I agree that the fix is not to display the full email header for the "tech savvy" people. The real fix is some kind of reliable trust mechanism where the real Venmo account gets some visual indicator (pad lock, blue check mark, etc.)
That requires all clients to agree to some kind of standard.
Better to teach people not to trust email and to check the source of truth themselves. In this case they should check their bank account and verify they received a transfer (or their venmo/zelle account etc).
Another bad UI/ux problem is advertising standards.
I had to go help my 70yo neighbour deal with Microsoft scammers after she clicked the "continue" button for her time scheduling form:
https://ibb.co/CKCbRpf
Guess where the actual continue button is?
Computers are hell for normal people. There needs to be some sort of standards both on the appearance of ads ("can't look like the flow of a page, must be ""clearly"" an ad") and the positioning of ads (must be in margins, can't use absolute positioning).
After clicking this, it takes you to a Microsoft security product page looking website, forces itself to full screen, robotic voice blaring " your computer is insecure, please step away from computer" and a pop-up telling you what number to call to sort it out.
She came knocking on my door with the Microsoft tech support on the phone. Thankfully she had problems with the run prompt, and wanted me to help. I just hung up, closed the site. And installed an ad blocker.
And then people out there who support ads on the internet as they are right now
That scheduling form example is just incredible. No ad network should allow this sort of trash. It really makes me want to walk away from computers and into a forest forever.
I disabled the personalised advertising in my Google account and it's astounding how many ads that look to me like scams are permitted on YouTube/Google's ad network.
All using the same old over dubbed Musk videos from years ago to sell me trading software which they could easily detect with their own Content ID but they choose not to.
I do weekly videocalls with my parents. My mother uses an android tablet. We've given up on zoom because the interface is too complicated for her. Currently using google duo.
Some things that stop her in her tracks:
- any control that requires a touch to activate and then disappears on a timeout - like all the controls for video apps. She takes 3-4 seconds to realize something changed and then 5 more more to start orienting herself. The controls usually disappear within 5-7 seconds.
- any surprising prompt from the os throws her into helplessness and panic - updates that need a restart, etc.
- anything that switches the focus away from the current activity. Why would android interrupt a live call with some BS, ever, is beyond me.
- communications apps show a screen with names but that's often the log of past calls or a chat. She wants to just click a name and make a call. On zoom, going to her contacts required 2 or 3 clicks which were not intuitive for her, and so she can never initiate a call.
- zoom audio needed active confirmation to connect to audio. On a tablet, where no options are available but the over-wifi audio.
- her having to slide a control in order to answer a call.
- anything that requires a reaction within 10-15 seconds
- anything that uses (even widely accepted) technical jargon.
She is not deaf or disabled nor visually impaired and yet the complexity of using this device presents serious obstacles.
These are just from the top of my head. She doesn't browse or use a computer and I'm happy for her. TV and newspaper are enough and I just don't feel good about having her navigate a world of malicious predatory dark patterns.
This makes me realize how used I am to not trusting anything online and presuming the worst by default - in order to protect myself.
I remember how about a decade ago my dad wanted me to help him with an important email. Someone had emailed him to tell him he won a lottery in Britain. It took me a lot of effort to explain to him that it is a scam, that they've emailed everyone, automatically, (to him a simple email takes half an hour so he can't imagine so much effort going into a scam) and that despite them knowing his name... they don't really know him.
The asymmetrical nature of malicious activity online is so... dishartening.
Heck, I'm a lifelong-computer-obsessed software engineer in my 30's and almost all those bullet points have an adverse or frustrating effect for me as well. I am "purposely lazy" and spend as little effort as possible deciphering user interfaces. There's simply zero excuse for non-intuitive software anymore. I refuse to expend my valuable time and cognitive energy making up for the shortcomings of a software vendor, and it regularly surprises/disappoints me just how much effort people expend in that way.
In my opinion, it's practically an insult to provide software or a "service" that essentially demands the person interacting with it slog through countless arcane or obtuse interfaces which could have been totally simple, concise and straightforward. There have been literal decades of prior art on subtly nudging a user through the most obvious and "least surprising" ways to complete their intended task.
> - zoom audio needed active confirmation to connect to audio.
I don't know if it's just me, but even as an "IT person", I never understood this "connect to audio" phrase, I just learnt that it is required for calls...
To protect them from accidentally speaking their mind, mentioning things that might get them in trouble if the other side hears it. to prevent this, Zoom (and others) ask you to click to open the mic. It's a GDPR thing: The default setting in most tools is that the user has to actively switch on their camera and microphone when they begin to participate.
Auto-muting new users is not the issue (every reasonable video chat software does this). The problem is that in Zoom you have to "join audio" before hearing anything. I guess they do this since you could in principle also join the call by phone. Anyway, this behavior is extremely confusing for inexperienced users.
I could add a lot more items and annoyances on my own. That makes me wonder, why don't we have some global list of iOS, Android, Macos, Windows and Browser usability issues?
That's what happens when IT companies hire people that know how to invert a binary tree but know jack crap about UI/UX and human interaction (or you know, about just what it takes to make a call)
Also Zoom on PC is usable, Zoom on phones is awful
Those people (software engineers) aren’t making the decisions around the product in larger companies. These are done by Product Managers and UX Specialists/Designers.
They (mostly) don't make the bigger decisions, bigger design choices, true
But for minor stuff/fixes it's easy to slip something that's awkward or not very usable.
Or a legacy interface is still being used (because the developer thought it out - since the company was smaller, or a specific screen was overlooked) and that's not a great interface
That may be the case in companies without proper responsibility distinction but in those with (usually the bigger ones), not even small decisions are made solely by software engineers. They are always double checked by the Product Management because any requested change has to come from the Product Management and has to be signed-off by them. In a company like Zoom everything you are seeing in the UI isn’t the result of something that slipped through solely by the engineer but was reviewed and thought out by multiple people who don’t touch the code.
>zoom audio needed active confirmation to connect to audio. On a tablet, where no options are available but the over-wifi audio.
It is annoying they ask it every time but there is, in fact, a different option: option to call your phone (which most people have) which could have lower latency and higher reliability. I have succesfully used it in places where internet is spotty but adding an extra step to join a call is too much.
If Google Duo stops working out, we've had great experience using meet.jit.si with my wife's great-aunt. She's in her mid-80s, and English is her second language. We set up a room months ago and sent her the link, and each time we talk weekly she goes to the same place, clicks the same link, and the whole thing just works for her. It was simple enough that we were able to walk through setup over the phone (we're on the West Coast, the great aunt is in Germany).
No ads (just checked with an adblocker turned off), and the same link always dumps you in the same always-active room. As a bonus the whole thing is open source.
No, I don't work for them or have any interest whatsoever other than being a happy user.
I also tried a setup with meet.jit.si for my parents. As you did, I set up a 'permanent' room where everyone in the extended family could connect at any time. Then I set up a Raspberry Pi connected to one HDMI port on their TV, and I used one of those Logitech cams with a built-in mic which I placed near the TV, and connected to another HDMI port on the Pi. I set up Chromium to start automatically, in kiosk mode, and to go directly to the Jitsi room.
Finally I used a little relay board connected to a couple of GPIO pins on the Pi and programmed that to turn off and on the Pi. The relay board was remote controlled (infrared, worked fine). I used a small, but not too small, remote control with one single big red button. When a scheduled or agreed (maybe by a phone call) meeting was due, my father pressed the button and the TV switched to the Pi HDMI (turning on the TV if it wasn't already on), showing the Jitsi room. With maybe grandchildren and great-grandchildren, and my parents could just sit in their chairs and watch and talk via the TV. When finished my father pressed the button again, and I had programmed the Pi, as part of its shutdown sequence, to switch the TV to the other, normal HDMI port. It's possible to command the TV to switch inputs, via commands to HDMI, unfortunately it's not possible to switch to antenna input but my parents were on cable and used an HDMI port for that. So with this setup they would go from the Jitsi room to whatever they were watching before. Though the TV would be left on even if it was off before they connected - I didn't find a way to control the TV that detailed.
This worked well, as far as it went, the issue I had was that it wasn't practically possible to set up a power supply for that little relay board so I used a couple of 9V batteries instead. But it turned out that the board would suck the batteries empty in no time. So, as a prototype, it worked, but I would have to make a proper power supply for that to be fully useful. After a few months my parents had to move to a care home so the project was put on a shelf.
(Too late to edit - a small error there. The Logitech cam was of course connected to a USB port on the Pi. The two HDMI connections in question were two ports on the TV, one with the Pi as source, the other with the normal cable box as input)
That sounds so fantastic. This would be a great productd for a startup. Just a small box, USB-C powered, which performs these easy simple tasks, but absolutely reliable and a pleasure to use. Perhaps like 4 buttons, nicely differently colored or labeled, for several rooms. I am thinking, people had never troubles operating their TVs when they just had buttons for a few stations and the volume.
Even as a software delveloper, I would be delighted to use that, for the elegance of the concept and not having to dig through menues, toolbars and whatever else.
She is not deaf or disabled nor visually impaired and yet the complexity of using this device presents serious obstacles.
I'm an experienced developer in the software industry and some of the stuff you mention still catches me off-guard --- especially the whole "disappearing controls" thing. https://news.ycombinator.com/item?id=24965293
IMO controls that require some kind of time-related action (e.g., magically disappearing popups and buttons that hide themselves) should violate accessibility standards.
Agreed; I think games --- especially ones where realtime reaction is required --- are the only acceptable use of such controls. Otherwise they're just a really unpleasant "race condition".
Many of the things you describe, describe my mother to a tee.
She uses an iPad, but progressively Apple has complicated the interface to fit in more and more features, which has made it harder and harder for her to use the device simply.
---
One recent example is the Notes app, which today includes folders, tags, and many other fancy features. I only discovered recently that she had still been using the app as though she did the day she started using Notes, which must've been c. iOS 6. She didn't even notice the top-left "< Folders" button.
Apple's design language is "Clean" and "Modern", but often fails to convey to non-technical users that a even a button is...a button, since iOS/iPadOS use colored text with no background to convey that something is a button.
---
One other example was a mistake I made while configuring a web browser for her. I absent-mindedly turned on "Hide panels automatically", and it wasn't until I figured out what my mother meant when she complained "SOMETHING POPS OUT AND THEN JUST VANISHES" of what I had done wrong.
I carefully coached my husband's 85 year old aunt in how to look at the pictures she took on her iPhone and then send the ones she wants printed to our shared album. She had the steps meticulously written out. She was good to go!
