Superhuman describes itself as "so fast, delightful, and intelligent — you'll feel like you have superpowers". A large part of these superpowers, however, include tracking the recipients. By including a tracking pixel in every email (since the scandal, the user now has to toggle the feature on, but it's still there), Superhuman users could see every time someone opened an email sent by them.
What Superhuman does here, is nothing new. Marketers have done it for ages: Companies love email for marketing campaigns. Because email by default does not respect your privacy. When marketing people send you a newsletter, the email usually loads external content (e.g. images).
Instantly, you are being tracked: IP address, the browser you are using, and more information is being transmitted to the sender.
That is one of many reasons why Tutanota originally started to build a secure and privacy-focused email service.
Tutanota offers you an email service that automatically protects from those tracking methods:
The so-called Read Receipts by Superhuman, on the other hand, are highly problematic. These do not work like Outlook's read receipts where the recipient has to click to let the sender know that they read the email. Instead, the read receipt status switches as soon as the recipient opens an email - whether they want this to happen or not.
The recipient does not control this, no, he doesn't even know that he is being tracked in such a way. Mike Davidson who originally broke the story says that when Superhuman users turn on the read receipt feature, they should be shown a message like “by turning on Read Receipts, you are monitoring your recipients’ actions without their knowledge or permission. Are you sure you want to do this?”
The main problem is: The Superhuman Read Receipt feature is simply unethical. The fact that Superhuman happily enables all their users to use such a tracking method denies everybody their right to privacy, including their own users.
By using it, Superhuman users track all of their recipients without asking them for permission.
However, to the normal email user there's no real benefit in this. Unless you want to call the person as soon as you notice they opened your email and shout at them why they haven't replied yet.
So, in a good-case scenario, this feature is simply ignored because there's nothing you can do with it.
In a workplace situation, however, it is very likely that everyone feels pressured to always reply. This leads to superfast, superficial ping-pong replies.
And then, after a long day of work, you can congratulate yourself because you have written hundreds of emails so you must have really worked hard today.
We need to take a step back, slow down and focus on what is important.
Email is only a tool to communicate to get work done. Mind you, we say this, and we are providing an email service!
'Doing email' is not working, it is, unfortunately, much too often - procrastinating. Just sending quick replies like "Sounds good. Do let me know if you have any questions." is not getting work done quicker. It's adding to the workload by being pressured to replying to every email.
As both sides feel this pressure, you will be stuck with endless, meaningless replies.
We're so used to this constant string of replies from WhatsApp and Slack that we forget what communication is truly about: Sending meaningful information. And for this, tracking the recipient is obsolete.
This privacy scandal of Superhuman is just a symptom of the Silicon Valley ethos: Innovation is all about simplifying. If protecting privacy causes irritation or adds another click for the user - e.g. accepting to send a Read Receipt - it is most likely omitted.
Building privacy protections into the foundation of a product is, unfortunately, still the exception rather than the standard. Even worse, when flaws are exposed, superficial solutions are usually presented as they don't threaten the core of the product.
When new, privacy-invasive services like Superhuman can be hyped as the next best email solution, we have a problem. Yes, protecting privacy causes friction. Yes, protecting privacy requires an extra effort from the developers - and, thus, time and money.
Nevertheless, when looking at what is to gain, it is well worth it. Because privacy matters. With proper privacy protection enabled, no Superhuman sender can track when you open an email. For example, Tutanota does not load images by default. To load images, users must actively click in their email received in Tutanota. While this, of course, adds friction, it is the only way to prevent the tracking by privacy-invasive senders - be it from Superhuman users or from marketing agencies.
Instead of adding privacy-invasive features, ethical email should be the standard.
The fight for privacy continues.