
Superhuman: Read Statuses - DVassallo
https://blog.superhuman.com/read-statuses-bdf0cc34b6a5
======
dkhenry
No one who is outraged by this didn't know this was going on with almost every
email tool out there. I don't understand how this manufactured outrage gets
hyped, when literally every email tool in existence does this as standard
practice. Every marketing email you get from a brand has this tracking. Every
customer support email has this tracking. Every feedback form has this
tracking. Every receipt for every purchase has this tracking. Every signup
form for your kids friends birthday parties has this tracking. Every single
pull request notification you get from GitHub has this kind of tracking. Go to
your inbox right now pick any email message and view the source. You will most
likely find a 1px by 1px tracking pixel.

I imagine anyone who works at any company that uses any kind of digital tool
uses this exact same method to track people, so why the outrage here. Go tell
your marketing departments to turn off email tracking in Salesforce, or to
stop the marketing team from running campaigns with tracking in them.

~~~
danShumway
Story time! Recently, I've been thinking back to when lack of SSL was a huge,
widespread problem on the Internet. This was back in the mid 2009-2010's, and
at that point, one company in particular was lagging: Facebook.

So some random person made a browser extension that automatically collected
the login credentials of everyone who opened Facebook on whatever public
network you were connected to.[0] Then they publicly released it for free.
Ironically, the very first comment in the article I link here is, "Okay, it's
evil, but how is this news?"

But the Firesheep plugin was a really big influencing factor in forcing not
just Facebook, but a number of companies to switch their entire sites to
HTTPS.

The point I'm trying to make is not that you should go out and blow up the
world to make a statement -- it's that it's possible for there to be a problem
that's trivial to exploit, and that is regularly exploited by criminals and
businesses, and that is widely known to be exploitable, and for some reason
people will still ignore it.

But if it's personal, if your next-door neighbor or your weird coworker can
suddenly start doing it, then something clicks and people realize, "Oh, this
is actually a real problem."

There's no technical difference between what Superhuman was doing and what
every other marketer is still doing, but people are weird about what exactly
they're willing to care about, and if the Superhuman controversy can be used
to direct some of that anger towards structural, useful goals, then is that
really a problem?

I understand that sometimes the specific triggers that make people care are
stupid, but my response to that is never to ask people to care less. It's
already hard enough to make people care about things.

[0]: [https://lifehacker.com/firesheep-sniffs-out-facebook-and-
oth...](https://lifehacker.com/firesheep-sniffs-out-facebook-and-other-user-
credential-5672313)

~~~
stevenjohns
> But if it's personal, if your next-door neighbor or your weird coworker can
> suddenly start doing it, then something clicks and people realize, "Oh, this
> is actually a real problem."

What is "it"? Knowing I read an email they sent me? That's not what criminals
and businesses are doing; criminals and businesses build extensive
personalised profiles of who you are, what you like, what times you're active,
where you go, who your friends, family and coworkers are and what your
personal trigger points are all for the goal of exploiting you. They use email
tracking as a single metric among dozens of others, and the way they evaluate
the metric is completely different to how an individual would evaluate it.
That data is usually then sold to other groups that do the same thing.

How is that anywhere even close to an individual with email read receipts?

I don't think anyone would say "this is actually a real problem" besides
people manufacturing a problem out of nothing. I'm also willing to bet that
99.9% of the people that are outraged are totally willing to establish, work
for, or implement an extensive user tracking system for a company that
actually acts on malicious grounds (such as monitoring users or for the
objectives of making sales).

This includes you - by the way - a quick look through your resume shows that
every single company you've worked for _heavily_ participates in tracking and
the first personal website of yours I accessed at reset-hard.com includes
Google tracking which is dozens of times worse than a "weird coworker" knowing
you read an email they sent. This is literally contributing to a global
database of user tracking which we _know_ is used for malicious purposes.

> I understand that sometimes the specific triggers that make people care are
> stupid, but my response to that is never to ask people to care less. It's
> already hard enough to make people care about things.

