Superhuman Is Spying on You
July 3, 2019 6:26 AM   Subscribe

What if email tracked where you are, without your permission? "It is disappointing then that one of the most hyped new email clients, Superhuman, has decided to embed hidden tracking pixels inside of the emails its customers send out. Superhuman calls this feature “Read Receipts” and turns it on by default for its customers, without the consent of its recipients. "
posted by xingcat (47 comments total) 19 users marked this as a favorite
what if email but more

Worst Black Mirror fanfic ever.
posted by ricochet biscuit at 6:48 AM on July 3, 2019 [9 favorites]

The TrashFuture podcast did a segment on SuperHuman and about how before you can use it you have to basically audition for the company to prove you are important enough of an e-mail power user to deserve to have it. An E-Mail Client for the Profoundly Stupid starts at about 25:00 in.
posted by Space Coyote at 6:50 AM on July 3, 2019 [11 favorites]

The weirdness of this world when a former exec at Twitter is lecturing folks on business and technology ethics. He isn’t wrong, but he isn’t arguing from the moral high ground.
posted by mfu at 6:59 AM on July 3, 2019 [3 favorites]

So you can't actually use this mail client without being a Silicon Valley wanker, and those people are probably tracking each other 24/7 anyway.
posted by winterhill at 7:23 AM on July 3, 2019

This isn't actually new, the tracking pixel thing, but what's ridiculous is that it isn't even reliable. I had an interview with a tech company recently where the acquaintance who worked there messaged me to tell me he was sorry it didn't work out... before I'd actually gotten the email, because he'd been told by the person who sent it that it'd been read. I think one of my devices previewed it or something, except I don't have anything pop up notifications? I'm not even sure. So that was an extra nice kick in the teeth, to find that out by Slack message before I'd even looked at my email, because the company was sure I'd read the message that I hadn't even noticed yet.
posted by Sequence at 7:32 AM on July 3, 2019 [15 favorites]

Didn't we already settle this in the late 90s? Fuck these guys.

The main reason I use a terminal email client (mutt) and a text browser (elinks) to read email is because it works and I'm too lazy to change. But, sometimes it also has real benefits.
posted by eotvos at 7:33 AM on July 3, 2019 [10 favorites]

because he'd been told by the person who sent it that it'd been read

You don't want to work for a company where an emails read status in any way a part in their hiring workflow.
posted by Damienmce at 7:36 AM on July 3, 2019 [32 favorites]

I don't know if it's a trend or what, but names like Uber and Superhuman have all the wrong associations for me.
posted by trig at 7:38 AM on July 3, 2019 [47 favorites]

The pullquote that'll stick with me for larger reasons than Superhuman's individual-corporate blinkered fuckery here:
When a company first forms, there are no norms or principles guiding how its people should make decisions. It’s basically just what’s in the founders’ heads. With each decision a company makes, its “decision genome” is established and subsequently hardened....The reason this matters is that what may seem like small decisions early on become the basis for many more decisions down the road. These decisions affect your ethical trajectory as a company.
I really like that way of putting it--it gets even more generally applicable to all sorts of organizations and groups of people by loosening up on the "company" aspect. (Frankly, it pretty much applies all the way down to individuals!)
posted by Drastic at 7:39 AM on July 3, 2019 [19 favorites]

As someone with a career in email marketing, I don't think it's wrong, per se, to tell when an email has been opened or a link has been clicked...

...but I think there's a huge difference between doing this with a mass email communication that was opted-in to, versus an individual-to-individual email.
posted by SansPoint at 7:41 AM on July 3, 2019 [5 favorites]

Over and over again, we get reminded that culture makes software; you can read a team's life stories in the products they build and the features they champion. When you find out Waze has built a feature to avoid speed traps, you can guess that there's probably no parents on that team, definitely nobody that's had a loved one killed by a drunk driver. It's painfully obvious that everybody on the Android Auto team takes the the company bus to work. If you dig around in its permission systems for a while, it won't come as a surprise to you that the creator of Android believes that one person can own another. I'd guessed there are no women on the SuperHuman team, and nope. There aren't. I'd bet that nobody there knows anyone who's ever been targeted for abuse, whether it's a stalker, an abusive ex, a cult or a state actor. Nobody who trusts them enough to talk about it, at least.

People in these cozy little cultures of profound, ignorant comfort keep building these shiny, irresponsible bullshit systems that don't just refuse to account for real live people's real, life-threatening problems, but that refuse to even admit those people exist. It should be one of this industry's most shameful embarrassments, how much of a burden we put on people who are already threatened; how much work you need to do, how much of the stack you need to understand just to be able to answer questions like "will I still be safe, if I use this?".

It's 2019 and we know how this works; if you're not checking your blind spots and corner cases, if you're not actively seeking out the people you're not and listening really hard to what they have to say, if you're not interrogating yourselves and your assumptions over and over every day from design through deployment, asking how the tool you're building can be turned into a weapon? Then you're building a weapon.
posted by mhoye at 7:51 AM on July 3, 2019 [97 favorites]

As someone with a long career in email, period, I think it's wrong to track someone else's mail once they receive it. There are no real-world analogues that are acceptable to anyone.

(Yes, you can track packages sent by USPS, etc... as they're being delivered. Once they land on your doorstep, the expectation of privacy must begin. Imagine if every paper circular or flyer in your physical mailbox sent some signal back to whichever random person or company?)
posted by Jubal Kessler at 7:55 AM on July 3, 2019 [13 favorites]

Pretty much every popular third-party mobile email client is doing something shady. Most of them cache your credentials server-side so they can download all of your mail before sending it to your phone, for reasons. You assume they're all just "POP3 but on a phone", but they aren't.
posted by tobascodagama at 8:02 AM on July 3, 2019 [1 favorite]

A lot of my friends are outraged by this but I'm like "eh, another erosion of privacy". Every single marketing system for mail uses trackers like this already. Here's Mailchimp's documentation on their version. Also pretty much every other form of two way communication has some form of read receipts, as the article discusses. SMS, iMessage, Facebook Messenger, WhatsApp, Signal, ... they all have some facility for telling you if the other side saw your message. And most of them default to turning that on.

I think what's novel with Superhuman is they displayed more data about what they could track. Not just that it was read, but specifically when. And where. That data is available to all these tracking systems and I bet many of them keep the data. But in displaying it Superhuman crossed a line that has offended a lot of people.

As Scott McNealy said back in 1999, "You have zero privacy anyway, get over it." He said that in defense of some creepy privacy invading product his now irrelevant company was making, so fuck him. OTOH the statement is also true in the same way "Information wants to be free" is true whether we like it or not.
posted by Nelson at 8:20 AM on July 3, 2019

It's 2019 and some genius in Silicon Valley thinks that they should build a company on e-mail. People, at least the young people, I know text or message much more than they e-mail. Gmail has got a solid chunk of the market and they do the things people need; integration with phone apps, tagging, and control spam. Maybe people would get into signed, encrypted mail if they actually tried it but that tech has been out for decades. Why would someone put money into this company?
posted by rdr at 8:24 AM on July 3, 2019 [1 favorite]

SMS, iMessage, Facebook Messenger, WhatsApp, Signal, ... they all have some facility for telling you if the other side saw your message. And most of them default to turning that on.

SMS: does not support read receipts-- RCS and MMS do, I cannot discern their defaults
iMessage: off by default
FB Messenger: on, and does not appear to be able to be turned off
WhatsApp (FB): on by default, can be turned off
Signal: off by default

So other than Facebook owned properties, this is not true.
posted by neustile at 8:30 AM on July 3, 2019 [22 favorites]

In Thunderbird, at least, the default setting is to not download remote content when you open an email message, unless the user takes a separate, explicit action to do that.

Likewise the Rainloop webmail thingy.

That handily breaks all the tracking / return-receipt nastiness, and provides a number of other benefits as well. (Lower bandwidth, reduced malware risks, less visual clutter.)

If your MUA doesn't work that way, consider configuring it to do so. If you can't do that (or can't do that easily), consider a different MUA.
posted by sourcequench at 8:30 AM on July 3, 2019 [8 favorites]

I'm somewhat amazed this actually works - all the email clients I'm aware of (Outlook, Thunderbird, Gmail) don't download remote files to avoid this sort of tracking. This is by far not a new trick - email marketers have been doing it for ages for obvious reasons.

What email client does automatically download remote files?
posted by saeculorum at 8:32 AM on July 3, 2019 [10 favorites]

When a shitty thing that can have real-world harm comes to light, I'm beyond weary with "lol what did you expect" responses. The previous existence of read receipts doesn't make it okay to introduce every-time-the-message-is-viewed receipts with a side of geolocation.
posted by sgranade at 8:38 AM on July 3, 2019 [15 favorites]

I should be clear I'm not saying this erosion of privacy is a good thing. I'm saying it's inevitable, at least in the US, because we do not protect privacy online in any useful or meaningful way. Also because the mechanisms of surveillance are so pervasive.

Thanks for clarifying defaults, neustile. With SMS it has delivery receipts but not read receipts; not quite the same thing but close. There really is a difference in kind with what Superhuman is doing compared to these previous systems, displaying the time log and the locations.
posted by Nelson at 8:40 AM on July 3, 2019

This post from the twitter thread:
I don't think I am? If you don't want people to know when you open emails, turn off images, otherwise, it's part of the platform and you made your own bed

I admit I am a quasi ludite so I suppose you could argue that my complete "never heard of this before" status is unique or some how my fault but I think if you did you would be an asshole and I suspect that the vast majority of email recipients don't know this either.
posted by Pembquist at 8:47 AM on July 3, 2019 [1 favorite]

I once faced the sack for failing to turn up at an important company meeting that I "knew" about.

Problem was:
I was on holiday (and the sender knew it and was just keeping me up to date) and had forwarded important emails from my work address to my own private email address just so I could browse them every couple of days.
I actually went away for a long weekend and didn't even see that particular email until several days later (and after the meeting time) let alone open it.
It seem that the "forward" somehow marked the mail as read.
posted by Burn_IT at 8:48 AM on July 3, 2019

At this point, I operate on the assumption that everything I do on the Internet is recorded, cross-referenced, stored in any number of enormous databases, and analyzed by content analysts, lobbyists, salespersons, and Eastern European hackers with grudges. My only consolation is that I am not important enough for anyone to care what it is that I do.
posted by tallmiddleagedgeek at 8:53 AM on July 3, 2019 [2 favorites]

So if you use Superhuman to send an email to a citizen of a European country, are you personally violating European law with every email, or is Superhuman as a company/service provider, or both?
posted by Huffy Puffy at 8:57 AM on July 3, 2019 [9 favorites]

So you can't actually use this mail client without being a Silicon Valley wanker,

aww it's just an early beta signup with a bit of gratuitous gloss, if they have an actually better UI it'd be well worth digging through all the settings to adjust to your personal preferences. If you're worried about pixels and such use the old reliable pine client.
posted by sammyo at 9:11 AM on July 3, 2019

Re: European law (GDPR, or General Data Protection Regulation, in effect since May 2018 in the EU):

Here's what they think re: email tracking. Spoiler: they think it's bad.

"In its current prevailing form, we expect email tracking to be categorically prohibited under the GDPR without express user consent."

"[...] companies whose employees send tracked emails will need to be able to prove that recipients of such emails unambiguously consented to the monitoring of their behavior through the use of embedded tracking pixels."

Superhuman would definitely be in violation, as they are the intermediary between the subscriber and their Gmail account, and they're inserting, via their client software, said tracking pixels. As I read the situation, anyway.
posted by Jubal Kessler at 9:23 AM on July 3, 2019 [4 favorites]

but remember, we aren’t talking about you. We are talking about anyone

This is the key takeaway here.
posted by chavenet at 9:24 AM on July 3, 2019

Yes, I realize everyone wants point-n-drool fancy layout from their email, but I use an email client that deliberately doesn't like the HTML versions of messages, and definitely doesn't download images without me jumping through hoops.

It helps me filter out a lot of idiots who have no business communicating with me. And anyone who's using "read receipts" or tracking bugs that I'm interested in working with will understand that the lack of them occurring is an indication of technical sophistication.
posted by straw at 9:29 AM on July 3, 2019 [4 favorites]

I'm used to being the privacy extremist in the room but on this one I'm not mustering much outrage. It seems so small compared to dozens of other thoroughly entrenched things.

The obvious conclusion is that this world is breaking me.
posted by Zed at 9:34 AM on July 3, 2019 [1 favorite]

What email client does automatically download remote files?

They mostly all default to not downloading from unknown senders, but I think some or maybe many defaults to downloading from anybody in your address book. And since this is a client used by individuals, many of the senders are probably in the recipients' contacts.
posted by COD at 9:38 AM on July 3, 2019 [1 favorite]

Being a complete pedant, I feel the need to point out that SMS has had delivery reports since GSM was standardized in the 90s. Certain US carriers don't support it, but it exists.

That doesn't change the fact that it is an inherently sleazy practice to use trickery to bypass the delivery/read receipt functionality baked into the relevant standard, which has an obvious setting to enable or disable the feature if it is supported in the user's client.

Users do not have a reason to believe that displaying images embedded in an email will generate a read receipt, especially if they told their mail client not to send them even when requested. Even considered in its best light, it is a deceptive practice. That they are also using the tracking image to gather location data takes it from mild deception to a blatant and nonconsensual violation of privacy since the recipients have not agreed to whatever sociopathic terms of service protects the company from its customers/users.
posted by wierdo at 9:39 AM on July 3, 2019 [5 favorites]

It is also deceptive to refer to a tracking pixel, especially if metadata about the request is being stored, as a read receipt. It's like calling a baseball a stick. They are entirely unrelated things.
posted by wierdo at 9:43 AM on July 3, 2019

Another data point about tracking and email marketing, a lot of systems for sending mass emails use link redirection to track clicks on links (e.g. a link to some article in an email newsletter will first go through the Email Service Provider's domain). Even if a user doesn't load images, or gets the plain text version, clicking a link will still register as an open, as well as a click. (I mean, you can't see the links and click through unless you open the email, after all.) So, short of using a service to undo the link redirection, which I suspect would probably register as an "open" and a "click" anyway, you're going to be tracked on this stuff.

Despite being an email marketing person, I'm also the sort of person who has ad blockers on all their devices. Hell, I have a pi-hole on my home network. There's a lot of way too invasive tracking out there, and I want to shut it down. I don't necessarily have a problem with a certain level of tracking, though, more akin to say, web analytics where you know there were x number of IP addresses and requests for this resource, or that resource. I see it as akin to a store knowing how many people walked through the front door. Where I get upset is stuff that tracks what you do after you leave a website, in the same way as I'd be upset if someone from a shop in a mall followed me to the grocery store. That's unacceptable.
posted by SansPoint at 10:03 AM on July 3, 2019

Being a complete pedant, I feel the need to point out that SMS has had delivery reports since GSM was standardized in the 90s. Certain US carriers don't support it, but it exists.

Delivery report and read receipts are very different things! Email has had delivery reports since at least I started using it in 1991. You'd eventually get a bounce if it wasn't delivered. Very different from read receipt.
posted by neustile at 10:25 AM on July 3, 2019 [4 favorites]

That was a good article, and yet the whole time I was thinking "what is the business genome of Jack-the-Nazi's Twitter, genius?" Definitely should have been a "are we the baddies?" moment for the author.

I had someone ask why my emails were all plain text the other day...sigh. Outlook seems pretty good, if you tighten down the right hatches, about not downloading garbage and stripping HTML from inbound messages. Of course, knowing how these things work, the superhumans of the world are probably still tracking me, but thankfully I don't know any superhumans.
posted by maxwelton at 10:39 AM on July 3, 2019 [1 favorite]

So to be clear: as a recipient, if I'm using an email client with the typical default setting of "don't download images unless I say so", I'm safe from this garbage right?

(Hope this isn't too much of a derail, just trying to play self-defense here.)
posted by splitpeasoup at 11:55 AM on July 3, 2019

Now we need an app that finds all these tracker pixels and downloads every one millions of times per minute.

You want information about me? Suck on this fire hose!
posted by M-x shell at 1:03 PM on July 3, 2019 [1 favorite]

Superhuman responds, promises changes.
posted by Nelson at 4:05 PM on July 3, 2019 [1 favorite]

From Nelson's link...
We have stopped logging location information for new email, effective immediately.
We are releasing new app versions today that no longer show location information.
We are deleting all historical location data from our apps.
We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on.
We are prioritizing building an option to disable remote image loading.
posted by shoesfullofdust at 4:53 PM on July 3, 2019 [2 favorites]

Outlook seems pretty good, if you tighten down the right hatches, about not downloading garbage and stripping HTML from inbound messages.

Can it reply correctly now or does it still only top-reply?
posted by GCU Sweet and Full of Grace at 4:54 PM on July 3, 2019 [1 favorite]

Outlook still defaults to top reply, from my experience. Can't wait until I retire and can stop using this crap.
posted by shoesfullofdust at 5:19 PM on July 3, 2019 [2 favorites]

As someone with a career in email marketing, I don't think it's wrong, per se, to tell when an email has been opened or a link has been clicked...

...but I think there's a huge difference between doing this with a mass email communication that was opted-in to, versus an individual-to-individual email.
As someone with a thirty-year career in computer security, I think it is fucked for my mail client to leak anything about what I am doing on my computer to anyone not hosting my mail, and all "email marketing" companies can suck it. I turn off HTML in my mail reader on general principles.

Of course, since we are both MFers, you are specifically not included in my opinion about those companies.
posted by Gilgamesh's Chauffeur at 5:37 PM on July 3, 2019 [10 favorites]

I don't know if I'm just easily manipulated this morning, but that's a solid response from the CEO. I'm not on the email side where I work, but I know we rely on tracking pixels in our marketing emails, as well as on the web site. I've never felt great about it.
posted by emelenjr at 4:21 AM on July 4, 2019

In that statement, seems like there is unacknowledged tension between 'In the prosumer email market, read statuses have been “must have” for many years" and "I would love to find better technology to solve this problem" of making it easier for recipients to turn off pixel tracking. If you do the latter you undermine the value of the former.

This thread reminded me that I've been meaning to post an Ask about whether there are any browser extensions that show you the ultimate destination for those obfuscated click-tracking links in email newsletters.
posted by yarrow at 5:11 AM on July 4, 2019

Asked, if anyone has answers.
posted by yarrow at 5:21 AM on July 4, 2019

The CEO response is pretty solid, in that there's no bullshit, they take the criticism seriously, and they say they're going to make substantive changes.

But I keep coming back to this sentence in the Mike Industries article: "These decisions affect your ethical trajectory as a company." A lot of the article focuses on ethics. What sort of company is it that could build a feature as creepy as this tracking thing and launch it without consideration? What else will they do in the future?

Ethical compasses matter. I worked at Google in the early days when "Don't be Evil" was a real guiding principle for the company. I don't know that Gmail ever considered read receipts in the early days but if it did I'm certain an early conversation would have been about the privacy implications of the feature, with plenty of privacy advocates among the engineers at least one of whom would have literally said "Don't be Evil" in the big executive product meeting that made the final decision. We used it as a guiding principle for all sorts of things and while there's plenty to argue about which decisions Google made early on were evil, at least we were having the argument. (I'm less certain about the company these days.)

Uber is a great example of a company that had completely awful ethics, from the very beginning coming straight from its founder. Ignore local laws to build a predatory business? Of course! Screw your contract drivers at every opportunity to keep costs down? Bring it on. Spy on journalists to humiliate them when they displease you? Sure. It finally got so bad the founder was tossed out on his ear, but it took a long time.

I don't know what's going on ethically inside Superhuman. The CEO's response gives me some hope; the main part of his message is they really just didn't think through the implications of what they were building. They never were even aware they were making an ethical choice. That's an appalling sort of ignorance, but at least ignorance can be repaired.
posted by Nelson at 8:15 AM on July 4, 2019 [5 favorites]

all "email marketing" companies can suck it
Fucking A Right. They're all spammers, basically. I routinely get unsolicited mail generated by Mailchimp or its peer companies that insist all email must be by opt in. They SAY this, but they do basically nothing to enforce the rule, so their customers are free to care *not one bit* and go ahead and spam with abandon.

Every time a new one of those mailing houses shows up, I add it to my org's spam blacklist. I really have no idea why they're not blocked by default by every reputable antispam vendor.
posted by uberchet at 8:56 AM on July 7, 2019 [1 favorite]

« Older Out of Mind   |   "THE STRONG MEN" Newer »

This thread has been archived and is closed to new comments