2. If there is a tracker, the second thing I expect is that it tells people whether I read the email. I do not expect it to also track location. Well, being an HN user I do. But the typical email recipient (who I repeat is NOT a Superhuman user) does not expect to be geotagged when they open an email from friends/family.
3. If I do figure out that I'm being geotagged, I am going to think it's like Google, some sort of thing that goes into the cloud and is sold to optimize my advertising or what-not. Nobody opens an email and thinks that the person who sent it to them will be told where they were when they opened the email.
In my opinion, "weird" is not the word for any of the three things I've listed. It is not nearly strong enough to describe taking advantage of people's (possibly flawed) model for how email and tracking works.
Everyone who uses email is basically agreeing to a contract that they haven't read, and wouldn't understand even if they had read. Usually this doesn't matter, but occasionally weird things happen as a result.
That's not to say that anything goes, but it's also important to look at this in context.
No it doesn't.
If you're talking about leaking client IPs in received headers, some providers (including gmail) have excluded this information for some time.
If you're talking about the timezone in the Date header. Fair enough. Someone can figure out what timezone you're in. Unless you change it to just be UTC or whatever.
Or are you talking about something else?
Sure, in the same way that some mail clients (like Thunderbird) don’t load tracking pixels by default. But if we’re going to talk about ethics and user expectations, I think that’s a reasonably fair comparison.
To be specific, it shows your public IP, right? Using a VPN means this will not show your location, correct?
Disclosure: SH user.
> Superhuman’s competitors are Apple Mail, Gmail, and Outlook. Exactly zero of those companies insert a tracking pixel into their emails. Furthermore, both Outlook and iMessage use Read Receipts that are turned off by default and controlled completely by the receiving user. In other words, when you buy a new iPhone or start using Outlook, no one requesting an Outlook or iMessage read receipt can receive one without your explicit permission. Furthermore, even if you do turn those on, it’s a simple one-time receipt… not a log of times and geolocations every time the recipient views the message.
Superhuman is an email client based on Gmail, so it's not only to send commercial emails to people that have agreed to receive commercial emails from you (and you've hopefully gotten them to opt-in to your privacy terms as well).
However, the ones I work on only record the time that a given email was opened ... BY DESIGN they do not include WHERE that email was opened, the IP address of the reader or anything else, because a) that's just creepy and b) it's not necessary to measure the impact of a given campaign.
But frequently requested/demanded/wanted by email marketers? Yep.
And, perhaps surprisingly, open tracking (when used effectively) serves to reduce unwanted email.
Say you run a really popular store--tons of loyal customers who genuinely want to know about your sales/specials/coupons/whatever, tons of different marketing channels. When you send an email campaign, you want to be able to tell whether increased traffic is due to that campaign versus some other marketing, so you track link clicks (fingerprinting each link in the email). Presumably this isn't generally considered unethical (if it is, is server-side request logging problematic as well?).
You, the hypothetical marketer, want to know which category your campaign falls into for your recipients: "hate it" (marked as spam, you usually get notification of that from the mailbox provider), "don't care about it" (never opened it/filtered it into purgatory/deleted it), "maybe care about it" (opened it but didn't click), or "actually want it" (opened it, clicked on something).
Open tracking is important to disambiguate "don't care about it (and might start marking as spam if they get another email from me)" from "was interested, but not enough to click on a link". If there are no clicks, and really low open rates, it's a sign to stop emailing those people immediately, or else they might start marking the email as spam and get your sender reputation penalized, which is very bad for business. If there are no clicks and good open rates, it's a sign that people are interested, but your content might suck/have display issues/be poorly put together and need to be improved.
Because of this dynamic, being able to track opens with reasonable fidelity (sure, people can block images or spoof opens if they want) is key to reducing spam and low-quality marketing content in many cases. Businesses suffer pretty directly and immediately if they don't back off from sending tons of crap to non-openers.
I know this probably seems alien to a lot of the HN email-using demographic, but there are large swaths of people that very much do use marketing email heavily to stay informed and buy things, and they willingly agree to receive a lot of it.
This isn't a blanket statement that "all activity tracking is inherently ethical" or anything, just that, in this case (and given that email marketing and facilitators thereof aren't going anywhere) this particular kind of tracking, while sometimes ethically dubious, has a bright side.
Source: I work for an email marketing provider.
Sending email has a cost, however small, and it's better to send things people engage in and enjoy ... which is why knowing click through and open rates is useful.
But I think the point is that this is much less likely than on a personal email, and if you don't know the person then it's a little less creepy because it has no emotional meaning to the "stalker"
HTML email + IP to location + simple automation has driven the multi-billion dollar Martech (marketing technology) market for years. The feature set you are describing has been standard for a years now:
- They all use tracking pixels/logos-in-signatures for read receipts
- Read receipts aren't boolean "someone read this!" but instead track when, how many times you opened it.
- IP to location is used to understand location and route the lead/opportunity to the appropriate sales rep.
- Email User-Agent fingerprinting is done to track device type
- Most have automation, that allow you to automatically re-mail or even phone dial someone who has just opened an email after certain conditions are met.
This is fairly basic technology, glued to together, creating powerful platforms for marketing and direct sales. On a site like HN, how could any of this come as a surprise?
"When faced with making a product decision that is even mildly uncomfortable, employees often first look towards expressed company principles like “Always put the customer first”, but the next thing they look for is precedent."
It is reminiscent of the "two wolves" Cherokee story of two wolves inside a person one evil, one good. The one that wins out and determines your character is the one you feed. These sort of company decisions, individually small but repeated over time, are food for the ethical wolf and the unethical wolf that lives in the soul of a company. One way to know that you probably don't want to continue at a startup is when you notice they are feeding the unethical wolf more than the ethical one.
Though, honestly, I find the use of Johnson & Johnson in that article to be more problematic by the day considering they clearly have done a lot of evil at this point.
Admittedly, I'm a noob so I would be happy to hear about alternatives.
What if the revolution never happens? Then what little "privacy theater" stood between the corporations and the users is swept away. When corporations need to show some restraint, even if only to not appear completely evil, at least it's some restraint.
So, removing "privacy theater" does nothing to your actual privacy and only shows you how exposed you really are.
The difference to me is that accelerationism says "it's bad; let's make it worse so that people will realize they need a revolution". Anti-theater says "it's bad; let's tell people know how bad it is".
The author compares tracking email opens and locations with looking into your neighbor's window and seeing them naked. What's different about the latter is that it's actually illegal (look up "peeping tom laws"). Storing someone's public IP address and using it to guess their location is not illegal, and shouldn't be -- we have massively faster internet from things like DNS targeting that do exactly that.
If you're going to go after people for tracking user locations then there are much bigger fish in the sea than Superhuman.
EDIT: It looks like GDPR does go after the big fish here, which is email tracking in general: https://www.gdpreu.org/compliance/email-tracking/
> In its current prevailing form, we expect email tracking to be categorically prohibited under the GDPR without express user consent.
Legal vs. illegal is also not an appropriate basis for proper behavior. I think if we all used that standard for our personal interactions society would rapidly descend into chaos.
Acceptable behaviour in a mosh pit is not acceptable behaviour in a grocery store check out line, because of how others are already acting and the pre established norms.
I didn't and don't trust them with my email.
I know Rahul and told him then that I thought they had an organizational blind spot in over-emphasizing growth hacking. I don't think it led to any changes.
(If anyone is looking: I've been a FastMail customers for years and still trust their staff, ethics, and decision process/priorities completely. Bonus that their webmail doesn’t load remote images: https://www.fastmail.com/help/receive/remotecontent.html)
I would occasionally have someone ask me why I opened their email 20+ times before responding (I didn't).
After a while, I realized that when using the "arrow down" key to scroll through your inbox in Apple Mail (with split view enabled), Apple Mail will open and render every email in the split view when attempting to open an email further down in the inbox. This would result in every tracking pixel being loaded/rendered dozens of times, even when the email was open on the screen for < 200ms.
After a few times hearing people ask why I opened their email dozens of times but haven't responded (when really hadn't read their email at all), I ended up disabling images from loading in emails entirely.
Does anyone know if this is still an issue with Apple Mail? Or if this also happens with Gmail configured in split view?
What issue? This is marketing wonks and creepy SV companies abusing image loading in email to implement "read receipts". The fact that some clients load images differently is their problem, not Apple's.
IMO the people harassing you about how many times you opened their email are idiots. Image-based open tracking is notoriously unreliable and is best used to track engagement trends within a given audience, not as a microscope on one person.