When people care about the wrong things is when we end up with homosexuality
being criminalized, prohibition or terrorist groups. So hopefully in this case
- just like many others - people would focus their energy into things that
actually matter. And personal email tracking is not one of them - and will
never be.

~~~
danShumway
We could break down each of your personal accusations: some of them are fair
and some of them aren't. But you don't really care about any of that. You're
not trying to make a point here beyond, "you're hypocritical and therefore
your obsession over privacy is unimportant."

The only thing worth saying on that topic is that it matters very little what
you (or anyone else) thinks of me, whether it be good or bad. I don't even
judge myself that way; I only care about trying to be better tomorrow than I
am today. Anything else is a waste of time. And certainly, my response when I
encounter hypocrisy is to try and fix the hypocrisy. Not to throw up my hands
and say, "well, I guess none of it matters then."

The above out of the way, I want to try and engage with the deeper argument
you're making in good faith.

What you're missing here is that all of the business tracking and personalized
profiles you bring up as the real problem are using the exact same technology
as these read receipts. The point is not that read receipts are the worst
thing in the world (although I think they're unhealthy and they show a lack of
respect for the person you're communicating with). The point is that they
illustrate the broader pattern of tracking in a form that regular people
understand and emotionally connect with. That's a good thing.

The other thing you're missing when you talk about criminalizing homosexuality
and prohibition is that pervasive tracking is a tool that allows powerful
people to oppress less powerful people. Pervasive tracking outs people's
sexual preferences, it allows companies to illegally target individuals based
on protected characteristics, to advertise to people at their most vulnerable
moments, and to exclude them from opportunities that they would otherwise
have. Far from being a nothing issue, privacy is fundamentally tied to
people's ability to express themselves without fear and to hide from
companies, governments, and even individuals that want to harm them.

Fixing personal email tracking has a pleasant side effect of also fixing the
tracking that happens in both phishing and corporate emails as well. Like you
quoted:

> I understand that sometimes the specific triggers that make people care are
> stupid, but my response to that is never to ask people to care less. It's
> already hard enough to make people care about things.

Yes, sometimes people can be encouraged to care about things that are actually
unimportant, or even outright wrong. But privacy isn't unimportant; privacy is
an essential tool to help protect individuals and marginalized groups from
mobs, governments, companies, and individuals that don't have their best
interests in mind.

~~~
stevenjohns
My point is that this is manufactured outrage from people who don't actually
care. They're just caring because it is today's flavor of the day. There are
real steps people can take to support user privacy but they don't do them.
People happily and voluntarily engage in objectively worse conduct for privacy
day-to-day. This includes myself too -- my employer had me add not one but two
separate tracking scripts on my company's homepage. I "care" about privacy yet
here I am participating in stripping it away from people.

> using the exact same technology as these read receipts

What technology people use doesn't matter, what matters is how they use it. If
I were to implement a system that tracked actions users do in a way that was
ethical and completely not personally identifiable, then it doesn't matter -
there is no problem, regardless of what technology is used to do it.

> Fixing personal email tracking has a pleasant side effect of also fixing the
> tracking that happens in both phishing and corporate emails as well

I don't think so. At all. This is like banning plastic straws to save the
planet.

