Web 2.0

Malware Perception Risk Assessment Checklist: Before Its Time

by Paul Sherman on March 25, 2010 · 6 comments

in Experience Strategy, Organizational, Privacy, Research

Back about two years ago I was working on a product line that took a number of potentially objectionable actions with customers’ systems. I pushed back against the product teams, saying that these actions put our products at risk of being perceived as malware.

They in turn pushed back on me, essentially telling me to prove my allegations.

So I went away for a few days, did some research, and returned with my (fanfare) Malware Perception Risk Assessment Tool. Ta-da!

Uh, sorry, I meant “thud”. It went over like a lead ballon. No takers. So I wrote it up in an article at UXmatters, hoping it’d become adopted. More deafening silence. Dejection.

But here’s the thing: systems are becoming more and more interconnected, and more than ever, applications are utilizing aspects of your personal, semi-public, and public data to derive value (presumably for you as well as themselves). Thus the risk of an application being perceived as malware has only increased.

I strongly believe that our field needs to provide the wider world with a tool that can help assess the risk that a particular product or service might be tagged as malware in the minds of users or the market at large.

So I again submit to the UX, dev, and product management communities the Malware Risk Assessment Checklist.

To measure the probability of people perceiving a product as malware, I created a checklist representing a set of attributes that typically characterize malware. I grouped these attributes into these five categories, each containing two or more representative attributes:

  • personal information gathering and usage
  • modification of data or system configuration
  • stealth and resistance to removal or modification
  • resource utilization
  • transparency and disclosure of third-party relationships

This time, I’m explicitly calling out the fact that the checklist is light on data propagation via social networking applications. And I’m asking for help in rounding out that aspect of the checklist. So help a guy out and suggest some social media items. I am releasing this checklist under a “Creative Commons non-commercial share alike-derivative works permitted” license, so you can remix this, add to it, etc. When I receive some good item suggestions, I’ll re-roll the list and publish again.

Here’s the checklist as it stood in 2008. Peeps, have at it.

Personal Information Gathering and Usage
The product or Web site…
Gathers and transmits users’ personal data or information about users’ behavior to the organization providing the product
____Yes
____No
Gathers and transmits users’ personal data or information about users’ behavior to a third party.
____Yes
____No
Uses personal data and data the product developer obtained from third parties to assemble profiles of users that are more complete and comprehensive than users expect.
____Yes
____No
Exposes more of users’ personal information to their contacts or a community than users expected or wanted.
____Yes
____No
Does any of the above without user notification and consent.
____Yes
____No
Does any of the above and does not allow users to opt out.
____Yes
____No

Modification of Data or System Configuration
The product or Web site…
Overwrites, modifies, or destroys users’ data without their knowledge or consent.
____Yes
____No
Modifies other applications on users’ computers or their operating system settings or computing environment.
____Yes
____No
Fails to restore modifications to other applications, operating system settings, or the computing environment when the user uninstalls the product.
____Yes
____No
Damages or renders inoperative other software or hardware on users’ computing systems.
____Yes
____No

Stealth and Resistance to Removal or Modification
The product or Web site…
Hides or renders its files and resources inaccessible to the user through normal means—that is, using standard file managers and viewers.
____Yes
____No
Resists attempts at removal.
____Yes
____No
Modifies antivirus, antispyware, and other computing hygiene applications or application settings, to make itself appear harmless or less harmful than it actually is.
____Yes
____No

Resource Utilization
The product or Web site…
Overuses computing resources—CPU, GPU, memory, and so on—to a noticeable extent.
____Yes
____No
Utilizes computing resources for purposes not directly related to the tasks users typically perform with the software.
____Yes
____No

Transparency and Disclosure of Third-Party Relationships
The product or Web site…
Installs third-party applications that demonstrate any of the above behaviors.
____Yes
____No
Installs third-party applications without user notification and consent.
____Yes
____No

C’mon people, let’s make this checklist useful, and maybe even a de facto standard.

{ 6 comments }

Many Questions About HuffPost & Facebook Connect

by Paul Sherman on August 23, 2009 · 5 comments

in Everything Else

Welcome to the brave new world of ubiquitous social networking and the mashing up of traditional media and social networking.

In the past I’ve held forth on how opaque I feel Facebook’s applications are about what information they share, and how uneasy it makes me to respond to cause requests, games, contests etc. on Facebook. This latest instantiation of Facebook’s “see everywhere, be everywhere” strategy makes me feel as skittish as ever.

