11 Feb 2010

I have some opinions about the RWW Facebook login hilarity

The background you need is this post on Read Write Web. Read the post and then read the comments to get a full picture of what's going on. Take the time to do this, it's worth it. I'll wait.

Back? Next, check out any number of people making fun of the hapless commenters. Especially take a look at the chains of reblogs with people smugly declaring how idiotic these people are, how it's why the country is going down the tubes, etc.
I think that this is the wrong reaction.

If you are an interface designer, a brand manager or a security expert, your reaction to this incident should be one of deep humility. Your interface, your brand and your security scheme is much more fragile than you'd ever dared to fear. All of your work has come to naught.

If you are an interface designer, understand that the current state of URLs and bookmarking is so confusing and obscure to many people that they'd rather just type in the name of the thing they want into a search engine and go. And when they get there, the whole system of website logins is so confusing that they just look for the nearest thing looking like a login field and hope that it works.

If you are a brand manager, understand this: the state of user experience is such a mess that people who consider themselves huge fans of your product will be unable to distinguish between an ill-advised redesign of your front page and someone else's website that talks about your brand.

If you are a security expert who thinks that dozens of unique non-memorizable A-Za-z-0-9-#$ ascii passwords is a pathway to any kind of meaningful security, it's time to turn in your badge. Literally hundreds of people put their Facebook login details into the RWW comment system because there was a little "F" in a blue box next to the username and password fields. There was no elaborate phishing scheme here, just a misunderstood Google search result.

If you want a second lesson in humility, spend some time with someone who you know to be reasonably intelligent who is not a heavy PC user. Turn off your smug sense of superiority and watch them use a computer without saying a word. If you're a user who spent their youth like I did messing around with the things, you'll watch helplessly as they fail to use any number of shortcuts, best practices, and useful techniques to speed up their workflow. Their knowledge is fragile as hell. Through painful trial and error, they've figured out how to get the computer to do more or less what they want and once they know a technique that's good enough, that's often where it stops.

Are they idiots? No. They just have better things to do than internalize a complete model of Microsoft's or Apple's (or Linux's) metaphors for files, windows, and applications. Let alone the secondary resource naming scheme that comes with URLs on the Internet.

I imagine that something similar happened with the RWW Facebook people. They'd worked out a way of reliably getting to the Facebook login screen, and that's as far as they needed to go. Until it broke.

Imagine if you went to http://facebook.com and got something that looked pretty unfamiliar, but had the company logo and a login screen. Would you put in your details? Understand that, from the perspective of many users, URLs are invisible and irrelevant. They are long strings of code up in the part of the browser that you ignore. They are as obscure as the command line.

Most of the computer's and the browser's interface is invisible to most people. It's just so much noise that they don't understand, so they ignore. When they get confused, they flail, desperately casting around for something familiar. Those of us with a high degree of knowledge are like rangers, able to see the path of our prey easily in the disturbed twigs and mud. Most people are simply lost in the woods.

At the risk of beating the fantasy metaphor into the ground: A navigation scheme that requires that everyone be rangers might work in the Ancient Silver Woods of the Elves, but if you want a vast multicultural commercial hub, you put up some road signs. If you discover that a good chunk of visitors are still getting lost, you don't call them idiots, you fix the signs! Let me put it in another way: when too many people die in car crashes, we don't call them morons, we mandate seat belts and recall cars.

These are your customers! 

Google gets this (sometimes). They shipped a browser that does away with the search/URL distinction entirely. We just have one box and you type in what you want and Chrome works out what you are looking for. Big innovation? Maybe, but they were really just following the users.

Apple gets this (sometimes). While tech blogs are complaining that the iPad prevents them from getting under the hood, most people just want to tap a button and send some photos to a friend. The inability to get under the hood is a feature because it brings with it the promise that we'll never ask you to look there.

The computer revolution has been going on for awhile now, but we're still in the infancy of making these devices into genuinely useable intuitive machines. For the most part, computers are still terrifying alien landscapes, and there's an enormous amount of work left to be done. The RWW Facebook incident proves it.