I imagine anyone who works at any company that uses any kind of digital tool uses this exact same method to track people, so why the outrage here. Go tell your marketing departments to turn off email tracking in Salesforce, or to stop the marketing team from running campaigns with tracking in them.
So some random person made a browser extension that automatically collected the login credentials of everyone who opened Facebook on whatever public network you were connected to. Then they publicly released it for free. Ironically, the very first comment in the article I link here is, "Okay, it's evil, but how is this news?"
But the Firesheep plugin was a really big influencing factor in forcing not just Facebook, but a number of companies to switch their entire sites to HTTPS.
The point I'm trying to make is not that you should go out and blow up the world to make a statement -- it's that it's possible for there to be a problem that's trivial to exploit, and that is regularly exploited by criminals and businesses, and that is widely known to be exploitable, and for some reason people will still ignore it.
But if it's personal, if your next-door neighbor or your weird coworker can suddenly start doing it, then something clicks and people realize, "Oh, this is actually a real problem."
There's no technical difference between what Superhuman was doing and what every other marketer is still doing, but people are weird about what exactly they're willing to care about, and if the Superhuman controversy can be used to direct some of that anger towards structural, useful goals, then is that really a problem?
I understand that sometimes the specific triggers that make people care are stupid, but my response to that is never to ask people to care less. It's already hard enough to make people care about things.
What is "it"? Knowing I read an email they sent me? That's not what criminals and businesses are doing; criminals and businesses build extensive personalised profiles of who you are, what you like, what times you're active, where you go, who your friends, family and coworkers are and what your personal trigger points are all for the goal of exploiting you. They use email tracking as a single metric among dozens of others, and the way they evaluate the metric is completely different to how an individual would evaluate it. That data is usually then sold to other groups that do the same thing.
How is that anywhere even close to an individual with email read receipts?
I don't think anyone would say "this is actually a real problem" besides people manufacturing a problem out of nothing. I'm also willing to bet that 99.9% of the people that are outraged are totally willing to establish, work for, or implement an extensive user tracking system for a company that actually acts on malicious grounds (such as monitoring users or for the objectives of making sales).
This includes you - by the way - a quick look through your resume shows that every single company you've worked for heavily participates in tracking and the first personal website of yours I accessed at reset-hard.com includes Google tracking which is dozens of times worse than a "weird coworker" knowing you read an email they sent. This is literally contributing to a global database of user tracking which we know is used for malicious purposes.
> I understand that sometimes the specific triggers that make people care are stupid, but my response to that is never to ask people to care less. It's already hard enough to make people care about things.
When people care about the wrong things is when we end up with homosexuality being criminalized, prohibition or terrorist groups. So hopefully in this case - just like many others - people would focus their energy into things that actually matter. And personal email tracking is not one of them - and will never be.
The only thing worth saying on that topic is that it matters very little what you (or anyone else) thinks of me, whether it be good or bad. I don't even judge myself that way; I only care about trying to be better tomorrow than I am today. Anything else is a waste of time. And certainly, my response when I encounter hypocrisy is to try and fix the hypocrisy. Not to throw up my hands and say, "well, I guess none of it matters then."
The above out of the way, I want to try and engage with the deeper argument you're making in good faith.
What you're missing here is that all of the business tracking and personalized profiles you bring up as the real problem are using the exact same technology as these read receipts. The point is not that read receipts are the worst thing in the world (although I think they're unhealthy and they show a lack of respect for the person you're communicating with). The point is that they illustrate the broader pattern of tracking in a form that regular people understand and emotionally connect with. That's a good thing.
The other thing you're missing when you talk about criminalizing homosexuality and prohibition is that pervasive tracking is a tool that allows powerful people to oppress less powerful people. Pervasive tracking outs people's sexual preferences, it allows companies to illegally target individuals based on protected characteristics, to advertise to people at their most vulnerable moments, and to exclude them from opportunities that they would otherwise have. Far from being a nothing issue, privacy is fundamentally tied to people's ability to express themselves without fear and to hide from companies, governments, and even individuals that want to harm them.
Fixing personal email tracking has a pleasant side effect of also fixing the tracking that happens in both phishing and corporate emails as well. Like you quoted:
Yes, sometimes people can be encouraged to care about things that are actually unimportant, or even outright wrong. But privacy isn't unimportant; privacy is an essential tool to help protect individuals and marginalized groups from mobs, governments, companies, and individuals that don't have their best interests in mind.
> using the exact same technology as these read receipts
What technology people use doesn't matter, what matters is how they use it. If I were to implement a system that tracked actions users do in a way that was ethical and completely not personally identifiable, then it doesn't matter - there is no problem, regardless of what technology is used to do it.
> Fixing personal email tracking has a pleasant side effect of also fixing the tracking that happens in both phishing and corporate emails as well
I don't think so. At all. This is like banning plastic straws to save the planet.
It is mutating what is basically a porch security camera into a discussion on oppressive government surveillance. The two are not the same. Personal email read receipts have almost no bearing on privacy at all. This is perhaps the point that is being missed by most people.
My hope with this whole controversy of the week is that it leads people to disable loading remote images by default, and it leads email providers to change their default settings. I don't want to see people riled up just for angers sake -- I want to see that anger directed towards making changes that help with the entire spectrum of email pixel trackers.
This is where I think we disagree:
> What technology people use doesn't matter, what matters is how they use it.
You make a good point that Superhuman isn't doing anything unique, and you make an (arguable) point that what Superhuman is doing isn't even that bad on its own terms.
But if you have to trust companies or 3rd parties to be responsible with a technology, you're still leaving yourself open to less ethical attackers. The safest fix is to get users onto platforms where no one can track them, even if those trackers are deployed in responsible ways.
Think of it this way -- you make a completely reasonable assertion that including Google Analytics on a web page is a personal violation of privacy. When I get around to removing Analytics from Loop Thesis, that will be an improvement. But I'm not under the illusion that doing so will affect anyone other than my visitors on my site.
There are two steps to this process. One is to be personally responsible about what we do. The other (equally important) step is to empower users such that they don't need to rely on us being responsible -- by encouraging them to install ad blockers, by building browsers that resist fingerprinting, and so on. I want to respect people's privacy, but more than that, I want them to be private regardless of whether or not I'm trustworthy.
Encouraging products like Gmail or Fastmail to block images by default is not the biggest step in the world -- it certainly doesn't fix everything. But it is a step, and it makes things slightly better. There is no short checklist to fix omnipresent surveillance; it's a long, arduous road where we hope that things gradually get better over time. The outrage over Superhuman will be beneficial if it encourages some people to change a setting in their email clients that they didn't know existed.
Also this so-called “manufactured outrage” was started by a product VP at InVision. The call is coming from inside the house on this one.
But other than that, I agree. From a privacy perspective, there's some advantage to just being one row of millions in the marketing database; it's the aggregate behavior that they care about, not individual.
The dichotomy between "marketing tracks, 1-to-1 emails don't" is false. There are hundreds of millions if not a billion installs of people using tracking for 1-to-1 email.
Sales people use dozens prospecting tools like Outreach.io, Salesloft, etc for tracking.
Likewise, millions of individual consumers use tools like Gmelius, Mixmax, Streak, etc.
This feels like either manufactured outrage or willful ignorance by a community of supposedly technology-savvy people who should know better.
First, tools like Streak have been criticized for years. And something like MixMax which is sold as an email marketing platform thing is scuzzy and gross, but it’s fairly clear to the person signing up what it’s for and that it’s for people who send out bulk email for marketing purposes.
Superhuman sells itself as an email client for professionals — it sells itself in similar ways to how Mailbox was presented before the Dropbox acquisition.
The investors and sycophants defending this product might say that it’s clear to everyone that this is just an email tool for marketers, but that’s not how its own webpage sells it. If anything, this is selling itself as an email tool for VCs or people doing biz dev.
And maybe every person doing M&A uses tracking pixels, but that seems like a stretch. And for there to not be an ability to turn the feature off (until the outrage), says a lot to me about the core values that went into designing this product.
I would never pay for something like this or for Streak. I understand that emails I get from a marketing company or a newsletter have tracking pixels. I’m savvy enough to know others might send them too. But I will absolutely push back on the idea that it’s the expected behavior for all or even most emails, let alone willful ignorance.
It’s disingenuous to conflate transactional or marketing email tracking with a manual, non-automated email one person sends to another. Yes, I’m sure plenty of people track those emails, that doesn’t make it common or the expectation from a sender. The fact that there is this much upset about this proves that this isn’t the expectation.
