Comments on: Blaming the Victim, Yet Again

By: David Molnar

David Molnar — Tue, 30 Sep 2008 04:51:01 +0000

Remind me to show you the text of the “invite user” dialogue box from the HappyFunSlanderBot facebook app sometime. (I wrote it for a reading group discussion, not intended for use as a “real” facebook application.)

By: David Brodbeck

David Brodbeck — Thu, 25 Sep 2008 17:49:38 +0000

Part of the problem, of course, is that users see such a variety in dialog boxes. There aren’t really a clear set of things we can tell people to look for that will tell them, “yes, this is a legitimate dialog.” And of course as soon as someone created a set of guidelines like that, malware would imitate them, and we’d be back at square one.

By: T.Lee

T.Lee — Thu, 25 Sep 2008 15:26:57 +0000

I laughed til I cried when I read this. I deal with SAV and malware at my 20,000 person company, and I’ve been getting a lot of alerts lately that indicate we have a higher than usual level of junk getting in. So your dialog box was a perfect example of what I think about my coworkers lately. Thank you.

By: ToddH

ToddH — Thu, 25 Sep 2008 11:58:47 +0000

I agree that you can't blame the users. It's up to software designers to make products easier to use rather than falling back on a dialog. We are effectively training users to click through dialogs because they get presented with so many. Chris blogged on a related topic @ http://www.napera.com/blog/?p=52

By: Mordaxus

Mordaxus — Thu, 25 Sep 2008 10:01:12 +0000

re Simson:
I think this is something we need to see the full report for. Based on what Ars Technica said, I would believe it, yes. I might think I was expected to explore, from the context of being in a psych experiment. This is also something we need to know whether the experimenters compensated for.

By: Neil Gooding

Neil Gooding — Thu, 25 Sep 2008 07:13:41 +0000

My problem with popup windows is a little different. I feel that the space bar shouldn’t be a special shortcut key to pressing the currently activated button.
Simply typing a sentence (spaces between the words) into one application (a word processor) is enough to agree to a few messages that have popped up from another, without them even having had chance to even draw themselves. I find this a problem when an app takes a long time to load- I tend to switch to another app and continue working, only to find the app I launched, but don’t want right now, has popped up messages, or itself in it’s entirety has come to the fore to accept the keystrokes I thought were going into the word processor (which is of course another problem too).

By: Simson

Simson — Thu, 25 Sep 2008 03:25:37 +0000

Don’t you think that people just clicked on the “dumb” boxes to see what would happen?

By: Michael Janke

Michael Janke — Wed, 24 Sep 2008 23:52:15 +0000

This has been one of my pet peeves for quite a while. Modal dialog boxes that don’t give enough information for a non-technical (and sometimes even a very technical) user to make a rational decision.
So we pick OK or cancel, randomly, and hope nothing bad happens.

By: Grant Stavely

Grant Stavely — Wed, 24 Sep 2008 19:50:44 +0000

Unsigned certs can be trusted about as much as signed certs if you are relatively assured the private key is safe. Add the public key to your trusted certificates. If the cert changes you’ll get prompted again at least. This is the same reasoning firefox 3 is using when asking for exceptions to self-signed https, OpenSSH has been doing it forever, and so on.
The study confirms that trust, and therefore deception, are still perfectly healthy. Any technical control over those two can only be patchwork at best.

By: Tamzen

Tamzen — Wed, 24 Sep 2008 19:25:11 +0000

What really really gets my goat are the boxes where you get no choice, don’t want to click the answer and CAN”T CLOSE the window. Arrrrgggghhh. A special hell awaits for ones that can’t even be moved or can’t lose focus. Death to all programmers who do that!