The email notification anti-pattern: a response
Give it to us. I applaud you shouting at us from a rooftop. I also hate defaulting to all notifications and agree that it was a douchebag startup move but can assure it was one made accidentally - a horrible oversight that the entire team feels bad about and will work to amend for you and the rest of our users.
We try to be a site for the common user - nothing like Facebook taking cheap shots wherever they can. I hope we haven’t forever turned you off from our site. Relaunches are hard and mistakes were made but nothing like this will happen again.
Apart from the use of the passive voice (“mistakes were made” rather than “we made mistakes”), that’s a pretty damn good response. She didn’t try to defend or justify the behaviour. That’s good.
She also asked if there was anything they could do to make it up to me. I asked if I could publish their response here. “Yeah, feel free to post”, she said.
I think it’s important that situations like this get documented. It could be especially useful for new start-ups who might be thinking about indulging in a bit of “growth hacking” (spit!) under the impression that this kind of behaviour is acceptable just because other start-ups—like Findings—implemented the email notification anti-pattern.
As Lauren said:
I think every startup manages to mess up one of these at some point in their life, either willingly or unwillingly. A clear listing of all offenses could be useful to everyone.
The purpose of this pattern library is to “name and shame” Dark Patterns and the companies that use them.
- For consumers, forewarned is fore-armed.
- For brand-owners, the bad-press associated with being named as an offender should discourage usage.
- For designers, this site provides ammunition to refuse unethical requests by our clients / bosses. (e.g. “I won’t implement opt-out defaults for the insurance upsells because that practice is considered unethical and it will get you unwanted bad press.”)
The email notification anti-pattern isn’t yet listed on the wiki. I’ll see if I can get Harry to add it.
The email notification anti-pattern
I see you have introduced some new email notifications. I have also noticed (via my newly-overstuffed inbox) that by default, these new email notifications are checked.
WHAT THE FSCK WERE YOU THINKING‽
Sorry. Sorry. I lost my temper for a moment there. And the question is rhetorical because I think I know exactly what you were thinking …“traction”, “retention”, “engagement”, yadda yadda.
I realise that many other sites also do this. That does not make it right. In fact, given the sites that already do this include such pillars of empathy as Facebook, I would say that this kind of behaviour probably has a one-to-one correlation with the douchebaggery of the site in question.
You’re better than this.
Stop. Think. Spare a thought for those of us who don’t suddenly—from one day to the next—want our inboxes spammed by emails we never opted into.
Didn’t anybody stop to think about just how intrusive this would be?
As part of the Services, you may occasionally receive email and other communications from us, such as communications relating to your Account. Communications relating to your Account will only be sent for purposes important to the Services, such as password recovery.
Contrary to appearances, I don’t want to be completely negative, so I’ve got a constructive suggestion.
How about this:
If you’re about to introduce new email notifications, and all my existing notification settings are set to “off”, perhaps you could set the new notifications to “off” as well?
All the best,
I particularly like the memetic variation of The Stallman Dialogues. There’s a real genius in the way that it quotes passages from the email verbatim.
Y’know, I’m supposed to have a Skype call with Andy sometime next week about my upcoming talk and workshop at Build (tickets are still available for the workshop, by the way). I’m very tempted to channel my inner Stallman for the duration of our conversation.
Meeting that sad animal is not an agreeable surprise.
The password anti-pattern
Design patterns are useful. They enable us as developers to encapsulate recurring interactions and refine them. From simple pagination right up to Ajax requests, patterns allow us to codify common conventions.
Inevitably, conventions can lead to a cargo cult mentality. Clients start to request
Allowing users to import contact lists from other services is a useful feature. But the means have to justify the ends. Empowering the user to import data through an authentication layer like OAuth is the correct way to export data. On the other hand, asking users to input their email address and password from a third-party site like GMail or Yahoo Mail is completely unacceptable. Here’s why:
It teaches people how to be phished.
This issue was raised by Tantek at Fundamentos Web. Rigo Wenning—privacy activity lead at the W3C—was quick to back Tantek’s position. While we can’t protect people from themselves, we have a duty not to deceive them into thinking that throwing passwords around like confetti is acceptable behaviour.
Oh, don’t worry… the terms of service for Google accounts puts the responsibility in the hands of the user:
- Your passwords and account security
- 6.1 You agree and understand that you are responsible for maintaining the confidentiality of passwords associated with any account you use to access the Services.
- 6.2 Accordingly, you agree that you will be solely responsible to Google for all activities that occur under your account.
…but this isn’t a question of legalities.
The Facebook thing isn’t a smart way of connecting members, it’s a horrible precedent that teaches users to be phished. Unfortunately that kind of feature is so prevalent now that you’d be foolish to launch a new social network without it, but from an ethical point of view it’s distinctly unpleasant.
He’s right. The issue for us as developers is a moral question. Do we blindly follow the dictates of clients looking to “add value” to their applications even when we know that the long-term effect is corrosive? I don’t think we should. We can collectively make a choice not to erode the long-term stability of our users’ data. Sure, the particular site you’re working on might not have any nefarious plans and the next site might claim to be secure, but over time we’re creating a climate conducive to cultivating honeypots.
Morality (or ethics) is not something that’s usually discussed alongside Web development. But Jeff Veen pointed me towards this great quote from Jamais Cascio’s talk at the Singularity Summity that illustrates the underlying truth:
To put it bluntly, software, like all technologies, is inherently political. Even the most disruptive technologies, the innovations and ideas that can utterly transform society, carry with them the legacies of past decisions, the culture and history of the societies that spawned them. Code inevitably reflects the choices, biases and desires of its creators.
So here’s what I’m going to do: even if it costs me a contract in the short-term, I will refuse to implement any kind of interface that involves asking the user for a password from a third-party site. I urge you to do the same. And if you feel equally strongly about this, make your thoughts known: blog about it, talk about it… you might even want to make your position clear in your terms and conditions. As the Naked Yak blog so eloquently puts it:
With the endless possibilities of the social web it is easy to fall into the trap of going for broke, applying everything in life to a particular application or piece of software that seems to enhance it. From now, I will always ask the question “Will this have a positive effect on my world?” rather than “What could I pull into this new tool?”
Update: For all the people saying
yeah, but no, but yeah, but we need access to users’ data, please read the post again and this time, pay attention to the part about OAuth. See also:
I don’t know how much clearer I can make this: the end result of exporting data is desirable; teaching users to hand over their passwords to any site that asks for them is not. There is no excuse for asking for a third-party password on your website. You’re doing it wrong. That authentication must happen on the third-party site.
Call and response
- 3 July 2007 10:37:16 BDT
- Adactio message from Michael McDonald
Mister Wong, Europe’s largest Social Bookmarking portal, is now available in English!
My name is Michael, from Mister Wong, and I am preparing the launch of the portal for the English speaking community. Your blog, Adactio, caught our eye while researching. We would, therefore, like to warmly invite you to try out Mister Wong as a beta tester.
In exchange for importing your bookmarks and feedback, you will receive a Mister Wong T-shirt and a pin set. In addition, we are also giving away an iPod Nano to one of our lucky testers.
- 3 July 2007 10:47:09 BDT
- Re: Adactio message from Michael McDonald
Great! Here’s a bookmark I’d like to share with you:
That syncing feeling
Since I started working at the Clearleft office, I’ve been using a lovely new 20 inch Intel iMac. That’s great… but it means that I now use three different machines; I have my 17 inch G4 iMac at home and my 12 inch G4 iBook for when I’m on the move. I decided that I really needed to centralise all my data.
The first step was a no-brainer: start using IMAP instead of POP for my email. This is something I should have done a long time ago but I’ve just been putting it off. I’ve got six different email accounts so I knew it would be a bit of chore.
After a few false starts and wrong turns, I got everything up and running on all three computers. Unfortunately somewhere along the way I lost a couple of emails from the last day or two.
Which reminds me…
If you’re the person who sent me an email about doing a pre-Reboot podcast interview (or if anyone else out there knows who I’m talking about), please write to me again — I lost your email but I’d love to have a chat.