Then Apple changed the UI a little bit. I can't begin to explain it to her over the phone in my second language, because for starters, I don't have a non-updated device to be able to compare and find the exact difference. I felt a bit of a jar and was able to roll with it, but couldn't tell you what the difference is exactly.
LTS (guaranteed non-change for existing features, at the cost of possibly not getting all new features) for UI would be amazing.
And do not get me started on the drama involved in an iOS major version update and the requisite iCloud password entry to even start the phone. She has the password written down, but since it's helpfully hidden as she types, she can't see that she was a letter off or missed a shift. I ended up sending her to the Vodafone corporate store with her password and 3 reset answers to have one of them type it in for her, as we're on the other side of the country, and she kind of needed to be able to make and take phone calls.
Stylish has clearly taken priority over functional in mainstream tech design.
I just got a new Android phone that iterated 1 version in the operating system and product. The old phone had a persistent triangle symbol to press for "back". Now that symbol is gone and I'm supposed to swipe from the edge of the screen for the same "back" function. Except, lots of apps use a similar motion for other functions, including Firefox for closing tabs. So, now I'm constantly swiping a few milimeters too close to the screen edge and going "back" when I want to close a tab, with few clear visual clues as to what is going wrong. This is just 1 of many UI fails on the new phone, very frustrating for me and I would guess extremely and unnecessarily confusing for "normal" people.
My Samsung XCover has physical keys for back/home/switch task and that'll be a hard requirement for any future phones I'll even consider. Can't patch those out without really wanting to fuck me over.
I suppose outdated features like good grip and removable battery are a bit much to ask for.
People don't have time to dig into usability details, instead they get an app because it gives a nice looking first impression? Could "rewards" in a company work in similar ways -- impressing managers with sth nice looking?
It’s not just a “old” people problem… unless I’m old, 40 does feel old.
The UI on most mobile devices are terrible in one way or another. There are zero discoverability, things will hide, lock, block or disappear with no clear way of getting back.
Often I feel it’s easier to go to the computer. As an example: I cannot use the banking app on the phone anymore. In an attempt to make it easier to use, they hid/removed the features I used, such as “how much is in my account right now?” or “pay a bill”. That stuff is now hidden in a complex menu system. I can manage the MasterCard I don’t have though.
Designing good UI is an incredible skill, one that few people gave, and one even fewer are willing to pay for.
> Designing good UI is an incredible skill, one that few people gave, and one even fewer are willing to pay for.
I don't think it's even just that. If any of these companies did usability tests they'd discover quickly enough that their designs don't work. I guess they just don't bother.
I have worked in software development since the mid 90s, often freelance so I've probably been at 20-30 companies in total. All of these companies produced software that had some sort of UI. I think only a single time was any usability testing done, i.e. get a normal person sat in front of the software and get them to perform a task and see if they can figure it out on their own. Normally the process is that the designer asserts that this particular way is best, and that's the way it gets implemented and that's what the customer gets to use.
Reading Alan Cooper's "About Face: The Essentials of Interaction Design" made a big impression on me; UI work is really fascinating and rewarding, but it is honoured almost exclusively in the breach thesedays. I can understand companies knocking up intranet based applications for limited internal use cost-cutting, but in many cases these are massive corporations rolling out atrocious UIs to the public.
Part of the problem imo is that everyone thinks "how hard can it be?" and that they have good ideas for UI design. They therefore aren't interested in reading Cooper or submitting their brainwaves to even peer scrutiny.
When Mom was still alive, I installed the tvOS beta profile on her iPad mini 4 to prevent it from receiving updates, so that the interface wouldn't change out from under her (she'd already transitioned from Android to iOS and I didn't want to have to keep teaching her the new UI changes). Wouldn't have been so bad if we had the ability to install whatever version of iOS we wanted.
I'm not defending Apple, but tech-oriented users have always been pushing for more features.
The question is should there be a middle ground between keeping the product trivially simple, or cramming an increasing amount of features to satisfy power users. Either extreme works well for a specific subset of Apple's user base; a middle ground is more prone to leaving everybody confused and/or unsatisfied.
I have zero UI design experience so can't really chime in. Maybe a toggle option inside a menu that swaps app modes? Leave it off and you have a very basic Notes app; toggle it and you get all the bells and whistles, tags, folders, parsing... But this totally causes the problem you describe in your last paragraph.
Many UIs today are objectively bad and unintuitive (like the Gmail example in the article). UIs should always strive to eliminate the "don't know what you don't know" quadrant: common sense should be enough to navigate the system safely. Perfect examples are the Gmail example in the article, or the "hanging up the phone doesn't hang up the phone" problem of landlines[0] where you can do "everything right" and still get scammed. The judgment metric here is whether a decently intelligent people could fall victims to these; they can, so they're objectively bad UIs. They violate common sense.
Then there's another group, that severely struggles with computing abstractions. (These can be perfectly smart people in other areas). They can have slightly degraded motor skills and end up swiping or tapping inadvertently and getting lost. The kind of people that thinks a locked phone is "turned off". That get confused when Control Center or Notification Center show up, because the swipe was inadvertent and they don't understand the abstraction ("where did my video go?").
It is utterly impossible to design the same UI for this group of people and for everyone else. For them, you'd ideally permanently dedicate a fifth of the screen to a never-changing menu, with common operations (copy, paste, switch app, see notifications, check email, find app). For most people, menu bars would be terrible on phones and tablets since they'd need to be always visible, and big enough to be tappable, and would waste collosal screen space; but some people would prefer that.
The UI would need to have a permanent banner that explicitly labels the UI context, essentially a "permanent tutorial mode" that explains computing abstractions, for example with a banner that says "YOU ARE CURRENTLY VIEWING RECENT NOTIFICATIONS. [GO BACK]" (otherwise, you get inadvertent swipes, and "hey, where'd my video go!").
Designing "one UI for everybody" is hopeless. This is an obvious accessibility issue; and I don't understand why no company is building optional "tutorial modes" into their UIs since I'd assume the amount of people struggling with computers is a lot higher than the amount of blind or paralyzed people.
My pet peeves are icons. I am sick and tired of button actions being communicated with a meaningless set of pictograms I have never seen before. Give. Me. Text.
I'm with you there. Having spent so much time on the command line, it's so much more straightforward to just have a label that plainly describes what something is or does.
As I understand it, imagery is (ideally supposed to be) language agnostic, like the "icons" for events at the Olympics, though it doesn't always work out as intended.
It's unfortunate that designers have since removed all textures/colors/depths from icons, leaving us with basic lines and shapes, and the result isn't pleasant to look at and very tough to recognize.
The idea is, that text is great when you come to the UI for the first time. But, as you use the software every day, it's slow to read the text, so your eye becomes accustomed to the icons and you can use them as a shortcut to save yourself having to read the text. The icons should all be different shapes (as the eye sees the outline of a shape the quickest), be different color (but not only different colors as some people are color blind). I think this used to be common UI knowledge but I remember reading it in design guidelines for the original Mac OS X 10.0.
Somehow this has all gone wrong through: no text so the first time you use it you've no idea what the icons mean, they are all the same color and pretty much the same shape so you don't even get the speed of recognition.
And all of these problems are well documented, researched and have viable solutions (if anyone from Apple needs help, hire me :)
So either the design team is ignoring 20 plus years of research or they just don’t know what they are doing.
My go to design manifesto is making any screen idiot proof. Mistakes can always be made, but you can safely back out from it and you always understand the consequences (aka you learn)
This is why they published new ones this year. Samples floating on the internets seem to hint at lack of concrete examples, though, and in macOS Ventura they reportedly don’t even adhere to the new guidelines.
At least one AdTech company I know of has a policy against advertising assets that look like buttons or other UI elements, and require any ad image to include the branding of the business being advertised. That's just one of many AdTech brokers, and the biggest ones have no such scruples.
This. Always check the app directly, never rely on email, SMS, of phone calls.
Though sadly, on some (most? all?) platforms, even that isn’t a guarantee, as some forms of payment can be rescinded. Or, the notice is communicated as “received” when it’s really more like “requested and processing” (much like banks crediting you for a deposited check, even though it takes weeks for a check to fully clear).
Literally the first thing I did when selling stuff on ebay. Would verify that payment actually went through. I did have a couple people message saying they 'paid'. I'm sure it works just enough to be worth the trouble.
I got scammed around $3000 because stripe sent me an email saying “payment received”, but it was actually processing, and it was eventually declined.
So I gave away the goods thinking everything was good to go.
When it bounced, I rang up and complained and they did nothing, just shrugged it off.
Story ends like this though: caught the thief with the Stripe IP audit log, police raided his house, found hundreds of other items but I never managed to recoup the loss, because mine was gone. I still think that it was Stripes fault because the UX on the email (even the green banner) made it seem like everything was good to go.
(I routinely tell everyone to avoid Stripe now and go with PayPal, someone from Stripe feel free to reach out and change my mind ..)
Holy sh*t - that is horrible and a lot of money. Things like this should be advertised on the Payment company site with big red text. And describe each type of scam and a count of those.
Because I lodged it as site theft (due to them sending a courier to pick it up), and skipped the cyber division.
When I lodged the report (in person at the police station), I was able to find the courier job on Airtasker and provide the police with the phone number of an exec at Airtasker that I reached out to, and with the job ID and the IP address of the organiser who was using card fraud (from Stripe). They took the case straight away because there was a strong witness (the courier) and a strong lead on the organiser due to building IP trace from the telco (a young kid living in their parents basement).
It took them only about 2 weeks to get a permit to raid. The IP trace was essential because they had the courier deliver it to a fake address in a nearby suburb, where they impersonated the householder.
In this particular case, did the card billing address and shipping address match?
If you were selling high dollar electronic items or similar online, in my opinion it would be reckless to not implement that as a firm policy, which is fairly standard with high fraud risk vendors such as for photography equipment.
As a purchaser, I know that I've been on the customer side of this many times, ensuring that whatever small, high value electronic thing that I was purchasing from a certain vendor was being shipped to the address which is also set up for my bank and credit card bill.
I have often purchased items online asking for them to be delivered to my parents' address, or the address of a friend, or my work address. If a site has not offered this option, I would have found another, no doubt about that. So, as a customer, I think it would be reckless to require me to have the same billing and shipping address.
PayPal is absolutely 10000 times worse than Stripe, it's ridiculous to recommend them over basically any other payment processing service. They are the worst.
Stripe is a shitty company. They openly discriminate against LGBT-oriented businesses by describing such businesses as "adult services" and withdrawing service. A favourite hangout almost had to close its doors recently due to this crap.
I also ran into issues with Stripe, as their automated systems flagged my business as fraudulent and there was no way to call them or get a fast response.
