Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Software

Email App Superhuman's Superficial Privacy Fixes Do Not Prevent It From Spying on You (mikeindustries.com) 32

Mike Davidson: It took an article I almost didn't publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that. I will say, however, that I'm a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn't actually fix. [...] Let's take a look at how Superhuman [an email app that charges users $30 a month] explains their changes.

Rahul correctly lays out four of the criticisms leveled at Superhuman's read receipts: Location data could be used in nefarious ways. Read statuses are on by default. Recipients of emails cannot opt out. Superhuman users cannot disable remote image loading. However, he also omits the core criticism: Recipients of Superhuman emails do not know their actions are being tracked or sent back to senders.
Superhuman said it was keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. Mike adds: This addresses the concern about teaching customers to surveil by default but also establishes that Superhuman is keeping the feature working almost exactly as-is, with the exception of not collecting or displaying actual locations. I've spoken with several people about how they interpreted Rahul's post on this particular detail. Some believed the whole log of timestamped read events was going away and were happy about that. Others read it as: you can still see exactly when and how many times someone has opened your email, complete with multiple timestamps -- you just can't see the location anymore. That, to me, is not sufficient. "A little less creepy" is still creepy. Also worth noting, "turning receipts off by default" does nothing to educate customers about the undisclosed surveillance they are enabling if they flip that switch.
This discussion has been archived. No new comments can be posted.

Email App Superhuman's Superficial Privacy Fixes Do Not Prevent It From Spying on You

Comments Filter:
  • They aren't going to get rid of the ability to stalk people with read receipts without their knowledge or consent. That. Is. What. They. Are. Selling.

  • by AndyKron ( 937105 ) on Monday July 08, 2019 @04:32PM (#58892922)
    This article is only for people who are willing to pay $30/mo for email. The next article is also for them and it's about a bridge that's for sale.
  • So, let me embed a 1 pixel "image" into the e-mail causing the email client to try to go back and get the image that I can use to track it. Somehow I don't think using a PINE email client would bother with this, and in fact would show an image tag in the text window letting me know what kind of silliness is going on.

    Wondered what would happen if I:
    1) knew where a good source for illegal porn was located
    2) included a bunch of 1 pixel images going back to said source
    3) sent an anonymous email to a partic

    • I don't think we need to go to PINE. GUI apps support plaintext emails, and there's no technical boundary preventing those apps from always defaulting to plaintext.

      It's mostly a social problem. People insist on using HTML. They want cute little pictures in their heavily formatted signatures. I'm surprised we don't see movies embedded in flash games embedded in PDFs embedded in our emails.

      If we could agree that email should be text-only, making that happen is trivial. The problem is that we don't all

    • I am still using Alpine for my mail.
      If I want to read/store/manage email on my phone, I open a terminal, ssh to my server, and run Alpine. It works well.

  • This isn't new (at all) and shouldn't be on Slashdot. This is email marketing 101. I do wonder if there's some deliberate astroturfing around this company. Every marketing email you've ever received has a tracking pixel in it. This is why Gmail (and recently Y!) mail both added an anonymous proxy for loading images in email -- this means that not only does the sender not get your IP, but at most they'll only know the 1st time you loaded the email (subsequent requests are usually served from a cache). This

Time is the most valuable thing a man can spend. -- Theophrastus

Working...