Superhuman’s Superficial Privacy Fixes Do Not Prevent It From Spying on You

Last week was a good week for privacy. Or was it?

It took an article I almost didn’t publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that.

I will say, however, that I’m a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn’t actually fix. From tech press articles implying that the company quickly closed all of its privacy issues, to friends sending me nice notes, I don’t think people are paying close enough attention here. This is not “Mission Accomplished” for ethical product design or privacy — at all.

I noticed two people — Walt Mossberg and Josh Constine — who spoke out immediately with the exact thoughts I had in my head.

Let’s take a look at how Superhuman explains their changes. Rahul correctly lays out four of the criticisms leveled at Superhuman’s read receipts:

  1. “Location data could be used in nefarious ways.”
  2. “Read statuses are on by default.”
  3. “Recipients of emails cannot opt out.”
  4. “Superhuman users cannot disable remote image loading.”

However, he also omits the core criticism: Recipients of Superhuman emails do not know their actions are being tracked or sent back to senders.

Rahul then details the five ways they plan to address those concerns:

  1. “We have stopped logging location information for new email, effective immediately.”
  2. “We are releasing new app versions today that no longer show location information.”
  3. “We are deleting all historical location data from our apps.”
  4. “We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on.”
  5. “We are prioritizing building an option to disable remote image loading.”

The first three apply only to the first criticism about location, but fine. All good moves. Bravo.

The fourth addresses the concern about teaching customers to surveil by default but also establishes that Superhuman is keeping the feature working almost exactly as-is, with the exception of not collecting or displaying actual locations. I’ve spoken with several people about how they interpreted Rahul’s post on this particular detail. Some believed the whole log of timestamped read events was going away and were happy about that. Others read it the way Walt, Josh, and I did: you can still see exactly when and how many times someone has opened your email, complete with multiple timestamps — you just can’t see the location anymore. That, to me, is not sufficient. “A little less creepy” is still creepy.

Also worth noting, “turning receipts off by default” does nothing to educate customers about the undisclosed surveillance they are enabling if they flip that switch. If they’ve used read receipts at all in the past, they will probably assume it works just like Outlook. At the very least, Superhuman should display a message when you flip that switch saying something like “by turning on Read Receipts, you are monitoring your recipients’ actions without their knowledge or permission. Are you sure you want to do this?”

Rahul’s fifth and final fix is also good in that they now realize pixel spying is a threat that they need to protect their own users from. This introduces a moral paradox, however: if the technology you are using on others is something you need to protect your own users from, then why are you using it on others in the first place? These are all questions I’ve asked Rahul publicly in this series of tweets, which I’m still waiting for a response on, four days later:

Ask yourself, even under this new system, whether you would ever not feel creeped out by someone saying:

“I’ve noticed you’ve opened my email four times, including last night, and even five minutes ago… and you haven’t responded yet.”

What if someone in your family said that? What if your ex said that? What if someone who had threatened you in the past said that? How about someone you didn’t even know? How about your boss?

It would be creepy enough for someone to actually say that to you, but even if they kept their mouth shut, they still know when you are looking at their email, and you don’t even know that they know. All because of these tracking pixels, which Superhuman has decided to continue using.

The message that sender-controlled read receipts send is “I’m watching you, I’ve been watching you, and you didn’t even know it”. Can you imagine ever saying that to someone, in any context, and having it go well?

I cannot. And the reason is that it communicates not only that you don’t trust me, but that I (the recipient) can’t trust you. It also implies that I’m doing something wrong by not emailing you back. As Ray Ozzie says, mess with people’s expectations at your own risk:

“I’m always watching you” is exactly the expectation that sender-controlled read receipts set. It’s how they work. And it’s the reason people don’t (and likely won’t) disclose that they’re using them.

