Superhuman’s Superficial Privacy Fixes Do Not Prevent It From Spying on You
Last week was a good week for privacy. Or was it?
It took an article I almost didn’t publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that.
I will say, however, that I’m a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn’t actually fix. From tech press articles implying that the company quickly closed all of its privacy issues, to friends sending me nice notes, I don’t think people are paying close enough attention here. This is not “Mission Accomplished” for ethical product design or privacy — at all.
I noticed two people — Walt Mossberg and Josh Constine — who spoke out immediately with the exact thoughts I had in my head.
1/ This is a good *first* step. Better than doing nothing. But it’s not enough. I read the full blog post. It makes no mention of disabling tracking how *often* the recipient opens the email. It’s also full of the rationalization that secret tracking is ok in “business” software. https://t.co/c0PbCRLgdp
— Walt Mossberg (@waltmossberg) July 3, 2019
I appreciate Superhuman’s changes, but the problem is recipients don’t know they’re tracked, and it’s still not going to warn them https://t.co/GPfUYVkBMs
— Josh Constine (@JoshConstine) July 3, 2019
Let’s take a look at how Superhuman explains their changes. Rahul correctly lays out four of the criticisms leveled at Superhuman’s read receipts:
Superhuman is Spying on You
Over the past 25 years, email has weaved itself into the daily fabric of life. Our inboxes contain everything from very personal letters, to work correspondence, to unsolicited inbound sales pitches. In many ways, they are an extension of our homes: private places where we are free to deal with what life throws at us in whatever way we see fit. Have an inbox zero policy? That’s up to you. Let your inbox build into the thousands and only deal with what you can stay on top of? That’s your business too.
It is disappointing then that one of the most hyped new email clients, Superhuman, has decided to embed hidden tracking pixels inside of the emails its customers send out. Superhuman calls this feature “Read Receipts” and turns it on by default for its customers, without the consent of its recipients. You’ve heard the term “Read Receipts” before, so you have most likely been conditioned to believe it’s a simple “Read/Unread” status that people can opt out of. With Superhuman, it is not. If I send you an email using Superhuman (no matter what email client you use), and you open it 9 times, this is what I see:
That’s right. A running log of every single time you have opened my email, including your location when you opened it. Before we continue, ask yourself if you expect this information to be collected on you and relayed back to your parent, your child, your spouse, your co-worker, a salesperson, an ex, a random stranger, or a stalker every time you read an email. Although some one-to-many email blasting software has used similar technologies to track open rates, the answer is no; most people don’t expect this. People reasonably expect that when — and especially where — they read their email is their own business.
When I initially tweeted about this last week, the tweet was faved by a wide variety of people, including current and former employees and CEOs of companies ranging from Facebook, to Apple, to Twitter:
It was also met critically by several Superhuman users, as well as some Superhuman investors (who never disclosed that they were investors, even in past, private conversations with me). I want to talk about this issue because I think it’s instructive to how we build products and companies with a sense of ethics and responsibility. I think what Superhuman is doing here demonstrates a lack of regard for both.
First, a few caveats: