How HEY Protects Your People

How HEY Protects Your People

I recently signed up for HEY (from the makers of Basecamp). The benefits of this service for you as an end-user are clear. And with how they’ve implemented this anti-tracking, HEY protects your people too. Your family members, your colleagues, your business partners. Read how.

I received an order confirmation and wanted to forward it to a family member, who isn’t using HEY (yet). HEY flagged that the email had tracking enabled…

If HEY blocks the tracking for you, but you then forward the email… What happens?

Good stuff, that’s what.

HEY on Spy Trackers

First, let’s check out HEY’s overall stance on Spy Trackers. Here’s the relevant section:

HEY manages this protection through several layers of defenses. First, we’ve identified all the major spy-pixel patterns, so we can strip those out directly. When we find one of those pesky pixels, we’ll tell you exactly who put it in there, and from what email application it came. Second, we bulk strip everything that even smells like a spy pixel. That includes 1x1 images, trackers hidden in code, and everything else we can do to protect you. Between those two practices, we’re confident we’ll catch 98% of all the tracking that’s happening out there.

But even if a spy pixel sneaks through our defenses (and we vow to keep them updated all the time!), you’ll have an effective last line of defense: HEY routes all images through our own servers first, so your IP address never leaks. This prevents anyone from discovering your physical location just by opening an email. Like VPN, but for email.

I first thought this might work like NoScript, Privacy Badger, or uBlock Origin. Where the tracking is prevented from loading, but is still there. Basically, keeping a lid on it. So I decided to email their customer support.

Yep. There’s an email service provider with real humans providing customer support in 2020.

How it Works

Spoiler alert: I was wrong! When they say strip, they literally mean strip. Here’s what the friendly (and prompt) response from their team explained:

Look at those time stamps! Now that’s service.

They don’t pass along the trackers, they strip them out. Link tracking gets more complicated because of UTM parameters and probably other things that I’m not aware of. But this is undeniable progress.

Sidebar: How it Used to “Work”

Quick note on how I used to handle this. I would disable image loading on all emails by default. This meant email HTML/CSS styling regularly broke and looked bad. But I did know that the tracking wouldn’t be passed through. It worked “well enough” but not really well at all.

Some unethical senders would try to get around this by sending all-image emails, requiring you to load the images. Then try to Unsubscribe but it’s a hassle, etc. (That’s where The Screener comes in with HEY.)

Your Choice

This falls somewhere between a virtuous cycle and a positive externality. Basically, when you choose an ethical service like HEY it creates a protective bubble that extends to the people around you. In other words, it partially breaks the tracking chain.

I’m not sure the technical term for this. If you know, please tell me!

Conversely, the same applies. Companies taking a different approach allow tracking to proliferate. They harvest and share information. This is especially concerning when you consider the intimacy of your email.

When you choose technology, you don’t just choose it for yourself. You choose it for the people around you, too.

More on HEY

Check out the blog post below that I wrote about testing and sending HEY-friendly emails using MailChimp (one of the leading email marketing platforms).

Apple’s New Privacy Features Are Good For Bootstrapped Founders and Small Business Owners

Apple’s New Privacy Features Are Good For Bootstrapped Founders and Small Business Owners

This week, Apple announced a slew of new privacy features for iOS and Safari. There’s a lot of hand-wringing online about how these are good for consumers but bad for business. The Internet is built on surveillance after all, they claim. I disagree and think the opposite is true.

I believe Apple’s privacy-conscious approach is good for small business because it will: focus on what matters, increase trust in technology, and accelerate the web. It’s an equalizer.

If you’re trying to “build an ATM” as many investor-backed companies are, this makes things harder because it makes it harder to calculate all the conversion rates and different user behaviors to scale up exponentially. But if you’re a small business, these things matter less.

Curious about the intersection of small business marketing and privacy? Read my write-up about how Basecamp’s new HEY email service and MailChimp can co-exist.

Focus on What Matters

Corporations don’t know you. Not in any meaningful sense of the word. But they use surveillance to track customers, remember our birthdays, and collect literally as much information as possible at all times—”just in case.” They may be able to harness this tracking data and afford teams of data scientists to nudge you into buying things you might not need.

Small business owners sign up for free tiers of web analytics, email marketing, and CRM software. Or maybe they have a consultant come in and set things up. Free works because they’re strapped for cash. But they don’t have the time in the day to use all this data. They barely have time to use any of it. And if they don’t solve other more pressing problems (more on that in a second), they’ll never “grow into” these platforms.

Disabling tracking will force small business owners to consider other platforms that collect less data. Instead, data that they can actually use to inform decision-making. Early on, data rarely tells you how to build your business. It’s a combination of customer understanding, intuition, and luck. You need to focus on who your customers are, what they’re buying, and what you’re selling them. Business is not a statistics project.

Less is More (A Case Study)

How do I know small businesses don’t use these tools? Because I run a sales consulting business doing exactly this. I’ve helped customers get setup using these tools (Hubspot, MailChimp, Copper, Google Analytics, etc.) Let’s talk through a case study based on two projects I’m working on right now.

OSHdata is a market research project studying Open Source Hardware. My co-founder Steven Abadie built a clean and simple website using Gatsby and analytics using Fathom (here’s an affiliate link to save $10). The most likely way we’ll monetize this project is through either paid research or consulting projects.

Here’s a peek at OSHdata’s Fathom instance. See OSHdata’s marketing analytics yourself here.

Hello Blink Show is a podcast for technical people who want to start their own business. We opted for Google Analytics as it’s more full-featured and figured the increased data would help should sponsors be interested in supporting the show as it grows. (Downloads are growing with every episode, too!)

Between these projects, client work, and getting something new off the ground (a CRM for small business owners), I don’t have a lot of time. Working alongside early stage companies over the last 10 years, I can tell you that they don’t have time either.

In practice, I’ve checked Fathom once/week to understand what’s working for OSHdata. Meanwhile I’ve checked Google Analytics for Hello Blink show once every two months. Instead, I’ve used the built in reporting that comes with Fireside.

Trust in Technology

Trust is essential for any new business trying to build a relationship with its customers. But you can’t just go directly to your customer. There’s an entire infrastructure to support those connections, from the Internet itself, to devices, and everything along the way.

By orienting towards privacy, Apple customers feel more comfortable sharing and being themselves. They’re a big enough player that they’re going to force changes downstream in the industry. The illusion of privacy is quickly fading and despite privacy advocates making the case, sometimes a blunt instrument like this is needed to make change happen more quickly.

This creates a safe space where customers are going to be more comfortable and confident, that when they do share information with you, that they’re doing it knowingly. This is good for small businesses who can take advantage of the familiarity that comes with knowing your customers.

Email services like HEY actively protect users, making it feel more safe to sign up for email newsletters and increasing user engagement with things like email.

Accelerate the Web

Tracking and surveillance has weighted down the web. Websites are bloated, dragged down by JavaScript, ad loading, and trackers. Plus the assumption that hardware performance will continue to improve exponentially so that it’s reasonable to assume you need 32 GB of RAM of run a messaging/chat client or open a web browser.

A more privacy-conscious web is a snappier web. Faster loading sites will accelerate communication and it will be a subtle advantage for the small businesses that run this way. The big companies who rely on all the tracking and heavy code will have slower sites.

With a faster web, build a faster business. Do less. Pick a handful of important metrics that you want to follow, then go out and talk to your customers. Understand what they need, price accordingly, and have a clear value proposition. Doing these things will help you get enough traction, so that you can worry about conversion rates later.

Sending Privacy-Friendly Emails to HEY Users with MailChimp

Sending Privacy-Friendly Emails to HEY Users with MailChimp

I officially got my invite for HEY, the new email platform by Basecamp. I’ve been following this project closely and am excited to test one specific feature that I’ve been curious about: spy trackers (or tracker reporting).

I’m going to approach this both as a recipient of emails and also with my marketing hat on as a sender of email marketing campaigns.

HEY versus Trackers

One of the most promoted features of HEY is their stance on trackers. (Read in-depth about Spy Trackers in HEY here.) If you’re not familiar with Spy Trackers, the short version is that sales and marketing technology companies conduct surveillance on email recipients. Most of the time this is done through loading invisible pixels in emails.

This kind of reminds me of how the initial versions of Windows Subsystem for Linux loaded the Linux kernel as a Driver. (It may still do this, I haven’t been following closely.) Either way, it’s like driving a truck through a pin hole in terms of getting way more through a technology than initially intended.

As a recipient and someone who chooses HEY, obviously I like this feature. As a sender, there’s obviously going to be concern. And if there is a critical mass of people moving in the direction of tracker blocking, it is going to cause chaos for automated sales and marketing campaigns. But that’s a post for another day.

Why Care?

Let’s take a step into the seat of the professional marketer or small business owner who’s sending email campaigns. (Campaigns are the conventional term, with an interesting etymology.)

There are a few reasons why you might not want to be flagged by HEY as using tracking in your emails, maybe you:

  • Have privacy conscious consumers
  • Sell a product that may require discretion
  • Worry about private surveillance in general
  • Don’t want to get called out online for tracking

So, how do you test your emails?

Testing with MailChimp

I’m going to do this manually using MailChimp. I have a few different email addresses and a few different MailChimp accounts. It’s a large and successful email marketing provider in the USA so it should be a helpful starting point.

I looked to see if there was an easy way to disable tracking in Settings at the account level in MailChimp but I couldn’t find it. This appears to be controlled on a per-campaign basis which makes this a manual process. It’d be nice if they offered a universal way to toggle off tracking. Or if they already do, please let me know.

Testing Plain-text and No Tracking

For now, let’s start with verifying that the Spy Tracking feature works. If we disable all tracking, what does it look like in HEY? MailChimp let’s you send Plain-text emails, they don’t load any images or any tracking.

Starting a new campaign, selecting a Plain-text email.

The only way to track would be by checking the box to allow MailChimp to append a custom URL onto the end of the email.

Here we go! Tracking is disabled let’s leave out tracking plain-text links too for now.
Here’s what the Plain-text email looks like previewed in MailChimp.

Wearing my marketer hat here and for the sake of expediency, I’m going to dispatch these as test emails, which I can send one at a time to single addresses. There are a few interesting things to point out below, some of which you might notice if you’re familiar with MailChimp.

Our test email successfully arrived and hit The Screener in HEY.
  • This is the first email from this recipient, so it worked and was caught by The Screener.
  • FYI when you send test emails in MailChimp that they append [TEST] onto the beginning
  • In The Screener, HEY cuts out the “Preview” text that you enter in MailChimp’s campaign editor, meaning it goes right to the body text

Out of the box, any MailChimp sender can meet the standards that Basecamp have set for the email experience in 2020. But this email is hard to look at and they block the trackers so you can get all those nice images. Let’s try sending a regular HTML email with tracking.

Testing HTML and Tracking

Let’s try a regular email with all the standard tracking bells and whistles included as standard. When you draft a typical campaign in MailChimp, these are enabled by default.

If you set up social integrations, that will be more tracking to consider.

Next, we draft up a simple email, but I wanted to make sure to include an image. Included photo by Sereja Ris on Unsplash.

HTML email in MailChimp, tracking is enabled though remember you can’t see that in email.

Here’s where things get interesting.

Slipping Past the Screener

Let’s get back to HEY, remember The Screener? It doesn’t just screen all individual emails. Here’s what it does do:

The Screener
The people below are trying to email you for the first time.
You get to decide if you want to hear from them.


The first time⁠—that’s key! So, I sent the new HTML email with tracking and The Screener worked. Using the same email address, it bundled the two emails and I can’t see the second email. I like this approach.

You could make the case that HEY could have some indicator of how many extra emails have been sent. Common with things like drip campaigns. But I think that would just increase the feeling of urgency that the uninvited sender is trying to impose on you as the recipient.

The Screener is screening, which includes bundling!

MailChimp offers a way to configure the sender. So I wanted to test, if I change the sender, will that get through/past The Screener?