This seems like a classic example of people taking some marketing feature at face value and not spending any effort to understand the actual technology under the metrics they see in a dashboard.
I've heard enough fishy stories from former engineers there — people should think twice before logging in and letting them ingest your full account history (as with any third party email app, which Gmail is already cracking down on ).
Note: I'm not using Superhuman currently, but tried it briefly a few months ago.
No, it's wrong. The first time you open the email, the image is retrieved. It's only subsequent views that are cached. So the sender can still see when you read the email; they just can't see how many times you read it afterwards.
Yes, but the key question was about the open rate.
> I thought Gmail's solution to this was to always download every image in your email and then proxy the image from their own servers when you view it. This results in a meaningless 100% "open rate" for Gmail
is incorrect because
a) GMail does not always download every image in your email
b) GMail does not have a 100% open rate.
Maybe clients could use Tor to limit the damage when img are needed but not necessarily trusted.
Tracking pixels are so widespread that surely it must work, so what do people use to view their emails?!
Most do. You have to turn it off manually.
Am I wrong here?
What other apps or clients load images by default?
If you're scared about giving your address to this tool, I wrote it. You've no reason to trust me, but you can scan the about/privacy pages for information, and it's also available to download and self-host.
There's an inverse relationship between email importance and production value, seeing a bunch of blank boxes is a great hack to signal that.
"...An open won't be recorded if:
The recipient opens the email on a legacy email client that blocks all images from being viewed. This also means that images in signatures and other media won't carry through to the recipient, so in practice this is quite rare.
The recipient has software to block email tracking. This is also quite rare, and Mixmax actually circumvents most email tracking blockers."
a mail provider like fastmail could in theory be loading image links in emails they will deliver to their users and store them into their own local cache, rewriting the email your client receives so that you see the images served off of your email hosting provider's servers. that would be a straightforward way of preventing any sort of image link tracking across the board, is this a thing?
I would suspect there are privacy implications of google caching what's behind every image tag in an email, in addition to the massive traffic / CPU spike such a thing might cause to retrieve the image and hash it, particularly for a very large email campaign. (But I don't know).
[Edited to include this link, which I found in another comment here]
"Gmail will now serve all images through Google’s own secure proxy servers."
The conversation could have easily been
"Read receipts are a useful feature."
"Yeah. Let's add them"
And that was it. Lots of people are not privacy focused and don't think of this as a problem, so it would never occur that their seemingly benign feature could have bigger consequences.
It's pretty easy for people who care to "turn off read receipts" by disabling images or blocking it through proxy/vpn/whatever.
I personally don't like read receipts, so I will likely not use superhuman. I just don't view it as some major problem.
> Second, I want to talk about why this particular issue is so important. Not why privacy is important; we are all already learning that the hard way. Rather, why making ethical decisions at the earliest stages of your company is important.
> When a company first forms, there are no norms or principles guiding how its people should make decisions. It’s basically just what’s in the founders’ heads. With each decision a company makes, its “decision genome” is established and subsequently hardened...
In other words, if this is a decision Superhuman made early on and embedded into its main product, then, the author argues, we should be very wary of its culture, and how it will weigh-in on privacy issues going forward. It's from this claim that the author seems to have built his anger on.
Read receipts have been a feature of email and messaging clients for at least more than a decade now. Among the tech-literate, the tradeoffs and potential problems/controversies are well-known, such that opting-in (or out) of read receipts is a near-ubiquitous option in every service's account settings. I'm sorry, but it really stretches plausibility to think that Superhuman put in as little thought about it as you propose.
What about non technical people who have no way of learning that they are being spied upon?
I may be wrong.
"Do you care if your ex-girl/boyfriend can tell every time you read an old email s/he sent you?"
"Have you disabled loading images by default in your email client?"
You will see that you are wrong.
EDIT: decided to listen to my own advice and conduct a (very non scientific obvs) twitter poll.
Setting aside the difficulty, being pressured to disable a generic feature (image loading) for a degenerate use case of that feature (user tracking) is annoying.
Other email clients support 'read receipts' without using tracking pixels. It's not impossible that Superhuman chose to use tracking pixels for a good reason, but I can't think of one and I haven't read of one either.
Interesting additional note, though, the title has (relatively recently) changed to "Superhuman embeds tracking pixels in user emails" versus the actual article title of "Superhuman is Spying on You"
This is written as if Superhuman are the first people to do this, that doesn't justify the behavior but there are others to blame here and the precedent was set prior to Superhuman's implementation with these email tools
This does make me want to find a mail client that automatically finds these tracking images, uploads them to a pool of tracking URLs, and then loads a few hundred members of the pool at random (preferably with randomized cookies, etc).
I’d pay for something that does this to the top 100 tracking firms, especially if it worked with web browsers.
Considering the person is saying how bad it is to have a tracking pixel in email, the site that hoats this article can now do similar things by putting that cookie in your browser
<script>document.cookie="resolution="+Math.max(screen.width,screen.height)+("devicePixelRatio" in window ? ","+devicePixelRatio : ",1")+"; path=/";</script>
In fact, that's pretty much what it is. This looks like it comes from an older version of the Adaptive Images WordPress plugin: https://wordpress.org/plugins/adaptive-images/ (there's a very similar version of this code in the adaptive-images-front.php file).
The WordPress install would use this cookie to resize an image to send to your browser.
Could that itself be used for tracking? Sure, but you'd need at least a few other signals as screen size and DPR aren't all that unique across most devices.
I think it's analogous with EU's "cookie consent". Cookies too are a client issue. Instead of annoying mandatory popups on every site, browsers should handle cookies better by default.
If someone breaks into my house because my door lock is broken then I should definitely fix the lock.
But the criminal shouldn't have broken in anyways.
There's no real way a browser could know the difference, hence the law.
Posts I found that seem readable:
(Gmail’s API lockdown will kill some third-party app access, starting July 15)
I think their startup will stop working soon, given that they only support GMail.
They've surely paid for this. And, ironically, this is the sort of app that Google supposedly set up this gatekeeper process to keep off their platform, as this was meant to "safeguard user privacy."
It's pretty productive and the creator is pretty responsive.
Disclaimer: guy who made it is a cool friend.
I thought so too.
Nope, not my email client, Emacs/Mu4e simply flat out won't notify you by any means that I have viewed the e-mail.
Man, the world has gotten weird. Its like people forgot emails were actually just text.
 - https://security.stackexchange.com/questions/23718/is-my-ema...
I know this is what GDPR is but we need a saner US version of it.
We can’t be technology leaders and still pretend it’s the Wild West.
Not only is it not enforced (why are Google and Facebook still around considering their entire business is to basically violate the GDPR?), but there are plenty of exemptions that can be abused to argue that nasty behavior falls under "legitimate interest".
Making a complaint is also super difficult. The ICO (UK's privacy regulator) for example insists that you have to first contact the offending company and give them 3 months to reply which is an insane amount of effort and not always possible (what if there's no way to contact the company, or you have to login/create an account first). There should be just a simple form where you send the URL of the offending page and they take it from there.
cough Gmail cough
It probably wouldn't take much work to use Automator.app to periodically uniquify the src URL in your sig and map Sent Item => unique hash into a sqlite database, later asynchronously updating it with IPs seen from an nginx server hosting your image. Presto, you're a "superhuman".
I was using MailTrack for a while, and it's been a very valuable tool, but I can do without it.
I was also talking to some lawyers about GDPR, and they said that this kind of tracking is actually illegal for recipients in Europe, unless I explicitly ask for their permission to include a tracking pixel. So I was already planning to get rid of this, and I'm glad that my emails are now GDPR compliant (even for people in the US.)
EMail is supposed to be text infomation, not a glorified leaflet.
That said....using Superhuman (or any similar third party app connected to gmail) involves giving them access to your entire gmail account.
It's odd they wouldn't let you onboard without that (they used a zoom screen recording with me, and it was fully within Superhuman), but you're not really sending them anything they don't have access to if you signup.
I ask, because that would be the ethical way to handle what this app is doing for you.
* disabling the option of blocking image-loading in the iOS GMail app is definitely an aggravating and inexplicable tactic, to the point I'm starting to looking into switching away from GMail as my provider.
Dunno, I open mails with (neo)mutt, so none of this works.
It's not possible to disable loading of images on the iOS Gmail client.
They're based on a blacklist so they don't catch all tracking pixels. And then most emails contain images I want to see and that have tracking ID's attached anyway, which is a problem that can't be solved with a blocker.
As for desktop - there are a few pixel blocking chrome extensions that are great for this too
I mean from a baby startup maybe that's reasonable, but in this case, with all the hype, I think not.
