It’s not easy being an edge-case

An important part of doing good design work is to decide what exactly it is you are designing and who exactly you are designing for – after all, you can’t be all things to all people. A side-effect of this good practice is the creation of edge-cases – people who might want to use your design, but who have requirements that you have not particularly designed for. Ideally you want to make it *possible* for these people to achieve their goals, but it is not the focus of your design work. As such, it may be a little trickier for them than it is for your defined target audience(s).

Interestingly, I’ve found that by moving countries but not changing my email address I’ve become an edge-case for some applications and websites that I used to use quite frequently and that you probably use now too.

iTunes, for example, wants me to use the UK iTunes store now rather than the Australian store. This is fair enough and, I’m sure, is all to do with licensing. Thing is, they also want me to register with the UK store, but when I go to register, they pick up the email address I’m using and tell me that my email address has already been registered. There doesn’t seem to be any way that I can update my profile to ‘move’ myself from Australia to the UK – the only option that iTunes gives me is to use the Australian iTunes store… which sounds well and good except I can’t use my UK credit card at the Australian store, and I’ve ditched all my Australian cards. The end result is that, unless I want to give iTunes a different email address and register with the UK store using that address, I can’t buy tunes from Apple. Annoying.

Similarly, PayPal deals very inelegantly with members who move countries. Again, there is not way that you can update your profile from one country to another. Rather, you have to close your old account and open a new one. You can’t transfer funds from the old account the new account either – you have to withdraw the funds, in my case to an Australian bank account (which, you guessed it, I’ve already closed).

So, what’s the point? Am I going to moan and complain because iTunes and PayPal have either not thought or not cared to create a better experience for people who move countries and don’t change their email address? Well, no. I’m sure that the number of people who are in my situation is relatively small, and as such, the effort required to improve the experience is better spent looking after the majority of their target audience.

This is one of the first times, though, that I’ve found myself as an ‘edge-case’ for two services that I would happily choose to use on a regular basis, and it is a rather unsettling experience. At this point, my desire to use their services is not outweighed by the effort required to make this possible. I’m having to find other places and ways to spend my money and, although I theoretically understand why they’re treating me so badly, the poor experience has removed any warm fuzzy feelings I had for either service.

What’s the moral to the story? I think, perhaps, that it’s not to try to eliminate edge-cases – all you achieve by doing that is to give everyone a very mediocre experience. Perhaps, though, be aware of instances where people who were previously smack in the middle of your target audience become edge-cases and try to make their edge-case experience not utterly impossible. Recognise that there are two types of edge-case audiences – edge-cases who don’t really care, and edge-cases who are quite fond of you but have just gotten into a tricky situation. Perhaps spend just a little more time looking after the latter. They’ll thank you for it.

Design Ethics – Encouraging responsible behaviour

I got a call from my bank, HSBC, the other morning. The call started something like this.

Rob: ‘Hi, this is Rob from HSBC. Before I can continue this conversation I need to confirm some security details with you. Can you tell me your date of birth please’.

Leisa: ‘You must be kidding Rob. I have no reason to believe that you really work for HSBC. Why on earth would I just hand over my personal information like that?’

Now, I don’t know whether Rob was just improvising, or whether this is an official HSBC script, but it is wrong, wrong, wrong. What Rob and HSBC are doing here is treating people to NOT take care with their personal information. What is this going to do for HSBC and their customers? It’s going to make them both much more likely to get stung by fraudsters, and to both lose time and money for no good reason.

Surely HSBC should be going out of their way to educate their customers NOT to hand over personal information whenever some random person calls up asking for it.

Either way, Rob was not impressed. He did have a backup plan (I give him part of the information and he confirms the rest… which is slightly better), but he took *that* tone with me for the rest of the call. You know, that ‘you’re an irritating customer’ tone. Not a great start to the day.

You know what it reminds me of? And it’s something that more and more of us are guilty of participating in – especially those of use who are designing applications that support social networks. It reminds me of this:

Facebook - Find Friends

This is the ‘find friends’ feature that we’re seeing on more and more sites (this one is taken from Facebook) where we are blithely asked to put in the full log in information for our email accounts, or our IM accounts or our other social network site accounts – and, more often than not – we do!