I lean left, but with a broad libertarian / 2nd Amendment streak. What can I say; I’m a Texas Democrat. So I occasionally read the Huffington Post, although I don’t blindly agree with everything it says.

So this latest offer to publish HuffPost content to my wall doesn’t really sit well with me. And it triggers many questions, such as:

  • What content appears on my wall? Do I have control of what shows and what doesn’t?
  • Will wingnut comments from the stories appear on my wall?
  • What happens if I want to disconnect HuffPost content? How easy is that? Will I be able to?
  • What information will HuffPost gather about me if I sign up? What do they do with it?
  • If a Facebook friend or I comment on HuffPost stories; what can HuffPost do with the content?

Take note of that last one, folks. I actually clicked on HuffPost’s terms of use link in the dialog box to see if I could figure out what rights they were claiming. As usual, I was shown a screenful of legal BS.

But take note of these two sentences, which I *assume* (but am not sure) comprise the core of the agreement between HuffPost and me:

By posting or submitting content on or to the Service (regardless of the form or medium with respect to such content, whether text, videos, photographs, audio or otherwise), you are giving THP, and its affiliates, agents and third party contractors the right to display or publish such content on the Service and its affiliated publications (either in the form submitted or in the form of a derivative or adapted work), to store such content, and to distribute such content and use such content for promotional and marketing purposes. Without limiting the generality of the foregoing, with respect to any video submissions to THP made by you from time to time, you understand and agree that (unless you and we agree otherwise) THP may, or may permit users to, based solely on functionality provided and enabled by the THP website, compile, re-edit, adapt or modify your video submission, or create derivative works therefrom, either on a stand-alone basis or in combination with other video submissions, and (unless you and we agree otherwise) you shall have no rights with respect thereto and THP or its licensees shall be free to display and publish the same (as so compiled, re-edited, adapted, modified or derived) for any period.

I have a friggin’ doctorate and I have trouble parsing this passage. I *think* I know what it means, but you know what? I’m really not sure that I get it.

Out of curiousity I submitted the passage to an online readability analyzer. The results should surprise no one…here’s how it did:

  • The passage scored an off-the-charts 48.45 on the Gunning-Fogg Index (scores typically range from 0-30).
  • It rated a mind-bending NEGATIVE 36 on the Flesch Reading Ease Score (scores range from 0=hard to 100=easy)
  • The Flesch-Kincaid Grade Level index indicates how many years of education someone typically needs to understand a sample of text. For example, an 8 would indicate that an eighth-grade education would be required to understand the content; a 14 indicates that you’d have to be a college sophomore to grok it. This passage scored a Talmudic FORTY THREE.

I started this rant thinking I was commenting on the difficulty of knowing the ramifications of your actions in this new world of interconnected social media and networking sites. I’m ending on a different rant, but it’s all related to user experience. Here it is in a nutshell:

Hi there social media sites, this is your user talking to you. If you want me to connect up my account to your “strategic partners” and help you “monetize your user base”, DON’T make your user agreements so dense and hard to understand. It only scares me off and makes me worry that you’ll take my data and do whatever you want with it.

In other words…DON’T give your lawyers final edit over your terms of service agreements. They’re hurting your user experience and your brand image. And what’s worse (from your shareholders’ point of view, that is), they’re probably suppressing uptake of these new services because they’ve made it so dang hard to figure out.

Back in June Jared Spool pointed out at the UPA 2009 conference that the user experience field is behind the curve when it come to this new world of interconnected sites and accounts. It ain’t just about usability anymore…and it really hasn’t been for the last five years or so.

If the user experience field is going to remain relevant in this new world, we HAVE to create new guidelines and standards for how sites and services communicate with their users about how and where they use their information, and what rights users have to control how their information is used.

{ 5 comments }

Facebook’s User Experience Is An Out Of Control Mess

by Paul Sherman on May 25, 2009 · 7 comments

in Web

A few days ago I twittered that Facebook now feels like walking through the midway of a second-rate, shady fair, with barkers and carnies shouting at you from every booth, tent and dark corner.

Here is the screenshot that made me feel like this. It was one pop-up piled onto another…and they weren’t ads, this was actual functionality that I as a user was supposed to attend to and act on.