Obviously I don’t know the details of Stripe or your particular transaction, but in general payment systems tend to be extremely eventually consistent. (This is partly for historical reasons, and partly because they’re designed for robust interoperability and so fall back to resolving problems with phone calls between banks.)
Payment providers generally have heuristics to mark transactions as successful when there’s a high chance they’ve been finalized, but unfortunately this sometimes fails. In theory the final arbiter is the court system, but obviously that also has its limitations, as you encountered.
TLDR: It’s annoying, but I’m not sure any other provider would have actually done any better here.
Hmm, my biggest issue with Stripe was verifying my account while living in one country, while being a national of, and having a company registered in another. Their system just thinks that if your company is in one country, your home address must naturally be as well.
I doubt seeing "onlinevenmoforwarderserver@gmail.com" would raise any red flags for your average non tech savy person that gets scammed, so making it more visible probably wont help that many people. And people that are able to tell if a mail adress is legit probably already knows how to expand that "sender's adress"
No, on the contrary I think seeing it would be a red flag, especially if the user has been seeing what Venmo's real email address looks like and has become accustomed to it.
People notice things if you give them the chance to, and they will learn from it too. Removing things so they don't notice will only keep them ignorant. Here's an interesting comment tree related to that, around the similar subject of hiding URLs: https://news.ycombinator.com/item?id=23516774
We are so focused on "simplifying" everything... to what end? Maybe it's actually good for people to learn the thing they're using to some degree rather than hiding the functionality away because it "looks cleaner".
Email UI is getting particularly bad. Trying to copy and paste email addresses is absolutely ridiculously hard. Oftentimes programs don't even understand the mailto: text that they insist on placing on clipboards.
And then there's the challenging of displaying the actual email address rather than just the label, which is usually a name. It's ridiculously bad UI and any program manager that tries to hide the simple and necessary email addresses, that we type and use, and are the closest thing to "security" that is possible with an incredibly secure system... well those program managers are not doing their jobs and are causing great pain in the world.
My father avoided using any kind of computers until he was 68. The we got him an Android tablet. Not the best choice to be honest, but it's too late, he got used to it. He's now 77 and he still cannot distinguish what's part of Android OS, what's part of some application or what's just a web page in browser. All the popups confuse and overwhelm him. Somehow he still manages to take some photos of his plants and watches ton of YouTube. It's both fascinating and terrifying to watch him use his tablet. I do sometimes wonder how he'd adapt to UI like Windows 95/XP Classic.
That's the thing about people who aren't "into" tech, they have no idea what all this terminology is. What the hell is an OS, an app, a browser, a website? My grandma was completely shocked when I told her that some $100 phone she saw at the mall behaves exactly the same as her $1000 Samsung flagship whatever. To her, the whole phone is just run by Samsung. If you start telling people like her to always check the domain name in the email sender field, she won't even ask, "what's a domain name," she'll ask, "what's email? You mean the Yahoo button on my phone?"
This might be a slight aside but I can't STAND "toggles".
Weather it's green or red, it's often not even labelled what green means or what red means. Like when you see these COOKIE screens. If you don't click Accept All you click "Adjust Choices" And then you see a bunch of toggles that look either all on or all off. But they are simply labelled with "Targeted Cookies", "Personal Cookies"... But if it's ON does that mean YES Block such cookies. Or is ON mean "Allow these cookies".
Really confusing.
It's not like they're going to try to fix that either.
My basic assumption is that with online marketplaces, you inevitably get scammed. As a seller you get scammed out of your item, as a buyer you get scammed out of your money.
The platforms hide behind an EULA, the police are both disinterested and powerless. I've reverted back to good ol' "Meet me at $place, bring cash." Preferably picking a place like the police station lobby.
Yep. I use Facebook to sell things. Mostly by necessity - Craigslist seems to have dropped way off in popularity while also increased in amount of scam/spam. But, I use local groups. Might take a bit longer to sell, but cash in hand, no shipping shenanigans, etc. One benefit of living near a city vs a smaller town, I guess.
Just FYI, but that email is faked. By default, gmail will only show logos for senders automatically for domains with verified BIMI certificates. Since that's obviously not the case here, the only other way is to add the gmail address to your contacts and manually set an image for that contact. Or I guess the logo could have been added to the screenshot. In any case, rather misleading.
Without that Venmo logo the whole scam is rather obvious. But hey, anything for clicks I guess.
Edit: Also obvious from the times of the screenshots. The email was received at 9:47am, the screenshot not showing the logo was taken at 9:49am. The screenshots showing the venmo logo however weren't taken until 2:23pm and 2:50pm.
I agree with this. The UI is moving more and more towards not showing URLs, emails, addresses, and other things that might clue a non-savvy user into being duped. But who do we complain to? They (FAANG, etc) are doing this to increase usage and profits, right?
Would a non-savvy user realize "venmoforward@gmail.com" is not a reasonable source address for a message that otherwise looks like it comes from Venmo?
I think the whole principle of "anyone who knows your email address / phone number can contact you" was already obsolete over 20 years ago. Access to my inbox and ringer should be by revocable invitation only.
> Would a non-savvy user realize "venmoforward@gmail.com" is not a reasonable source address for a message that otherwise looks like it comes from Venmo?
Email campaigns from companies are a mess. Even the company I work for sends official emails out from addresses at numerous 3rd party domains each using different mail servers. They often go out with verbiage nearly identical to what I see in phishing emails. They've contained links that point to URL shorteners or some other random 3rd party site that we don't own with URLs full of unintelligible tracking info.
I deal with phishing issues almost every day. Most of the time phishing emails are pretty obvious, but I've had customers ask me if an email claiming to come from the company I work for was legitimate and even after looking over the message and the headers I couldn't give a clear answer. I've had several talks with marketing about it, and I've managed to catch a few horrific communications before they went out, but they aren't willing to stop sending from or linking to third parties.
Even first party domains can be a problem if…uh…certain departments get a hold of the email address. I’ve definitely been I meetings that go something like:
Developer: Does anyone know why helpdesk@company.com is being flagged as a spam address? All of our customers are saying our support emails are ending up in their spam folder.
Marketing guy: Yeah does anyone know why our support and advertising emails are being marked as spam?
I hate how hard Slack makes it to copy a damn username. I get messages from people and try to look them up in the corporate directory but at some point it is just easier to type it in.
I don't know if there's an equivalent on other OSs, but in most browsers in Windows if you hold down Alt you can select text in an otherwise clickable link.
But this is what I hate most about Slack specifically and Electron in general. It’s so obviously a web app shoved into what kinda looks like a native window. But all the behavior is webpagey, except not in my browser, which I already know how to use.
Here’s a fun one:
Click in the conversation history panel. Use your “select all” shortcut. Despair.
Why not just use the webpage? I've only ever used Slack (and Mattermost, which my work uses) in my browser, and I'm not sure what reasons there could be to install the app when it's just a less convenient container for the same content.
> Would a non-savvy user realize "venmoforward@gmail.com" is not a reasonable source address for a message that otherwise looks like it comes from Venmo?
In many cases, no. They simply see that it has Venmo (or whatever) in it and assume it must be legit.
I've tried to explain this exact thing a few times. Not even sure I managed to get them to understand that a big company wouldn't use Gmail, but rather their own domain.
If they know what Venmo's real address is, because presumably they would've already seen the real emails many times, then the sudden change of address could be noticed and arouse some suspicion. As it is, without that hint, they are even less likely to notice.
I really doubt the basis of this argument. Arguably, there is something to be learned with any new technology and any expectation to the contrary may be rather illusionary. E.g., with the postal system, how do you know that Paris, Texas, is not Paris, France, when you ignore those "technical" bits like "Texas" and "France"? (But, when these were mentioned in conversation, you could infer this from context, but now, on the letter envelope, there's no such context provided at all!) Turns out, most people were able to cope with these "technical" challenges and some aspects of this were even taught in school (how to write an address). Most people are even able to memorize the ZIP codes most important to them.
Arguably, email addresses are (much) simpler to parse than postal addresses (including thing's like c/o, post boxes, etc.)
There's a difference between that and correctly guessing that a specific address belongs to a scammer. Also fake letters from the IRS etc. are a thing and people still fall for it.
Detecting scams like this is a skill and some people - like elderly or disabled people - just aren't good at it. It doesn't help that some legit businesses are officially using gmail/hotmail/whatever addresses.
I'd say, 99.x% of the scam or fishing attempts I receive are easily detectable by the email address. E.g., a fairly accurate rendition of the bank CI, even with an appropriate text, an email clear name in accordance with the bank, but something like "<_petra167fghj@unknownserver.com>" as the email address. The problem being, it's exactly that part, which gives the scam away, that is hidden by the common email client.
The URL move is more nuanced than that, no? If you look at how modern browsers decide what to show you in the address bar, they often try to show you the hard-to-fake bit instead of the whole url, so you see notreallygoogle.com instead of google.com.search.q.notreallygoogle.com or notreallygoogle.com/http://google.com and similarly you’ll see the punycode if the browser thinks the domain name may be trying to look like another one with confusables.
I agree the email situation isn’t great but it is also more complicated: lots of legitimate companies send emails via third parties or otherwise want to put a name quite different from the email (e.g. mail chimp but also google docs comments appear to come from the commenter rather than some big id email address), so it isn‘t as simple as showing the full address only and users may learn to ignore the full address if it is fully of random-looking letters/digits. And email protocols complicate it further because there are ways in which the from field may not even match the actual sender, though that isn’t such a problem with gmail. I definitely do hope things will improve, however.
This is a good point. It's become typical for companies to use different email sending domains.
What we really should be doing is automating what I do when I get an email from a new domain that might be legit. Look up the DNS info so I can confirm it's the company they say they are.
Domain names are just fundamentally displayed wrong - the left to right reading order doesn't prioritise the right information.
"com.google" is what you need to see since it tells you who's really in charge of the content.
Particularly on mobile where I'm writing this I currently can see at most "news.ycombinator.co..." in the address bar. Could be a lot after that, how would I know at a glance?
Google and Mozilla could make substantial progress on this today by just showing an extra bit with the start of a domain name in right-to-left reading order.
Some time ago, I read an interview with Tim Berners-Lee (I can't find the interview anymore, though) in which he said that if he could go back in time, he would reverse the URLs, starting from the top-level domain. Just like newsgroup hierarchies.
> They (FAANG, etc) are doing this to increase usage and profits, right?
Yes. They're obfuscating the mechanisms that can be used to assess trustworthiness so they can sell it back to us as some kind of reputation or verification product.