Above all else, I want to know if people feel safe with this implementation. It doesn’t matter if I feel safe or if Rahul feels safe. Do women feel safe? Do people who have been creeped on over work email feel safe? Do people who have been harassed by salespeople feel safe? These are questions I would love for Rahul and team to investigate. You can probably start with someone like Cindy Southworth (hat tip: @amac) or many of the women, like Tracy Chou, who chimed in on the thread:

To Superhuman’s tremendous credit, they appear to have a pretty diverse team. Out of 30 people, I count 10 women and a variety of ethnicities. In Bay Area tech, that usually takes intentionality. Well done on that. It’s hard to believe, then, that not a single person — employee or customer — ever brought up how creepy the display of timestamps and read statuses are. Maybe someone internally did but the culture was not psychologically safe enough to bring it up and advocate against it. I’m just speculating. I don’t actually know. As Derek Powazek said:

Turns out, there seems to have been plenty of feedback, at least as far back as October 2018. Here is a Tweet from Elies Campo, formerly of WhatsApp and now working at Telegram (both known for their attention to privacy):

Read the words from Superhuman “Delight Team” employee Cameron Wiese. He says explicitly says “I agree” and says he thinks Superhuman should turn images off to avoid triggering read receipts and “having your privacy violated”.

Cameron is no longer at the company. I have no reason to believe that is related to this, but it’s proof that Superhuman’s own very small team knew about this a long time ago and decided to do nothing about it.

I began to wonder why, so I started reading up on Rahul. I haven’t followed his career so I wanted to read some things he’d written or said to get a better picture of how he thinks about products. The first thing I came across was this article entitled How Superhuman Built an Engine to Find Product/Market Fit. It’s really well-written and full of a lot of great wisdom from Rahul that can help other entrepreneurs. Stuff I have never thought about for sure. In particular, the bit about zeroing in on the question “how disappointed would you be if you could no longer use this product” is great. It’s kind of an inverse NPS. Really good stuff. There’s one part of the article that may, however, reveal what led to this situation Superhuman now finds itself in: Rahul talks about how he explicitly ignores feedback from people who don’t already love his product. You can read it yourself inside that article or listen to it from his own voice in this interview at the 17:50 mark. Please get the full context from the material provided, but here’s the quote:

“You take the users who most love your product and turn those into an HXC (high-expectation customer), and you use those to narrow the market. And what I mean by that is, deliberately ignore the responses from customers who don’t fit that archetype of people who love your product.”

Bingo.

There is already a huge survivorship bias problem whenever you survey existing customers (which is why people like Elies and me aren’t even represented in these surveys), but doing things the way Rahul describes is like some sort of “devotional bias” on top of the existing survivorship bias.

I will say this: if you were skeptical of Superhuman’s commitment to privacy and safety after reading the last article, you should probably be even more skeptical after these changes. The company’s efforts demonstrate a desire to tamp down liability and damage to their brand, but they do not show an understanding of the core problem: you should not build software that surreptitiously collects data on people in a way that would surprise and frighten them. Superhuman needs to realize that the people their customers send emails to aren’t “externalities”. They are people. And they deserve not to be spied on by software they don’t even know about and never signed up to use. This was an opportunity for Superhuman to internalize what it means to respect privacy, and model behavior for the next generation of companies by doing just that. Instead, they have done little more than the minimum.

I want to quickly detour into a few other issues unearthed by the conversation last week, and then we’ll get back to Superhuman.

First and foremost, it’s important to understand how dissatisfying it is that I happen to be the one who was able to break through on this issue. I am not the internet’s ombudsman or a beacon of morality. For that, I would turn to someone like danah boyd or Anil Dash, who are always a step ahead in thinking about unintended consequences of technology. Second, to my knowledge, I have never been stalked or abused. I am not a victim speaking out. I’m just another white guy of moderately impeachable character who got on my privileged soapbox and said something.

There are several reasons I was able to do this:

  • Because of my background and the way I look, I don’t have to worry about getting discredited or blackballed.
  • Despite tweeting stuff like this, I have a decent size following on Twitter.
  • I got extremely lucky twice in tech, so I’m secure enough financially and career-wise to where I don’t have to give a shit what the technology and venture capital world think of me.
  • I haven’t personally wielded the sort of granular tracking technology I am railing against.
  • I took the time to write a proper argument in long-form, litigating issues and not people.

Without all five of those things aligning, I think this whole thing wouldn’t have registered a blip. Furthermore, the first four of those things are about who I am and not what I wrote. Think about how frustrating this is for all of the people in the world who have something important they want to bring to light but are only able to do number five. This happens every day, and we miss a lot of it.

Conversely, I will also say that there are a lot of people in the world who have either all or some of the first four taken care of and instead take the easy route by tweeting out some thought-terminating-cliches (hat tip: Kristy Tillman), and then moving on to the next thing they feel like tweeting. If you have an argument to make, put in the work.