I’ll be honest with you: this isn’t a tightly-reasoned judgment about the usability of Facebook. This is a from-the-gut reaction from an occasional user: Facebook’s user experience is out of control.

I’m not saying that the whole “Facebook-is-a-platform” thing is wrong; in fact I think opening up to third-party apps was a brilliant way to jumpstart the creation of an ecosystem. But there are consequences to this move. And one of them is that, from the perspective of an occasional user who is loathe to annoy or Facespam his friends, Facebook’s user experience makes me feel like I’m always one step away from falling prey to a social virus masquerading as an app, one that is going to spam my friends and make me look like a bonehead.

Which is why I don’t ever, EVER knowingly poke, join a cause, throw a pie, etc. I say knowingly because it’s highly likely that I’ve inadvertently Facespammed my friends through the simple act of responding to another’s entreaty. Bad on me, I know. Honestly, I have no idea if I’ve done this or not…and that’s a big part of the problem. Facebook (or more accurately Facebook’s apps) doesn’t readily inform me of the consequences of my potential or actual actions.

Which leads me to the issuance of a blanket mea culpa: If I’m connected to you on Facebook and you’ve received something stupid from me, please accept my apologies. And know that from now on, my mental default when it comes to Facebook’s carnival of social-viruses-cum-apps is “no thank you, I’ll pass.”

{ 7 comments }

#gdotd & #bdotd Twitter Hashtags

by Paul Sherman on January 7, 2009 · 0 comments

in Design

No, that’s not a typo or PHP code run amok. That’s the hashtag I’m fixin’ to use on Twitter to denote “Good Design of the Day” and “Bad Design of the Day” tweets that I, uh, tweet.

Y’know how I was using the “Questionable_Design” tag on Flickr so people could tag pictures of good/bad design? Yeah, it didn’t exactly catch fire and go viral. (Although it has been useful for me to classify design pics that I upload.)

So I’m giving Twitter hashtags a try. Feel free to join in the fun. Got an example of good design? Tweet it and add “#gdotd”. Bad design? Tweet it and add “#bdotd.”

{ 0 comments }

“Luddites?” How About “Regular People”

by Paul Sherman on December 4, 2008 · 1 comment

in Design, Web

An article on Digg caught my eye this morning. Seems some non-profit foundation has given the Wikimedia Foundation, the non-profit organization responsible for Wikipedia, almost 900K USD to make Wikipedia “easier to use”.

OK. No problem so far. (Well, I’m a bit shocked that they think it’ll take 900K to fix the entry edit interaction…I could design AND validate a better interaction for less than 1/10th of that amount…)

I’ve edited Wikipedia entries and it’s no picnic. What I take exception to is C|NET columnist Caroline McCarthy referring to folks who have trouble with Wikipedia’s editing tools as “Luddites”.

The problem with this cavalier putdown is that it perpetuates the attitude, held by many technophiles, that anyone who can’t easily use a complex system is stupid, lazy, or both, and that they small-mindedly shun new technology.

C’mon now. People who can’t slog their way through the entry edit flow are *not* Luddites. They’re just regular people. The idea that they’re Ludditical (I just coined that, props to me…) devalues the admirable goal of fixing a poorly designed interaction on an Internet resource that is regularly used by millions of people.

Wikipedia gets $890,000 for the Luddites  ::  The Social  ::  CNET News

Blogged with the Flock Browser

Tags: , , , ,

{ 1 comment }

Making Politics Easy To Use

by Paul Sherman on September 7, 2008 · 0 comments

in Web

I have kept politics off the table during my 3+ years of running this blog. I just think it’s a private thing, and not germaine to the topics I cover here. Suffice it to say I’m a something like a rabidly capitalistic social-liberal-fiscal-conservative-with-a-libertarian-streak. Or a Second Amendment-supporting Democrat (befitting my Texas residency) who believes in states’ rights and a limited Federal government. (In other words, there really is *no* real party for me in the US…but that’s another story and another blog…)

But today I thought I’d point to a really top-notch user experience, and in the process reveal that I am a contributor to the Obama-Biden campaign. After reading about how Sarah Palin’s RNC convention speech raised 1M for the Replicans and 10M for the Democrats, I was reminded that I wanted to contribute. Rather than browse to barackobama.com, I decided to go to www.mybarackobama.com, the social networking site run by the campaign.