Email is a perfect example. If the from address wasn't moved around, hidden, and obfuscated, it would be easy to tell people "make sure Venmo emails are from @venmo.com" and that's the thing everyone would look for. Instead, there's an entire generation of people that don't know how to identify a from address and it opens the door to a paid verification platform instead.
To me, Gmail these days feels more and more like it's been designed by somebody who don't actually use email.
In this case, the top priority should be display name, (verified) source address and time of reception. The To and BCC line is not that important, thus can be folded under description such as "To you and another...".
I hear that product design in Google is data driven, I'm not really sure what UX data Gmail team has been consuming.
Especially in email, the clear name is rather a comment. Showing just the comment instead of the real data is negligent, at best.
(It's actually quite the opposite of what is going on with URLs, where everything is suppressed but the core domain name. Here, the originating domain and user is suppressed. It's more like showing the document title in the location field.)
The preference for real names in email clients is actually quite annoying. E.g., some of my clients are using institutional email addresses, which are used and processed by multiple real-person users with associated clear names. Every time, I mail to one of these addresses (not addressing anyone in particular, but rather to whom these may concern, which is the expressed purpose of these addresses), I've to go back to the address and to discard the auto-filled, nonsensical clear name (which may be the person using that address, I received mail from last). In some email clients, this may involve multiple steps, as they really want to show a clear name and a clear name only.
Notice the ridiculous amount of whitespace in the UI? They clearly could have shown the full address but they don't. That's why I think stuff like this is entirely deliberate. They don't want you to think. They want you to live in a world where they make all the decisions for you --- and decide in the way that benefits them the most, not you. They want to filter out scam emails for you, they want to control your life. The phrase "don't make me think" is common in UX, but in reality, what they're aiming for is "don't let me think". Hiding everything and making it harder to discover the details is precisely to discourage it.
...or at least that's my theory, but there's plenty of evidence.
That's cute, but I am more concerned about losing my phone, which contains so many MFA means. If that happens, I'm not sure I will be able to prove I exist and that I am who I am.
And even if you don't lose your phone, you should dread the near impossibility of ascertaining the authenticity of anyone sending you text messages, which are so often used as poor-man MFA devices.
This is typically what happens when UX designers come up with a "beautiful" design, and test it in a small UX study with 5-10 people to get it approved. IMO, when you have a product with millions or billions of users, you have to assume that most users are not technically savvy and need to be hand held through your UX to avoid issues like OP shared.
A large email provider like Gmail could probably train a network to find emails that look similar to an official brand (start with payment providers). The client could warn the user that "Warning! This email looks a lot like it is trying to impersonate a different brand".
Since a view years United Internet (mail.com, gmx.de, web.de) verifies some big players. So a email from Paypal, eBay or Postbank is visibly different from a standard email. (In the Web and App UI. Of course not if you use IMAP.) IIRC it has a individual icon and a green boarder.
(I don't know whether there is a standard behind it or if it is some kind of manual certificate pinning.)
google, for all its money, makes shitty shitty UI, and not only is it shitty, it feels like its made specifically to make your life worse. lemme explain:
1. Gmail on phones -not only are there tons of minor design inconsistencies, oversight like what this article shows, theres also no effective way to organise your messages. there's an option to open calendar on the bottom of the hamburger menu (also inconsistent, this menu got removed from some other Google apps) it only works with Google calendar.
(cont'd, pressed send by mistake)
ang i couldn't find the option to make or remove new labels in the app. alternative is TwoBird, much easier to use imo
2. phone - while this app is majorly okay, I am super annoyed by the giant list of ways to contact a person that hangs just under a contact.. (things like message with whatsapp, call with whatsapp, video call etc with all the different apps. its clutter, rather just have an option to open in app) doesn't really need an alternative tbh it's good enough
3. calendar. i hate this app. from the bottom of my heart. its impossible to delete all the instances of a recurring event, doesn't have a decent monthly view. clicking on an event in the view doesn't open it (why?), changing the time never works on all the instances of a recurring task, some reminders just appear twice? it's unusable. alternative-install an open source calendar from fdroid. those are better. and you can export your data easily.
4. calculator. it seems to think in stupid. big bold buttons (okay, should be optional tho) taking up most of the screen, can't do anything remotely complex. no way to plot stuff, theres lag on the UI. its just freaking dumb and no one asked for it.
5. photos. welp, promised me free storage forever. used all my data to train some AI models. then took back the storage. this one's on me I guess.
6. drive. slow and filled with needless animations no one asked for. really basic things are missing or hand to find. can't open a terminal to edit files. alternative sync thing, a self hosted server.
Bad UI? Criminal UI! I often have to stop using any software other than my development tools because consumer UI design is so riddled with dark UI patterns I get far too emotional about the mass deception I see taking place.
Software UI design is a legal frontier waiting to be cracked, and many corporations-as-people are going to jail and/or be shut down when this train gets rolling. Back when Prohibition had bathtub gin making people blind is the same type of crap taking place today with fraudulent and simply stupidly designed user interfaces.
I am skeptical that showing the sender address would prevent scams like this, because I suspect that relatively few people who would get tricked by this scam are likely to figure it out based on noticing the full sender address.
I agree that more information is generally better, except that people often learn to ignore extraneous information in UIs, and in most cases the full address of the sender is not important.
And what makes these scams successful may not be lack of information in the UI, but something else. For example, users not recognizing the significance of the sender's address, or not paying attention to it at all. People have never been good at recognizing email scams, which is why detecting them before they get into the user's inbox is the best solution I know of.
The author may be right, but I would not take it for granted, and would want to see some research done to support this.
gerash | 3 years ago
I agree that the fix is not to display the full email header for the "tech savvy" people. The real fix is some kind of reliable trust mechanism where the real Venmo account gets some visual indicator (pad lock, blue check mark, etc.)
bentcorner | 3 years ago
That requires all clients to agree to some kind of standard.
Better to teach people not to trust email and to check the source of truth themselves. In this case they should check their bank account and verify they received a transfer (or their venmo/zelle account etc).
solardev | 3 years ago
Gmail has this for PayPal but seemingly nothing else. Shrug.
userbinator | 3 years ago
No. The less we rely on Big Tech to think for us, the better.
layer8 | 3 years ago
That worked well for websites…
bvrmn | 3 years ago
And what did happen? Why EV is not used anymore?
darkerside | 3 years ago
Yeah EV is something between a joke and a scam
jwilk | 3 years ago
Browsers stopped displaying EV indicators in the URL bar. Barely anyone noticed.
https://duo.com/decipher/chrome-and-firefox-removing-ev-cert...
krade | 3 years ago
that's what BIMI certificates are for.
einpoklum | 3 years ago
throwawaysleep | 3 years ago
With all the credulous idiots out there, I consider scams just bug bounties on stupidity at this point.
drekipus | 3 years ago
Another bad UI/ux problem is advertising standards.
I had to go help my 70yo neighbour deal with Microsoft scammers after she clicked the "continue" button for her time scheduling form: https://ibb.co/CKCbRpf
Guess where the actual continue button is?
Computers are hell for normal people. There needs to be some sort of standards both on the appearance of ads ("can't look like the flow of a page, must be ""clearly"" an ad") and the positioning of ads (must be in margins, can't use absolute positioning).
After clicking this, it takes you to a Microsoft security product page looking website, forces itself to full screen, robotic voice blaring " your computer is insecure, please step away from computer" and a pop-up telling you what number to call to sort it out.
She came knocking on my door with the Microsoft tech support on the phone. Thankfully she had problems with the run prompt, and wanted me to help. I just hung up, closed the site. And installed an ad blocker.
And then people out there who support ads on the internet as they are right now
Vinnl | 3 years ago
This is why one of the first things I do when I get access to a less technical person's device is install an ad blocker. As a security measure.
prawn | 3 years ago
That scheduling form example is just incredible. No ad network should allow this sort of trash. It really makes me want to walk away from computers and into a forest forever.
cube00 | 3 years ago
I disabled the personalised advertising in my Google account and it's astounding how many ads that look to me like scams are permitted on YouTube/Google's ad network.
All using the same old over dubbed Musk videos from years ago to sell me trading software which they could easily detect with their own Content ID but they choose not to.
andrei_says_ | 3 years ago
I do weekly videocalls with my parents. My mother uses an android tablet. We've given up on zoom because the interface is too complicated for her. Currently using google duo.
Some things that stop her in her tracks:
- any control that requires a touch to activate and then disappears on a timeout - like all the controls for video apps. She takes 3-4 seconds to realize something changed and then 5 more more to start orienting herself. The controls usually disappear within 5-7 seconds.
- any surprising prompt from the os throws her into helplessness and panic - updates that need a restart, etc.
- anything that switches the focus away from the current activity. Why would android interrupt a live call with some BS, ever, is beyond me.
- communications apps show a screen with names but that's often the log of past calls or a chat. She wants to just click a name and make a call. On zoom, going to her contacts required 2 or 3 clicks which were not intuitive for her, and so she can never initiate a call.
- zoom audio needed active confirmation to connect to audio. On a tablet, where no options are available but the over-wifi audio.
- her having to slide a control in order to answer a call.
- anything that requires a reaction within 10-15 seconds
- anything that uses (even widely accepted) technical jargon.
She is not deaf or disabled nor visually impaired and yet the complexity of using this device presents serious obstacles.
These are just from the top of my head. She doesn't browse or use a computer and I'm happy for her. TV and newspaper are enough and I just don't feel good about having her navigate a world of malicious predatory dark patterns.
This makes me realize how used I am to not trusting anything online and presuming the worst by default - in order to protect myself.
I remember how about a decade ago my dad wanted me to help him with an important email. Someone had emailed him to tell him he won a lottery in Britain. It took me a lot of effort to explain to him that it is a scam, that they've emailed everyone, automatically, (to him a simple email takes half an hour so he can't imagine so much effort going into a scam) and that despite them knowing his name... they don't really know him.
The asymmetrical nature of malicious activity online is so... dishartening.
amatecha | 3 years ago
Heck, I'm a lifelong-computer-obsessed software engineer in my 30's and almost all those bullet points have an adverse or frustrating effect for me as well. I am "purposely lazy" and spend as little effort as possible deciphering user interfaces. There's simply zero excuse for non-intuitive software anymore. I refuse to expend my valuable time and cognitive energy making up for the shortcomings of a software vendor, and it regularly surprises/disappoints me just how much effort people expend in that way.
In my opinion, it's practically an insult to provide software or a "service" that essentially demands the person interacting with it slog through countless arcane or obtuse interfaces which could have been totally simple, concise and straightforward. There have been literal decades of prior art on subtly nudging a user through the most obvious and "least surprising" ways to complete their intended task.