Along these lines, it’s been interesting to see who has reacted (and how) to my original article. If you search for who has linked to it on Twitter, you have to scroll through more than 50 posts before you find a single detractor. I didn’t research any further, and I could be biased by how Twitter displays search results, but my gut is that this is at least a 95%/5% situation, if not higher. To anyone who thinks “everyone knows this stuff is going on”, this is a death blow to that theory. “Everyone” in ad tech might know about email surveillance, but the great majority of people in the world do not… and those are the people you are either signing up to be honest with or signing up to deceive. As Upton Sinclair said:

“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

In this case, the statement refers to getting people who surreptitiously track others to understand that those being tracked do not know they are being tracked nor want to be tracked and that it is a violation of their privacy.

It’s also been interesting to see who has not weighed in. That includes a lot of people on both sides of this issue, including most of Superhuman’s VCs and 120 well-placed angel investors. I have, however, gotten DMs from some very prominent people in the investment community expressing solidarity but unwilling to say anything publicly. I’ve also gotten similar messages from people involved in the creation of Outlook and other tools that have had to wrangle these sorts of issues. I’ve also heard from entrepreneurs who have been specifically told by investors not to engage in discussions like these because it may limit their ability to fundraise in the future.

To those who have spoken out publicly or messaged me privately, thank you!

Conversely, there are also probably people on the other side of the issue who haven’t spoken up because they don’t want to look like jerks. This issue can really make you look like a jerk quite easily, so it’s sometimes easier to just let everyone else tell on themselves instead, like this guy from Founders Fund:

Exactly the caring, benevolent way the venture capital world would love to be represented, I’m sure.

While we’re on the topic of Twitter, I should mention that I’m generally not a fan of having public, free-for-all debates about heated subjects on the platform. I think the format often turns us into the worst versions of ourselves, expelling incomplete thoughts in such staccato bursts that we are often talking past each other and to the larger audience we are trying to impress. Twitter at its best exposes us to wonderful things we’ve never seen before. But Twitter at its worst is just bad performance art. I feel bad that Rahul and team had to absorb the tens of thousands of Tweets directed at them last week. But at the same time, I also feel like they had advance warning several months ago from myself and surely others that what Superhuman is doing is not right.

Being on the inside of this whole clandestine web of intrigue for a few days has made me think twice about this tech ecosystem of ours and what sorts of behaviors we are enabling with it. How many VCs and powerful people hate what Superhuman is doing with people’s privacy but won’t say anything because they aren’t sure if another company in their portfolio does something similarly sketchy with data? How many won’t say anything because they are concerned about their relationship with Andreessen Horowitz?

This episode has also made me take stock of whether there’s anything in my own life which is collecting data it doesn’t need to collect. Someone on Twitter brought up the fact that I use Mailchimp to send out newsletters. That’s a good place to start. A few years ago, I enlisted Mailchimp to automate newsletter creation for me. I wanted to give people an easy way receive an email every time I wrote a new post. That’s about two or three times a year. Mailchimp makes this so easy that since installing it, I’ve never once logged into the service. I didn’t even know what, if any, data they were collecting aside from the number of subscribers I had. Turns out, they can collect a lot more data than I am comfortable with. Thankfully you can disable substantially all of it, which I have done. It bothers me that these services are choosing to collect all of this data for people who don’t even need it or want it. It turns people into “unwitting data collectors”.

It reminds me of the early days of Android when developers immediately asked for every single permission they could get from you. Now the conventional wisdom is to only ask for what you need, when you need it. It makes things slightly better that people are at least opting into these newsletters, but to use my same test from the original post, there is no way they know how much data is being collected on them. That said, I’m generally not moved by straw man arguments that attempt to paint bulk newsletter analytics with the same brush as email surveillance. News organizations are well within their rights to employ the former while criticizing the latter.

The second thing someone asked me on Twitter is whether the company I work for uses tracking pixels anywhere. I’m not in sales or I.T. so I have to look into how different people use analytics over here, but I imagine there are a variety of ways. I’m going to be proposing an explicit policy against the sort of thing described in this article this week and I don’t expect that will be controversial.

Ok, so back to Superhuman.

We are left now in a better state than we were last week. The threat level has decreased. But I am still left wondering, why is Superhuman taking this feature — which clearly creeps people out — and doing barely more than the minimum to make it less creepy? Rahul said exactly why in his post:

“If one of us creates something new, and that innovation becomes popular, then market dynamics will pull us all in that direction. This is how we ended up with location tracking inside of Superhuman, Mixmax, Yesware, Streak, and many others.”

