Hacker News new | past | comments | ask | show | jobs | submit login

> "I am so very sorry for this. When we built Superhuman, we focused only on the needs of our customers. We did not consider potential bad actors. I wholeheartedly apologize for not thinking through this more fully."

> Rare to hear such honesty from a CEO. I don't think I've ever seen a corporate leader admit they didn't consider product security. Concerning? Maybe - but I think it's miles better than the usual "we value your privacy and use industry standard blah blah blah.." canned spiel everyone gets in their inbox after a breach goes public.

A company that has access to your email did not consider bad actors, and that is a "maybe" of a concern for you?




Perhaps I should have included the full context:

"1. Location data could theoretically be used nefariously

This criticism is the most severe. Upon reading the commentary, I have come to understand that there are indeed nightmare scenarios involving location tracking. I should note that we deliberately do not show cities — we only show states or countries — but a determined attacker could still misuse this information.

I am so very sorry for this. When we built Superhuman, we focused only on the needs of our customers. We did not consider potential bad actors. I wholeheartedly apologize for not thinking through this more fully."

This isn't a case of them having invalid SSL certs or improperly validating data sent to an endpoint. This is them building a feature that could have been used in bad ways and not realizing it. To that end, I am not very concerned about product security in this instance, because I have no reason to not trust their honesty.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: