IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Premium email firm Superhuman ends pixel tracking after backlash

The email plugin startup removed read receipts by default after accusations of surveillance

A premium email startup which gained notoriety for letting users see who opened their messages and the location they were opened, by default, has apologised and promised to change its service.

Superhuman, a plugin for email accounts that aims to speed up emailing, came under fire for using 'pixel tracking' by default and without consent from those that receive messages sent from users of the service.

But, after a number of complaints and a critical blog post that went viral, the company has issued an apology and promised to change its service.

Faster Emails

A lot of people became aware of Superhuman via a New York Times profile. Under a picture of a diamond-encrusted 'new message' pendant, the startup was described as a premium app for speeding up emails with AI-powered shortcuts and quirks. One of the reasons it attracted such attention was because it's a $30 a month service and invitation only - aspiring users need to fill in a questionnaire about their email usage to determine whether they need it.

"We have the who's who of Silicon Valley at this point," the company's founder Rahul Vohra, told the NYT. It's alleged that 180,000 people are on a waiting list to use the service. "We have insane levels of virality that haven't been seen since Dropbox or Slack," Vohra added.

What these people are supposedly desperate for is an app that plugs into their existing email account (currently only works with Gmail and Google G Suite addresses) that promises to speed up the process of emailing others. There are features that let users undo sending, buttons to automatically pull up a contact's LinkedIn profile, an "instant intro" shortcut that moves the sender of an introductory email to bcc, and a scheduling feature, which sees that you're typing "next Tuesday" and automatically pulls up your calendar for that day.

But one feature that was briefly mentioned in the piece caught the attention of users on Twitter; email tracking.

Read Receipts

"Superhuman is a surveillance tool that intentionally violates privacy by notifying senders every time their emails have been viewed by recipients," Mike Davidson, a VP at InVision, tweeted. "I would never trust this company. Only way to make sure your own privacy isn't violated is to disable images in your own email app."

Later, in a blog post that went viral, Davidson explained out that the email tracking, called 'Read Receipts' on Superhuman, is a default setting for the service. He wrote that the read/unread status of an email is not something the receiver can opt-out of. He showed an example of an email he had sent via Superhuman.

"A running log of every single time you have opened my email, including your location when you opened it," he explained. "Before we continue, ask yourself if you expect this information to be collected on you and relayed back to your parent, your child, your spouse, your co-worker, a salesperson, an ex, a random stranger, or a stalker every time you read an email. Although some one-to-many email blasting software has used similar technologies to track open rates, the answer is no; most people don't expect this. People reasonably expect that when - and especially where - they read their email is their own business."

Pixel Tracking

Every time you view an image while browsing the Web, that image is stored on a server and downloaded to your computer. As such the host server has knowledge of where that computer is and when it downloaded the image. 

This technicality can be used to embed a tiny image, often a mere pixel wide, into web pages and emails, which can be very difficult to spot or transparent.

As such, opening an email with such an image in it triggers a download from a server which effectively exposes the time the recipient opens the email and the computer's location, essentially serving at the foundations for automatic read receipts. 

As Davidson's example showed, the emails not only show when they were opened but also where they were opened. So in a sense, Superhuman could be used to track the location of people by simply sending them an email. This is down to IP addresses as the downloaded tracking pixel records it - this how the internet determines where your computer is physically and digitally. Criminals sometimes exploit this to work out if a house is empty and ripe for looting.

The Outcome

The exposure Superhuman received in the NYTs quickly turned to controversy, but the company has been swift to offer a fix. CEO Vohra posted an apology in a blog and said that effective immediately, Superhuman will stop tracking locations, will delete existing location information and will turn off read receipts by default.

"When we built Superhuman, we focused only on the needs of our customers," he wrote. "We did not consider the potential bad actors. I wholeheartedly apologize for not thinking through this more fully.

"We are removing location information in all read statuses for all emails sent with Superhuman, effective immediately. This will also apply to emails sent in the past."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022