Rahul is not wrong. But that is not how the greatest innovators think. The reason Slack is now an $18b company whose software is loved by millions of customers is that Stewart Butterfield created a new workplace communications tool based on how he thinks workplace communications should work. Stewart and team looked at what tools people were currently using, invented a new service full of things that seemed good, and left out everything that seemed bad. Are there any deceptive, creepy, or harmful features that exist in Slack because they already exist in other products? Not that I can think of. Someone please tell me if I’m wrong. Heck, Slack doesn’t even have read receipts! And it would be easy to design them ethically within Slack if they wanted to.

Either Rahul thinks email apps should be able to spy on recipients’ behavior without their knowledge or permission, or he doesn’t think they should — but he’s doing it anyway because other bad actors do. Neither of these represents the standard we should hold our entrepreneurs to… especially those we point to as models for great design and great leadership.

The other thing that’s been bugging me is that Superhuman’s other co-founder, Vivek Sodera, has openly compared Superhuman to Apple. See this thread:

Notwithstanding the fact that I believe Google could extinguish Superhuman’s entire existence with the flip of an API access switch, it strains credulity to see how the decision to surreptitiously collect behavioral data on unsuspecting users is Apple-like at all. Vivek is talking here about whether they will license their data out in the future, but still… if you are going to say you are like Apple, then you should at least try and act like Apple. Do I think Apple would ever insert invisible tracking pixels into emails so senders could monitor the actions of recipients without their knowledge or permission? Not in a million years. Do you?

To test my assumptions about how Apple, and in particular Steve Jobs, might approach a problem like this, I asked the only person I know who has worked directly for Jobs, across several decades: Mike Slade. Mike is the founder of ESPN.com, the original product manager of Excel, and worked directly alongside Jobs at both NeXT and Apple. Here’s what Mike said to me:

“Steve was the most consumer-first person I’ve ever worked with. If he didn’t like what the consumer was going to experience, he changed it. This functionality would’ve definitely creeped him out and he would’ve never implemented something as creepy as this.” — Mike Slade

Sadly, we’ll never know for sure, but this makes sense. Jobs used to talk a lot about the importance of taste in product development. That is exactly the concept that is missing here.

You just raised $36m so you could build a product for the long term. You think tracking pixels in emails are even going to be around in a few years? Differentiate yourselves from your competitors by giving a shit about privacy. Think Different.

To show you how this might work, I’ve taken the liberty of redesigning your sales pitch for you. Here is how you currently describe Read Receipts on your front page:

Now here’s how it would look if you decided to take a stand on privacy and protect people from both tracking and being tracked:

I feel like I am doing an unusual amount of free work here. THIS is the sort of morality I want to see in enterprise software. It’s funny, one of the things people like to talk about is how the iPhone kicked off “the consumerization of enterprise software”. Meaning, because the iPhone set the bar so high for how consumers experience digital products, all enterprise software eventually rose to meet this bar. If we can now expect our enterprise apps to look and feel as nice as our consumer apps, why can’t we also expect them to behave as nice?

To harken back again to the tao of Steve: “Design is how it works.”

Alright, that’s all I have on the subject of Superhuman specifically. Take my advice or leave it. It’s your company.

A couple of more things before I go. One of the valid criticisms of my article from last week is that I didn’t call out any of the various other companies that enable email spying. This is fair. I frankly didn’t know about most of them, since I don’t use email tracking myself. For instance, I had heard of Mixmax but thought it was just an extension which let people book time on your calendar (it does this too). I am more than happy to name the names of every company who does this. From Rahul’s post, that looks like Mixmax, Yesware, Streak, Mailtrack, and HubSpot (whose founder is a Superhuman investor). There are probably others too. To all of you: what you are enabling is bad and you should feel bad about enabling it. None of you pitch yourself as a well-designed email client so you avoided attention in my first post, but isn’t there a way for you to operate your business without enabling your customers to spy on their customers? Mixmax, you have that useful calendar thing. Is that not enough? HubSpot, Streak, and Yesware, you offer a bunch of services that are unrelated to this. Mailtrack, welp… this seems like pretty much all you do from what I can tell.