KORraN | 3 years ago
> - zoom audio needed active confirmation to connect to audio.
I don't know if it's just me, but even as an "IT person", I never understood this "connect to audio" phrase, I just learnt that it is required for calls...
digitalengineer | 3 years ago
It's there to protect users. They need to give consent to open the audio channel. As a usability / ux person, this one feature I actually like.
fsh | 3 years ago
Protect them from what? Being able to listen to the call?
digitalengineer | 3 years ago
To protect them from accidentally speaking their mind, mentioning things that might get them in trouble if the other side hears it. to prevent this, Zoom (and others) ask you to click to open the mic. It's a GDPR thing: The default setting in most tools is that the user has to actively switch on their camera and microphone when they begin to participate.
fsh | 3 years ago
Auto-muting new users is not the issue (every reasonable video chat software does this). The problem is that in Zoom you have to "join audio" before hearing anything. I guess they do this since you could in principle also join the call by phone. Anyway, this behavior is extremely confusing for inexperienced users.
digitalengineer | 3 years ago
Ah, thanks for clarifying, I completely agree.
faebi | 3 years ago
I could add a lot more items and annoyances on my own. That makes me wonder, why don't we have some global list of iOS, Android, Macos, Windows and Browser usability issues?
raverbashing | 3 years ago
That's what happens when IT companies hire people that know how to invert a binary tree but know jack crap about UI/UX and human interaction (or you know, about just what it takes to make a call)
Also Zoom on PC is usable, Zoom on phones is awful
siva7 | 3 years ago
Those people (software engineers) aren’t making the decisions around the product in larger companies. These are done by Product Managers and UX Specialists/Designers.
raverbashing | 3 years ago
They (mostly) don't make the bigger decisions, bigger design choices, true
But for minor stuff/fixes it's easy to slip something that's awkward or not very usable.
Or a legacy interface is still being used (because the developer thought it out - since the company was smaller, or a specific screen was overlooked) and that's not a great interface
siva7 | 3 years ago
That may be the case in companies without proper responsibility distinction but in those with (usually the bigger ones), not even small decisions are made solely by software engineers. They are always double checked by the Product Management because any requested change has to come from the Product Management and has to be signed-off by them. In a company like Zoom everything you are seeing in the UI isn’t the result of something that slipped through solely by the engineer but was reviewed and thought out by multiple people who don’t touch the code.
shikoba | 3 years ago
Someone failed a whiteboard interview?
madars | 3 years ago
>zoom audio needed active confirmation to connect to audio. On a tablet, where no options are available but the over-wifi audio.
It is annoying they ask it every time but there is, in fact, a different option: option to call your phone (which most people have) which could have lower latency and higher reliability. I have succesfully used it in places where internet is spotty but adding an extra step to join a call is too much.
js4ever | 3 years ago
"I am to not trusting anything online and presuming the worst by default" ... It's exactly the same IRL ...
margalabargala | 3 years ago
If Google Duo stops working out, we've had great experience using meet.jit.si with my wife's great-aunt. She's in her mid-80s, and English is her second language. We set up a room months ago and sent her the link, and each time we talk weekly she goes to the same place, clicks the same link, and the whole thing just works for her. It was simple enough that we were able to walk through setup over the phone (we're on the West Coast, the great aunt is in Germany).
No ads (just checked with an adblocker turned off), and the same link always dumps you in the same always-active room. As a bonus the whole thing is open source.
No, I don't work for them or have any interest whatsoever other than being a happy user.
Tor3 | 3 years ago
I also tried a setup with meet.jit.si for my parents. As you did, I set up a 'permanent' room where everyone in the extended family could connect at any time. Then I set up a Raspberry Pi connected to one HDMI port on their TV, and I used one of those Logitech cams with a built-in mic which I placed near the TV, and connected to another HDMI port on the Pi. I set up Chromium to start automatically, in kiosk mode, and to go directly to the Jitsi room.
Finally I used a little relay board connected to a couple of GPIO pins on the Pi and programmed that to turn off and on the Pi. The relay board was remote controlled (infrared, worked fine). I used a small, but not too small, remote control with one single big red button. When a scheduled or agreed (maybe by a phone call) meeting was due, my father pressed the button and the TV switched to the Pi HDMI (turning on the TV if it wasn't already on), showing the Jitsi room. With maybe grandchildren and great-grandchildren, and my parents could just sit in their chairs and watch and talk via the TV. When finished my father pressed the button again, and I had programmed the Pi, as part of its shutdown sequence, to switch the TV to the other, normal HDMI port. It's possible to command the TV to switch inputs, via commands to HDMI, unfortunately it's not possible to switch to antenna input but my parents were on cable and used an HDMI port for that. So with this setup they would go from the Jitsi room to whatever they were watching before. Though the TV would be left on even if it was off before they connected - I didn't find a way to control the TV that detailed.
This worked well, as far as it went, the issue I had was that it wasn't practically possible to set up a power supply for that little relay board so I used a couple of 9V batteries instead. But it turned out that the board would suck the batteries empty in no time. So, as a prototype, it worked, but I would have to make a proper power supply for that to be fully useful. After a few months my parents had to move to a care home so the project was put on a shelf.
Tor3 | 3 years ago
(Too late to edit - a small error there. The Logitech cam was of course connected to a USB port on the Pi. The two HDMI connections in question were two ports on the TV, one with the Pi as source, the other with the normal cable box as input)
_ph_ | 3 years ago
That sounds so fantastic. This would be a great productd for a startup. Just a small box, USB-C powered, which performs these easy simple tasks, but absolutely reliable and a pleasure to use. Perhaps like 4 buttons, nicely differently colored or labeled, for several rooms. I am thinking, people had never troubles operating their TVs when they just had buttons for a few stations and the volume.
Even as a software delveloper, I would be delighted to use that, for the elegance of the concept and not having to dig through menues, toolbars and whatever else.
userbinator | 3 years ago
She is not deaf or disabled nor visually impaired and yet the complexity of using this device presents serious obstacles.
I'm an experienced developer in the software industry and some of the stuff you mention still catches me off-guard --- especially the whole "disappearing controls" thing. https://news.ycombinator.com/item?id=24965293
bentcorner | 3 years ago
IMO controls that require some kind of time-related action (e.g., magically disappearing popups and buttons that hide themselves) should violate accessibility standards.
userbinator | 3 years ago
Agreed; I think games --- especially ones where realtime reaction is required --- are the only acceptable use of such controls. Otherwise they're just a really unpleasant "race condition".
Ruq | 3 years ago
Many of the things you describe, describe my mother to a tee.
She uses an iPad, but progressively Apple has complicated the interface to fit in more and more features, which has made it harder and harder for her to use the device simply.
---
One recent example is the Notes app, which today includes folders, tags, and many other fancy features. I only discovered recently that she had still been using the app as though she did the day she started using Notes, which must've been c. iOS 6. She didn't even notice the top-left "< Folders" button.
Apple's design language is "Clean" and "Modern", but often fails to convey to non-technical users that a even a button is...a button, since iOS/iPadOS use colored text with no background to convey that something is a button.
---
One other example was a mistake I made while configuring a web browser for her. I absent-mindedly turned on "Hide panels automatically", and it wasn't until I figured out what my mother meant when she complained "SOMETHING POPS OUT AND THEN JUST VANISHES" of what I had done wrong.
MandieD | 3 years ago
I carefully coached my husband's 85 year old aunt in how to look at the pictures she took on her iPhone and then send the ones she wants printed to our shared album. She had the steps meticulously written out. She was good to go!
Then Apple changed the UI a little bit. I can't begin to explain it to her over the phone in my second language, because for starters, I don't have a non-updated device to be able to compare and find the exact difference. I felt a bit of a jar and was able to roll with it, but couldn't tell you what the difference is exactly.
LTS (guaranteed non-change for existing features, at the cost of possibly not getting all new features) for UI would be amazing.
And do not get me started on the drama involved in an iOS major version update and the requisite iCloud password entry to even start the phone. She has the password written down, but since it's helpfully hidden as she types, she can't see that she was a letter off or missed a shift. I ended up sending her to the Vodafone corporate store with her password and 3 reset answers to have one of them type it in for her, as we're on the other side of the country, and she kind of needed to be able to make and take phone calls.
unyttigfjelltol | 3 years ago
Stylish has clearly taken priority over functional in mainstream tech design.
I just got a new Android phone that iterated 1 version in the operating system and product. The old phone had a persistent triangle symbol to press for "back". Now that symbol is gone and I'm supposed to swipe from the edge of the screen for the same "back" function. Except, lots of apps use a similar motion for other functions, including Firefox for closing tabs. So, now I'm constantly swiping a few milimeters too close to the screen edge and going "back" when I want to close a tab, with few clear visual clues as to what is going wrong. This is just 1 of many UI fails on the new phone, very frustrating for me and I would guess extremely and unnecessarily confusing for "normal" people.
phonepostingsux | 3 years ago
My Samsung XCover has physical keys for back/home/switch task and that'll be a hard requirement for any future phones I'll even consider. Can't patch those out without really wanting to fuck me over.
I suppose outdated features like good grip and removable battery are a bit much to ask for.
leaflets2 | 3 years ago
Stylish sells better? Or why does it happen?
People don't have time to dig into usability details, instead they get an app because it gives a nice looking first impression? Could "rewards" in a company work in similar ways -- impressing managers with sth nice looking?
mrweasel | 3 years ago
It’s not just a “old” people problem… unless I’m old, 40 does feel old.
The UI on most mobile devices are terrible in one way or another. There are zero discoverability, things will hide, lock, block or disappear with no clear way of getting back.
Often I feel it’s easier to go to the computer. As an example: I cannot use the banking app on the phone anymore. In an attempt to make it easier to use, they hid/removed the features I used, such as “how much is in my account right now?” or “pay a bill”. That stuff is now hidden in a complex menu system. I can manage the MasterCard I don’t have though.
Designing good UI is an incredible skill, one that few people gave, and one even fewer are willing to pay for.
adrianmsmith | 3 years ago
> Designing good UI is an incredible skill, one that few people gave, and one even fewer are willing to pay for.
I don't think it's even just that. If any of these companies did usability tests they'd discover quickly enough that their designs don't work. I guess they just don't bother.
