Archive for August 2007

Cellphone Clocks: A Cautionary Tale

August 31, 2007

I previously gushed about how fun was better then function. I believe it’s true, but you if you trade functionality for emotional impact, you had damn well better know what you are doing. Here is an example of dong things wrong.

I use a cheap pre-paid cellphone because … well it’s cheap. Unfortunately it’s cheap as in junk, not cheap as in a bargain. It’s a Sony Ericsson Z300a — a flip-phone. (Poor customer) service is through Cingular/AT&T. I strongly prefer flip-phones.They are small when they are in my pocket, but bigger then a brick-phone when they are in my hand. Clamshells provide such good protection that I can toss flip-phones in my pocket along with my keys, without worrying about anything getting too scratched up to use. It’s physically impossible to accidentally dial a number with the phone closed.

There is a small low-resolution black-and-white LCD display on the shell of the phone, this way you don’t have to open it up to check the time. It’s a great feature, and every flip-phone I’ve seen has it. Most of the time, this is what it looks like on my phone:
Useful Display

Just a good no-frills LCD display. The designers took advantage of the relatively roomy screen, adding other pertinent information besides just the time. The “bars” up top tell you signal-strength (if you can talk), the clock tells you if you should talk (is it the right time to call them?), and the battery-indicator on the bottom tells you how long you can talk. This information complements any mobile communications device perfectly. (My “Designed by Apple in California” MacBookPro has these 3 indicators in the menu bar by default as well).

But sometimes, for no apparent reason, when I would take the phone out of my pocket, the display would be this ugly thing:
Ugly faux-analog display

Clearly this isn’t nearly as usefully as the digital display. And it’s a lot harder to read — why the numbers are that small I do not know, they don’t have to be. Obviously, the designers were attempting to trade technical-superiority for emotional-impact. But they screwed up. Badly.

The poorly thought out analog-clock-style display does not mask the fact that this is still a cheap digital display, on a cheap cellphone. If anything the corse pixelation draws attention to the cheap electronic nature of the phone’s “clock”. It says “look I’m failing miserably to be something I’m obviously not!”. Nobody is is going to compliment it’s “classy” look because it has no class. It is not a feature that anyone would ever show off to anyone. It’s not fun.

Now back to the “randomly changing” issue. Some days I would take the phone out of my pocket and it would sport the cheap knock-off-analog clock, some days the useful and unassuming digital display. The manual was no help (it didn’t even have the word “clock” in the index). I fiddled around with every setting in the phone, and I couldn’t figure it out. Finally I got so fed up that I took back to the Cingular Store, and asked the salespeople how to to change the clock display. They couldn’t tell me. One of them even told me that the hands-of-ugly was the only style those phones had. (Cingular/AT&T = bad service all around in my experience).

A few days later I stumbled upon the solution. There isn’t a setting in the phone that controls that display. But the + and – buttons on the side of the phone toggle between them.
+ and - button
Unless of course the phone is open, in which case hitting ether button will bring up a useless screen that says:

Date 08/31/07
Profile: Normal
Model: Z300a

Unless of course you are making a call, in which case they change the volume level.
Unless of course there is a list of options on the screen, in which case they act like the arrow keys.
Not only is this feature not documented in the manual, the very existence of the + and – buttons is not documented!
Here is another view of the mysterious + and – buttons, to give some scale.
The phone in my hand.  I wear a small or medium glove.
As you can see, they are pretty small. They are also the only buttons on the outside of the clamshell. I’m sure you can think of much more useful buttons (including no buttons at all) to stick on the phone’s shell.

Let’s recap everything the designers did wrong here. To start with, they had a pretty good display: bars + digital clock + battery. All relevant to what the user wants to get done (talk to people).

Then they came up with a display that was much harder to read. And displayed less then 1/3rd as much useful information.

Then they made the display configurable, adding a (poor) choice where none existed before, and doubling the number of states the user’s phone could be in. There isn’t a good reason for this choice. The salespeople were completely clueless about this feature, so it obviously wasn’t going to sell any phones.

And they used a tiny undocumented control, which had complex and variable behavior to perform the selection.

And of course the control was the only thing that could be accidentally, and mysteriously, hit while the phone was closed. Ensuring that the display would randomly change for no apparent reason.

Finally, they sold their device through someone who gave lousy customer service. So the over-all experience of using the device would be as craptastic as possible. And nobody would be able to help users figure out what was going on when their phones inexplicably looked different.

But all of this might have been OK if the display was really cool (Don Norman gives a few examples of suitably nifty watches in Emotional Design: Why We Love (or Hate) Everyday Things ; and here are a few more amazing ways of showing time). But it wasn’t. It was an ugly display, that drew attention to all the phone’s flaws. Cheesy analog-style digital displays have been around for decades. It was insipid lipstick on a pig.