Is this stuff even useful in a material way? If you send someone an email and they don’t respond, you can either let it go or reach out again. Does knowing whether someone read it really change what you’re going to do? On top of that, aren’t we already in a world where you’re getting false positives and false negatives from that data? If I have images off (which, for the love of god, everyone should at this point), you’re seeing that I haven’t read email, when maybe I have. If Gmail or something else is proxying my email images, you might be seeing that I have read email, when maybe I haven’t. The data may be “usually right” because most normals don’t pay attention to this stuff, but how can you be sure? You can’t. This seems like a case of very low value data being collected and distributed in a potentially very harmful way.

To wrap things up, I want to address the final issue brought up from the first article: what are the big three mail platforms (Apple, Microsoft, and Google) doing to protect us? The answer seems to be “some, but not enough”. All three allow users to disable images, but none make that a default. I could make the argument that email should be text-only by default, but I don’t think that’s realistic given the sorts of emails people subscribe to these days (real estate listings, deals of the day, etc). Accepting this, it seems like email providers should use the same sort of filtering they use to keep us safe from malware. If an email with a Mailtrack pixel comes in, for instance, strip it. You’d have to maintain a growing list of these things as they mutate across IP addresses, but it would send a strong signal to the industry that this sort of stuff is on the outs.

Google and possibly also Microsoft could also stop this stuff from the other side: disallow extensions which provide this functionality. You don’t have to kill most of these companies’ entire businesses. Just specifically disallow this behavior.

Because neither of these solutions stops companies from using large, visible, legit images in their emails to provide the same tracking abilities, the big three should also proxy and cache remote images in email whenever they can. I believe Google already does some sort of this, but it’s unclear to me exactly how obfuscatory it is. I don’t believe either Microsoft or Apple does any of this yet.

This is almost certainly a case of “if you think the solution is easy, you don’t understand the problem”, so I recognize there’s a lot of implementation complexity I’m missing here. I guess I would just like to see all of these companies do everything they can to protect the majority of the world, who — unless they were paying attention last week — still doesn’t know they are naked with their curtains open for all people using spyware pixels to see.

Perhaps if the big platforms aren’t able to sufficiently protect people, the last resort is the law. I’m not a COPPA or GDPR expert, but it seems crazy that collecting information via a website about someone under 13 without parental consent is illegal, but providing software that can automatically track that child’s movements when they open an email is not.

This whole thing may already be advancing through the legal system, as just a few days ago, the British Information Commissioner’s Office issued guidelines requiring consent and transparency for email tracking pixels. If ethics can’t keep companies from doing these sorts of things, maybe fines can.

It seems to me we’ve still got a lot of work to do here to keep people safe. Until that work is done, the best way to stay safe is to follow the same two pieces of advice from my previous article:

  1. Don’t use Superhuman yourself. They have not given a date for when they will protect you from other people’s tracking pixels and they have not shown a proper appreciation for privacy. Remember, when Superhuman says “you can turn it off”, that only means you can stop sending your own tracking pixels out.
  2. Turn off remote image loading in whatever email client you use. You may also want to consider using an always-on VPN to keep your location from ever being revealed.

Thank you for reading this. Stay safe out there.

21 comments on “Superhuman’s Superficial Privacy Fixes Do Not Prevent It From Spying on You”. Leave your own?
  1. Nate Heath says:

    You can literally do the same thing with a free Chrome extension and Gmail… not sure why Superhuman is the only one being focused on here for the technopanic.

  2. JV says:

    It seems to me that the writer has some grudge against SUPERHUMAN. I’ve worked for the last 15 years as a consultant in marketing automation and campaign management and I can assure you that every single email marketing platform out there does this. Whenever you receive and email, newsletter, delivery notification, password change confirmation or any email it comes with a tracking tag and is tracked and reported on.
    I’ve worked on projects where the client ran marketing campaigns to tens of millions of people in a single shot. The reports generated show opens rates (that’s the tag right there) bounce types (don’t try to fool the system the email bounced thinking you won’t receive more, it doesn’t work) click through rates and much much more. Even more, all of your tracking data is combined with other data sources such as purchase history, service requests, how you behave on the site, in some cases social media posts. All of this comes together to track you, to put you in segments and to personalise email content etc. If you want to pick a privacy and email tracking fight look at the big boys who produce email marketing platforms and not tiny little companies and their email clients.