It is mutating what is basically a porch security camera into a discussion on
oppressive government surveillance. The two are not the same. Personal email
read receipts have almost no bearing on privacy at all. This is perhaps the
point that is being missed by most people.

~~~
danShumway
So, there is a part to this argument I agree with -- which is that getting mad
exclusively at _Superhuman_ ultimately accomplishes very, very little. Because
you're right, this is absolutely everywhere, and literally every non-personal
email you get has these same trackers.

My hope with this whole controversy of the week is that it leads people to
disable loading remote images by default, and it leads email providers to
change their default settings. I don't want to see people riled up just for
angers sake -- I want to see that anger directed towards making changes that
help with the entire spectrum of email pixel trackers.

This is where I think we disagree:

> _What technology people use doesn 't matter, what matters is how they use
> it._

You make a good point that Superhuman isn't doing anything unique, and you
make an (arguable) point that what Superhuman is doing isn't even that bad on
its own terms.

But if you have to trust companies or 3rd parties to be responsible with a
technology, you're still leaving yourself open to less ethical attackers. The
safest fix is to get users onto platforms where _no one_ can track them, even
if those trackers are deployed in responsible ways.

Think of it this way -- you make a completely reasonable assertion that
including Google Analytics on a web page is a personal violation of
privacy[0]. When I get around to removing Analytics from Loop Thesis, that
will be an improvement. But I'm not under the illusion that doing so will
affect anyone other than my visitors on my site.

There are two steps to this process. One is to be personally responsible about
what we do. The other (equally important) step is to empower users such that
they don't need to rely on us being responsible -- by encouraging them to
install ad blockers, by building browsers that resist fingerprinting, and so
on. I want to respect people's privacy, but more than that, I want them to be
private _regardless_ of whether or not I'm trustworthy.

Encouraging products like Gmail or Fastmail to block images by default is not
the biggest step in the world -- it certainly doesn't fix everything. But it
is a step, and it makes things slightly better. There is no short checklist to
fix omnipresent surveillance; it's a long, arduous road where we hope that
things gradually get better over time. The outrage over Superhuman will be
beneficial if it encourages some people to change a setting in their email
clients that they didn't know existed.

[0]:
[https://gitlab.com/danShumway/site/commit/c294dc81ae330ec432...](https://gitlab.com/danShumway/site/commit/c294dc81ae330ec432133252b3b2c489e0fc9da9)

------
danShumway
Put me in the camp that this is not out of the ordinary for what most
marketing emails are already doing. Also put me in the camp that it's
unacceptable.

My takeaway is that Superhuman is a scuzzy company that I want nothing to do
with, but my takeaway is also that Superhuman backing down doesn't really
solve the problem. Everybody does this -- and I don't care if Superhuman is
worse than everyone else, _none of it_ is acceptable.

An immediate partial solution is for us to push very hard for email providers
not to load remote images by default, and (better) for image providers to load
remote images one-by-one, rather than in a single batch (which would make it
less likely that a user will accidentally turn the tracking pixel on with a
single click). An email provider loading images by default should be derided
the same way that loading a blog post over HTTP currently is. Have good
defaults that protect your users. There should be a swath of email providers
on Twitter right now reassuring their customers that tracking pixels won't get
loaded by default in their clients.

If you're upset about this, I don't want you to be less upset. But I want you
to think about being _also_ upset about stuff like Amp for email, which will
make it even easier for companies to pull this crap. I want you to _also_ be
upset about email providers that don't turn off images by default, or that
don't do any background caching to obscure IP addresses.

There's a large number of obvious improvements to make in this area, and a lot
of discussion to be had about non-obvious improvements. If people are only mad
at Superhuman, then the overall machine will continue as normal, and all that
anger won't actually accomplish much in the long term.

Superhuman is calling this a critical feature, so they're not getting rid of
read receipts. My perspective is that their business model is built on a
technology that _shouldn 't_ work. They're speculating whether there could
possibly be a technology to support consent. I couldn't care less about
theoretical consent technologies, I want their entire business model to stop
existing.

~~~
danShumway
Just to follow up on this, I currently use Fastmail for email. I like
Fastmail, a lot.

But why doesn't Fastmail block remote images by default? Yes, they have a
setting, but why isn't it turned on for new accounts? If I tell my parents to
sign up for Fastmail, I don't want to have to worry about whether or not their
default settings are safe.

~~~
troydavis
FastMail does block (well, decline to load) remote images by default:
[https://www.fastmail.com/help/receive/remotecontent.html](https://www.fastmail.com/help/receive/remotecontent.html)

If you aren't using FastMail's webmail, it's your email reader's
responsibility. FastMail quite reasonably doesn't rewrite email content.

~~~
bigiain
gmail does this too.

(which just means you've chose to leak your privacy to Google instead of
Superhuman...)

~~~
danShumway
I'm not a fan of Google, but to me leaking your privacy to a mail provider you
chose to sign up for belongs to a different privacy category.

It's very good that Gmail proxies images, it's one of the few features that I
wish everyone else would copy. Now, on the other side of that, unless their
policy has changed since the last time I checked, Gmail still loads images by
default and it doesn't cache them, it only proxies them.

So it's good that Gmail obscures your IP address, it's bad that Gmail still
loads images from remote servers by default when you open a message, and it's
bad that it will reload them every time you open it in a new
client/environment instead of serving them from a Google cache.

Read receipts do work in Gmail, and Google should be shamed for that. I didn't
call out Gmail in particular because I don't think Google cares about privacy
enough to change anything. I'm hopeful smaller companies like Fastmail might.

