Move slow and do privacy right

Superhuman, a startup company who have built a new email client, have recently sleepwalked into a privacy minefield by embedding location-aware "tracking pixels" into all their emails by default. This meant that if a Superhuman user sent you an email, and you opened it, and you loaded the remote images in the email, the Superhuman user was notified that you had read the email (a "read receipt") and was told what country you were in.

Tracking pixels are not new, they are used all over the internet - but the location-tracking bit has rightly freaked people out. To be fair to Superhuman, they seem to have realised this secretive data collection is creepy and are making the right changes - they have recently stopped tracking location and turned read receipts off by default. Also (and this is a good tip for everyone) - tracking pixels don't work if you tell your email client to not load remote images.

The problem here is not that they are collecting data, but that there was no way to notify the recipient of the email of what was being tracked, and ask for consent. It just silently collected the data without you knowing. What's concerning is that they knew this, and built the product like that anyway. This echos the Facebook motto of move fast and break things, something which has become a symbol of everything that is wrong with amoral tech startups.

At Chronic Insights, we're moving slowly and doing things right instead. I'm currently writing the privacy policy for our app, which explains as clearly and plainly as I can how we will handle users data when we release it onto the Google Play Store, and it's taken a long time to get it right. Because most users don't read privacy policies, we're also designing the app to highlight the most important bits with explicit consent dialogs when you turn on the relevant features.


For example, if you enable the optional support and bug-fixing feature to help us evolve the beta version (instant messaging with our developers via Intercom), details about your device and approximate location are collected - that's why we use an explicit consent dialog before it's turned on to ask your permission to collect this, and it's entirely optional.

This is really basic privacy stuff, and it needs to become part of software development design from the start. Given that GDPR is a thing now, it's really not okay to build a new product that doesn't do privacy right. If in doubt, just stick to this guiding principle: ask yourself what Mark Zuckerberg would do, and then do the exact opposite.

James Allen