The popular email startup Superhuman landed in hot water after it was discovered that the company was using tracking pixels to let users know when and where recipients opened their emails.
The invite-only service, which charges users $30 per month, received widespread attention for its promise of being “the fastest email experience ever made.” Superhuman offers everything from an “Undo Send” option to an “A.I. Triage” feature to automatically sort users’ most important emails.
One of the features, however, has raised eyebrows among privacy advocates. Specifically, Superhuman’s use of tracking pixels is drawing criticism from some of the biggest names in the tech industry.
Tracking pixels are near-invisible images embedded in emails and many websites that record everything from your IP address to the type of device you are using.
In a blog post written late last month, Mike Davidson, Twitter’s former vice president of design, warned that Superhuman was using tracking pixels by default. Those tracking pixels, which enable Superhuman’s “read status” feature, would not only let an email sender know every time a recipient opened their message, but reveal their computer’s location as well.
Superhuman is an email surveillance app that encourages its users to spy on friends and co-workers without their consent. Why the ethics of this matter and what it says about Superhuman as a company. New post on Mike Industries: https://t.co/97LPwhWI7Z— Mike Davidson (@mikeindustries) July 2, 2019
“That’s right. A running log of every single time you have opened my email, including your location when you opened it,” Davidson wrote. “Before we continue, ask yourself if you expect this information to be collected on you and relayed back to your parent, your child, your spouse, your co-worker, a salesperson, an ex, a random stranger, or a stalker every time you read an email.”
Since Davidson tweeted about the issue last week, news of the tracking issue quickly spread and prompted Superhuman CEO Rahul Vohra to respond. In a blog post, Superhuman vowed to not only stop logging location information, but to delete all the historical location data it had collected. Vohra also stated Superhuman would make the read status feature disabled by default.
“I am so very sorry for this,” Vohra wrote. “When we built Superhuman, we focused only on the needs of our customers. We did not consider potential bad actors. I wholeheartedly apologize for not thinking through this more fully.”
While Superhuman’s response seemed like a win for privacy, Davidson argued on Monday that the changes aren’t enough.
Superhuman is STILL spying on you, even after its “fixes”. Why last week’s Superficial changes are not something to celebrate, and why we should expect better. New post on Mike Industries. 🔦 https://t.co/CJQTxAtNOl— Mike Davidson (@mikeindustries) July 8, 2019
Davidson notes that those who choose to enable the read status feature will still violate the privacy of email recipients because anyone receiving an email from a Superhuman user won’t be informed that the email contains a tracking pixel.
“At the very least, Superhuman should display a message when you flip that switch saying something like ‘by turning on Read Receipts, you are monitoring your recipients’ actions without their knowledge or permission. Are you sure you want to do this?'” Davidson suggests.
Vohra defended the decision to keep the read status feature by arguing that it has become a “must-have” for email businesses.
“We are still keeping the feature, as Superhuman is business software for email power users,” Vohra said. “In the prosumer email market, read statuses have been ‘must-have’ for many years.”
So what option do privacy-conscious users have? For starters, those who are using something like Superhuman and take issue with these practices should stop. For those who are worried about being the recipient of emails that use this type of tracking, encrypted email service ProtonMail automatically blocks all remote content and trackers in emails sent to its users. Those who check their email in a web browser can also download add-ons such as PixelBlock and Ugly Email to block trackers.
- New Dems aren’t much better at email security than the previous ones, report finds
- Can you spot an email from a hacker?
- What you need to know about the data breach involving 773 email addresses
Got five minutes? We’d love to hear from you. Help shape our journalism and be entered to win an Amazon gift card by filling out our 2019 reader survey.