Which email tool was doing this? If I install cloudHQ email tracker, mixmax, streak, Gmelius tracking, Cloud hq autobcc to Salesforce, then I do this for marketing or sales. So these are CRM utilities...
But I do not expect that my email client which is promoted as "THE FASTEST EMAIL EXPERIENCE EVER MADE" has this creepy feature enabled by default.
Anyway, Superhuman seems to a CRM (maybe a good one - I'm not sure) and it is not an email client. That is the difference.
I think the distinction here is that Superhuman put that power (with location information) in literally everybody's hands by default (the wrong default, if one could even consider this as a switch). So someone who normally would be paranoid about a stalking ex would've taken other precautions but wouldn't have guessed that this would be so easy (yes, there are many ways people can personally track others, including using phishing and other covert methods).
So the "manufactured outrage" here is more akin to, if I may be completely hyperbolic for a moment, making it easy for anyone to buy assault weapons or nuclear weapons, when everybody knows that those with evil intentions for the masses (like terrorists) would be able to get them easily anyway.
My takeaway is that Superhuman is a scuzzy company that I want nothing to do with, but my takeaway is also that Superhuman backing down doesn't really solve the problem. Everybody does this -- and I don't care if Superhuman is worse than everyone else, none of it is acceptable.
An immediate partial solution is for us to push very hard for email providers not to load remote images by default, and (better) for image providers to load remote images one-by-one, rather than in a single batch (which would make it less likely that a user will accidentally turn the tracking pixel on with a single click). An email provider loading images by default should be derided the same way that loading a blog post over HTTP currently is. Have good defaults that protect your users. There should be a swath of email providers on Twitter right now reassuring their customers that tracking pixels won't get loaded by default in their clients.
If you're upset about this, I don't want you to be less upset. But I want you to think about being also upset about stuff like Amp for email, which will make it even easier for companies to pull this crap. I want you to also be upset about email providers that don't turn off images by default, or that don't do any background caching to obscure IP addresses.
There's a large number of obvious improvements to make in this area, and a lot of discussion to be had about non-obvious improvements. If people are only mad at Superhuman, then the overall machine will continue as normal, and all that anger won't actually accomplish much in the long term.
Superhuman is calling this a critical feature, so they're not getting rid of read receipts. My perspective is that their business model is built on a technology that shouldn't work. They're speculating whether there could possibly be a technology to support consent. I couldn't care less about theoretical consent technologies, I want their entire business model to stop existing.
But why doesn't Fastmail block remote images by default? Yes, they have a setting, but why isn't it turned on for new accounts? If I tell my parents to sign up for Fastmail, I don't want to have to worry about whether or not their default settings are safe.
If you aren't using FastMail's webmail, it's your email reader's responsibility. FastMail quite reasonably doesn't rewrite email content.
It's possible I would have turned that on by mistake, but only if I really wasn't paying attention.
Edit: I just set up a brand new trial account and checked, and the webmail client is definitely set to load remote images by default. If that's not intended, maybe it's a bug that needs to be fixed.
(which just means you've chose to leak your privacy to Google instead of Superhuman...)
It's very good that Gmail proxies images, it's one of the few features that I wish everyone else would copy. Now, on the other side of that, unless their policy has changed since the last time I checked, Gmail still loads images by default and it doesn't cache them, it only proxies them.
So it's good that Gmail obscures your IP address, it's bad that Gmail still loads images from remote servers by default when you open a message, and it's bad that it will reload them every time you open it in a new client/environment instead of serving them from a Google cache.
Read receipts do work in Gmail, and Google should be shamed for that. I didn't call out Gmail in particular because I don't think Google cares about privacy enough to change anything. I'm hopeful smaller companies like Fastmail might.
Work how? There's a responsible way to handle read receipts (where the client notifies you the remote side would like a read receipt, and offers the choice to send it), and if it's done in that manner, I'm not sure why they should need to be shamed.
I'm not sure what Gmail does, but I see stuff when searching about how to configure it for G Suite accounts to always/never/selectively respond, and about how to disable Gmail's nagging about it, so I'm not sure the current status.
That's a read receipt, in practice if not in name. I put a unique tracking pixel in the email, and when you open the email by default Google proxies it from my server. It's uncached, so unless the browser itself decides not to re-fetch it, I'll also know whenever you reopen the email.
Google also allows you to request a read receipt the responsible, official way that you're thinking of, but why would I ever use that feature when I can just give you a tracking pixel instead? The responsible read receipts require consent, and tracking pixels don't.