My guess is a very well connected founder who was able to get his VC friends to hype the tool, make it elite and club-like, and from there, profit.
I look forward to seeing them go down in flames more than most other elitist, stupid startups around.
Almost every fancy email app I've used has had cross platform issues early on. It's always either iOS or Android only, often little desktop supports (zero for linux) besides maybe some half-baked web site. etc, etc.
Superhuman is hardly new in this context. The mac/ios only first approach is super common for better or worse.
Also, I've been using it fine on Linux, except that it didn't support Firefox when I tried it.
I believe the application is Electron based too, so it's not even a technical reason to make it platform specific.
SH started out like any other startup, with the best of intentions and a cool idea but it just didn't take. The issue is that they're on the line to deliver and they haven't had the traction they'd like so I've seen it slide, slowly, over an extended period, into a desperate place that leaves them doing ugly things. You should read Rahul's blog on finding product fit, it tells you much.
Personally, I now think they're in a position where they are trying to mooch everything they can off of users in order to try and build a better product coupled with finding ways to be "unique" that will make them money/attractive. This means they end up in sketchy territory i.e. the pixels, forcing people to reveal how they use gmail in order to sign up, tracking every-single-aspect of how users are using their site, hyped up bullshit etc. I don't know if they're harvesting actual user data.
The fact is, they're between a rock and a hard place. They aren't profitable, and there's no real exit. Whatever features make them unique can be copied in months, if not weeks by any other provider. Why would Google buy them? Also, the feature set, as good as it is, only appeals to a tiny subset of users of email. Other aspects like corporate email not being allowed to be accessed by third party clients etc makes a difference too.
I wish them all well, but by God I would not want to be a part of this thing. It stinks.
We detached this subthread from https://news.ycombinator.com/item?id=20337178 and marked it off-topic.
1. The comment says open tracking was added as a last ditch act of desperation...here's a 2017 article that talks about the feature: https://techcrunch.com/2017/08/18/rapportive-founders-new-st...
2. The comment says the high-touch onboarding was also added out of desperation. here's an old-ish tweet talking about it: https://twitter.com/josephcohen/status/1034189170003070976
3. The comment also claims that the company is floundering and desperate....they literally JUST closed a $33M round from A16Z...obviously they have a ways to go, but the claim that they are lost and helpless is simply absurd...here are pages upon pages of people begging for invites: https://twitter.com/search?f=tweets&vertical=default&q=super...
There's probably a healthy debate to be had about email tracking, but this comment is not contributing to that.
You're passionately asserting a strong claim, but when you get to the "evidence" part of your comment, it seems you haven't added any supporting evidence beyond what's in the parent discussion.
Also the founding team is from rapportive and rapleaf which are part of the shady data brokers that HN discusses often. It's best to assume good intentions first but there is precedent here.
I have strong doubts you're who you claim to be.
2. Gmail has no desktop app. It's reasonably fast, but not as fast as Superhuman.
3. Superhuman is a niche app, gmail caters to everyone. They can't reorient gmail around a tiny, high revenue portion of users
4. Gmail's iphone/ios apps lack the vast majority of desktop gmail's customizability features
The competitor to Superhuman would be a similar niche app, not gmail itself.
Yes. I expect analytics to be captured from HTML emails which I open.
Personally I think email software should all turn off third party requests by default. If you want images, use data urls or attached images.
At least with email I can block images and prevent the tracking from occurring. I can't do that with facebook or twitter.
> Superhuman doesn’t even let its own customers turn images off. So merely by using Superhuman, you are vulnerable to the exact same spying that Superhuman enables you to do to others.
A Superhuman investor, who does not disclose his interest in the company, pops in to say it's the recipient's responsibility to defend their own privacy, using a method (turning images off) that Superhuman's own product makes impossible for its users.
(1) Recipient generally doesn't know they're being tracked. Even in the argument that 'email is catching up to IM', the recipient always knows that read receipts are turned on -- because it is built into the UI.
(2) Recipient doesn't know they're being tracked multiple times, with multiple locations. Again, in that same argument, messenger doesn't tell you the number of times I viewed your message and where I am when I viewed it.
BTW -- you can absolutely turn off read receipts across both Facebook and Twitter.
See "Email clients have done this for years. Even Apple does this with iMessage"