~~~
kbenson
> Read receipts do work in Gmail, and Google should be shamed for that.

Work how? There's a responsible way to handle read receipts (where the client
notifies you the remote side would like a read receipt, and offers the choice
to send it), and if it's done in that manner, I'm not sure why they should
need to be shamed.

I'm not sure what Gmail does, but I see stuff when searching about how to
configure it for G Suite accounts to always/never/selectively respond, and
about how to disable Gmail's _nagging_ about it, so I'm not sure the current
status.

~~~
danShumway
> unless their policy has changed since the last time I checked, Gmail still
> loads images by default and it doesn't cache them, it only proxies them.

That's a read receipt, in practice if not in name. I put a unique tracking
pixel in the email, and when you open the email by default Google proxies it
from my server. It's uncached, so unless the browser itself decides not to re-
fetch it, I'll also know whenever you reopen the email.

Google also allows you to request a read receipt the responsible, official way
that you're thinking of, but why would I ever use that feature when I can just
give you a tracking pixel instead? The responsible read receipts require
consent, and tracking pixels don't.

Again, I haven't checked Gmail's default settings in... probably years. So
maybe this has changed, and it doesn't load images by default anymore. But any
client that loads images by default has non-consensual read receipts, and they
should be shamed for that.

~~~
kbenson
> Google also allows you to request a read receipt the responsible, official
> way that you're thinking of, but why would I ever use that feature when I
> can just give you a tracking pixel instead? The responsible read receipts
> require consent, and tracking pixels don't.

Read receipts (as opposed to email tracking through images, let's not overload
terms here) have the benefit that they might be returned by clients that don't
load images by default. That's probably a relatively small portion of clients,
but it is only one setting change away on Gmail.

> Again, I haven't checked Gmail's default settings in... probably years. So
> maybe this has changed, and it doesn't load images by default anymore. But
> any client that loads images by default has non-consensual read receipts,
> and they should be shamed for that.

A client that loads images by default does what 99% of people desire. That
Gmail does so in a safer way than many others is a good thing, and maybe
_shame_ is a strong word for transparently making people's default behavior
slightly safer while doing what they want (showing emails as they were
visually intended and looking nice).

------
ocdtrekkie
Honestly: This was... pretty fast, the response is not just a statement of
belief, but a clear list of changes they intend to implement quickly, and I
really have no major complaints about how they've handled this.

If someone wants to use tracking pixels, they'll find software that does it,
so I'm really okay with them keeping the feature in... with the removed
location information. (I am going to block it anyways, let's be honest.) And
most importantly, they recognized the power of defaults for setting how people
tend to behave. Making the feature non-default will crater it's use percentage
across their customer base.

~~~
bigiain
> the response is not just a statement of belief, but a clear list of changes
> they intend to implement

Sure. But it's also an indication of what their team thought "this is fine!"
about, before an internet shitstorm rained down upon them.

In my mind they're always to be suspected of being either naive or actively
evil in their use of personal data.

Anybody who launches "a powerful business tool", and then later tells us "We
did not consider potential bad actors. I wholeheartedly apologize for not
thinking through this more fully." is not someone I'd want running _my_
business tools. I'm now wondering if they considered "bad actors" finding
their open MongoDB databases on Shodan? Or their public S3 buckets with their
backups? Or their production API keys and secrets in their pubic GitHub code?
Or all those other mistakes that everybody goes "but nobody except idiots
would do that!" and yet we read about it multiple times per week anyway...

Maybe these guys have a great Email tool. I strongly doubt they have an
entrenched culture of "considering bad actors" and appropriately investing
effort and securing all the non customer facing infrastructure...

~~~
ocdtrekkie
To be honest, I would suspect a large percentage of tech startups had failed
to consider bad actors until the last year or two.

Don't get me wrong, it's not perfect, but I've seen far too many companies
respond to controversy with how they care and will think about how to make
things better, while not making any significant changes at all. This is a big
step above that.

------
harryh
_" Recipients of emails cannot opt out....I would love to find better
technology to solve this problem."_

How about...put a notification of tracking in emails that contain it rather
than making it invisible and then include an opt out link? That seems....not
hard.

~~~
ljm
It doesn’t seem to me like a problem worth solving. What’s so bad about
sending an email and trusting that the recipient will get around to it? Send a
follow up email if you need to. Or use old-fashioned read receipts (which
depend on the recipient to enable them).

Tech shouldn’t really be creepy by default, nor should it really establish
needy/clingy behaviour, which is what I think non-consensual read tracking
tends towards.

I mean, personally, I would consider it a significant invasion of my privacy
if anyone who sent me an email knew when I opened it and, roughly, where,
without me knowing.

The problem with the internet and tech companies now is that there is an
established pattern of you being able to consent on behalf of other people
purely by virtue of giving access to your contact list, or using a certain
mail client. You are giving away their data, not your own.

~~~
enraged_camel
Meh. I'll risk the downvotes and say that I fully support tracking pixels in
emails.

One of the reasons I use WhatsApp heavily is the read statuses. A single
checkmark underneath the message means it was sent. Two checkmarks mean it was
delivered. When the checkmarks turn blue, it means the recipient read the
message.

I love, _love_ this feature. If I could wave a wand and instantaneously make
it standard for ALL methods of communication, I would do it in a heartbeat.

~~~
orangecat
Conversely, I would gladly push a button to make such tracking technically
impossible. The idea that sending me an unsolicited message entitles you to
any information about my activity is absurd.

~~~
enraged_camel
> _The idea that sending me an unsolicited message entitles you to any
> information about my activity is absurd._

What about for solicited messages? Just curious.

~~~
ljm
I think read receipts solved this problem already. If you want someone to know
when you open their messages, enable it. Disable it and they don’t find out.
If you want to improve that setup, enable read receipts for a whitelist of
contacts. People who you do want to notify when you open their message.

I think a mistake was made when some messaging apps turned it into an opt-out
and also made it punitive, in that opting out would mean that other people’s
read receipts would be disabled.

I don’t think it would be so bad if every single data point wasn’t hoovered up
and sold to third parties. They’re probably using this read status feature to
measure engagement and decide how to target more ads. They can infer a lot:
who you respond to quickly, who you don’t... who is intimate and who is an
acquaintance. Who is important, who isn’t.

------
minimaxir
Discussion yesterday of controversy:
[https://news.ycombinator.com/item?id=20336762](https://news.ycombinator.com/item?id=20336762)

Highly visible blog posts are indeed the best way of effecting change,
although the investors who were criticizing the original article now look very
silly.

~~~
lanrh1836
Yes, not even a few hours ago a VC at Founders Fund tweeted “...there's a
strong correlation between the people outraged by privacy and the people that
I think are dumbasses in the valley.”

Source:
[https://twitter.com/zebulgar/status/1146430814374117376?s=21](https://twitter.com/zebulgar/status/1146430814374117376?s=21)

~~~
hadsed
Amazing to find a VC who not only isn't concerned but actively derides
concerns around privacy. Maybe he has a terrible personal opinion (in my
opinion), but this seems like a poor perspective from someone who should be
worrying about existential threats to companies. Someone should tell the US
Senate that "capitalism baby" is an appropriate response to privacy
violations!

------
wmab
I don't think Superhuman should have caved to this criticism as quickly as
they did. Good that they kept the feature, albeit dumbed down. People pay for
a power user email client because it's exactly that - a power user tool, which
should be fully featured. If you remove read receipts then there are a whole
host of other email clients that will gladly give you that feature (bye-bye
revenue). Is someone going to write a Medium post calling out each of these
companies too? There is also a bunch of companies that aren't primarily email
clients - like CRMs (Pipedrive etc) that offer this feature out the box, as
it's exceptionally useful for sales teams.

If there really was such mass hysteria regarding read receipts in emails
(WhatsApp has it by default too?) then it should be your email provider that
should be leaned on to secure their system. Google has known for a very long
time about this, and has changed the loading of images to stop location
tracking, presumably the only thing they actually think is controversial with
read receipts.