I have worked in software development since the mid 90s, often freelance so I've probably been at 20-30 companies in total. All of these companies produced software that had some sort of UI. I think only a single time was any usability testing done, i.e. get a normal person sat in front of the software and get them to perform a task and see if they can figure it out on their own. Normally the process is that the designer asserts that this particular way is best, and that's the way it gets implemented and that's what the customer gets to use.
tragomaskhalos | 3 years ago
Reading Alan Cooper's "About Face: The Essentials of Interaction Design" made a big impression on me; UI work is really fascinating and rewarding, but it is honoured almost exclusively in the breach thesedays. I can understand companies knocking up intranet based applications for limited internal use cost-cutting, but in many cases these are massive corporations rolling out atrocious UIs to the public.
Part of the problem imo is that everyone thinks "how hard can it be?" and that they have good ideas for UI design. They therefore aren't interested in reading Cooper or submitting their brainwaves to even peer scrutiny.
LocalH | 3 years ago
When Mom was still alive, I installed the tvOS beta profile on her iPad mini 4 to prevent it from receiving updates, so that the interface wouldn't change out from under her (she'd already transitioned from Android to iOS and I didn't want to have to keep teaching her the new UI changes). Wouldn't have been so bad if we had the ability to install whatever version of iOS we wanted.
Packofbezens | 3 years ago
I'm not defending Apple, but tech-oriented users have always been pushing for more features.
The question is should there be a middle ground between keeping the product trivially simple, or cramming an increasing amount of features to satisfy power users. Either extreme works well for a specific subset of Apple's user base; a middle ground is more prone to leaving everybody confused and/or unsatisfied.
I have zero UI design experience so can't really chime in. Maybe a toggle option inside a menu that swaps app modes? Leave it off and you have a very basic Notes app; toggle it and you get all the bells and whistles, tags, folders, parsing... But this totally causes the problem you describe in your last paragraph.
concinds | 3 years ago
There's two problems.
Many UIs today are objectively bad and unintuitive (like the Gmail example in the article). UIs should always strive to eliminate the "don't know what you don't know" quadrant: common sense should be enough to navigate the system safely. Perfect examples are the Gmail example in the article, or the "hanging up the phone doesn't hang up the phone" problem of landlines[0] where you can do "everything right" and still get scammed. The judgment metric here is whether a decently intelligent people could fall victims to these; they can, so they're objectively bad UIs. They violate common sense.
Then there's another group, that severely struggles with computing abstractions. (These can be perfectly smart people in other areas). They can have slightly degraded motor skills and end up swiping or tapping inadvertently and getting lost. The kind of people that thinks a locked phone is "turned off". That get confused when Control Center or Notification Center show up, because the swipe was inadvertent and they don't understand the abstraction ("where did my video go?").
It is utterly impossible to design the same UI for this group of people and for everyone else. For them, you'd ideally permanently dedicate a fifth of the screen to a never-changing menu, with common operations (copy, paste, switch app, see notifications, check email, find app). For most people, menu bars would be terrible on phones and tablets since they'd need to be always visible, and big enough to be tappable, and would waste collosal screen space; but some people would prefer that.
The UI would need to have a permanent banner that explicitly labels the UI context, essentially a "permanent tutorial mode" that explains computing abstractions, for example with a banner that says "YOU ARE CURRENTLY VIEWING RECENT NOTIFICATIONS. [GO BACK]" (otherwise, you get inadvertent swipes, and "hey, where'd my video go!").
Designing "one UI for everybody" is hopeless. This is an obvious accessibility issue; and I don't understand why no company is building optional "tutorial modes" into their UIs since I'd assume the amount of people struggling with computers is a lot higher than the amount of blind or paralyzed people.
[0]: https://bc.ctvnews.ca/beware-of-the-delayed-disconnect-phone...
kmeisthax | 3 years ago
My pet peeves are icons. I am sick and tired of button actions being communicated with a meaningless set of pictograms I have never seen before. Give. Me. Text.
mxhdotlol | 3 years ago
I'm with you there. Having spent so much time on the command line, it's so much more straightforward to just have a label that plainly describes what something is or does.
As I understand it, imagery is (ideally supposed to be) language agnostic, like the "icons" for events at the Olympics, though it doesn't always work out as intended.
wolpoli | 3 years ago
It's unfortunate that designers have since removed all textures/colors/depths from icons, leaving us with basic lines and shapes, and the result isn't pleasant to look at and very tough to recognize.
adrianmsmith | 3 years ago
The idea is, that text is great when you come to the UI for the first time. But, as you use the software every day, it's slow to read the text, so your eye becomes accustomed to the icons and you can use them as a shortcut to save yourself having to read the text. The icons should all be different shapes (as the eye sees the outline of a shape the quickest), be different color (but not only different colors as some people are color blind). I think this used to be common UI knowledge but I remember reading it in design guidelines for the original Mac OS X 10.0.
Somehow this has all gone wrong through: no text so the first time you use it you've no idea what the icons mean, they are all the same color and pretty much the same shape so you don't even get the speed of recognition.
prox | 3 years ago
And all of these problems are well documented, researched and have viable solutions (if anyone from Apple needs help, hire me :)
So either the design team is ignoring 20 plus years of research or they just don’t know what they are doing.
My go to design manifesto is making any screen idiot proof. Mistakes can always be made, but you can safely back out from it and you always understand the consequences (aka you learn)
imron | 3 years ago
> So either the design team is ignoring 20 plus years of research or they just don’t know what they are doing
The design team has been ignoring Apple’s own HCI guidelines for years now
WesolyKubeczek | 3 years ago
This is why they published new ones this year. Samples floating on the internets seem to hint at lack of concrete examples, though, and in macOS Ventura they reportedly don’t even adhere to the new guidelines.
Guidelines for thee, but not for me, I guess.
prox | 3 years ago
I would love to see the workflow of the design team offices and how they work.
cratermoon | 3 years ago
At least one AdTech company I know of has a policy against advertising assets that look like buttons or other UI elements, and require any ad image to include the branding of the business being advertised. That's just one of many AdTech brokers, and the biggest ones have no such scruples.
foogazi | 3 years ago
Why not check your Venmo account instead of email ?
bombardier6789 | 3 years ago
Indeed this is what I thought after reading the article. While there is a point to the article, it misses the basics entirely.
Internet makes a lot of things easier, losing money included.
alistairSH | 3 years ago
This. Always check the app directly, never rely on email, SMS, of phone calls.
Though sadly, on some (most? all?) platforms, even that isn’t a guarantee, as some forms of payment can be rescinded. Or, the notice is communicated as “received” when it’s really more like “requested and processing” (much like banks crediting you for a deposited check, even though it takes weeks for a check to fully clear).
dawnerd | 3 years ago
Literally the first thing I did when selling stuff on ebay. Would verify that payment actually went through. I did have a couple people message saying they 'paid'. I'm sure it works just enough to be worth the trouble.
[OP] samemail88 | 3 years ago
Some non techie users might not think to do that since they received what appears a legitimate email from Venmo.
aetherspawn | 3 years ago
I got scammed around $3000 because stripe sent me an email saying “payment received”, but it was actually processing, and it was eventually declined.
So I gave away the goods thinking everything was good to go.
When it bounced, I rang up and complained and they did nothing, just shrugged it off.
Story ends like this though: caught the thief with the Stripe IP audit log, police raided his house, found hundreds of other items but I never managed to recoup the loss, because mine was gone. I still think that it was Stripes fault because the UX on the email (even the green banner) made it seem like everything was good to go.
(I routinely tell everyone to avoid Stripe now and go with PayPal, someone from Stripe feel free to reach out and change my mind ..)
barbarbar | 3 years ago
Holy sh*t - that is horrible and a lot of money. Things like this should be advertised on the Payment company site with big red text. And describe each type of scam and a count of those.
hackernewds | 3 years ago
It's mind blowing that the police responded to your complaint. May we ask how you managed this?
aetherspawn | 3 years ago
Because I lodged it as site theft (due to them sending a courier to pick it up), and skipped the cyber division.
When I lodged the report (in person at the police station), I was able to find the courier job on Airtasker and provide the police with the phone number of an exec at Airtasker that I reached out to, and with the job ID and the IP address of the organiser who was using card fraud (from Stripe). They took the case straight away because there was a strong witness (the courier) and a strong lead on the organiser due to building IP trace from the telco (a young kid living in their parents basement).
It took them only about 2 weeks to get a permit to raid. The IP trace was essential because they had the courier deliver it to a fake address in a nearby suburb, where they impersonated the householder.
walrus01 | 3 years ago
In this particular case, did the card billing address and shipping address match?
If you were selling high dollar electronic items or similar online, in my opinion it would be reckless to not implement that as a firm policy, which is fairly standard with high fraud risk vendors such as for photography equipment.
As a purchaser, I know that I've been on the customer side of this many times, ensuring that whatever small, high value electronic thing that I was purchasing from a certain vendor was being shipped to the address which is also set up for my bank and credit card bill.
tsimionescu | 3 years ago
I have often purchased items online asking for them to be delivered to my parents' address, or the address of a friend, or my work address. If a site has not offered this option, I would have found another, no doubt about that. So, as a customer, I think it would be reckless to require me to have the same billing and shipping address.
throwawaysleep | 3 years ago
Isn’t PayPal pretty notorious for being a good fraud tool because it is so consumer friendly?
phito | 3 years ago
PayPal is absolutely 10000 times worse than Stripe, it's ridiculous to recommend them over basically any other payment processing service. They are the worst.
deepspace | 3 years ago
Stripe is a shitty company. They openly discriminate against LGBT-oriented businesses by describing such businesses as "adult services" and withdrawing service. A favourite hangout almost had to close its doors recently due to this crap.
hackernewds | 3 years ago
This seems like a tagging mistake by a model or human tbh than a widespread policy
edwinwee | 3 years ago
Would you be able to email me at edwin@stripe.com about what happened here?
yifanl | 3 years ago
Hah, is this some type of meta commentary about bad UI/UX in the service industry?
phist_mcgee | 3 years ago
Could you please email me at p.mcgee@meta.com to discuss your UX complaint further?
xena | 3 years ago
Could you please have this sentence make you breathe manually?
shikoba | 3 years ago
What is a LGBT-oriented business? LGBT is about sexuality, hence...
janmarsal | 3 years ago
Do they also discriminate against LGBT-oriented businesses that don't meddle with adult services such as porn and prostitution?
edwinwee | 3 years ago
Hm, sorry about this. Could you email me at edwin@stripe.com? Would like figure out what went wrong here.
AussieWog93 | 3 years ago
I also ran into issues with Stripe, as their automated systems flagged my business as fraudulent and there was no way to call them or get a fast response.
Ended up switching to these guys in Melbourne, never looked back: https://pinpayments.com
wolfgang42 | 3 years ago
Obviously I don’t know the details of Stripe or your particular transaction, but in general payment systems tend to be extremely eventually consistent. (This is partly for historical reasons, and partly because they’re designed for robust interoperability and so fall back to resolving problems with phone calls between banks.)
Payment providers generally have heuristics to mark transactions as successful when there’s a high chance they’ve been finalized, but unfortunately this sometimes fails. In theory the final arbiter is the court system, but obviously that also has its limitations, as you encountered.
TLDR: It’s annoying, but I’m not sure any other provider would have actually done any better here.
ShroudedNight | 3 years ago
If a payment provider makes definitive statements about the status of a payment they should be required to carry full liability for correctness.
xwdv | 3 years ago
You have convinced me to never use Stripe and I will share this story to people in the future as to why.
bombcar | 3 years ago
Stripe has reinvented check clearing fraud, how wonderful :(
Aeolun | 3 years ago
Hmm, my biggest issue with Stripe was verifying my account while living in one country, while being a national of, and having a company registered in another. Their system just thinks that if your company is in one country, your home address must naturally be as well.
shultays | 3 years ago
I doubt seeing "onlinevenmoforwarderserver@gmail.com" would raise any red flags for your average non tech savy person that gets scammed, so making it more visible probably wont help that many people. And people that are able to tell if a mail adress is legit probably already knows how to expand that "sender's adress"
userbinator | 3 years ago
No, on the contrary I think seeing it would be a red flag, especially if the user has been seeing what Venmo's real email address looks like and has become accustomed to it.
People notice things if you give them the chance to, and they will learn from it too. Removing things so they don't notice will only keep them ignorant. Here's an interesting comment tree related to that, around the similar subject of hiding URLs: https://news.ycombinator.com/item?id=23516774
wildrhythms | 3 years ago
100%
We are so focused on "simplifying" everything... to what end? Maybe it's actually good for people to learn the thing they're using to some degree rather than hiding the functionality away because it "looks cleaner".
mulmen | 3 years ago
Simplifying makes learning easier. But there is a limit. The problem starts when the simplification removes critical functionality.
epistasis | 3 years ago
Email UI is getting particularly bad. Trying to copy and paste email addresses is absolutely ridiculously hard. Oftentimes programs don't even understand the mailto: text that they insist on placing on clipboards.
And then there's the challenging of displaying the actual email address rather than just the label, which is usually a name. It's ridiculously bad UI and any program manager that tries to hide the simple and necessary email addresses, that we type and use, and are the closest thing to "security" that is possible with an incredibly secure system... well those program managers are not doing their jobs and are causing great pain in the world.
jeff_vader | 3 years ago
My father avoided using any kind of computers until he was 68. The we got him an Android tablet. Not the best choice to be honest, but it's too late, he got used to it. He's now 77 and he still cannot distinguish what's part of Android OS, what's part of some application or what's just a web page in browser. All the popups confuse and overwhelm him. Somehow he still manages to take some photos of his plants and watches ton of YouTube. It's both fascinating and terrifying to watch him use his tablet. I do sometimes wonder how he'd adapt to UI like Windows 95/XP Classic.
nmilo | 3 years ago
That's the thing about people who aren't "into" tech, they have no idea what all this terminology is. What the hell is an OS, an app, a browser, a website? My grandma was completely shocked when I told her that some $100 phone she saw at the mall behaves exactly the same as her $1000 Samsung flagship whatever. To her, the whole phone is just run by Samsung. If you start telling people like her to always check the domain name in the email sender field, she won't even ask, "what's a domain name," she'll ask, "what's email? You mean the Yahoo button on my phone?"
coding123 | 3 years ago
This might be a slight aside but I can't STAND "toggles".
Weather it's green or red, it's often not even labelled what green means or what red means. Like when you see these COOKIE screens. If you don't click Accept All you click "Adjust Choices" And then you see a bunch of toggles that look either all on or all off. But they are simply labelled with "Targeted Cookies", "Personal Cookies"... But if it's ON does that mean YES Block such cookies. Or is ON mean "Allow these cookies".
Really confusing.
It's not like they're going to try to fix that either.
userbinator | 3 years ago
In that example, I agree that it is probably deliberate.
I still do not understand why designers don't like checkboxes.
nikanj | 3 years ago
My basic assumption is that with online marketplaces, you inevitably get scammed. As a seller you get scammed out of your item, as a buyer you get scammed out of your money.
The platforms hide behind an EULA, the police are both disinterested and powerless. I've reverted back to good ol' "Meet me at $place, bring cash." Preferably picking a place like the police station lobby.
alistairSH | 3 years ago
Yep. I use Facebook to sell things. Mostly by necessity - Craigslist seems to have dropped way off in popularity while also increased in amount of scam/spam. But, I use local groups. Might take a bit longer to sell, but cash in hand, no shipping shenanigans, etc. One benefit of living near a city vs a smaller town, I guess.
niceWokr8 | 3 years ago
What was the technical excuse for people getting scammed before UI?
Has anyone considered the real scam is using people like monkeys pushing UI buttons for carrot sticks?
krade | 3 years ago
Just FYI, but that email is faked. By default, gmail will only show logos for senders automatically for domains with verified BIMI certificates. Since that's obviously not the case here, the only other way is to add the gmail address to your contacts and manually set an image for that contact. Or I guess the logo could have been added to the screenshot. In any case, rather misleading.
Without that Venmo logo the whole scam is rather obvious. But hey, anything for clicks I guess.
Edit: Also obvious from the times of the screenshots. The email was received at 9:47am, the screenshot not showing the logo was taken at 9:49am. The screenshots showing the venmo logo however weren't taken until 2:23pm and 2:50pm.
readingnews | 3 years ago
I agree with this. The UI is moving more and more towards not showing URLs, emails, addresses, and other things that might clue a non-savvy user into being duped. But who do we complain to? They (FAANG, etc) are doing this to increase usage and profits, right?
svachalek | 3 years ago
Would a non-savvy user realize "venmoforward@gmail.com" is not a reasonable source address for a message that otherwise looks like it comes from Venmo?
I think the whole principle of "anyone who knows your email address / phone number can contact you" was already obsolete over 20 years ago. Access to my inbox and ringer should be by revocable invitation only.
autoexec | 3 years ago
> Would a non-savvy user realize "venmoforward@gmail.com" is not a reasonable source address for a message that otherwise looks like it comes from Venmo?
Email campaigns from companies are a mess. Even the company I work for sends official emails out from addresses at numerous 3rd party domains each using different mail servers. They often go out with verbiage nearly identical to what I see in phishing emails. They've contained links that point to URL shorteners or some other random 3rd party site that we don't own with URLs full of unintelligible tracking info.
I deal with phishing issues almost every day. Most of the time phishing emails are pretty obvious, but I've had customers ask me if an email claiming to come from the company I work for was legitimate and even after looking over the message and the headers I couldn't give a clear answer. I've had several talks with marketing about it, and I've managed to catch a few horrific communications before they went out, but they aren't willing to stop sending from or linking to third parties.
Pulcinella | 3 years ago
Even first party domains can be a problem if…uh…certain departments get a hold of the email address. I’ve definitely been I meetings that go something like:
Developer: Does anyone know why helpdesk@company.com is being flagged as a spam address? All of our customers are saying our support emails are ending up in their spam folder.
Marketing guy: Yeah does anyone know why our support and advertising emails are being marked as spam?
Developer: …never mind.
kmeisthax | 3 years ago
The documentation for Mailgun specifically asks you to send transactional and marketing e-mails from separate subdomains for precisely this reason.
It still doesn't justify companymarketing.com and companyhelpdesk.com though.
mulmen | 3 years ago
I hate how hard Slack makes it to copy a damn username. I get messages from people and try to look them up in the corporate directory but at some point it is just easier to type it in.
delecti | 3 years ago
I don't know if there's an equivalent on other OSs, but in most browsers in Windows if you hold down Alt you can select text in an otherwise clickable link.
paradoja | 3 years ago
Verifying that it works in Firefox in Linux (with Gnome and with Sway, in case that matters). Thanks a lot for this!
mulmen | 3 years ago
Ctrl-click on a mac at least gives the option.
But this is what I hate most about Slack specifically and Electron in general. It’s so obviously a web app shoved into what kinda looks like a native window. But all the behavior is webpagey, except not in my browser, which I already know how to use.
Here’s a fun one:
Click in the conversation history panel. Use your “select all” shortcut. Despair.
delecti | 3 years ago
Why not just use the webpage? I've only ever used Slack (and Mattermost, which my work uses) in my browser, and I'm not sure what reasons there could be to install the app when it's just a less convenient container for the same content.
tsimionescu | 3 years ago
Maybe, maybe not, but they still have a much better thane than when it comes from "Venmo Support".
donatzsky | 3 years ago
> Would a non-savvy user realize "venmoforward@gmail.com" is not a reasonable source address for a message that otherwise looks like it comes from Venmo?
In many cases, no. They simply see that it has Venmo (or whatever) in it and assume it must be legit.
I've tried to explain this exact thing a few times. Not even sure I managed to get them to understand that a big company wouldn't use Gmail, but rather their own domain.
userbinator | 3 years ago
If they know what Venmo's real address is, because presumably they would've already seen the real emails many times, then the sudden change of address could be noticed and arouse some suspicion. As it is, without that hint, they are even less likely to notice.
navjack27 | 3 years ago
Was that the old principal? The one I've always ascribed to was "if you didn't initiate the communication then don't respond to it"
masswerk | 3 years ago
I really doubt the basis of this argument. Arguably, there is something to be learned with any new technology and any expectation to the contrary may be rather illusionary. E.g., with the postal system, how do you know that Paris, Texas, is not Paris, France, when you ignore those "technical" bits like "Texas" and "France"? (But, when these were mentioned in conversation, you could infer this from context, but now, on the letter envelope, there's no such context provided at all!) Turns out, most people were able to cope with these "technical" challenges and some aspects of this were even taught in school (how to write an address). Most people are even able to memorize the ZIP codes most important to them.
Arguably, email addresses are (much) simpler to parse than postal addresses (including thing's like c/o, post boxes, etc.)
alpaca128 | 3 years ago
There's a difference between that and correctly guessing that a specific address belongs to a scammer. Also fake letters from the IRS etc. are a thing and people still fall for it.
Detecting scams like this is a skill and some people - like elderly or disabled people - just aren't good at it. It doesn't help that some legit businesses are officially using gmail/hotmail/whatever addresses.
masswerk | 3 years ago
I'd say, 99.x% of the scam or fishing attempts I receive are easily detectable by the email address. E.g., a fairly accurate rendition of the bank CI, even with an appropriate text, an email clear name in accordance with the bank, but something like "<_petra167fghj@unknownserver.com>" as the email address. The problem being, it's exactly that part, which gives the scam away, that is hidden by the common email client.
someweirdperson | 3 years ago
> Arguably, email addresses are (much) simpler to parse than postal addresses (including thing's like c/o, post boxes, etc.)
