1. 7

  2. -1

    Dumping on SuperHuman for using what email clients give them to work with is cockeyed.

    Many many other services abuse this umm-feature of email / www.

    The problem is how email clients work.

    The problem is they all piggy backed onto a misfeature of the web and browsers…. ie. To get platform neutral formatting of text they render the email as html and send that.

    Since html permits tags email permits it.

    Since html permits the src url to differ from the web url, the WWW has been abusing this for trackers and counters for decades.

    The standard does this for various almost good reasons (allows caching and CDN’s)

    Since the email client loads this on opening… you have the privacy mess that SuperHuman is using.

    But that is no different from the WWW. It’s exactly the problem of the WWW. The only difference is it’s now easily and absolutely and obviously correlated to your email address.

    Is this the only service misusing this? Is this only possible on email? No, not even close.

    It’s just for the first time somebody you know and hopefully cares about you (the sender) gets to intrude on your privacy.

    As opposed to the far far more common case of a megacorp who doesn’t care about you intruding on your privacy.

    1. 2

      The problem is how email clients work.

      Many clients allow you to disable loading remote content.

      Here’s an article that tells you how to do that for gmail, mac mail, ios mail, and outlook: https://www.imore.com/how-disable-image-loading-gmail-apple-mail-outlook-and-more (The article shills some products too, but it was the best I could find)

      1. 1

        ie. Converts a working email client that formats properly and displays image content into a non-working email client.

        You can also do this with browsers and we all did this in the Bad Old Days of very slow dialup links.

        The UX was crap so now we have adblockers and tracking blocker add ons (at least in firefox) for browsers.

        Good luck getting that for any email client. its strictly destroy your UX or destroy your privacy.

        To stop this class of tracking you’d have enforce all senders to ship all the media with the client (can be done, but won’t be done!)

      2. 2

        Except other implementations don’t tell you every time the recipient opened the email and where from. Read receipts in emails are bad as it is, but to brand this bullshit as “read receipts” is disingenuous.

        1. 1

          That’s security on the WRONG side. ie. You relying on the sender to use a well behaved client, and in the current realm, you, as a recipient, cannot have a well behaved properly formatted client, because misbehaviour is baked into the de facto standard of html mailers.

          And even if your sender is well behaved, that merely means you’re not leaking your private matters to your friends who care about your welfare, only to megacorps who don’t.

          Personally I think SuperHuman should be applauded for making the gross deficiencies in the de facto email standards obvious.

          Maybe when some better standard comes up we will all get off our butts and shift to it.