The downside of giving app users too many superpowers

The superhero with X-ray vision who can see through buildings is probably guilty of some pretty substantial privacy violations. Same for the one with invisibility. Or the one who can fly and hover outside people's windows.

What makes those superpowers so, well, powerful, is that they give their holder information about other people without those other people knowing.

Indeed, benefiting from the vulnerability of others is basically the entire premise of superpowers.

Similarly, if you're a tech startup offering users those kinds of superhero abilities, you're probably treading a pretty fine line.

Such is the case with the aptly named startup Superhuman. Over one month, the email client went from being the most buzzed about, hotly anticipated app to being the centre of the latest privacy controversy.

The email tool offers features such as artificial-intelligence-enabled triage (separating the urgent messages from the inbox clutter), the ability to undo sending an email and insights about recipients based on social media.

According to a gushing New York Times article, the company reportedly has a waiting list of 180,000, raised $33 million US in investment and has become a must-have among Silicon Valley execs, even prompting some to send gifts to the startup's office in the hope of bribing their way onto the invitation list.

The cost of superpowers

But what's propelled the company into a storm of controversy is their use of pixel tracking to provide users with read receipts. Indeed, superhuman powers come at a cost.

While read receipts are fairly common, these weren't just any read receipts.

The scandal, which started with a viral blog post by Twitter's former vice-president of design, Mike Davidson, was that the $30-a-month subscription email service let its users spy on other people, automatically tracking when and where recipients looked at a particular email.

Davidson explained how the much-hyped email client was providing users with a running log of every single time a recipient has opened their email, including their location when they opened it.

His conclusion: They have "mistaken taking advantage of people for good design. They've identified a feature that provides value to some of their customers (i.e. seeing if someone has opened your email yet) and they've trampled the privacy of every single person they send email to in order to achieve that."

Swift as the viral backlash against Superhuman may have been, so too was the ensuing apology from the company's founder. Rahul Vohra explained that effective immediately, the company would stop tracking location, delete existing location information and turn off read receipts by default.

How pixel tracking works

In case you're still wondering what pixel tracking is, or how it works, here's a short explanation:

When you get an email with an image embedded — usually from a store or a mailing list you signed up for, where the whole email is graphically laid out using HTML like a webpage, as opposed to an email from a friend with a few photos of their cats attached — those images aren't actually in the email; they're on a server.

When you open the email it sends a request to the server to download the image so you can see it. From the server's perspective, it's getting a request for an image, and in order to deliver it, the server needs to know where to send it.

In the process, the server ends up with two valuable pieces of information: when the request for the image came in (and subsequently, when the email was opened) and where to send it (where you are when you are reading the message).

Pixel tracking is what occurs when that transaction is recorded.

Understanding this, clever designers realized this process works even without a big splashy image. Indeed, they could use one pixel and make it invisible by embedding it on a background of the same colour, so users wouldn't even be aware of the process. But they'd still be collecting that information.

Pixel tracking is widespread

While Superhuman may be under fire for the way they've opted to use this tool, pixel tracking isn't new, and its use is widespread.

Have you ever been curious why all the banner ads change within Google or Facebook when you've been searching a topic, or how one website can know about your activity on an entirely different site a few days earlier? Or how a newsletter you subscribe to seems to know if you've read their most recent email?

That's pixel tracking.

Indeed, your entire web experience is powered by tracking and information exchange, in one form or another.

And while there are ways to restrict the use of tracking pixels, such using a browser extensions that make tracking pixels visible, or making your email and browser settings as restrictive as possible, requiring your permission to load external graphics, the reality is, pixel tracking isn't always a bad thing.

"It's made the internet a lot better because a lot of that data powers so many improvements to user experiences and content decision-making. It's kept the Internet more accessible for more people because of the ad-funded model," says Christopher Berry, the director of product intelligence for the CBC (which is in the ad business, so to speak — it gathers information on web visitors but doesn't track or sell personally identifiable information).

'We did not imagine the potential for misuse'

"The internet is an inherent surveillance system. It is built around tracking what people do, where they go, and where they come from," says futurist and technology analyst Jesse Hirsh.

The difference with Superhuman, he says, is it "fuelled people's desire to conduct their own surveillance."

As part of his thread of apology tweets, Vohra wrote, "We did not imagine the potential for misuse. Now we are learning and changing," effectively summing up not just Superhuman's missteps, but most of the tech industry's biggest stumbles.

But that raises the question, are new technologies destined to be invasive? Is it possible to design the hot new thing without violating people's privacy in one way or another? If the allure of digital tools is to make us into superpowered versions of ourselves, is there a way to build them that doesn't give us inside information or advantages at the expense of others?

Berry says that, while there is clearly a market of individuals willing to trade in privacy for profit, consumers and designers should think differently and build tools for a market that "values their privacy to the point that they'd pay for email."

Hirsh, on the other hand, isn't so sure. "People are seduced by the power of surveillance," he says. "Spying on other people is growing in demand. Perhaps people have given up on their own privacy and decided, if you can't beat 'em, join 'em, and are thus spying on whomever they can."

As Superhuman's waiting list seems to suggest, people want superpowers. But while they may like the power they get by having more information about others, they're less comfortable with people having that information about them.

That's when the bad press happens, and perhaps, where the business model starts to fall apart. After all, email is a two-way street, and with a tool like this, you're only the one doing the spying when you're the one pressing Send.