I was impressed with how easy it was to not only contribute (it darn well better be), but to quickly and easily increase your level of commitment to the cause. Obviously there’s been some research behind this. They hooked me with the drop-dead simple way to register, and the ease with which they asked me to contribute time, money, or my personal network. They also offered registrants the ability to harness network effects by setting up a personal donations page, where you can ping your friends for donations in your name. Check out my page at http://my.barackobama.com/page/outreach/view/main/pjsherman. The page took no time to set up. My only nit with the site? Why oh why did they make the username/login fields the same color as the background?!? Amateurish mistake, that.

Now I’m sure that the McCain campaign has made it easy to contribute as well, but from my forays onto the McCain site I don’t see the same social networking aspect. And I have to say, I don’t like having a video start up automatically when I visit a site. It’d my choice whether I’d like to watch video content, thank you very much.

{ 0 comments }

Smashing Magazine Article On “Futuristic” UI’s

by Paul Sherman on August 19, 2008 · 1 comment

in Everything Else

This article has been making the rounds today. Thought I’d do my part to keep the meme alive. OK, this isn’t really a meme. But it’s an interesting little compilation of UI concepts. Of course the author cites Adaptive Path’s Mozilla Labs effort called Aurora.

My last article for UXmatters also touched on the topic of this article.? I was focusing on 3D virtual spaces and navigation. Still, I would suggest reading that article of mine if you’re interested in uncommon user interfaces.

10 Futuristic User Interfaces? ::? Monday Inspiration? ::? Smashing Magazine

Blogged with the Flock Browser

{ 1 comment }

Friends and Family – A Parable About User Experience

by Paul Sherman on February 25, 2008 · 3 comments

While setting up my newest install of Flock (the Mozilla-based social web browser), I ran across a blog posting that brought it all back home for me. A guy named Darren Barefoot wrote about the trouble his stepmother had posting pictures to Flickr.

His stepmother had some family pics she wanted to post and share with friends and family. No one could see the pictures. Turns out his stepmom had quite naturally selected “Visible to friends and family” when uploading the pics. Of course, none of the friends and family had been tagged as such in her account.

What a great example of the gulf between design and user intent and mental model.

A Parable About User Experience

Blogged with Flock

{ 3 comments }

Flock’s Gone G.A.

by Paul Sherman on November 5, 2007 · 0 comments

in Web

Or general availability as we called it in the telecom software world.

Again, go get yourself a copy. It’s the most enjoyable, highly functional web browser out there.

{ 0 comments }

Flock’s Gone Beta

by Paul Sherman on October 31, 2007 · 0 comments

in Web

Flock is no longer in pre-release, it’s 1.0bn-ware now.

You really ought to try Flock. It’s that good. Remember that feeling you had when you first loaded Netscape Navigator 1.x? Or Firefox? You’ll get that feeling, a little bit of it anyway, if you give Flock a shot. It’s really usable and very enjoyable.

{ 0 comments }

On Lifehacker – Web As Desktop: 20 Web Operating Systems Reviewed

by Paul Sherman on August 3, 2007 · 0 comments

This is a few weeks old, but I did want to point to this article. It reviews a number of “web tops”, or web-based desktops. Calling them web OS’s is a bit grandiose, but if you accept for the moment the idea that to many people, the desktop *is* the OS, then you can get by this bit of semantic overreach.

What still consistently amazes me is that so many offerings simply recreate the tired old desktop/file/folder (and now “widget”) design. Some do it better than others, but it seems like everyone is stuck in this metaphor. What happened to 3D spaces where you could organize your “stuff” in nooks and crannies? What about more integrated views of people’s frequently used data?

Web As Desktop: 20 Web operating systems reviewed – Lifehacker

Blogged with Flock

{ 0 comments }

It Really *IS* Made of Cheese!

by Paul Sherman on May 17, 2007 · 0 comments

in Web

Google Maps recently added the moon and Mars to its mapping service.

If you go to the moon version and zoom down to the highest magnification, it displays…swiss cheese. How great is that?

I am not making this up.

Damn you, Google! You make it so hard to dislike you.

http://moon.google.com/

{ 0 comments }

Flickr Has The Hiccups…

by Paul Sherman on April 26, 2007 · 1 comment

in Web


Flickr Has The Hiccups…

Similar to my earlier screengrab off of Overstock.com, here’s another error message that makes me feel like I’m dealing with humans, not robots.Thanks to Dan Szuc for pointing this one out.

{ 1 comment }