First I tried changing the email that the campaign is sending from, while maintaining the same sender name. Next, I tried changing the name that the campaign is sending from, while maintaining the same email address.

In both cases, it seems The Screener detected that this was the same sender. Merely re-configuring one “From” field in MailChimp was not fooling HEY.

Lastly, I tried changing both the name and the email address that the campaign is sending from. Changing both fields, we were able to slip past The Screener.

We slipped past The Screener by changing both fields.

Another thing to note is in the image above is that the Preview text from MailChimp does come through in the HTML email.

The point of this exercise is to just understand how HEY works. Whether you’re a HEY customer, or a marketer.

Is The Screener Asleep?

On the surface, I’m not sure if getting past The Screener as we did is necessarily a problem.

First if they wanted to, HEY might be able to flag this issue by pulling the MailChimp URL for the account (accessible through the links under “Update Your Preferences” and “Unsubscribe from this List”). In those cases, MailChimp uses the account name at the beginning of the URL like this:

HEY could then automatically bundle the emails as from the same sender, or HEY could at least flag the seeming similarity between the two senders. But just because an account is the same, it might be coming from different parts of a company (say one email comes from Marketing and another from Billing). Maybe it’s best to leave that distinction and approval/disapproval to the HEY customer.

There is no algorithm determining what you can or cannot see. The HEY customer will get a chance to filter through these emails and decide what lands in the Imbox. If a marketer fools The Screener once, the recipient can block both emails and both senders.

Practically speaking though, marketers face trade-offs if they are constantly changing their Sender/”From” fields. It creates confusion among the people interested in what they have to say. MailChimp themselves provide the following guidance when filling out that field:

Use something subscribers will instantly recognize, like your company name.


It seems unlikely Marketers will be doing this workaround often. And unscrupulous spammers will get caught in HEY’s Spam filters.

In short, no, I don’t believe The Screener is Asleep.

N.b. How blocking trackers affects deliverability statistics and whether mailing list recipients are considered active or not is a separate conversation for another post.

Landing in the Imbox

Pardon that walkabout, let’s get back to it. Let’s approve and green light the emails, allowing them into our Imbox. Turning to the Imbox, you can see the emails all made it through.

We sent a few tests, notice the different between Plain-text and HTML?

Here’s where my test fell short. Test emails, while you may include tracking when you’re setting them up, apparently don’t have active tracking in when they’re sent. Here are both emails, opened in HEY.

Here’s the Plain-text email, notice that trackers aren’t being reported.
Here’s the HTML email, notice still “no trackers” because it’s a Test email!

So there’s a little quirk. If you are wanting to test how your email is delivering to end users you’ll want to send it as a proper campaign and ensure that all tracking is indeed delivering tracking.

Short cuts make long delays.

J.R.R. Tolkien

Sending Real Campaigns

In order to send to targeted contacts, I’m going to use the tagging feature in MailChimp to deliver to the specific recipients I want for this experiment, with tracking enabled. We’ve also sorted through how The Screener works, so we don’t have to re-test that either.

Plain-text campaign without tracking got through without a hitch.
HTML campaign with tracking, rightly flagged!
Full text of the tracker warning notification.

Lastly, let’s try doing a full HTML campaign but with tracking disabled. If this works, it means that marketers can send nice looking emails without the tracking. All that’s required? Checking on a per-campaign basis to ensure tracking is not on.

We’ve manually disabled tracking by scrolling down and clicking “Edit”.

Interesting, MailChimp seems actively concerned about the fact that we’re not using tracking! Check out these warning icons.

This is an interesting design choice.

Alright let’s send this final email…

Yay! Our email has been received and we aren’t seeing a Spy Tracker warning from HEY. While it took some extra work, it seems like we’re in a good spot. Except for one thing…

Hovering over that link, notice the URL preview in the bottom left?

It’s funny because when I’m in the Campaign Builder, I didn’t type out that massive link. Here’s what it looks like instead, with a simple and clean URL.

In HEY, I clicked the link to test it out and it did work fine as is to be expected. I landed on the right website. Let’s go back into reporting in MailChimp to see what’s going on here.

First half of the report page, clearly indicating that open and click tracking is disabled.
Second third of the report page, again noting that tracking is disabled.

MailChimp is inserting their own URL redirect to the plain URL that the marketer uses in Campaign Builder. MailChimp is not sharing reporting on that activity back to the marketer who is sending out campaigns using the platform. But MailChimp is aware of what’s being clicked.

Can These Platforms Coexist?

Without going deeper into examining the source code, it appears that yes these two platforms can coexist… For now. Marketers can send good looking HTML emails, without tracking, and they can avoid the Spy Tracker warning in HEY. MailChimp does not make this easy, however.

These platforms are at odds on a fundamental level over our relationship with technology. If HEY itself as a platform gains traction and other platforms successfully emulate the features that the team at Basecamp has built, it’s only a matter of time before this starts getting really interesting.

There seems to be massive demand for what they’re building with HEY. The team at Basecamp has built popular, intuitive SaaS apps with millions of users. And HEY will be rolling out to businesses in the future.

In the meantime, I’m looking forward to enjoying email again.

My New Favorite Tool for Reviewing PDFs

There are tons of ways to create PDF documents for things like marketing materials or sales collateral. Anything from browser-based design applications to word processors and full graphic design suites. There are also tons inefficient ways to review those PDFs as they’re being created.

Here’s the problem: Usually everyone doesn’t have access to the same creation tools (think a small business trying to work with a marketing agency). And even if they do have the same tools, most of these tools don’t have review features.

I found a software program the other day and it’s my new favorite tool for reviewing PDFs. It’s free, open source, actively being developed, and is supported across many operating systems (including Linux): It’s called Okular.

This Post Isn’t For You If…

  • You have so many rounds of back and forth on collateral that it’s clear you don’t have strategic alignment and it’s spilling over into stifling execution. Hate to say it, but the tools aren’t the problem here.
  • Everyone on your team has the same PDF creation tools and those tools have excellent review features that work for everyone involved.
  • You don’t have any use for PDFs in any sales or marketing interaction.

Ways I’ve Reviewed PDFs

Have you done any of these?

  • Emails that are hundreds of words long
  • Dozens of messages in chat or project management software
  • Conference calls, walk up interruptions, or meetings for verbal review
  • Indiscernible red ink markup on a printed document
  • Scans, faxes, or even photos of red ink markup on a printed document

Physically marking up a printed document has been my go-to in the past. If you are like I was, maybe you are Too Busy™ too and one of these methods works best for you. After trying Okular, it’s my new preference.

Okular Screenshots

Here’s a simple demonstration of the review tools within Okular, using a freely licensed PDF from Creative Commons about their six licenses for sharing work. Screen shots shown running on Pop!_OS Linux in Okular Version 1.3.3.

Special thanks to the KDE community for creating and maintaining this program. Curious to try it yourself? Download Okular.

Why I Like Okular

Okular is free, open source, and multi-platform. It has a few simple tools that do their job well with practically zero learning curve. It contextualizes edits within the work itself rather than separating them away.

Crucially, it supports asynchronous and remote collaboration. It has no live chat, activity tracking, real-time comment bubbles, and there’s nobody “in the document” with me. Just me. With time and space to think.

Another reason I like Okular is going through edits takes some time (versus scribbling in red pen). This is a feature, not a bug. The deliberation that comes with using the tool undermines the almost God complex I’ve previously felt when reviewing and approving collateral.

Just last week I was working with a designer on a product specifications sheet. I retracted several edits I’d initially logged after realizing what the designer was seeing when they first created a draft submitted for my review.

Retracting edits almost never happened when I was on past red ink power trips.

On net, I’ve found Okular makes creating PDF collateral more efficient. This comes in-part at the expense of the reviewer needing to be more deliberate. This trade-off is totally worth it.

I love creating and using PDFs for sales collateral and marketing materials. They work. So I’ve spent a lot of time creating PDFs over the years. What do you think? Do you have any tools you recommend?