Your users are out to get you

4 minute read

How many times did you create a UI with a specific user flow in mind, and most of the time your users did something else? Did you ever experience users ignoring clear warnings and proceeding to do something dangerous to their data. Can we prevent this?

A user will always try to find shortcuts and model the app usage to what they seem fit. And it rarely happens that the end user uses the app in the exact way that you planned. If your app does allow users to skip any step in the flow, and do anything out of the boxed process you imagined, they will do it. Not all the time, but in your professional life you will encounter what I like to call creative users.

Now, I’m not saying that all users are ignorant, stupid, or criminal. But you must have that in mind when creating an application flow. Ideal user input that I can think of would be one button on an otherwise blank page. But even that imposes a couple of questions: How do we know who pressed the button? Did we state what the button does? Does the end user understand the language? If we do know who pressed the button, are they allowed to press it? What does the button do? Questions, questions…

There are also hackers, benevolent and malicious. And there are idiots that download hacking tools from various forums, playing stupid games. Now, I think that in a broader sense, benevolent hackers are doing great work for the community. You can’t plug all leaking holes in the thing you are building. It goes on a much greater scale when talking about libraries or web servers, ssl and encryption. While malicious hackers are after the money, they also expose holes that you learn how to plug. To be honest, no education is free, sometimes you pay less, sometimes more.

This is why having a good security practices works in the long term. Using a framework like Ruby on Rails solves a lot of that stuff for you. But don’t forget that you still have to have at least a grain of common sense. Even Rails allows you to shoot yourself in the foot, if you don’t follow the guidelines. Also don’t forget to upgrade to the latest security fix, or a maintained branch. Upgrading the frameworks or libraries to the supported versions might seem like a tedious thing to do, it’s the only smart option out there.

There are some drawbacks in using open source software. The number of solutions out there is huge. It’s hard to pick and choose the correct solution. I could suggest going with Ruby on Rails here, but that’s just my pick. Open source is also a great pool for learning new things. If you don’t seem to like one approach, nothing is forcing you not to create and publish your own solution. Just be sure it’s documented and tested, you created it because you weren’t satisfied with some other solution out there, right?

Back to (non-)malicious users again, that form you made to enter the email twice to verify it, it doesn’t work like that. I’ve experienced someone that used my own personal email to set up their Facebook account. My email wasn’t hacked (I hope), Facebook’s email verification sucks). I’ve since hijacked and archived the account, so no one can reuse my email to register again.

Now imagine a benevolent user, registering for your web service, and they enter a wrong email. I’ve worked with applications that have non computer savvy users, and that happens a lot. You make a typo, whatever, just while entering your email to register. Even my father who has been using a computer at work for the last 16 years or so still has troubles with typo’s. It’s not second nature to him, as it is to (most of the) computer professionals out there. And I believe you, the reader, are one of them.

Don’t judge a man until you have walked a mile in their shoes. Almost every culture has a variant of this proverb, and for a reason. The main premise is to do your best to see and feel what the other person is seeing, or feeling. Try to replicate their mindset while using your application. It’s easy creating applications for IT professionals. But when you realize that this is only a small percentage of the general population, the light bulb in your head might go off. Then you can think about a better solution to do the same once difficult task that only a few people understand.

Billionaire empires are created on simplifying complex stuff. Google simplified search and email. Apple simplified smartphones, and obtaining music before that (well at least legally). but there are lots of smaller examples, and you just have to look around to notice them. Complex UI’s have no place anywhere in the world, not even in airplanes or space shuttles. You need a lot of them, and sometimes you must have knobs and gouges somewhere where you wouldn’t like to have them. But if 99% of your users aren’t using them, maybe you can at least hide them from plain sight. You could even remove them, and get on with the fact that 1% of your users might leave. But the other 99% will have a much better experience.

Comments