With my email all set up, that left contacts and calendars. I looked into contact syncing services like Plaxo but I wasn’t all that impressed by what I saw (and tales of address book spamming really put me off). In the end, I decided to drink the Apple koolaid and get a .Mac account. I doubt I’ll make use of any of the other services on offer (I certainly don’t plan to send any electronic postcards… sheesh!) but I think it’ll be worth it just for the Address Book and iCal syncing. As an added bonus, I can also sync my Transmit favourites — a feature I didn’t know about.
I am surprised by one thing that isn’t synchronised through .Mac. There’s no option to centralise the podcasts I’m subscribed to. That still seems to be based around the model of one computer and one iPod. I would have thought it would be pretty easy to just keep an OPML file on a server somewhere and point iTunes at that to keep podcasts in sync but this doesn’t seem to be something that’s built in by default. No doubt somebody somewhere has built a plug-in to do this. If not, I guess somebody somewhere soon will.
Apart from that, I’m all set. I’m relying on Apple to store my data and my hosting provider to store my emails, but I somehow feel more secure than if I was just hoarding everything locally. I feel a bit less tied down and a bit more footloose and fancy free.
Adactio, pour homme
Dear Mr Sagen,
My sincere apologies for writing to you unannounced. My name is Arno Zimmerman and I am CEO of an Internet domain name acquisitions agency based here in Los Angeles, California.
My agency is currently engaged by a well-known Hollywood studio. The studio is producing a new action movie called The Kartooner. The movie has an all star cast, including Bruce Willis in the title role, and will be released in the fall. My client is therefore very keen to purchase the rights to the domain name kartooner.com from you.
And so on. Now, I found this particularly interesting because, just a little earlier, I found this in my inbox:
Dear Mr Keith,
My sincere apologies for writing to you unannounced. My name is Arno Zimmerman and I am CEO of an Internet domain name acquisitions agency based here in Manhattan.
My agency is currently engaged by a well-known fragrance manufacturer who will soon be launching a new product range under the brand of Adactio. Adactio is a new fragrance for men and will be marketed world-wide and on all media, including of course the Internet. My client is therefore very keen to purchase the rights to the domain name adactio.com from you.
But wait — the plot thickens. Mr. Zimmerman wrote back to Erik with some more information that movie project:
As I mentioned in my previous email, The Kartooner will star Bruce Willis in the title role. Bruce plays an impoverished artist in New York who pays his bills by drawing cartoons for the New York Times. Through a series of unfortunate accidents, Bruce’s character mistakenly becomes the target of a Mafia hit squad and must use all his wits (as well as his artistic skills) to stay alive. Needless to say I cannot divulge any further plot details.
Sounds awesome, doesn’t it? I want in.
Here’s the email I sent back:
Thanks for getting in touch. And allow me to be the first to congratulate you on your move from Los Angeles to Manhatten — and in record time, too!
Y’know, I could never imagine letting go of my domain name but the idea of a fragrance called Adactio is almost irresistible. I’m not really very money-oriented so I’m not going to name some huge price. I am, however, a huge attention whore. Therefore, all I ask is that I am the “face” of the advertising campaign for the fragrance.
It’s a win-win situation. You get your domain name, I get my face on a billboard in Times Square and sales of the fragrance will undoubtedly skyrocket.
But what would really seal the deal would be the promise of some product placement. I think I should have a part in the upcoming Kartooner movie project. Clearly, it would boost the profile of the film to have the face of Adactio featured prominently. In exchange, the movie studio should probably offer an endorsement by Bruce Willis. I’m picturing a short TV ad with Bruce speaking the tagline:
“I love the smell of Adactio in the morning. Smells like… web standards.”
By the way, what did you say the name of your company was again?
Update: Oh, man! This keeps getting better. I got a reply:
You have asked to be considered as the face of the advertising campaign for the fragrance and I will pass on your request to the advertising agencies handling the Adactio campaign. Will you please email to me a selection of photographs of yourself? As the campaign concepts feature a bare chested man, I would be grateful if you would include photographs from the waist up and of your naked chest.
As the media buying for the campaign is not yet finalized, I cannot guarantee a billboard in New York. However I do know that the poster campaign for Adactio will run across the UK, so your image will appear on several thousand London buses.
This comedic genius continues in a similar vein for a while, which prompts me to ask…
John — on second thoughts — , is that you?