This article was published on July 3, 2019

‘The world’s greatest email app’ is a privacy nightmare

Superhuman isn't all that super.

‘The world’s greatest email app’ is a privacy nightmare
Matthew Hughes
Story by

Matthew Hughes

Former TNW Reporter

Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

Superhuman bills itself as the world’s greatest email client. It should, given how much it costs; users of the app pay $30 a month for a subscription. It justifies that cost by being as feature complete as possible. It includes an array of keyboard shortcuts that expedite the most tedious parts of managing correspondence.

And controversially, by default, it sends emails with an included tracking pixel. This allows the sender to see whether the recipient has opened an email. It also shows the time the email was opened, the recipient’s physical location, as well as the quantity of times an email was opened.

This feature is proving extremely controversial. One part of the problem is that the feature is turned on by default, and Superhuman doesn’t make an effort to obtain the informed consent of email recipients.

Indeed, even many users of the app were unaware of its existence. “I use the app and didn’t even know about the tracking part,” wrote Owen Williams, journalist and software developer, on his popular Charged blog.

This is probably a controversial opinion, but I don’t believe that read receipt tools are inherently problematic. My take is a bit more nuanced.

I think that in some industries, the practice of monitoring email open rates is so commonplace, you essentially work under the assumption that every bit of correspondence you receive will include a tracking pixel. Just like by taking a flight, you consent to being frisked, by working in sales or technology journalism, you consent to this type of surveillance.

The problem here with Superhuman is threefold: firstly, many tracking tools inform the recipient as a matter of routine. As we’ve mentioned, Superhuman doesn’t.

Mailtrack is one of the more popular read receipt tools.

Secondly, not everyone operates under the assumption their email activity is being tracked. If you received an email from your grandmother that included a pixel tracker, you’d probably feel a little bit perturbed – and rightfully so. By design, Superhuman further erodes the expectation of privacy, which in 2019, is looking more and more like an endangered species.

Finally, there’s an overall uneasiness about putting such sophisticated surveillance tools – for that’s what they are – into the hands of ordinary consumers, and what that means for how people interact with their network of friends and colleagues. As Mike Davidson, former VP of Design at Twitter, put bluntly: “Superhuman teaches its user to surveil by default.”

If email trackers become an everyday tool, how will that change our behavior? Products like WhatsApp and Slack already have transformed us into always-on automatons. Ubiquitous read receipts could increase the already-huge pressure to be perennially available to one’s colleagues and business partners, further diminishing the ability to disconnect from the Internet.

And worse, I fear they’ll change our collective expectations of other people. There’s something true about the old adage “ignorance is bliss.” Do we really need to know when – and how often, and where – someone opened our email?

One of my favorite films, Batman: The Dark Knight, has this iconic quote from Aaron Eckhart’s character, Harvey Dent: “You either die a hero, or you live long enough to see yourself become the villain.” I couldn’t help but think of that line when reading about the Superhuman furor earlier this morning.

In a matter of days, Superhuman has gone from being the subject of a fawning New York Times profile, to the foremost privacy bête noire of the Internet. How it bounces back is entirely up to the company’s leadership.

It can accomplish that by turning read receipts off by default for all users, and by instilling an immutable sense of consent into the feature. Email recipients should be able to opt-out of the kind of surveillance exhibited by Superhuman. Until then, this app is defective by design.

Update (July 4, 2019): Superhuman has now disabled read statuses on previously sent emails, and has stopped logging location information for new emails. The company is also turning off read receipts by default, though the feature will still be available to those who choose to use it.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with