Email App Superhuman's Superficial Privacy Fixes Do Not Prevent It From Spying on You (mikeindustries.com) 32
Mike Davidson: It took an article I almost didn't publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that. I will say, however, that I'm a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn't actually fix. [...] Let's take a look at how Superhuman [an email app that charges users $30 a month] explains their changes.
Rahul correctly lays out four of the criticisms leveled at Superhuman's read receipts: Location data could be used in nefarious ways. Read statuses are on by default. Recipients of emails cannot opt out. Superhuman users cannot disable remote image loading. However, he also omits the core criticism: Recipients of Superhuman emails do not know their actions are being tracked or sent back to senders. Superhuman said it was keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. Mike adds: This addresses the concern about teaching customers to surveil by default but also establishes that Superhuman is keeping the feature working almost exactly as-is, with the exception of not collecting or displaying actual locations. I've spoken with several people about how they interpreted Rahul's post on this particular detail. Some believed the whole log of timestamped read events was going away and were happy about that. Others read it as: you can still see exactly when and how many times someone has opened your email, complete with multiple timestamps -- you just can't see the location anymore. That, to me, is not sufficient. "A little less creepy" is still creepy. Also worth noting, "turning receipts off by default" does nothing to educate customers about the undisclosed surveillance they are enabling if they flip that switch.
Rahul correctly lays out four of the criticisms leveled at Superhuman's read receipts: Location data could be used in nefarious ways. Read statuses are on by default. Recipients of emails cannot opt out. Superhuman users cannot disable remote image loading. However, he also omits the core criticism: Recipients of Superhuman emails do not know their actions are being tracked or sent back to senders. Superhuman said it was keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. Mike adds: This addresses the concern about teaching customers to surveil by default but also establishes that Superhuman is keeping the feature working almost exactly as-is, with the exception of not collecting or displaying actual locations. I've spoken with several people about how they interpreted Rahul's post on this particular detail. Some believed the whole log of timestamped read events was going away and were happy about that. Others read it as: you can still see exactly when and how many times someone has opened your email, complete with multiple timestamps -- you just can't see the location anymore. That, to me, is not sufficient. "A little less creepy" is still creepy. Also worth noting, "turning receipts off by default" does nothing to educate customers about the undisclosed surveillance they are enabling if they flip that switch.
Superhuman (Score:2)
They aren't going to get rid of the ability to stalk people with read receipts without their knowledge or consent. That. Is. What. They. Are. Selling.
Re: (Score:1)
A million services have metrics for a million things. A million apps and websites (agnostic to things like OS, obviously).
"We don't care" as long it's happening in an abstract way that's oh so haaaaard to understand, and is basically invisible=nonexistent. Until someone finds a way to make the databases JoeSixpack-palatable and then it's "oh wow oh man how is this even legal oh jeez rick my insurance will know about things I did on their affiliate's site there needs to be a law or something this is so creep
Re: (Score:3)
Perhaps what we should really do is help spread the word that if you enable images in email, you will be tracked.
Still underhanded to perform large scale surveillance embedded in private email from people you might think you can trust.
Hurry while supplies last - FREE Shipping! (Score:3)
Time to go back to a text only e-mail interface? (Score:2)
So, let me embed a 1 pixel "image" into the e-mail causing the email client to try to go back and get the image that I can use to track it. Somehow I don't think using a PINE email client would bother with this, and in fact would show an image tag in the text window letting me know what kind of silliness is going on.
Wondered what would happen if I:
1) knew where a good source for illegal porn was located
2) included a bunch of 1 pixel images going back to said source
3) sent an anonymous email to a partic
Re: (Score:2)
I don't think we need to go to PINE. GUI apps support plaintext emails, and there's no technical boundary preventing those apps from always defaulting to plaintext.
It's mostly a social problem. People insist on using HTML. They want cute little pictures in their heavily formatted signatures. I'm surprised we don't see movies embedded in flash games embedded in PDFs embedded in our emails.
If we could agree that email should be text-only, making that happen is trivial. The problem is that we don't all
What do you mean "back to"? (Score:2)
I am still using Alpine for my mail.
If I want to read/store/manage email on my phone, I open a terminal, ssh to my server, and run Alpine. It works well.
Non issue (Score:1)
Re: (Score:2)