  3. Brian Wright says:

    Unfortunately today the morals of society have sunk so low there are little or no ethics or morals in the digital world. People who would never think of shoplifting from a brick and mortar store, don’t hesitate to push a button and steal someone’s content/product online.

    What really strikes me is that the users(businesses) of superhuman and other offending email services would be the first to complain, take legal action if someone stole their property but they see no problem invading someone else’s privacy and stealing theirs. Only when they get caught do they apologize, but only for being caught.

  4. Jeff says:

    This is literally a core feature of Hubspot. Should you pick on them next, used by companies around the world.

  5. Ross Floate says:

    Well-made and cogent piece again, Mike. Thanks for, as you say, putting in the work.

  6. Ari says:

    How about the 1000lb ? Marketo, or Constant Contact? And, and and.

    It appears this has been going on for years both have millions of users but we are worried about startups?

  7. Alex says:

    THANK YOU for bringing this to light. Everyone deserves to know both which sites and services are spying on your email; and which founders, operators and investors permit (and shockingly, defend) these surveillance tactics to a billion unsuspecting people. Everyone.

    Like 99.999% of email users, had no clue about “read receipts.” Once I learned, the very phrase “read receipts” misled me, conjuring the well-known iMessage feature. If someone knows about Read Receipts at all, they understand it as a feature that the user manually opts-in to submit a visible piece of metadata of THEIR own time of reading to all communicating parties. It does not even reveal their own location or time and frequency of reading, and certainly not any information about the other party’s actions, unless of course they too opted-in. I’m highly technical, even in this area, but I’m not an internet marketer and don’t read tech blogs all day. How would I have known this is possible?

    Like more and more people I know, I was burned by “read receipts.” I was being secretly tracked by someone I was trying to avoid. Being ignored by me enraged him, and I, as he saw it, was a cold-hearted liar. He retaliated by smearing me. Not worth getting into, but I suffered real consequences. He is now a Superhuman customer, and tweeted praising Superhuman last week. I now see a pattern in those who do the same.

    Yes, I understand and am familiar with email consumer marketing services that provide companies who have 10,000+ email subscribers the ability to identify when I open an email. To them, I am an anonymous consumer in a sea of others, an abstraction. To this guy, the Superhuman customer, I was just me, a sitting duck. Who knows how many others are unsuspecting victims.

  8. DM says:

    Mike, maybe you can make a meme so people can visualize the false equivalence here. Two panels:
    MailChimp, HubSpot et al: A standard surveillance camera screwed to a wall 40 feet above the entrance to a sports arena, pointed down to record you… and the thousands upon thousands of blurry heads passing through each day.
    Superhuman, Streak et al: A completely invisible camera pointed directly into your bedroom window, placed there by your ex… who’s watching a private livestream on their phone.

  9. Mike too says:

    Thank you Mike for the reporting and thought you’ve put into this. I appreciate learning about it, and find it interesting. I’ve since turned off images on my phone.

  10. PatrickM says:

    This article (like Mike’s previous blog post) is misdirected.

    We can say that invisible gifs (or tracking any image in a email) are bad (and they very well may be). And the practice, that has been prevelent for at least 15+ years used by 100’s of products, should be regulated by the government. Or we should Ban HTML emails so that tracking email isn’t possible (I used Mutt as a email client for years, no images!). Or better educate the public on Email tracking and how to turn off images. These are all reasonable solutions that we can debate, and decide the best solution and act on it. All good.

    But I don’t understand the specific hate for SuperHuman. I have no connection to the company, I just don’t understand why they are exclusively the target for your privacy rage. If you are going to be angry, be angry with ALL the email clients, marketing platforms and Gmail extensions that track emails at some level. You’ll have no shortage of targets.

    When I read the title of these articles “Superhaman is Spying on you!” and the length and sensationalism within these posts, I can’t help but think that the author is looking for some attention (or traffic) for his blog.

    I think that asking the question — is “Email tracking bad” is a good question / debate to have. I don’t think, given these posts, that this is the best venue to do it in.

  11. JV says:

    This Mike guy worked for Twitter on the design of their site and native app. I’d bet at that point he was a big fan of UX analytics on the site and probably more invasive technology like session recording in the app. He and his team I suspect analysed the death out of all that personal engagement data in order to test their designs and how users engaged with the app.
    And now here he is going on, bashing a small start up for something that is basically industry standard and in no way unique.

  12. Mike D. says:

    Nate: That is explained in my first post here. It’s all bad, but building it into an email client and turning it on by default without explaining to users that they are spying on people unwittingly is the problem.

    JV: Nope, no grudge here. I probably even have quite a few friends amongst their investors, in fact. I do not care if they succeed wildly or fail spectacularly. I wouldn’t accept free shares in their company and I wouldn’t accept the ability to short it for free either. I just want to see respectful design practices. On your comment about Twitter, nope, for obvious reasons we were only able to study large datasets for aggregate info. We did opt-in user research, of course, but please check your assumptions.

    Brian: Yep. It’s a case of “my rights are more important than yours”. All too common today.

    Jeff: Yep, I mentioned them in this post. I haven’t looked more deeply at them though. They seem to do a bunch of things.

    Ross: Thanks buddy!

    Ari: Yep, there are definitely more companies to look at for sure. None of them pitch themselves as bastions of great design, but they exist.

    Alex: Yep, you are in the majority. Most people are just finding out about this stuff now. Even people in tech. Maybe everyone in ad tech has known for awhile, but it’s clear from the reaction to these two posts that a lot of people in tech are surprised.

    DM: Yep, not a bad analogy. People like to make these false equivalence arguments in order to dodge the real issues. Pretty easy to see through.

    Mike too: Awesome!

    PatrickM: All fair points. All of these companies deserve scrutiny. Superhuman is the only one, however, that is pitching itself as a company that cares deeply about design. Design is my beat, so that caught my eye.

  13. Jordan says:

    Mike, thank you for both these posts, they are well-argued and thought-provoking.

    You write: “you should not build software that surreptitiously collects data on people in a way that would surprise and frighten them.”

    The level of understanding people have on what data are collected about them by, well, probably every company on the planet, is extraordinarily low (I believe). Every company where I have worked, and every one that I know of, uses some combination of:
    * Read, Click, and Reply tracking, on both mass and individually-sent emails.
    * Session playback, where you can literally watch users watch your software, in nearly real-time.
    * Profile enrichment, where data are scraped from across the internet to create a detailed profile of potential and current customers.
    * Ad retargeting, where visitors are followed around on third-party sites and served ads for your product.
    * Predictive modeling, where user behavior is analyzed to predict likelihood of purchase and other behaviors.
    * Sentiment analysis, where customer/prospect messages are analyzed so you can better tailor your communication to be relevant/interesting to them.
    * Analytics, where user activity is tracked and aggregated.

    I feel like none of the software providers in these areas would meet the standard you are laying out. For what it’s worth–possibly nothing–I have only ever worked in SaaS, B2B software, and I do feel like the standards are and should be different for consumer products.

    Not using any of the above feels like unilateral disarmament, which would have been irresponsible to my team, my company, our investors, and our even our customers. There is no question that use of the above materially improved our product’s utility, and I believe my teams strived to use these products in a responsible way.

    Is tracking email opens any more pernicious than any of the other activities I list? If anything, it feels like a milder form of data collection than most, if not all.

    I thank you for shining a light on these issues and I’m hopeful our industry takes these ethical considerations around privacy more seriously in the future.

  14. Mike D. says:

    Jordan: Yep, there’s certainly a lot out there. I’m not sure I would put all of that in the “over the line” category though. Reasonable people can disagree where the line is, but I think it’s useful to at least think about it from the person on the other side’s point of view. Predicting likelihood of purchase, for instance? That seems in bounds to me. Aggregate analytics, same. I also think the expectations are a bit different when you are shopping around on an e-commerce site vs. just checking your email (of which a lot is personal). Good food for thought though… thanks!

  15. Devesh says:

    You are repeatedly asking Rahul to not go part way to honesty and go the full way. Then, why don’t you change the title of both of your posts to a variant of “Email tracking pixels are bad” instead of the sensationalized titles picking on Superhuman? If your argument is really about any email program that does it, that would be the right thing to do.