Both are equally easy to fake. The difference is sending fake bulk postal mail is much more expensive than email.
dan-robertson | 3 years ago
The URL move is more nuanced than that, no? If you look at how modern browsers decide what to show you in the address bar, they often try to show you the hard-to-fake bit instead of the whole url, so you see notreallygoogle.com instead of google.com.search.q.notreallygoogle.com or notreallygoogle.com/http://google.com and similarly you’ll see the punycode if the browser thinks the domain name may be trying to look like another one with confusables.
I agree the email situation isn’t great but it is also more complicated: lots of legitimate companies send emails via third parties or otherwise want to put a name quite different from the email (e.g. mail chimp but also google docs comments appear to come from the commenter rather than some big id email address), so it isn‘t as simple as showing the full address only and users may learn to ignore the full address if it is fully of random-looking letters/digits. And email protocols complicate it further because there are ways in which the from field may not even match the actual sender, though that isn’t such a problem with gmail. I definitely do hope things will improve, however.
darkerside | 3 years ago
This is a good point. It's become typical for companies to use different email sending domains.
What we really should be doing is automating what I do when I get an email from a new domain that might be legit. Look up the DNS info so I can confirm it's the company they say they are.
XorNot | 3 years ago
Domain names are just fundamentally displayed wrong - the left to right reading order doesn't prioritise the right information.
"com.google" is what you need to see since it tells you who's really in charge of the content.
Particularly on mobile where I'm writing this I currently can see at most "news.ycombinator.co..." in the address bar. Could be a lot after that, how would I know at a glance?
Google and Mozilla could make substantial progress on this today by just showing an extra bit with the start of a domain name in right-to-left reading order.
reddalo | 3 years ago
Some time ago, I read an interview with Tim Berners-Lee (I can't find the interview anymore, though) in which he said that if he could go back in time, he would reverse the URLs, starting from the top-level domain. Just like newsgroup hierarchies.
navjack27 | 3 years ago
Edge seems to be doing things right in that department. On my phone I see the whole URL and the lock indicating https.
thiht | 3 years ago
Same on Safari.
If I add more subdomains, it still displays the label and the extension in priority, the additional subdomains are faded and hidden on the left.
This seems sane to me.
donmcronald | 3 years ago
> They (FAANG, etc) are doing this to increase usage and profits, right?
Yes. They're obfuscating the mechanisms that can be used to assess trustworthiness so they can sell it back to us as some kind of reputation or verification product.
Email is a perfect example. If the from address wasn't moved around, hidden, and obfuscated, it would be easy to tell people "make sure Venmo emails are from @venmo.com" and that's the thing everyone would look for. Instead, there's an entire generation of people that don't know how to identify a from address and it opens the door to a paid verification platform instead.
nirui | 3 years ago
To me, Gmail these days feels more and more like it's been designed by somebody who don't actually use email.
In this case, the top priority should be display name, (verified) source address and time of reception. The To and BCC line is not that important, thus can be folded under description such as "To you and another...".
I hear that product design in Google is data driven, I'm not really sure what UX data Gmail team has been consuming.
someweirdperson | 3 years ago
> The To and BCC line is not that important
bcc in inbound mails?
0xbadcafebee | 3 years ago
> But who do we complain to?
I mean, you don't. You stop using their company, and you let them and everyone else know why. Vote with your dollars or with your feet.
masswerk | 3 years ago
Especially in email, the clear name is rather a comment. Showing just the comment instead of the real data is negligent, at best.
(It's actually quite the opposite of what is going on with URLs, where everything is suppressed but the core domain name. Here, the originating domain and user is suppressed. It's more like showing the document title in the location field.)
masswerk | 3 years ago
The preference for real names in email clients is actually quite annoying. E.g., some of my clients are using institutional email addresses, which are used and processed by multiple real-person users with associated clear names. Every time, I mail to one of these addresses (not addressing anyone in particular, but rather to whom these may concern, which is the expressed purpose of these addresses), I've to go back to the address and to discard the auto-filled, nonsensical clear name (which may be the person using that address, I received mail from last). In some email clients, this may involve multiple steps, as they really want to show a clear name and a clear name only.
lynndotpy | 3 years ago
This reminds me of the baffling decision when Windows started hiding file extensions by default.
jwilk | 3 years ago
Out of interest, do they still do that?
userbinator | 3 years ago
Yes.
Forge36 | 3 years ago
What year was that?
jml7c5 | 3 years ago
I believe it changed with Windows XP, so 2001.
(Oh my, has it really been that long?)
timw4mail | 3 years ago
It was earlier, ME or 90 SE.
jml7c5 | 3 years ago
You're right! My mistake.
userbinator | 3 years ago
Windows 95.
LASR | 3 years ago
Google has been completely infuriating over the last few years.
It’s email. They hide the forward and reply all behind multiple clicks. Where is the Subject? CC? BCC?
I get that grandpa and grandma benefit from removing some extra functionality for usability.
The worst is that my Google Workspace account works the same. How can you ship this to serious enterprise users?
userbinator | 3 years ago
Notice the ridiculous amount of whitespace in the UI? They clearly could have shown the full address but they don't. That's why I think stuff like this is entirely deliberate. They don't want you to think. They want you to live in a world where they make all the decisions for you --- and decide in the way that benefits them the most, not you. They want to filter out scam emails for you, they want to control your life. The phrase "don't make me think" is common in UX, but in reality, what they're aiming for is "don't let me think". Hiding everything and making it harder to discover the details is precisely to discourage it.
...or at least that's my theory, but there's plenty of evidence.
butz | 3 years ago
I wonder how all those people building dark patterns today will be swindled in the future, when they get old themselves.
EternalFury | 3 years ago
That's cute, but I am more concerned about losing my phone, which contains so many MFA means. If that happens, I'm not sure I will be able to prove I exist and that I am who I am. And even if you don't lose your phone, you should dread the near impossibility of ascertaining the authenticity of anyone sending you text messages, which are so often used as poor-man MFA devices.
projektfu | 3 years ago
Why not use something like Authy that's backed up and has a recovery password? I just download it on my next phone and am good to go.
cloudking | 3 years ago
This is typically what happens when UX designers come up with a "beautiful" design, and test it in a small UX study with 5-10 people to get it approved. IMO, when you have a product with millions or billions of users, you have to assume that most users are not technically savvy and need to be hand held through your UX to avoid issues like OP shared.
meristem | 3 years ago
I'd say it is less about small tests and more about the cases and questions one is trying to cover during the usability tests.
pkz | 3 years ago
A large email provider like Gmail could probably train a network to find emails that look similar to an official brand (start with payment providers). The client could warn the user that "Warning! This email looks a lot like it is trying to impersonate a different brand".
noAnswer | 3 years ago
Since a view years United Internet (mail.com, gmx.de, web.de) verifies some big players. So a email from Paypal, eBay or Postbank is visibly different from a standard email. (In the Web and App UI. Of course not if you use IMAP.) IIRC it has a individual icon and a green boarder.
(I don't know whether there is a standard behind it or if it is some kind of manual certificate pinning.)
shswkna | 3 years ago
The paid-for “Google Workspace” does mark emails that look suspicious. It also uses the well known Gmail interface.
tsimionescu | 3 years ago
That's exactly what spam filters are. Since they are relying on heuristics and ML, they aren't completely accurate, unfortunately.
It is fair to criticize some of the obvious misses though - these algorithms and heuristics are clearly pretty bad.
shreyshnaccount | 3 years ago
google, for all its money, makes shitty shitty UI, and not only is it shitty, it feels like its made specifically to make your life worse. lemme explain: 1. Gmail on phones -not only are there tons of minor design inconsistencies, oversight like what this article shows, theres also no effective way to organise your messages. there's an option to open calendar on the bottom of the hamburger menu (also inconsistent, this menu got removed from some other Google apps) it only works with Google calendar.
shreyshnaccount | 3 years ago
(cont'd, pressed send by mistake) ang i couldn't find the option to make or remove new labels in the app. alternative is TwoBird, much easier to use imo 2. phone - while this app is majorly okay, I am super annoyed by the giant list of ways to contact a person that hangs just under a contact.. (things like message with whatsapp, call with whatsapp, video call etc with all the different apps. its clutter, rather just have an option to open in app) doesn't really need an alternative tbh it's good enough
3. calendar. i hate this app. from the bottom of my heart. its impossible to delete all the instances of a recurring event, doesn't have a decent monthly view. clicking on an event in the view doesn't open it (why?), changing the time never works on all the instances of a recurring task, some reminders just appear twice? it's unusable. alternative-install an open source calendar from fdroid. those are better. and you can export your data easily.
4. calculator. it seems to think in stupid. big bold buttons (okay, should be optional tho) taking up most of the screen, can't do anything remotely complex. no way to plot stuff, theres lag on the UI. its just freaking dumb and no one asked for it.
5. photos. welp, promised me free storage forever. used all my data to train some AI models. then took back the storage. this one's on me I guess.
6. drive. slow and filled with needless animations no one asked for. really basic things are missing or hand to find. can't open a terminal to edit files. alternative sync thing, a self hosted server.
shreyshnaccount | 3 years ago
oh yeah, and all the app icons look the same it's ridiculous and I don't want it. alternative- use a launcher, change your icons.
bsenftner | 3 years ago
Bad UI? Criminal UI! I often have to stop using any software other than my development tools because consumer UI design is so riddled with dark UI patterns I get far too emotional about the mass deception I see taking place.
Software UI design is a legal frontier waiting to be cracked, and many corporations-as-people are going to jail and/or be shut down when this train gets rolling. Back when Prohibition had bathtub gin making people blind is the same type of crap taking place today with fraudulent and simply stupidly designed user interfaces.
karaterobot | 3 years ago
I am skeptical that showing the sender address would prevent scams like this, because I suspect that relatively few people who would get tricked by this scam are likely to figure it out based on noticing the full sender address.
I agree that more information is generally better, except that people often learn to ignore extraneous information in UIs, and in most cases the full address of the sender is not important.
And what makes these scams successful may not be lack of information in the UI, but something else. For example, users not recognizing the significance of the sender's address, or not paying attention to it at all. People have never been good at recognizing email scams, which is why detecting them before they get into the user's inbox is the best solution I know of.
The author may be right, but I would not take it for granted, and would want to see some research done to support this.