Now, clearly there is a big incentive to do so because these kinds of applications work well only when you’ve managed to connect with the people you know and care about, and using existing information like the contacts from your email or IM account makes this reasonably painless. The application does most of the work for you.

But do we really realise what we’re handing over when we give this log in information away? Do we realise how much we are trusting Facebook, for example, to play nicely with that information? Think of all the email and IM conversations you’ve had that are accessible using these login credentials… now think about the level of security at somewhere like, say, HM Revenue & Customs (where they recently ‘lost’ the personal information of millions of UK taxpayers), and now think whether somewhere like Facebook would have better or worse security… both now, and potentially in the future.

Sure, they *say* they’re not going to store or use that information… but are you really willing to take them at their word? Are you willing to TRUST Facebook (or any other site) that much?

We don’t really think much about this when we’re giving away our username and password, do we?

And why not? Because, just like Rob at HSBC, it’s almost as though we’re being pressured into just handing over the information otherwise we’ll get inferior service (and/or an attitude). We’re actually being trained to believe that handing over this information is the RIGHT thing to do.

Brian Suda calls this ‘Find Friends’ form an anti-pattern. He says in a recent Sitepoint article:

Another pitfall that you’ll want to avoid is sites that ask for the login details for your email account. This is a huge security hole. By handing over this information, you’re giving a random provider access to all your emails and friends, not to mention access to APIs through which they could edit and delete your information. And, as none of us want to admit, we often use the same passwords for many different services. Provide your email password to a site, and its owners can not only get into your email, but possibly your bank accounts (and a bunch of other services) as well. You should never give your password to anyone! Creating assurances of privacy lulls us into a false sense of security — it relaxes us into thinking everyone can be trusted and everything will be safe. This bad behaviour is exactly what phishers love to prey upon.

Enter design ethics. If ethics plays any part in the way that you’re designing your application or website, then this should be raising hairs on the back of your neck… you should be thinking that this is not right and that there is probably something you should be doing about this.

In fact, there are at least TWO somethings that I think we should be doing in this situation.

  1. The first is that we should be doing our best to help our customers/users/members to protect themselves. We should be educating them about the risks of handing over this kind of information and we should NOT be normalising this kind of behaviour.
  2. The second is that we should be looking for and encouraging alternatives to this ‘find friend’ functionality and we should be encouraging our clients/companies to opt for implementations that help our customers/users/members be more secure.

The kind of alternative that we should probably be looking for is something like OAuth which is an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. It is designed to help you get the information you need to give your end users a good experience without asking them to hand over personal information, like a username and password. Check out this demo of the current user experience. As far as I know, OAuth is not live on the web anywhere yet, but its cousin, OpenID is starting to be more widely adopted.

Of course, if we all had portable social networks, then that would also make things an awful lot simpler and more secure but it all seems quite a way off yet… why so far off you ask? Well…
So far, however, the drive to develop and promote these more secure alternatives is very much being driven by the more technical people on the web. There are lots of scary sounding discussions around exactly how these methods should work. Designers are, for the best part, not to be found in these conversations.

This is problematic from couple of perspectives.

  1. Firstly – if anyone is going to be able to drive the uptake of something like OpenID or OAuth, then it is going to be UX people, the people who are designing the experiences and making recommendations about what constitutes a good experience. Unfortunately, too often by the time the techies get a look in, all the functional decisions have been made and it’s too late to retrofit what would potentially be a much better solution for our end users. We have a responsibility to know about these things and to promote them.
  2. Secondly – from a user experience perspective, there are a lot of challenges to be found in OpenID and OAuth, primarily because you need to educate people about what is going on and also because you are typically moving them through quite a complex flow – including from one site or application to another and then back again. At the moment, the user experience of OpenID and OAuth are far from ideal, but rather than using this as a reason not to work with them, we should be seeing this as an opportunity to engage with these design problems and to use our experience and expertise to help get the user experience as good as it can be.

At any rate – looking after the security of our end users is now very much a part of the responsibility of the designer – whether it is through helping to educate those end users not to hand over information irresponsibly, or by guiding our clients/companies to use methods that better protect our end users. We need to be engaging in these discussions and helping to guide them both from the perspective of the businesses we’re working with as well as in the ongoing technical discussions about how these technologies work.

I think we have a responsibility to help protect our end user, even from themselves. To ignore this responsibility is unethical.

Are you giving accessibility the consideration it deserves in the user experience?

We don’t talk about accessibility much here (because there are people who are much better at talking about it than I am), but I have come across two really interesting posts lately that I think you should take a look at if you haven’t already, and if you’re in any doubt as to whether – as a UX person – accessibility is part of your responsibility.

Over at SitePoint [Why Accessibility - Because it's our job!] James makes it clear that he thinks that accessibility and usability are intricately entwined. More importantly, I think, he re-iterates that in most cases, it takes not that much more effort to make a site accessible in the first place.

Jeremy Keith also takes up the cause on his blog [Ignorance and Inspiration] quoting some truly ignorant responses to the recent Target lawsuit, but also pointing us to these great videos of people using assistive technologies to interact with the internet and other software. [via Richard Johansson ].

They are really quite inspirational and make it clear that even in the face of significant physical restrictions, peole are able to do pretty amazing things with their computers… if we design and code in such a way that allows them. In fact – they manage to do some pretty amazing stuff in the face of some pretty crazy design and coding as well.

Yes, it is true that many clients that you work with will not have a very active interest in accessibility. I have lost count of the number of times that I’ve been told that ‘blind people are not in our target audience’. Not to start in on the fact that making your site accessible is about much more than just people with visual impairment….

There once was the perception that making your website accessible was a time consuming and expensive exercise. That is far from the case. The fact is, a standards compliant site is most of the way to being accessible – this is the way we should be coding our sites anyways!

There are still lots of ways for designers to screw up accessibility, and I think that a lack of exposure to how our work behaves for people using assistive technologies means that we don’t understand the impact of the decisions we make sometimes.

Developing an understanding and awareness of simple ways to avoid common accessibility problems, and ensuring that, as we design, we spend just a little time checking our work to make sure that we’re making life easier and not unnecessarily difficult will provide lots of benefits for very little investment.

As the advocates for user experience I think it’s important that we’re advocating for *everyone’s* experience and perhaps doing a little bit more than just whispering the word ‘accessibility’ in a meeting early on and allowing it to be just as easily dismissed. And not just because of the potential legal implications, but because it’s our job.

What say you?

What we need, right, is a big volume control for Ambient Intimacy

If you’re designing a social application at the moment, think about how you can be quiet.

This is just one of a million pleas from socially networked people everywhere who are going to great efforts to manage the noise that their networked applications are generating at times when they really need some quiet time to focus.

Some systems (ahem, FaceBook) can be VERY noisy and make the process of quietening more difficult than it needs to be.

Facebook Notifications

Others seem simpler, but the lack of ‘friends management’ tools mean that you can be a lot noisier than perhaps you’d like to be.

Twitter

But – perhaps the biggest challenge of all is that there are soooo many different systems we need to dial down – just when you think you’ve got them all, something else sneaks through to interrupt you.

Imagine if there was one panel somewhere that all of your noisy applications could hook into and then a big volume control that you can adjust based on how available you are to your network. (Is there some kind of a microformat we can make for this Jeremy?)

So when you’re super busy and you need to focus, you can, with minimal effort, dial down the noise to allow you to concentrate. And when you’re hanging out and are completely open to connections – dial it back up again.

Kind of like how you need different levels and types of ambient noise to match various activities in your day. (In my my presentation on Ambient Intimacy at Reboot I suggested an important challenge for ‘social designers’ was to think more about how to design for ambience in social applications).

In the meantime… until we get this great big volume control… let’s those of us who are designing social applications be thoughtful about this particular user requirement. Let’s make sure it’s easy for our users to quieten us down, and then pump us back up again.

Otherwise they’ll keep banging on about this attention scarcity thing even more and switch us off altogether.