    Instead you pick on this startup and Rahul, as though they are pioneering spyware. It’s misleading. As you say yourself the majority of regular email users don’t know about this. They also don’t know that every sales outreach email they’ve ever received has tracking pixels on them (or effectively every one). But your titles and deep investigations of Rahuls past make it sound like he is somehow uniquely evil, spearheading this privacy jacking. Arguments back about “but look at this one line where I say I have nothing against him” don’t render this not true. People see headlines, tweets, and see the amount of focus spent on something and draw conclusions. Having one or two lines in what 8000 words? over two posts doesn’t mean the takeway for people isn’t “omg Superhuman is this super evil company who built their business in spying on email users”. That is what your posts make it seem and it isn’t true. The truth is simply: there are many email programs that have deployed tracking pixels for the purpose of red receipts for a long time and Mike thinks that’s bad design. Superhuman happens to be one of them as read receipts are one of many features it has.

  16. Mike D. says:

    Devesh: That is a fair criticism. The reason I spent more time on Superhuman in these pieces is that they are holding themselves up as a product that is better designed than their competition. Essentially “the best designed email app in the world”. When I hear companies (and plenty of their customers) holding themselves up to such a standard, my radar goes up. I want to go in and examine how true that is. In this case, I do not believe it to be true, because they are not thinking about privacy and ethics the way a well-designed product would. That said, let me just repeat one more time, because I know it can get lost in all of the words: my opinion is only related to this one issue. I have no reason to think Rahul is “uniquely evil” or evil at all for that matter. He’s probably a really nice guy. I just think this decision is irresponsible and not in the best interests of either his users, the people his users send emails to, or frankly even his company. Superhuman will eventually get rid of this stuff because of the law, backlash, or increasing unreliability of the data, but they have a chance to do it *proactively* right now and stand for privacy.

  17. EmailGeek says:

    I have been reading both these articles multiple times now, and was hesitant to reply at first. I work in Product at an email marketing company outside the US. I cannot speak for other businesses in the same field, but for us, the privacy question is a question we debate on almost daily.

    My point of view on the difference between Tools like Superhuman and email marketing or marketing automation tools is that when you apply GDPR, subscribers SUBSCRIBE to receive communication from you. Depending on the privacy policy of those users, you are told or can expect some form of tracking: “In order to provide you with relevant information, we track what you read and adjust the messages you’ll receive accordingly. If you want to consult or change the data we use for this, you can have a look at your profile page”.
    With SuperHuman, you are unknowingly tracking the reading behavior of your contacts and unlike email marketing, there is NO active way for them to opt out of this tracking.

    Like ALEX pointed out:
    “Yes, I understand and am familiar with email consumer marketing services that provide companies who have 10,000+ email subscribers the ability to identify when I open an email. To them, I am an anonymous consumer in a sea of others, an abstraction. To this guy, the Superhuman customer, I was just me, a sitting duck. Who knows how many others are unsuspecting victims.”

    It’s exactly that.

    GDPR creates the need for a very delicate balance: as a platform, we need to give our users the tools to create an email marketing strategy that is respectful towards their recipients and their data. But at the same time, we don’t own the data of our users: we don’t know what they’re doing with that data outside of our platform. And it’s their responsibility to live by the spirit of GDPR as well. Content and transparency is very important in that regard as well. Delicate balance that we need to weigh out every single day. I can only speak for ourselves and not other platforms in the market. We sometimes see competitors making “strange” privacy-related feature decisions in our eyes. You’re absolutely right when you say: “It seems twe’ve still got a lot of work to do here to keep people safe.”

    Thank you for your well-balanced articles on this topic. I hope you’ve given lots of people in SaaS companies food for thought.

  18. CuriousEmailer says:

    Just out of curiosity. What’s a great email client that protects its users from things like these tracking pixels?

  19. Terry says:

    Wouldn’t Superhuman’s tracking fail for users of Gmail or Outlook since both mail clients block images by default. Gmail even downloads images to a proxy and if you do load the images, they are loaded from Google and not from the sender. With Outlook, I suppose if the user opted to download the image for that email then they would be tracked, but they at least have an option, then.

  20. AM says:

    Thanks for these articles, I’m a bit late to the party but this sums up my recent rants at the ICO – the UK privacy data regulator. Their answers about being pixel spied on – they are working with suppliers of the software to switch off the tracking. I hold little hope that their rhetoric will match their actions.
    Myself and my great colleague, who maintains PHPMailer, have built an emailing platform driven by privacy, tracking off by default, respect for DNT, everything we can think of but trying to find organisations who really value privacy has been the challenge. No privacy – No democracy. Here’s hoping for a future with better regulation.

  21. Boho chic says:

    Thanks for, as you say, putting in the work.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe by Email

... or use RSS