Again, I haven't checked Gmail's default settings in... probably years. So maybe this has changed, and it doesn't load images by default anymore. But any client that loads images by default has non-consensual read receipts, and they should be shamed for that.
Read receipts (as opposed to email tracking through images, let's not overload terms here) have the benefit that they might be returned by clients that don't load images by default. That's probably a relatively small portion of clients, but it is only one setting change away on Gmail.
> Again, I haven't checked Gmail's default settings in... probably years. So maybe this has changed, and it doesn't load images by default anymore. But any client that loads images by default has non-consensual read receipts, and they should be shamed for that.
A client that loads images by default does what 99% of people desire. That Gmail does so in a safer way than many others is a good thing, and maybe shame is a strong word for transparently making people's default behavior slightly safer while doing what they want (showing emails as they were visually intended and looking nice).
I know that at launch it only obscured your IP address. I don't know if they've changed the default behavior since then. Of course there is a setting to disable images -- maybe in recent years they've switched it to being on by default. Someone other than me would need to confirm, since I've had my images turned off for years now.
“Note: you can turn automatic loading off and gain the privacy benefits of the proxy anyway.”
Not a panacea because sometimes you just need to see the images, but most of the time I never actually need any included images.
Although there is of course nothing to prevent the email sender from putting some relevant or interesting content within an image which would then encourage me to load the remote data..
Why this is a partial solution? Tracking is only possible because receivers' MUAs do a wrong thing. If the technology makes tracking impossible (except for various hacks/exploits), then the whole problem is resolved.
Arguably, this is their own fault at that point, but I'm not sure it's reasonable to expect them to understand the risks. This is why I would prefer click-to-display on each individual image instead of a "load all" button.
Even that isn't necessarily perfect, but it does take you a long way.
An even better solution might be for the email provider to preload images when the email is delivered (not opened), and then either serve them from an online cache when you opened the email, or inline them into the message itself. However, now you're talking about rewriting emails, and I can understand why people might not want that -- it comes with its own set of downsides. It would also probably increase operating costs as well, I assume.
If someone wants to use tracking pixels, they'll find software that does it, so I'm really okay with them keeping the feature in... with the removed location information. (I am going to block it anyways, let's be honest.) And most importantly, they recognized the power of defaults for setting how people tend to behave. Making the feature non-default will crater it's use percentage across their customer base.
Sure. But it's also an indication of what their team thought "this is fine!" about, before an internet shitstorm rained down upon them.
In my mind they're always to be suspected of being either naive or actively evil in their use of personal data.
Anybody who launches "a powerful business tool", and then later tells us "We did not consider potential bad actors. I wholeheartedly apologize for not thinking through this more fully." is not someone I'd want running _my_ business tools. I'm now wondering if they considered "bad actors" finding their open MongoDB databases on Shodan? Or their public S3 buckets with their backups? Or their production API keys and secrets in their pubic GitHub code? Or all those other mistakes that everybody goes "but nobody except idiots would do that!" and yet we read about it multiple times per week anyway...
Maybe these guys have a great Email tool. I strongly doubt they have an entrenched culture of "considering bad actors" and appropriately investing effort and securing all the non customer facing infrastructure...
Don't get me wrong, it's not perfect, but I've seen far too many companies respond to controversy with how they care and will think about how to make things better, while not making any significant changes at all. This is a big step above that.
How about...put a notification of tracking in emails that contain it rather than making it invisible and then include an opt out link? That seems....not hard.
Tech shouldn’t really be creepy by default, nor should it really establish needy/clingy behaviour, which is what I think non-consensual read tracking tends towards.
I mean, personally, I would consider it a significant invasion of my privacy if anyone who sent me an email knew when I opened it and, roughly, where, without me knowing.
The problem with the internet and tech companies now is that there is an established pattern of you being able to consent on behalf of other people purely by virtue of giving access to your contact list, or using a certain mail client. You are giving away their data, not your own.
One of the reasons I use WhatsApp heavily is the read statuses. A single checkmark underneath the message means it was sent. Two checkmarks mean it was delivered. When the checkmarks turn blue, it means the recipient read the message.
I love, love this feature. If I could wave a wand and instantaneously make it standard for ALL methods of communication, I would do it in a heartbeat.
What about for solicited messages? Just curious.
I think a mistake was made when some messaging apps turned it into an opt-out and also made it punitive, in that opting out would mean that other people’s read receipts would be disabled.
I don’t think it would be so bad if every single data point wasn’t hoovered up and sold to third parties. They’re probably using this read status feature to measure engagement and decide how to target more ads. They can infer a lot: who you respond to quickly, who you don’t... who is intimate and who is an acquaintance. Who is important, who isn’t.
But I don't like non-opt-in "features" like Messenger's activity indicator. It is no one's business when I was last on FB, or if I have accessed it via computer or mobile.
However, given that I'm extremely doubtful that SuperHuman will remove the feature completely, I'm going for what I consider a minimum standard of decency: disclosure and the ability for recipients to opt out.
Obviously this would depend on whether a sending app decides to honor it, but responsible senders would have a harder time justifying ignoring it.
: https://twitter.com/troyd/status/1146554065553256448, https://twitter.com/troyd/status/1146561165687869440
1. A recipient-specific "Do Not Track" option could apply to recipient-specific link/click tracking, not just open tracking.
2. Ideally, all email clients would have an option not to load images by default, but based on the comments in this thread, some don't. One popular example seems to be [Gmail for iOS](https://support.google.com/mail/answer/145919?co=GENIE.Platf...): "Images will always appear in the Gmail app on your iPhone or iPad."
A third-party service could give some control to users of clients without this feature. (Whether the responsibility belongs on the sender, the recipient, or both is totally debatable and in practice, not very relevant. For all stakeholders, the goal is to communicate in a way that satisfies all parties well enough to keep communicating. Recipients have been at a disadvantage due to lack of information, and as their awareness increases, their expectations will rise.)
3. Right now, there's no way for companies which actually care about privacy and/or recipient preferences to stand out from those which don't, or which don't yet claim to. This would be one of few ways to discern white/light grey-hat senders and mail delivery services from dark grey/black-hat ones.
He could benefit from consent training.
You could opt out of future emails I suppose, but there's not really a way to stop this. Nothing stops me from embedding my own tracking pixel in the email either.
If you don’t want that to happen, configure your computer to not do that. Same thing for storing cookies.
The thing that really troubles me is that in this new app-based world, these sorts of options are slowly becoming extinct.
The very fact that you can choose different web browsers, some that accept and save cookies and some that don’t, or different email clients, some that load remote content and some that don’t, means that the user made a choice.
They purchased hardware that they chose, they installed and configured apps and services that they chose, or that came preinstalled on the hardware that they chose.
I would venture a guess that most consumers do not opt to fully understand the consequences of their consumption choices, sure. But that doesn’t mean that their choices, or the consequences thereof, are any less their own. Ignorance of the consequence of one’s choices is itself a choice.
Highly visible blog posts are indeed the best way of effecting change, although the investors who were criticizing the original article now look very silly.
If there really was such mass hysteria regarding read receipts in emails (WhatsApp has it by default too?) then it should be your email provider that should be leaned on to secure their system. Google has known for a very long time about this, and has changed the loading of images to stop location tracking, presumably the only thing they actually think is controversial with read receipts.
Personally I like that response, though I think they have legal problems in some jurisdictions. They didn’t try to weasel word their way out.
There's a lot of Superhuman skepticism in the comments, but their CEO owned the decision and responded quickly. If you assume good intent, it's remarkable in its comprehensiveness, transparency, and speed.
If you don't, well, you probably wouldn't be satisfied by anything other than ripping the feature out. Which wouldn't make sense for the business given the demand from its primary customer segment.
A company managing customer feature requests is suddenly remarkable? For a tool aimed at professionals? I would take that as par for the course.
I know this is non-trivial because I run a business that helps product teams do this. I talk to PMs at companies you've heard of and probably use that struggle with this.
So it might be hard to get an exact count of how many people asked for some feature (particularly if it doesn't have an agreed-upon name, like "read receipts", but if you're just looking for one phrase and don't mind erring on the low side, this should be a pretty easy exercise.
I think my broader point stands: given their 26k requests (which you can’t figure out using your method) it’s impressive to know that N of them are for Y feature.
Rare to hear such honesty from a CEO. I don't think I've ever seen a corporate leader admit they didn't consider product security. Concerning? Maybe - but I think it's miles better than the usual "we value your privacy and use industry standard blah blah blah.." canned spiel everyone gets in their inbox after a breach goes public.
> Rare to hear such honesty from a CEO. I don't think I've ever seen a corporate leader admit they didn't consider product security. Concerning? Maybe - but I think it's miles better than the usual "we value your privacy and use industry standard blah blah blah.." canned spiel everyone gets in their inbox after a breach goes public.
A company that has access to your email did not consider bad actors, and that is a "maybe" of a concern for you?
"1. Location data could theoretically be used nefariously
This criticism is the most severe. Upon reading the commentary, I have come to understand that there are indeed nightmare scenarios involving location tracking. I should note that we deliberately do not show cities — we only show states or countries — but a determined attacker could still misuse this information.
I am so very sorry for this. When we built Superhuman, we focused only on the needs of our customers. We did not consider potential bad actors. I wholeheartedly apologize for not thinking through this more fully."
This isn't a case of them having invalid SSL certs or improperly validating data sent to an endpoint. This is them building a feature that could have been used in bad ways and not realizing it. To that end, I am not very concerned about product security in this instance, because I have no reason to not trust their honesty.
On the topic of read receipts, I'm glad this is opening up a broader discussion about (pretty common) industry practices that track individual user activity across the web. IMO this will be a whole set of behaviors that will be viewed as having been on the wrong side of history:
We'll look back in 50 years and wonder why we would have ever legally let so much invasive tracking technology into our lives (we didn't know! but everyone was doing it!).
Companies (and individuals) should act ethical and in good faith, regardless of what others do. So, if you have a chance to improve something, you should do it. Make a superior product that also doesn't track users without explicit content. Superhuman definitely acted the right way with this decision.
When framed like this, I can't help but feel we are all kind of crazy on the web!
 apart from the weirdos who use encryption
I think tracking opens without notifying the recipient is a blatant privacy violation. If that’s where society is heading, I want to part of that.
It’s nobody’s business what email client I use. I would like to see a bold email client that offers all these extensive tracking features and makes no apologies. Call it Supervillain for all I care, there is a market for it. If you don’t want to be tracked, don’t accept images from me or anyone else. Simple as that.
The more cynical among us might even think they knew exactly what they were doing but did it anyway for their own profit and to the determent of others and the only thing they are actually sorry for is that they got caught.
>When Gmail automatically downloads and caches images, those cached images—including open tracker pixels, like the ones used with Email Analytics—are stored on Gmail’s servers. Gmail then loads the same images from the same servers for everyone—regardless of whether they open using Gmail in a web browser or a Gmail Android or iPhone/iPad app.
1. Breach user trust by acting without user consent.
2. Market it as a service.
3. Eventually get caught.
4. Offer an apology.
I don't have any real complaints about the steps they took to correct this. I have complaints about the fact that they did it in the first place and didn't consider the users. I also take offense at their investors who continued to invest while knowing this was going on.
No one will be able to tell accurately until a ruling comes down but I believe this is a gdpr violation but one they won’t be fined for if they do basic location filtering for their tracking pixels.
Superhuman is getting rid of this _for now_.
Also works for mobile carriers and pretty much any statement they make ever.
On a personal level, I send emails for a variety of reasons, and I haven't found a good reason why I wouldn't want to know when they were accessed.
1. I've sent legal correspondence and it's important for me to have a record of when and how frequently it was accessed in case it ever reached court.
2. When I send emails to my staff, I'm less interested in whether or not they reply and more interested in whether or not they read the emails at all. If not, then I can use alternative and more immediate forms of communication.
3. Sometimes I'm ignored by people that owe me money for one reason or another (in one particular case, I was almost scammed out of $40,000). Knowing that the correspondence I was sending was being accessed but was being ignored allowed me to take more immediate action.
I'm not building profiles on people, I'm not trying to sell anything. And I'm not going to apologise for it either. My intentions are not malicious, so that's where it starts and stops for me.
In scenarios 1 and 3, your intention is to spy on people to gain an advantage over them in legal proceedings. That's going to qualify as "malicious" from their perspective.
Respectfully, you’re in a very small camp there. You might as well call security footage or fingerprint evidence malicious as well. The same goes for snail mail that has delivery confirmation.
If anything, this thread has just reinforced my belief that I’m doing the right thing.
Security footage of your property is fine. Embedding a hidden camera into a package that you mail to someone is not.
And it's reminded me to verify that image loading is disabled on all my clients. Win win, I suppose.