Professionalism/Mike Davidson, Rahul Vohra, and Superhuman

Introduction[edit | edit source]

Superhuman is a startup email service that ran into trouble in 2019 when its lack of privacy was discovered. Mike Davidson, a former VP at Twitter, revealed that Superhuman was embedding tracking pixels in their emails which logged the time and geolocation every time someone read an email.^[1]

Superhuman[edit | edit source]

Superhuman is a software product that is built to increase user email efficiency and productivity. It has many different uses and features including scheduling messages, organizing mass emails, providing insight from social networks, and follow-up reminders.^[2] Accounts typically cost $30 per month, but many users claim that this software saves them money.

One difference between superhuman and other similar products is that only select people can actually purchase a software subscription. In order to create an account, you must either be referred by another trusted user or sit on a waiting list after applying for an account. Even before being granted access, potential clients have to fill out an onboarding survey that details what kind of employees will be using their software.^[3] This exclusivity creates prestige for tech companies that are granted access and also allows superhuman to closely monitor who is using their software. This can create a potentially dangerous feedback loop, where Superhuman only has users that are okay with their practices regardless of how ethical or unethical they may be.

Tracking Pixels[edit | edit source]

Tracking pixels are HTML code snippets that take advantage of how images work in email and allow people to gather information on when people open an email containing the tracking pixel, how many times the email was opened, what kind of email application they use, their operating system, and most potentially dangerous, the IP address of the email receiver.^[4] To implement a tracking pixel, normally a small 1x1 pixel image is uploaded to the user's website and then embedded in an outgoing email. Whenever the email is open and the image is requested from the website, all the detailed information is given to the website. This information can be recorded and organized so that a sender can know when, where, and by whom their email was opened. This is why many email applications like Gmail ask you if you are sure you trust loading the images in an email and make you click “load images” or something similar. Not all email applications include this though, such as Yahoo. Many different companies embed tracking pixels in the marketing email they send out.

Mike Davidson[edit | edit source]

Mike Davidson is a Vice President at InVision, a company that helps design faster software products with clients like PayPal and Amazon. On June 30, 2019, Mike Davidson called out superhuman for unethical features in their software. Mike published a blog post on his personal website called “Superhuman Is Spying on You”.^[5] Mike demonstrated that superhuman allows users to add read receipts to emails they send out with tracking pixels. All subscribed users have easy access to this feature, which is also turned on by default.

Davidson's Concerns[edit | edit source]

In his blog post, Davidson outlined his concerns surrounding Superhuman. Davidson felt Superhuman's "Read Receipts" feature could result in dangerous situations for users and receivers of messages sent with Superhuman because of the log of timestamp and location of message activity available to users.^[5] Davidson also took issue with the feature being opt-in by default and the message that this sends to users, suggesting that it creates an underlying theme of surveillance. Davidson cited stalking and harassment as potential consequences of the feature, offering a scenario in which a stalker could use the location data in the log to put their subject in harm's way. Davidson discussed that Superhuman's use of tracking pixels and ethically questionably practices could alter the company's "ethical trajectory" and potentially normalize privacy violations in the technological and personal worlds.^[5]

Oppositions to Davidson's Concerns[edit | edit source]

Some industry leaders, such as Delian Asparouhov, voiced their opinions on Davidson's blog post. Opposers cited naivety and a failure to keep up with evolving technology as the reason some could fall victim to Superhuman's capabilities.^[6] They felt Superhuman should not be held accountable for any dangerous situations that emerged from the "Read Receipts" feature. Also among opposers to Davidson's blog post were Superhuman investors, who defended Superhuman and its capabilities.

Other Companies[edit | edit source]

"Supertracker"[edit | edit source]

Delian Asparouhov, an opposer to Davidson's blog post, founded "Supertracker", an open-source application that allows users to embed tracking pixels into their emails or website. Asparouhov felt that while Superhuman's capabilities were acceptable, in order to protect their own privacy, independent users could use his software with similar capabilities.^[6]

Companies Using Tracking Pixels[edit | edit source]

Technology that enables read statuses (pixel-tracking) already exists and is widely employed by many.^[6]

• Main automation software: A range of mail automation software, including MailChimp, PersistQ, SendGrid, and MailTrack exist. These are often used by large-scale newsletters and magazines to track open rates and help clients gain insight into who is viewing their publication.
• Email and Messaging Clients: Apple Mail, Gmail, and Outlook have read receipt features that can be turned on by the user. However, when they are turned on, they indicate than an email or message has been read only if the receiving user has given permission. These send one-time receipts rather than an activity log like Superhuman. Apple Message also has the option for the sender to let the receiver know when they have read the incoming message.^[6]

Superhuman's Response[edit | edit source]

In response to the backlash, Rahul Vohra, CEO and founder of Superhuman posted a blog on the company's website.^[7] He identified and responded to four main criticisms, as summarized below.

1. Location data could be used in nefarious ways.

   Vohra states this was an oversight from neglecting to consider bad actors in Superhuman's design. He then announces that location information will be removed from all previous and future emails sent with the service.

2. Read statuses are on by default.

   Read statuses will now be off by default. According to Vohra, it defaulted to on because "demand for read statuses is so high that it has now become table-stakes."

3. Recipients of emails cannot opt out.

   Originally, Vohra points to other services or ways for recipients to prevent email tracking. A later update adds that Superhero now has this feature and instructions to configure it.

4. Superhuman users cannot disable remote image loading.

   Vohra claims few people had requested this ability, but it will now be prioritized.

Lessons in Professionalism[edit | edit source]

Vohra’s Response[edit | edit source]

In Rahul Vohra’s response, he reflected on the main criticisms and offered a transparent glimpse at the company’s thought process.^[7] He offered a seemingly sincere apology that was backed up with immediate changes to alleviate some of the concerns. Some argued that he could have done more, but his response is a great example of recognizing criticisms and a willingness to address them. A sincere and honest response can help continue the discussion and exemplify good faith.

Read Statuses[edit | edit source]

Read receipts are a common feature in many messaging apps like iMessage, Twitter DMs, and Facebook Messenger. Despite the commonalities, these apps never faced the backlash that Superhuman did. The main controversy stemmed from its collection of location data. As Davidson mentioned, this info could be misused and might constitute an invasion of privacy.^[5] Another less-obvious reason is that Superhuman recipients can’t opt-out,^[8] while those other services enable people to turn off read receipts. Even after Superhuman disabled location tracking, it remains controversial since the recipients still can’t consent to this tracking beforehand. Since they are automatically opted-in, many recipients are still unaware they’re being tracked and don’t utilize apps that block tracking pixels. Finally, users were automatically opted-in, and studies have shown users are more likely to keep the default option.^[9] By having it as the default, it resulted in more people using the service and involuntarily infringing on the privacy of their correspondents. As such, companies should be cautious when choosing default options and only collect necessary data.

Ubiquity Argument[edit | edit source]

A common defense of Superhuman is that tracking pixels are already widely used. However, there are several flaws with this defense. First, it’s a victim of the belief that something is justifiable because others are doing it. In fact, there are several adages about this, i.e. jumping off a bridge because your friends are. There are several historical cases where a formerly common practice is condemned today (see slavery). Second, it is an example of a technology relatively harmless at scale, but potentially more harmful at the human level.^[6] When marketers use tracking pixels, they are assessing the overall behavior in certain demographics and generally not looking at a specific user’s data. Superhuman took this technology to a more personal level; it’s not a spammer or marketer tracking you, but a friend or colleague. Given that personal open-rate data is rarely actionable,^[6] it’s unclear why the feature is needed. Therefore, it’s important when designing something to identify what aspects may be individually harmful and reduce them.

References[edit | edit source]

1. ↑ https://www.geekwire.com/2019/super-concerned-superhuman-seattle-tech-vet-takes-issue-new-email-app-spying-users/
2. ↑ https://techcrunch.com/2019/06/27/my-six-months-with-30-month-email-service-superhuman/
3. ↑ https://www.drift.com/blog/remarkable-product-onboarding/
4. ↑ https://en.ryte.com/wiki/Tracking_Pixel
5. ↑ ^{a b c d} https://mikeindustries.com/blog/archive/2019/06/superhuman-is-spying-on-you
6. ↑ ^{a b c d e f} https://www.newyorker.com/tech/annals-of-technology/what-the-superhuman-controversy-reveals-about-the-shifting-ethics-of-software
7. ↑ ^{a b} https://blog.superhuman.com/read-statuses-bdf0cc34b6a5
8. ↑ https://lingomine.io/library/563/feed_entries/2254
9. ↑ https://medium.com/@tanayj/the-power-of-defaults-976bc8b015b7