~~~
Spooky23
Read receipts for email are the worst. Groupwise shops used to often have an
awful culture about waiting on/complaining about when mail was opened.

------
lanrh1836
Now the CEO is getting praised on Twitter but this doesn’t address the main
complaint which is the read status itself. Yes, location made it worse, but
that data was mostly bunk anyway because Gmail (and probably others) will show
the location of the Gmail server and not the user themselves.

~~~
kasey_junk
It does address it. He specifically says that it is table stakes for his
software and that they are leaving it in. You may not like that but it is
addressed.

Personally I like that response, though I think they have legal problems in
some jurisdictions. They didn’t try to weasel word their way out.

------
kareemm
It's remarkable that he was able to quantify the demand for his feature: "at
the time of writing only 32 out of 26,000+ requests [was for turning off Read
Receipts]".

There's a lot of Superhuman skepticism in the comments, but their CEO owned
the decision and responded quickly. If you assume good intent, it's remarkable
in its comprehensiveness, transparency, and speed.

If you don't, well, you probably wouldn't be satisfied by anything other than
ripping the feature out. Which wouldn't make sense for the business given the
demand from its primary customer segment.

~~~
vageli
> It's remarkable that he was able to quantify the demand for his feature: "at
> the time of writing only 32 out of 26,000+ requests [was for turning off
> Read Receipts]".

A company managing customer feature requests is suddenly remarkable? For a
tool aimed at professionals? I would take that as par for the course.

~~~
kareemm
It's remarkable to track 26k requests. That's non-trivial. Especially with the
ability to drill down to a single feature request.

I know this is non-trivial because I run a business that helps product teams
do this. I talk to PMs at companies you've heard of and probably use that
struggle with this.

~~~
gnicholas
I don't know what tool they use to get user feedback, but it would be trivial
for me to find out how many user requests we've gotten for a feature like read
receipts: just do a search for "read receipts" in our contact email inbox.
Might it miss some requests that didn't have the exact phrase? Yes, but it's
in the CEO's interest to have a count that is very low, since he's trying to
say that their users haven't asked about this much.

So it might be hard to get an exact count of how many people asked for some
feature (particularly if it doesn't have an agreed-upon name, like "read
receipts", but if you're just looking for one phrase and don't mind erring on
the low side, this should be a pretty easy exercise.

~~~
kareemm
Or on the high side: “read receipts are awesome!”

I think my broader point stands: given their 26k requests (which you can’t
figure out using your method) it’s impressive to know that N of them are for Y
feature.

------
nexuist
"I am so very sorry for this. When we built Superhuman, we focused only on the
needs of our customers. We did not consider potential bad actors. I
wholeheartedly apologize for not thinking through this more fully."

Rare to hear such honesty from a CEO. I don't think I've ever seen a corporate
leader admit they didn't consider product security. Concerning? Maybe - but I
think it's miles better than the usual "we value your privacy and use industry
standard blah blah blah.." canned spiel everyone gets in their inbox after a
breach goes public.

~~~
vageli
> "I am so very sorry for this. When we built Superhuman, we focused only on
> the needs of our customers. We did not consider potential bad actors. I
> wholeheartedly apologize for not thinking through this more fully."

> Rare to hear such honesty from a CEO. I don't think I've ever seen a
> corporate leader admit they didn't consider product security. Concerning?
> Maybe - but I think it's miles better than the usual "we value your privacy
> and use industry standard blah blah blah.." canned spiel everyone gets in
> their inbox after a breach goes public.

