise of an organization and HipChat does not validate the authenticity of the individual creating the team account. To put it bluntly, if your buddy Joe down the hall setup HipChat for your team, guess what? Joe can now read all your 1-to-1 messages, even though Joe may not be in any position in the corporate ladder to have such authorization bestowed upon him.
There is a significant risk that this change will have negative consequences for Atlassian and HipChat. Once users find out that their 1-to-1’s are no longer private, they will lose faith in the system, trust will erode and eventually, usage of the tool will fall. This is unfortunate, because while I don’t think HipChat will cease to exist anytime soon, I believe the amount of teams and users using the tool will diminish over time.
Serendipitously, I stumbled upon Slack a few weeks ago and introduced it internally to our team early this week. So far, the response has been extremely positive. To top it off, it’s free for our particular use case for unlimited users (hard to argue with free). After this fiasco with Atlassian, we’re dumping HipChat and going with Slack full time. I’ll have more on Slack in the upcoming weeks as we’re really liking the tool and its feature set. I’m truly saddened by this decision from Atlassian to the point where we will take a long, hard look at the usage of their other products in our team. Something tells me I don’t foresee using their products much longer.