> "I am so very sorry for this. When we built Superhuman, we focused only on the needs of our customers. We did not consider potential bad actors. I wholeheartedly apologize for not thinking through this more fully."
> Rare to hear such honesty from a CEO. I don't think I've ever seen a corporate leader admit they didn't consider product security. Concerning? Maybe - but I think it's miles better than the usual "we value your privacy and use industry standard blah blah blah.." canned spiel everyone gets in their inbox after a breach goes public.
A company that has access to your email did not consider bad actors, and that is a "maybe" of a concern for you?
"1. Location data could theoretically be used nefariously
This criticism is the most severe. Upon reading the commentary, I have come to understand that there are indeed nightmare scenarios involving location tracking. I should note that we deliberately do not show cities — we only show states or countries — but a determined attacker could still misuse this information.
I am so very sorry for this. When we built Superhuman, we focused only on the needs of our customers. We did not consider potential bad actors. I wholeheartedly apologize for not thinking through this more fully."
This isn't a case of them having invalid SSL certs or improperly validating data sent to an endpoint. This is them building a feature that could have been used in bad ways and not realizing it. To that end, I am not very concerned about product security in this instance, because I have no reason to not trust their honesty.
> Rare to hear such honesty from a CEO. I don't think I've ever seen a corporate leader admit they didn't consider product security. Concerning? Maybe - but I think it's miles better than the usual "we value your privacy and use industry standard blah blah blah.." canned spiel everyone gets in their inbox after a breach goes public.
A company that has access to your email did not consider bad actors, and that is a "maybe" of a concern for you?