A company that has access to your email did not consider bad actors, and that
is a "maybe" of a concern for you?

~~~
nexuist
Perhaps I should have included the full context:

"1\. Location data could theoretically be used nefariously

This criticism is the most severe. Upon reading the commentary, I have come to
understand that there are indeed nightmare scenarios involving location
tracking. I should note that we deliberately do not show cities — we only show
states or countries — but a determined attacker could still misuse this
information.

 _I am so very sorry for this. When we built Superhuman, we focused only on
the needs of our customers. We did not consider potential bad actors. I
wholeheartedly apologize for not thinking through this more fully._ "

This isn't a case of them having invalid SSL certs or improperly validating
data sent to an endpoint. This is them building a feature that could have been
used in bad ways and not realizing it. To that end, I am not very concerned
about product security in this instance, because I have no reason to not trust
their honesty.

------
Dwolb
Super on brand response: personal, quick, and well thought-out. Kudos to the
team for their ability to handle a crisis.

On the topic of read receipts, I'm glad this is opening up a broader
discussion about (pretty common) industry practices that track individual user
activity across the web. IMO this will be a whole set of behaviors that will
be viewed as having been on the wrong side of history:

We'll look back in 50 years and wonder why we would have ever legally let so
much invasive tracking technology into our lives (we didn't know! but everyone
was doing it!).

------
hashkb
It's tracking without consent, plain and simple. Forcing users to choose
between HTML email and being tracked is nefarious. Users by default do not
assume they're being tracked. Just like unsub, highly visible opt out of
tracking should be the law. Morally there's no question.

------
voidmain
The technical solution to tracking pixels isn't to disable remote image
loading, it's to load all remote images when receiving the mail over smtp, and
embed them in the mail. That way the sender gains no information whatsoever
that they didn't already get from the smtp exchange.

------
shafyy
Can't believe the amount of jabronis here saying "what is the big fuss,
everyone tracks everything anyways".

Companies (and individuals) should act ethical and in good faith, regardless
of what others do. So, if you have a chance to improve something, you should
do it. Make a superior product that also doesn't track users without explicit
content. Superhuman definitely acted the right way with this decision.

------
Rainymood
Some food for thought: Imagine how crazy it would be if we would have these
tracking devices on _real life physical mails_ , you'd get a letter in the
mailbox and you open it and read it. Without you knowing the sender has put a
tiny device in there to track whether you opened it or not.

When framed like this, I can't help but feel we are all kind of crazy on the
web!

~~~
gerikson
You used to send sealed letters with the reasonable expectation that it would
arrive intact and unread. Now everyone[1] sends the equivalent of a postcard -
the vast majority of which are actually read/scanned by the entities doing the
delivery.

[1] apart from the weirdos who use encryption

------
sterlind
Shot in the dark, but could tracking pixels fall afoul of wiretapping laws?
It's a single bit of information, but it is a 1-bit recording gathered without
the other party's consent.

~~~
kasey_junk
Tracking pixels have been a normal part of the email ecosystem for more than
20 years. If an esoteric use of the law was going to stop it it would be done
by now.

~~~
netik
This is basically what GDPR is designed to stop.

~~~
kasey_junk
That’s not reusing old law, that’s a law designed purposely to stop this.

------
tsieling
When these things happen, to me the more important thing is what will
leadership do to change the thinking that led to the problem. Issuing a patch
is a solid step, but it's a symptom that points to a need for change in how
features are vetted and thought through.

------
mrhappyunhappy
Please have your email solution tell me that you are tracking opens, so that I
will never correspond with that sender again.

I think tracking opens without notifying the recipient is a blatant privacy
violation. If that’s where society is heading, I want to part of that.

------
xwdv
This pisses me off more than it should. I used to be interested in Superhuman,
but after they backed down I no longer care about getting an invite.

It’s nobody’s business what email client I use. I would like to see a bold
email client that offers all these extensive tracking features and makes no
apologies. Call it Supervillain for all I care, there is a market for it. If
you don’t want to be tracked, don’t accept images from me or anyone else.
Simple as that.

------
drevil-v2
The quality and depth of introspection from the leadership of an organization,
when they get caught with their hand in the cookie jar, is a truly epic
spectacle to behold.

The more cynical among us might even think they knew exactly what they were
doing but did it anyway for their own profit and to the determent of others
and the only thing they are actually sorry for is that they got caught.

------
sandGorgon
how is this working ? Gmail caches pixels -
[https://help.litmus.com/article/166-how-are-gmail-opens-
repo...](https://help.litmus.com/article/166-how-are-gmail-opens-reported-
within-email-analytics)

> _When Gmail automatically downloads and caches images, those cached
> images—including open tracker pixels, like the ones used with Email
> Analytics—are stored on Gmail’s servers. Gmail then loads the same images
> from the same servers for everyone—regardless of whether they open using
> Gmail in a web browser or a Gmail Android or iPhone /iPad app._

~~~
weavie
Presumably every email gets sent a unique pixel name.

~~~
sandGorgon
Even so. It will get cached, so the analytics should fire only the first time
it's opened. Not subsequent times.

------
oh_sigh
Why do 'power users' care if people read their emails?

------
techslave
how about a browser or email extension that repeatedly and randomly loads the
pixel. for bonus points, through a wide set of proxies.

------
netik
Sadly they followed the path of nearly every surveillance capitalism startup
out there.

1\. Breach user trust by acting without user consent. 2\. Market it as a
service. 3\. Eventually get caught. 4\. Offer an apology.

Rinse, Repeat.

I don't have any real complaints about the steps they took to correct this. I
have complaints about the fact that they did it in the first place and didn't
consider the users. I also take offense at their investors who continued to
invest while knowing this was going on.

------
lrpublic
Surely this a massive breach of GDPR ?

~~~
kasey_junk
‘Massive’? I’d be surprised if they have anywhere near the incidents of
tracking pixels that a bog standard small ad network has.

No one will be able to tell accurately until a ruling comes down but I believe
this is a gdpr violation but one they won’t be fined for if they do basic
location filtering for their tracking pixels.

~~~
talaketu
A "bog standard small ad network" does not typically have the email address of
the ad viewer.

------
foobiekr
Every statement ever made by a tech company that went over the line and
decided to step back from it should automatically, in your mind, be appended
by "for now."

Superhuman is getting rid of this _for now_.

Also works for mobile carriers and pretty much any statement they make ever.

------
kixiQu
I didn't expect this, but it's actually everything I would have reasonably
wanted from them. Dang!

------
Skunkleton
I really don't get what the fuss is about here. You are being tracked online.
Why get upset about this specific instance?

~~~
stevenjohns
I have no idea either. I track every email I send out. The issue with
tracking, when done by companies, is what they use that data for. People don't
want to have sales profiles built on them or have their literal privacy - in
terms of their personal web traffic - being invisibly tracked and potentially
exploited by bad actors.

On a personal level, I send emails for a variety of reasons, and I haven't
found a good reason why I wouldn't want to know when they were accessed.

1\. I've sent legal correspondence and it's important for me to have a record
of when and how frequently it was accessed in case it ever reached court.

2\. When I send emails to my staff, I'm less interested in whether or not they
reply and more interested in whether or not they read the emails at all. If
not, then I can use alternative and more immediate forms of communication.

3\. Sometimes I'm ignored by people that owe me money for one reason or
another (in one particular case, I was almost scammed out of $40,000). Knowing
that the correspondence I was sending was being accessed but was being ignored
allowed me to take more immediate action.

I'm not building profiles on people, I'm not trying to sell anything. And I'm
not going to apologise for it either. My intentions are not malicious, so
that's where it starts and stops for me.

~~~
orangecat
_My intentions are not malicious_

In scenarios 1 and 3, your intention is to spy on people to gain an advantage
over them in legal proceedings. That's going to qualify as "malicious" from
their perspective.

~~~
stevenjohns
You think having a transactional log to stop people from lying in court is a
_bad_ thing and has me doing harm? What unfair, malicious gain do I receive by
being able to present evidence that says that someone did in fact read
correspondence?

Respectfully, you’re in a very small camp there. You might as well call
security footage or fingerprint evidence malicious as well. The same goes for
snail mail that has delivery confirmation.

If anything, this thread has just reinforced my belief that I’m doing the
right thing.

~~~
orangecat
_You might as well call security footage or fingerprint evidence malicious as
well._

Security footage of your property is fine. Embedding a hidden camera into a
package that you mail to someone is not.

 _If anything, this thread has just reinforced my belief that I’m doing the
right thing._

And it's reminded me to verify that image loading is disabled on all my
clients. Win win, I suppose.

