254 comments

[ 3.0 ms ] story [ 172 ms ] thread
This is just email tech playing catch up with instant messaging, twitter, and other communication tools.

At least with email I can block images and prevent the tracking from occurring. I can't do that with facebook or twitter.

This is not correct, and there is even a section in the post rebutting this point (did you read it?).

See "Email clients have done this for years. Even Apple does this with iMessage"

From the article:

> Superhuman doesn’t even let its own customers turn images off. So merely by using Superhuman, you are vulnerable to the exact same spying that Superhuman enables you to do to others.

All superhuman is doing is giving access the same tech that every company uses to monitor emails sent to individuals. If you don't like it (and you absolutely shouldn't), then don't use superhuman and turn of automatic image downloads in your email client.
The problem is that the person that "doesn't like it" isn't the user of Superhuman, it is the recipient, who doesn't get a choice as to what email client the sender is using.
And my point is that a large percentage of emails sent contain tracking pixels already. Privacy conscious recipients should already have automatic image downloading disabled.
This is where the author's dunk on Superhuman became complete.

A Superhuman investor, who does not disclose his interest in the company, pops in to say it's the recipient's responsibility to defend their own privacy, using a method (turning images off) that Superhuman's own product makes impossible for its users.

Wow.

I think this misses the points from the original post, the most critical IMO are:

(1) Recipient generally doesn't know they're being tracked. Even in the argument that 'email is catching up to IM', the recipient always knows that read receipts are turned on -- because it is built into the UI.

(2) Recipient doesn't know they're being tracked multiple times, with multiple locations. Again, in that same argument, messenger doesn't tell you the number of times I viewed your message and where I am when I viewed it.

BTW -- you can absolutely turn off read receipts across both Facebook and Twitter.

Turning off read receipts doesn't actually turn off read receipts, it just does't show the state to the user. Facebook still knows whether or not my message was read.
I thought that this trick was as old as html email, and that (at least) gmail was actually caching images on their side to prevent tracking?
I may be wrong but I believe google cached it after you open the email first. So your IP is hidden and you can't tell how many times someone has opened an email, but you know the timestamp of the first time they do.
The Gmail image-proxy honors the regular http cache headers, so marketing mails get their open rates ‘correct’ but cannot see cookies/ip addresse
Why do e-mail clients still load images by default? This is not a new attack, or even hard to predict.
Because more and more emails are HTML and not text and loading the images is critical to make the emails actually readable.
That's mostly true for marketing emails which nobody wants to receive anyways.
And product emails - receipts, product updates that affect you, account status changes, passwords, etc.
(comment deleted)
I use mutt, and AFAIK I've never missed anything due to it being in rendered into an image instead of included textually in the email. The images are useless static content, not real information rasterized on demand. Sometimes I do get HTML-only emails, but it's usually not hard to find the important stuff, if there is any, among the tags.
(comment deleted)
It’s not very hard to configure (neo)Mutt to display html only emails with w3m in the terminal. Makes it even easier to parse/read them
w3m will still fetch external assets, including tracking pixels. You have to use something like socksify to basically cut off network access for w3m.
Citation needed. Most of these, even if they include images, at least have a text version of the same content in the email because it's actually important for the sender that you can read them regardless of computing environment.
I thought Gmail's solution to this was to always download every image in your email and then proxy the image from their own servers when you view it. This results in a meaningless 100% "open rate" for Gmail and does not reveal an end-user's IP address.
(comment deleted)
> This is correct: https://gmail.googleblog.com/2013/12/images-now-showing.html

No, it's wrong. The first time you open the email, the image is retrieved. It's only subsequent views that are cached. So the sender can still see when you read the email; they just can't see how many times you read it afterwards.

Not quite, the sender still doesn't get location and your browser fingerprint. The receipt of email is still received though.
> Not quite, the sender still doesn't get location and your browser fingerprint.

Yes, but the key question was about the open rate.

The statement:

> I thought Gmail's solution to this was to always download every image in your email and then proxy the image from their own servers when you view it. This results in a meaningless 100% "open rate" for Gmail

is incorrect because

a) GMail does not always download every image in your email

b) GMail does not have a 100% open rate.

You are right, but do not trust in Gmail, because they like to store your data on their servers!
While you're mostly correct, they do not automatically download every image, it only initiates the download when you go to read the email. So they're still letting the sender know when you read the email, but yes they are masking the IP by using their own servers to download it. This can still be disabled if you use the setting to not download images, which is frustratingly unavailable in the gmail for ios app.
Ah, okay. I keep meaning to test this out myself. It's unfortunate that Gmail doesn't mask opens entirely.
They don't necessarily. Thunderbird lately makes me opt-in, or whitelist a particular address if I want. I haven't dug in to ensure that it's 100% rigidly shielded from all possible info leaks (e.g., "blocks img and script but still loads bgsound tags", which is an example of something I've seen before), but it's definitely at least trying to not load by default.
Because some idiot thought it was a good idea a long time ago and if they turned it off now there would be a widespread user backlash complaining that every non-human written email they receive is just "blank squares with a click to load button".
Not all of them do. Check out FairEmail on Android. It actually shows you the tracking pixels it doesn't load
Apparently big players like Google can preload and cache for others, somewhat mitigating img tracking/attacks.

Maybe clients could use Tor to limit the damage when img are needed but not necessarily trusted.

How would caching work if it is a (uniquely) _tracking_ pixel?
They cache the image when the email is received, not when it is opened.
Which would break tracking because open-rate would be 100% even if the user is on vacation.
(comment deleted)
Desktop email clients I know don’t load images by default, neither does gmail (well it does but it’s proxified) so this is quite literally not an issue
Does a proxy really help if the url is parametrized? Even if they do some param stripping a wildcard subdomain can easily get around that.
A proxy helps not to expose your IP and user agent which is good enough in most cases.
While this may be "what aboutism", I noted that the post sets a cookie on your browser by just visiting the site.

Considering the person is saying how bad it is to have a tracking pixel in email, the site that hoats this article can now do similar things by putting that cookie in your browser

Not quite the same. With email pixel tracking, anyone can theoretically obtain your broader geographical position just by sending you an email via Superhuman.
Yeah. I guess they try to offer the customer something extra. But this doesn't look like to be the thing they should offer.
In order for pixel tracking to work, one has to open the email and load the pixel. I don't think you can track someone just by sending an email.
This has been the case since always. It just wasn't as obvious to users because consumer-oriented mail software didn't include it.
You requested the page from their server so they know you visited. Setting a cookie doesn't do anything unless you come back to the same site, at which point you request the page and they know again anyway.
That assuming e.g. your IP address doesn't change. Cookies can be used for tracking - in this case they aren't though, the cookie for me is "resolution: 1920,1", which is set by this inline script:

    <script>document.cookie="resolution="+Math.max(screen.width,screen.height)+("devicePixelRatio" in window ? ","+devicePixelRatio : ",1")+"; path=/";</script>
I can't tell what it's used for (seems unused in the other JS files), but as far as cookies go, that seems pretty benign.
Feels like the kind of thing one would write if they wanted to keep track of whether to serve you "retina" @2x-sized images in the future or something.

In fact, that's pretty much what it is. This looks like it comes from an older version of the Adaptive Images WordPress plugin: https://wordpress.org/plugins/adaptive-images/ (there's a very similar version of this code in the adaptive-images-front.php file).

The WordPress install would use this cookie to resize an image to send to your browser.

Could that itself be used for tracking? Sure, but you'd need at least a few other signals as screen size and DPR aren't all that unique across most devices.

Can I turn off tracking pixels in Gmail?
You can disable loading images in Gmail, which has the same effect.
not for gmail for ios.

As for desktop - there are a few pixel blocking chrome extensions that are great for this too

You can turn off loading images by default on the web-based Gmail client under the general tab in settings.

It's not possible to disable loading of images on the iOS Gmail client.

Gmail intercepts tracking pixels at Gmail's server, if you use gmail's client. The sender gets the "open" event and time, but not the client into (IP, etc)

http://go/so/20379732

Thanks, so I can't stop senders from knowing I opened an email?
Note that Gmail defeats the location tracking and browser fingerprinting features by proxying all image requests. So while the read receipts do work, you are not leaking your location or your browser fingerprint to the sender even if you leave image loading on.

https://gmail.googleblog.com/2013/12/images-now-showing.html

Thanks, so I can't stop senders from knowing I opened an email?
You can, but you have to disable image loading (like any other email client) because any image may have tracking information in it.
google, on the other hand, knows all of that information.
Oh god superhuman. What a hype train. Finally got an invite...only to learn they don't support Android? And really, only support entirely Mac-based workflows?

I mean from a baby startup maybe that's reasonable, but in this case, with all the hype, I think not.

My guess is a very well connected founder who was able to get his VC friends to hype the tool, make it elite and club-like, and from there, profit.

I look forward to seeing them go down in flames more than most other elitist, stupid startups around.

It's also Gmail only, which they are pretty up-front about in the puff pieces.

Almost every fancy email app I've used has had cross platform issues early on. It's always either iOS or Android only, often little desktop supports (zero for linux) besides maybe some half-baked web site. etc, etc.

Superhuman is hardly new in this context. The mac/ios only first approach is super common for better or worse.

Not having Android support is frustrating, for sure. However, I've come to appreciate the flow of only being able to really manage email on my laptop. I use the gmail app on Android so I get notifications and can send off a quick response, but I don't feel like I need to do anything else there, like set a reminder for myself or mark it unread. I know it'll still be in my inbox when I get to a computer.

Also, I've been using it fine on Linux, except that it didn't support Firefox when I tried it.

> only support entirely Mac-based workflows?

I believe the application is Electron based too, so it's not even a technical reason to make it platform specific.

This sort of open tracking with geoIP based location has been around for a while. There are numerous GMail add-ons that provide this functionality eg. Streak there are equivalent's for other clients too.

This is written as if Superhuman are the first people to do this, that doesn't justify the behavior but there are others to blame here and the precedent was set prior to Superhuman's implementation with these email tools

After reading this I'm now more interested in the showerhead he loves so much and seems so enthusiastic about. It does have great reviews online so I might have to pick one up now.
It’s a Commando 450.
Nearly every email marketing platform does this for every email they send already, and that’s part of why thunderbird has had images off by default in email since a really long time. (Or maybe I set it that way years ago, but at least it’s an easy setting.) Is it weirder because it’s mail from an individual? I guess so.
I think you answered your own question. Email marketing platform? Yes they do track emails, but only providing the data for open rates, not a list of timestamps and locations where you opened the email.
CRMs do. Just about every email-sending tool collects that data, even if they don't show it to you in the UI.
Mixmax provides a list of timestamps and location.
Most do provide location, if the client doesn’t mask the IP.
Probably... maybe? Certainly I'd be weirded out if an online catalogue employee had found my name, decided to look at the geolocation data on the tracking pixel and was devotedly interested in where and when I decided to admire the latest in chinese tech.

But I think the point is that this is much less likely than on a personal email, and if you don't know the person then it's a little less creepy because it has no emotional meaning to the "stalker"

It's strange that we put more faith and trust in sociopathic-by-design corporations (which are just large groups of people you don't know, but who have some interest in you) than in humans we willingly correspond with.
No it isn’t. Corps are too big to care. An individual with specific interest in you can be far worse.
I mean, yeah I am weirded out by that, and don't like it. And I'm not trying to be (too) snarky, but seriously, what did you think people would do with this technology?

HTML email + IP to location + simple automation has driven the multi-billion dollar Martech (marketing technology) market for years. The feature set you are describing has been standard for a years now:

- They all use tracking pixels/logos-in-signatures for read receipts

- Read receipts aren't boolean "someone read this!" but instead track when, how many times you opened it.

- IP to location is used to understand location and route the lead/opportunity to the appropriate sales rep.

- Email User-Agent fingerprinting is done to track device type

- Most have automation, that allow you to automatically re-mail or even phone dial someone who has just opened an email after certain conditions are met.

This is fairly basic technology, glued to together, creating powerful platforms for marketing and direct sales. On a site like HN, how could any of this come as a surprise?

Virtually all sales and marketing teams use this technology (including the author's company where they use Hubspot).
And those are opt-in, I hope. Otherwise it's unsolicited commercial email, in other words, spam.

Superhuman is an email client based on Gmail, so it's not only to send commercial emails to people that have agreed to receive commercial emails from you (and you've hopefully gotten them to opt-in to your privacy terms as well).

That doesn't make it any less creepy.
1. I do not expect emails from my friends and family to include tracking pixels. So yes, this is not just "weird," but also social-engineering: It exploits people who are not Superhuman users, who do not opt into being tracked, and do not expect to be tracked by emails from friends and family.

2. If there is a tracker, the second thing I expect is that it tells people whether I read the email. I do not expect it to also track location. Well, being an HN user I do. But the typical email recipient (who I repeat is NOT a Superhuman user) does not expect to be geotagged when they open an email from friends/family.

3. If I do figure out that I'm being geotagged, I am going to think it's like Google, some sort of thing that goes into the cloud and is sold to optimize my advertising or what-not. Nobody opens an email and thinks that the person who sent it to them will be told where they were when they opened the email.

In my opinion, "weird" is not the word for any of the three things I've listed. It is not nearly strong enough to describe taking advantage of people's (possibly flawed) model for how email and tracking works.

Every time you reply to an email it includes your location, and almost no one knows this either.

Everyone who uses email is basically agreeing to a contract that they haven't read, and wouldn't understand even if they had read. Usually this doesn't matter, but occasionally weird things happen as a result.

That's not to say that anything goes, but it's also important to look at this in context.

>it includes your location

To be specific, it shows your public IP, right? Using a VPN means this will not show your location, correct?

It shows your IP address to the machine you submit your message, and that SMTP server doesn't add the IP address in a Received: header, as mine does not, nobody else will know what IP address you used.
Same with Superhuman. They get location from the IP address, so using a VPN would "mask" your real location.

Disclosure: SH user.

I think the problem is person on receiving end doesn't know that. also, at marketing level it happens with all mailchimp and other campaigns, but this is so explicit at the individual level.
"Every time you reply to an email it includes your location, and almost no one knows this either."

No it doesn't.

If you're talking about leaking client IPs in received headers, some providers (including gmail) have excluded this information for some time.

If you're talking about the timezone in the Date header. Fair enough. Someone can figure out what timezone you're in. Unless you change it to just be UTC or whatever.

Or are you talking about something else?

> If you're talking about leaking client IPs in received headers, some providers (including gmail) have excluded this information for some time.

Sure, in the same way that some mail clients (like Thunderbird) don’t load tracking pixels by default. But if we’re going to talk about ethics and user expectations, I think that’s a reasonably fair comparison.

I don't think it's like that at all. I just sent my self an email from a gmail account, yahoo account and outlook live account. Not one of them included my IP address in the headers. I think your information is a bit out of date.
I mean in that case these services are just sending the email on your behalf, so it's their IP address that is included. But if you're sending the email yourself then it will be your IP address.
That might have been a valid argument in 1999, but in 2019 it's difficult to send an email yourself from a consumer IP address and actually have anybody on a major provider receive it. Major email infrastructure doesn't support those users any more; they're mostly irrelevant to the discussion.
Gmail et al. still add the headers if you send the message through an actual email client though, just not if you send it through the web client. And I'm guessing that the vast majority of email users still use email clients at least some of the time, given that they work much better on your phone and they're the easiest way for consumers to have a backup of their email.
I run my own mail server, and my mail is never rejected. It is still an option, and it works as well as it ever did.
I don't think he meant sending the mail yourself to the destination domain directly (which would indeed be blocked due to plenty of reasons), I think he meant connecting to your email provider's SMTP (over the 587 "submission" port so it's not blocked by ISPs), authenticating and then sending the email. The provider will relay the email to its final destination, but your original IP would still appear in headers.
(comment deleted)
What about when using email clients? They are far from rare.
Superhuman isn't an email marketing platform. From the article:

> Superhuman’s competitors are Apple Mail, Gmail, and Outlook. Exactly zero of those companies insert a tracking pixel into their emails. Furthermore, both Outlook and iMessage use Read Receipts that are turned off by default and controlled completely by the receiving user. In other words, when you buy a new iPhone or start using Outlook, no one requesting an Outlook or iMessage read receipt can receive one without your explicit permission. Furthermore, even if you do turn those on, it’s a simple one-time receipt… not a log of times and geolocations every time the recipient views the message.

Yep - I work on an email platform and tracking pixels are common.

However, the ones I work on only record the time that a given email was opened ... BY DESIGN they do not include WHERE that email was opened, the IP address of the reader or anything else, because a) that's just creepy and b) it's not necessary to measure the impact of a given campaign.

Recording the time that an email is opened with a tracking pixel, is also creepy and not necessary. Stop it.
Good thing you're the final arbitrator of that, here to tell us how it is.
The people you're sending these tracking pixels to should be the final arbitrators. So are you willing to have them reply yes/no to a form that says: "Do you wish to transmit the time at which you opened this email to $marketing_company". If not, why not?
"Recording the location that a photo is taken with hidden metadata, is creepy and not necessary. Stop it."

Just try living in reality instead.

IIRC next version of iOS is adding in automatic stripping of these when sharing. If not iOS, some other big player.
Sure, after what, twenty years of it being the default?
You broke the site guidelines repeatedly in this thread. We ban accounts that do that, regardless of how right you are or how wrong other people are or you feel they are. Would you mind reviewing the site guidelines and sticking to the rules when posting here?

https://news.ycombinator.com/newsguidelines.html

Necessary? Perhaps not.

But frequently requested/demanded/wanted by email marketers? Yep.

And, perhaps surprisingly, open tracking (when used effectively) serves to reduce unwanted email.

Say you run a really popular store--tons of loyal customers who genuinely want to know about your sales/specials/coupons/whatever, tons of different marketing channels. When you send an email campaign, you want to be able to tell whether increased traffic is due to that campaign versus some other marketing, so you track link clicks (fingerprinting each link in the email). Presumably this isn't generally considered unethical (if it is, is server-side request logging problematic as well?).

You, the hypothetical marketer, want to know which category your campaign falls into for your recipients: "hate it" (marked as spam, you usually get notification of that from the mailbox provider), "don't care about it" (never opened it/filtered it into purgatory/deleted it), "maybe care about it" (opened it but didn't click), or "actually want it" (opened it, clicked on something).

Open tracking is important to disambiguate "don't care about it (and might start marking as spam if they get another email from me)" from "was interested, but not enough to click on a link". If there are no clicks, and really low open rates, it's a sign to stop emailing those people immediately, or else they might start marking the email as spam and get your sender reputation penalized, which is very bad for business. If there are no clicks and good open rates, it's a sign that people are interested, but your content might suck/have display issues/be poorly put together and need to be improved.

Because of this dynamic, being able to track opens with reasonable fidelity (sure, people can block images or spoof opens if they want) is key to reducing spam and low-quality marketing content in many cases. Businesses suffer pretty directly and immediately if they don't back off from sending tons of crap to non-openers.

I know this probably seems alien to a lot of the HN email-using demographic, but there are large swaths of people that very much do use marketing email heavily to stay informed and buy things, and they willingly agree to receive a lot of it.

This isn't a blanket statement that "all activity tracking is inherently ethical" or anything, just that, in this case (and given that email marketing and facilitators thereof aren't going anywhere) this particular kind of tracking, while sometimes ethically dubious, has a bright side.

Source: I work for an email marketing provider.

Exactly this.

Sending email has a cost, however small, and it's better to send things people engage in and enjoy ... which is why knowing click through and open rates is useful.

Did you read the article? The author addresses this specifically. Justifying bad behavior with existing bad behavior is counterproductive.
From a design standpoint, It would be nice if email clients had an option to hide image placeholders if images are also blocked from loading.
having an email client that automatically loads images is insane. it means that any spammer / scam emailer can immediately tell if their emails are getting into your inbox vs. being filtered and they can then see where you live, and target their next spam / scam to that geographic location and/or try to find out who you are, etc.

a mail provider like fastmail could in theory be loading image links in emails they will deliver to their users and store them into their own local cache, rewriting the email your client receives so that you see the images served off of your email hosting provider's servers. that would be a straightforward way of preventing any sort of image link tracking across the board, is this a thing?

This is something I've been wondering about for quite some time, particularly given that large providers can hash the images and conserve storage space by storing only a single copy of the image per hash.

I would suspect there are privacy implications of google caching what's behind every image tag in an email, in addition to the massive traffic / CPU spike such a thing might cause to retrieve the image and hash it, particularly for a very large email campaign. (But I don't know).

[Edited to include this link, which I found in another comment here] "Gmail will now serve all images through Google’s own secure proxy servers." https://gmail.googleblog.com/2013/12/images-now-showing.html

Yes, iirc (though don’t quote me on it) gmail started doing this a while back. Not loading them when the email was sent, but proxying and lazy-loading.
I seem to recall Gmail doing this a couple years ago. I was working for a marketing company at the time and there were questions as to how we'd track metrics for Gmail addresses since Google would essentially "open" every email and load the images on their servers for their users.
I don't see anything unethical about Superhuman using something that's part of the platform for literally every other business email application (as the author mentions: Salesforce, Mailchimp, etc). Sure it's a little creepy, but this is a silly hill to die on.

The author compares tracking email opens and locations with looking into your neighbor's window and seeing them naked. What's different about the latter is that it's actually illegal (look up "peeping tom laws"). Storing someone's public IP address and using it to guess their location is not illegal, and shouldn't be -- we have massively faster internet from things like DNS targeting that do exactly that.

If you're going to go after people for tracking user locations then there are much bigger fish in the sea than Superhuman.

EDIT: It looks like GDPR does go after the big fish here, which is email tracking in general: https://www.gdpreu.org/compliance/email-tracking/

> In its current prevailing form, we expect email tracking to be categorically prohibited under the GDPR without express user consent.

Wait...so "tracking email opens and locations" is different from "looking into your neighbor's window" because the former is legal, but then you mention that email tracking is illegal?
I disagree, and believe IP tracking through email tokens SHOULD be illegal!
Are other people doing it? -- So that is a reasonable test for ethical behavior? Wow. Other platforms similarly unethical behavior is NOT justification for lack of ethics. That might be a financial argument, but it is absolutely not a reasonable approach to ethics.

Legal vs. illegal is also not an appropriate basis for proper behavior. I think if we all used that standard for our personal interactions society would rapidly descend into chaos.

Ethics is relative, what one person deemed to be ethical might be not be for other.
Ethics is not all that relative. Does SuperHuman allow tracking pixels for INCOMING emails from non-SH users by default? That would at least be non-hypocritical.
Not only does it have them on by default, you can't turn them off. It's in the article that we're all commenting on. In bold.
The behaviour of others is absolutely something that should be considered when deciding if something is acceptable behaviour.

Acceptable behaviour in a mosh pit is not acceptable behaviour in a grocery store check out line, because of how others are already acting and the pre established norms.

(comment deleted)
In these sort of articles, I wonder why the author never considers benign intentions.

The conversation could have easily been

"Read receipts are a useful feature." "Yeah. Let's add them"

And that was it. Lots of people are not privacy focused and don't think of this as a problem, so it would never occur that their seemingly benign feature could have bigger consequences.

It's pretty easy for people who care to "turn off read receipts" by disabling images or blocking it through proxy/vpn/whatever.

I personally don't like read receipts, so I will likely not use superhuman. I just don't view it as some major problem.

It's pretty easy for people who care to "turn off read receipts" by disabling images or blocking it through proxy/vpn/whatever.

What about non technical people who have no way of learning that they are being spied upon?

Likewise, "turn off read receipts" and "disable images" seem like two different things.
My thesis is that if you care about being tracked enough that you'd want to turn it off, you're also technical enough to do it.

I may be wrong.

Go find a non technical person and ask them these two questions:

"Do you care if your ex-girl/boyfriend can tell every time you read an old email s/he sent you?"

"Have you disabled loading images by default in your email client?"

You will see that you are wrong.

EDIT: decided to listen to my own advice and conduct a (very non scientific obvs) twitter poll.

https://twitter.com/harryh/status/1146120438432616450

You're ignoring the vast majority of people who aren't aware that it's possible yet would care a great deal if they knew about it. In fact, that's the whole premise behind tracking pixels. It's victim blaming.
Sure, never assume malice when it could be just ignorance/stupidity. But at the end of the day, this is a major product and service ($33M in VC funding so far [0]). Even though the author tweets (and includes the screencap) "Superhuman is a surveillance tool that intentionally violates privacy...", my impression overall was that his main complaint was about a company's culture and ethical decision-making process:

> Second, I want to talk about why this particular issue is so important. Not why privacy is important; we are all already learning that the hard way. Rather, why making ethical decisions at the earliest stages of your company is important.

> When a company first forms, there are no norms or principles guiding how its people should make decisions. It’s basically just what’s in the founders’ heads. With each decision a company makes, its “decision genome” is established and subsequently hardened...

In other words, if this is a decision Superhuman made early on and embedded into its main product, then, the author argues, we should be very wary of its culture, and how it will weigh-in on privacy issues going forward. It's from this claim that the author seems to have built his anger on.

Read receipts have been a feature of email and messaging clients for at least more than a decade now. Among the tech-literate, the tradeoffs and potential problems/controversies are well-known, such that opting-in (or out) of read receipts is a near-ubiquitous option in every service's account settings. I'm sorry, but it really stretches plausibility to think that Superhuman put in as little thought about it as you propose.

[0] https://www.crunchbase.com/organization/superhuman#section-o...

> It's pretty easy for people who care to "turn off read receipts" by disabling images or blocking it through proxy/vpn/whatever.

Setting aside the difficulty, being pressured to disable a generic feature (image loading) for a degenerate use case of that feature (user tracking) is annoying.

We thought about this a lot at Boomerang, and decided to do it in a more recipient-friendly way by making read receipts visible & opt-out (and excluding all location information). Our read receipts were well received but we still get a lot of requests for more comprehensive read receipts. It’s tough to balance.
The author does, explicitly, consider benign intentions. But beyond serving as a read receipt it also includes location data and timestamps for each 'read' which is much harder to consider as due to a benign intention (from the perspective of the recipients).

Other email clients support 'read receipts' without using tracking pixels. It's not impossible that Superhuman chose to use tracking pixels for a good reason, but I can't think of one and I haven't read of one either.

How do they do that without tracking pixels?
They use Message Disposition Notifications.
I got an invite, scheduled a conference call, and the lady said she I need to screencast how I'm using Gmail. I told her that I'm not letting a stranger peek into and record my Gmail inbox and she said that I cannot sign up without this step, so, I refused, and they lost the income from me. Typical overhyped SV crap. Should rebrand to "Subhuman".
This is bananas. Why would anyone need that in the first place? I can't come up with any remotely valid reason.
Rahul has written volumes on the SH onboarding process. They train you to use the product so you will actually use it.
But anyone can do that without screensharing the person's own screen. It's called good old fashioned coaching and teaching.
I told the lady that I have over 35 years of software development experience and I've used all kinds of software and I don't need guidance and I do, I will reach out to them, but she was stubborn and lost a customer. I tweeted to Rahul and the team, but got no response so far! Well... This is not a scalable business model. But the lady was clear: "Superhuman is not for everybody!" Alrighty then!
Over 15,000 users paying $30 per month. $260 million valuation. Perfectly scalable. If you'd like to learn why you're wrong, I encourage you read one of the many lengthy, sincere, and detailed articles with the founder of Superhuman, starting with this one. https://www.drift.com/blog/how-to-measure-product-market-fit...
When you say it's "perfectly scalable", what are you using as your reference? That is, what other SaaS has $30/month pricing, especially one in a field as crowded as email and work messaging (i.e. Slack). Obviously, SH is far from having, or needing to have, a finished business plan, and it seems likely that the $30/user won't be the default offering or main breadwinner. But that raises the question of why that number is relevant in the first place when assessing SH's viability.
Well, I pay $5/mo for SaneBox as I always forget to unsubscribe and delete it's pathetic labels. Many of us pay for useless stuff. But some point, we stop, and then the company tanks.
You don't need a screenshare to accomplish this. I'm amazed by how much people buy into a companies bullshit and then defend it online.
I literally bought it into, both as a customer and investor. :-)
Well, valuations change. Sell!
And did you update your email signature in the way the OP suggested? Specifically, do you let everyone getting email from you know that you not only track that read it, but when they read it, and even where they were when reading it?

I ask, because that would be the ethical way to handle what this app is doing for you.

I don’t need to be told that an electronic communication may be tracked because I was born after 1980. Why do you?
You should have disclosed that you were an investor in the first comment you made.
Literally, every glowing review I have seen comes from a related party, whether it is an investor, employee, or friend of the CEO.
That's extremely high for an email client that only runs on a single OS, but if that's true, that's 450k/month or 5.4M/year. How do you get to 260M valuation?
Because anyone who becomes an SH customer will be giving them access to their gmail account anyway. AFAICT it is a third party enhancement to one proprietary service (gmail) and SAAS, not a general mail program.
Why? IMHO, and from on-boarding a bunch of folks for my startup, it's because it makes teaching you the software easier and more personal. If you aren't comfortable doing it, that's fine; but I believe it's designed to make the on-boarding of folks better.
I also told her I couldn’t share my screen or inbox and she said that was fine and walked me through onboarding with voice. Agree it was creepy to even ask.
If you're already using Gmail, how privacy conscious can you be?
Very, apparently. Would anyone care to explain?
I use GMail with the understanding that Google has access to my activity and content. However, I trust Google to not divulge* my activity and content to other email recipients and senders. That's enough privacy for me in my normal email usage.

* disabling the option of blocking image-loading in the iOS GMail app is definitely an aggravating and inexplicable tactic, to the point I'm starting to looking into switching away from GMail as my provider.

haha. op has a point about privacy but this is also accurate.
It's a much bigger company under much stricter rules and regulations. It's well understood that a small startup will have a much more lax security posture around customer data than the trillion-dollar technology company.
If you don't trust them enough to see your email inbox, you probably shouldn't be considering them as your email provider at all.
Are you implying that everyone should run their own email servers or is there any email provider company that you are willing to screen share your personal email account with?
It's pretty clear: I'm saying if you don't trust an email provider to view your email -- they shouldn't be your email provider.
I trust engineers. I don't trust people who do the onboarding.
I use Superhuman; they didn't ask me to do this in on boarding.

That said....using Superhuman (or any similar third party app connected to gmail) involves giving them access to your entire gmail account.

It's odd they wouldn't let you onboard without that (they used a zoom screen recording with me, and it was fully within Superhuman), but you're not really sending them anything they don't have access to if you signup.

Should have signed up for the $60 a month plan…
One of the many reasons I love Little Snitch [1], which among other things is great at notifying you and allowing you to block requests for external resources when reading mail.

https://www.obdev.at/products/littlesnitch/index.html

Thanks for the reminder, buying it now :)
I'd prefer my email client to not load external resources at all. If it attempts to do so (and I have to use a separate firewall to prevent it) I'd consider the email client defective.
Email marketers have been doing this for a very, very long time. As someone who used to work in adtech, my reaction was "well of course they're doing this, every other email marketing tool does it."

Personally I think email software should all turn off third party requests by default. If you want images, use data urls or attached images.

Superhuman isn't an email marketing tool, and it's not opt-in email.
The amount of pixel-tracking apologists make red herring arguments in these comments is proof that tech, and probably specifically SV tech, is not ready to embrace privacy.
I hate tracking pixels, read receipts, and all similar stuff. The only thing worse than lack of privacy, though, is privacy theater, and that's what we've had. It's a good thing for more people to realize that this stuff happens all the time, so they can take action about it if they want to.
That sounds like an accelerationist position: instead of having some remnants of privacy, make them lose it all so they realize the value and take action to get back full/more privacy.

What if the revolution never happens? Then what little "privacy theater" stood between the corporations and the users is swept away. When corporations need to show some restraint, even if only to not appear completely evil, at least it's some restraint.

You and I must have very different ideas about what "privacy theater" means. To me, privacy theater is the _illusion_ of privacy not real privacy.

So, removing "privacy theater" does nothing to your actual privacy and only shows you how exposed you really are.

I'm generally opposed to accelerationism because it's too black-and-white. When there's some good to preserve, that's usually worth preserving. However, in this case I think we're already at the bottom since these methods are used regularly. Having a coworker know whether I read their email is the most benign version of tracking (even though I still don't like it).

The difference to me is that accelerationism says "it's bad; let's make it worse so that people will realize they need a revolution". Anti-theater says "it's bad; let's tell people know how bad it is".

Don't assume the noisy few on "hacker" "news" represent the quiet many.
> no matter what email client you use

Nope, not my email client, Emacs/Mu4e simply flat out won't notify you by any means that I have viewed the e-mail.

Man, the world has gotten weird. Its like people forgot emails were actually just text.

Because for almost the entire world they’re not.
Aside from remote images, they store all of your emails on their servers. Not sure why they don't receive the same scrutiny that other email apps like Edison have [1].

I've heard enough fishy stories from former engineers there — people should think twice before logging in and letting them ingest your full account history (as with any third party email app, which Gmail is already cracking down on [2]).

[1] https://www.macrumors.com/2018/07/02/third-party-email-apps-...

[2] https://www.androidpolice.com/2018/10/08/google-updates-gmai...

Edison packages up info from user emails and sells that on the data market. Maybe Superhuman isn't doing this (yet), and therefore aren't being scrutinized for this security/privacy lapse in the same way.
I do not think this is true. I'm pretty sure it's all locally stored aside from "scheduled emails" which are temporarily stored on their services before they are deleted.

Note: I'm not using Superhuman currently, but tried it briefly a few months ago.

I think what gets me is the juxtaposition of the brand name and this functionality. Superhuman sounds like it should be all about making the email sender more productive. And not about tracking time-stamped geotags of my actions as the receiver.
Streak has been doing this forever, why is this new news?
Now do Tout. Or Yesware. Or Salesforce. Or every CRM ever invented. Or LinkedIn posts by Premium users. Also hilarious you think that Superhuman competes with Outlook.
Not trying to be too much of a conspiracy thinker but 227 points in 1 hour should give the first spot on HN (it was though) but now it's on #12. Are the investors pulling some strings?
You don't know how many people have flagged the article or not. There was a very sudden drop, so something happened, but it's impossible to give the actual root cause unless you're on the inside of HN itself. I'd assume flags over any sort of conspiracy here.
I saw the drop and wondered if there was something afoot, then talked myself off that ledge and assumed this was probably some kind of normal flag like ring detection triggered, etc.

Interesting additional note, though, the title has (relatively recently) changed to "Superhuman embeds tracking pixels in user emails" versus the actual article title of "Superhuman is Spying on You"

Yes, this post fell down unusually fast. May not be HN specifically but perhaps a large, motivated SF cohort.