My point of view on the difference between Tools like Superhuman and email marketing or marketing automation tools is that when you apply GDPR, subscribers SUBSCRIBE to receive communication from you. Depending on the privacy policy of those users, you are told or can expect some form of tracking: “In order to provide you with relevant information, we track what you read and adjust the messages you’ll receive accordingly. If you want to consult or change the data we use for this, you can have a look at your profile page”.
With SuperHuman, you are unknowingly tracking the reading behavior of your contacts and unlike email marketing, there is NO active way for them to opt out of this tracking.

Like ALEX pointed out:
“Yes, I understand and am familiar with email consumer marketing services that provide companies who have 10,000+ email subscribers the ability to identify when I open an email. To them, I am an anonymous consumer in a sea of others, an abstraction. To this guy, the Superhuman customer, I was just me, a sitting duck. Who knows how many others are unsuspecting victims.”

It’s exactly that.

GDPR creates the need for a very delicate balance: as a platform, we need to give our users the tools to create an email marketing strategy that is respectful towards their recipients and their data. But at the same time, we don’t own the data of our users: we don’t know what they’re doing with that data outside of our platform. And it’s their responsibility to live by the spirit of GDPR as well. Content and transparency is very important in that regard as well. Delicate balance that we need to weigh out every single day. I can only speak for ourselves and not other platforms in the market. We sometimes see competitors making “strange” privacy-related feature decisions in our eyes. You’re absolutely right when you say: “It seems twe’ve still got a lot of work to do here to keep people safe.”

Thank you for your well-balanced articles on this topic. I hope you’ve given lots of people in SaaS companies food for thought.

Instead you pick on this startup and Rahul, as though they are pioneering spyware. It’s misleading. As you say yourself the majority of regular email users don’t know about this. They also don’t know that every sales outreach email they’ve ever received has tracking pixels on them (or effectively every one). But your titles and deep investigations of Rahuls past make it sound like he is somehow uniquely evil, spearheading this privacy jacking. Arguments back about “but look at this one line where I say I have nothing against him” don’t render this not true. People see headlines, tweets, and see the amount of focus spent on something and draw conclusions. Having one or two lines in what 8000 words? over two posts doesn’t mean the takeway for people isn’t “omg Superhuman is this super evil company who built their business in spying on email users”. That is what your posts make it seem and it isn’t true. The truth is simply: there are many email programs that have deployed tracking pixels for the purpose of red receipts for a long time and Mike thinks that’s bad design. Superhuman happens to be one of them as read receipts are one of many features it has.

You write: “you should not build software that surreptitiously collects data on people in a way that would surprise and frighten them.”

The level of understanding people have on what data are collected about them by, well, probably every company on the planet, is extraordinarily low (I believe). Every company where I have worked, and every one that I know of, uses some combination of:
* Read, Click, and Reply tracking, on both mass and individually-sent emails.
* Session playback, where you can literally watch users watch your software, in nearly real-time.
* Profile enrichment, where data are scraped from across the internet to create a detailed profile of potential and current customers.
* Ad retargeting, where visitors are followed around on third-party sites and served ads for your product.
* Predictive modeling, where user behavior is analyzed to predict likelihood of purchase and other behaviors.
* Sentiment analysis, where customer/prospect messages are analyzed so you can better tailor your communication to be relevant/interesting to them.
* Analytics, where user activity is tracked and aggregated.

I feel like none of the software providers in these areas would meet the standard you are laying out. For what it’s worth–possibly nothing–I have only ever worked in SaaS, B2B software, and I do feel like the standards are and should be different for consumer products.

Not using any of the above feels like unilateral disarmament, which would have been irresponsible to my team, my company, our investors, and our even our customers. There is no question that use of the above materially improved our product’s utility, and I believe my teams strived to use these products in a responsible way.

Is tracking email opens any more pernicious than any of the other activities I list? If anything, it feels like a milder form of data collection than most, if not all.

I thank you for shining a light on these issues and I’m hopeful our industry takes these ethical considerations around privacy more seriously in the future.

JV: Nope, no grudge here. I probably even have quite a few friends amongst their investors, in fact. I do not care if they succeed wildly or fail spectacularly. I wouldn’t accept free shares in their company and I wouldn’t accept the ability to short it for free either. I just want to see respectful design practices. On your comment about Twitter, nope, for obvious reasons we were only able to study large datasets for aggregate info. We did opt-in user research, of course, but please check your assumptions.

Brian: Yep. It’s a case of “my rights are more important than yours”. All too common today.

Jeff: Yep, I mentioned them in this post. I haven’t looked more deeply at them though. They seem to do a bunch of things.

Ross: Thanks buddy!

Ari: Yep, there are definitely more companies to look at for sure. None of them pitch themselves as bastions of great design, but they exist.

Alex: Yep, you are in the majority. Most people are just finding out about this stuff now. Even people in tech. Maybe everyone in ad tech has known for awhile, but it’s clear from the reaction to these two posts that a lot of people in tech are surprised.

DM: Yep, not a bad analogy. People like to make these false equivalence arguments in order to dodge the real issues. Pretty easy to see through.

Mike too: Awesome!

PatrickM: All fair points. All of these companies deserve scrutiny. Superhuman is the only one, however, that is pitching itself as a company that cares deeply about design. Design is my beat, so that caught my eye.

We can say that invisible gifs (or tracking any image in a email) are bad (and they very well may be). And the practice, that has been prevelent for at least 15+ years used by 100’s of products, should be regulated by the government. Or we should Ban HTML emails so that tracking email isn’t possible (I used Mutt as a email client for years, no images!). Or better educate the public on Email tracking and how to turn off images. These are all reasonable solutions that we can debate, and decide the best solution and act on it. All good.

But I don’t understand the specific hate for SuperHuman. I have no connection to the company, I just don’t understand why they are exclusively the target for your privacy rage. If you are going to be angry, be angry with ALL the email clients, marketing platforms and Gmail extensions that track emails at some level. You’ll have no shortage of targets.

When I read the title of these articles “Superhaman is Spying on you!” and the length and sensationalism within these posts, I can’t help but think that the author is looking for some attention (or traffic) for his blog.

I think that asking the question — is “Email tracking bad” is a good question / debate to have. I don’t think, given these posts, that this is the best venue to do it in.

Like 99.999% of email users, had no clue about “read receipts.” Once I learned, the very phrase “read receipts” misled me, conjuring the well-known iMessage feature. If someone knows about Read Receipts at all, they understand it as a feature that the user manually opts-in to submit a visible piece of metadata of THEIR own time of reading to all communicating parties. It does not even reveal their own location or time and frequency of reading, and certainly not any information about the other party’s actions, unless of course they too opted-in. I’m highly technical, even in this area, but I’m not an internet marketer and don’t read tech blogs all day. How would I have known this is possible?

Like more and more people I know, I was burned by “read receipts.” I was being secretly tracked by someone I was trying to avoid. Being ignored by me enraged him, and I, as he saw it, was a cold-hearted liar. He retaliated by smearing me. Not worth getting into, but I suffered real consequences. He is now a Superhuman customer, and tweeted praising Superhuman last week. I now see a pattern in those who do the same.

Yes, I understand and am familiar with email consumer marketing services that provide companies who have 10,000+ email subscribers the ability to identify when I open an email. To them, I am an anonymous consumer in a sea of others, an abstraction. To this guy, the Superhuman customer, I was just me, a sitting duck. Who knows how many others are unsuspecting victims.