Any choice that reduces usability and functionality should be treated with extreme skepticism. There are cases where it is the right decision. But the trade-off needs to be compelling. It should also help your product stand out. Otherwise KISS.

EDITED TO ADD (early September, 2007) : A few days ago I noticed my rate has gone up from $0.13 to $0.15 per minute; a 15% increase.


Using Banner Blindness

August 30, 2007

I’ve been kicking an idea around in my head recently.

Designers could exploit Banner Blindness by putting instructions inside of “banner adds”. Normally users will completely ignore them. But if they get “stuck” and start searching the screen for help, they’ll find it in the banners. This lets designers put a lot of explicit instructions on an interface, without increasing the amount of text a user has to read (they will just ignore the banners as if they aren’t there).

Of course there is the danger that users will always ignore the banners. But I strongly suspect that once they figure out that the banners always contain helpful information, they will remember to scan them if they need help.

Some downsides:
The interface would probably look about as ugly as a GeoCities website from 1995. A good graphic-designer is the person to ask here. Unlike on the web, the banners would be closely integrated with the interface. So that cuts down on teh ugly. But then again, the banners have to be different enough to trigger Banner Blindness

The banners take up screen space, even if they are ignored. This limits how much informative stuff can be visible.

More on this concept later.

“Disability research leads to shoulder surfing breakthrough”

August 30, 2007


The lens makes things easier to see, but harder to shoulder surf

Research initially aimed at helping partially sighted customers use chip and PIN keypads has led to the creation of a device which can protect customers from “shoulder surfing”.

This is the term used for the practice whereby a “criminally motivated” bystander casually observes the PIN when paying for goods or services or getting money from an ATM.

Neil Radford an Enterprise Fellow at the University of Warwick has worked with colleagues in the University of Warwick’s manufacturing Group to create a special “cradle” for chip & pin keypads, which innovatively incorporates a magnifying lens.

The use of the lens (patent pending) is of significant benefit to visually impaired people, as it enlarges the pin pad display whilst also improving security. The enhanced view, to any user standing directly in front of the key pad, alone is of great benefit by reducing the degree of difficulty and the associated anxiety many face in simply reading the display – from partially sighted people through to the many people who need simply to switch to reading glasses for some tasks – whilst vendors see improved transaction times.

Importantly the device, also provides tremendous additional benefit to customers, vendors and banks in that it has been proven to be a highly effective defence against shoulder surfing, by distorting the view available from any other angle by a casual observer or even CCTV and hidden cameras, thus frustrating shoulder surfers and more sophisticated fraudsters.

Neil Radford has now established a company, Secure Access Solutions Limited, to market the “PED Cradle”.

Boots is piloting 35 cradles in its Cambridge, UK store. Secure Access Solutions is also in discussions with the Royal National Institute of the Blind who are giving their expert assessment. Additional trials will be held with RNIB in July.

Secure Access Solutions has identified how the same issues affect transactions at ATM Cash points and are already well advanced with a range of complementary products for ATM’s, which are scheduled for further trials later this year with a UK Bank.

A lens seems like a good idea, but I hope it does a better job of obscuring the keypad then it appears to from the photograph.

Using Eye-Tracking to Stop Shoulder Surfing

August 30, 2007

An interesting new paper Reducing Shoulder-surfing by Using Gaze-based Password Entry

Shoulder-surfing — using direct observation techniques, such as looking over someone’s shoulder, to get passwords, PINs and other sensitive personal information is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user’s password credentials. We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input. With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional approaches.

Great idea, and could be done today on iMacs and MacBooks, with their built-in cameras.

Unfortunately, the paper falls-short at testing.

To evaluate EyePassword, we conducted user studies with 18 subjects, 9 males and 9 females with an average age of 21…. Twelve subjects reported that they were touch- typists. On average subjects had 12 years of experience using a keyboard and mouse.

We compared the password entry speed and error rates of three approaches: a standard keyboard for entering a password (Keyboard) to provide a baseline, using EyePassword with dwell- based activation (Gaze+Dwell) and using EyePassword with

trigger-based activation (Gaze+Trigger). In addition, we evaluated two different on-screen layouts for the dwell case:
QWERTY layout and alphabetic layout. At the end of the study we asked subjects to fill out a survey to collect data on the user’s subjective opinion of the techniques.

(the passwords used were): computer, security, apple314, sillycat, Garfield, password, $dollar$, GoogleMap, dinnertime, Chinatown.

That’s a very select group, and probably all college students at Stanford too (although the paper does not say one way or the other, which is an experimental failing). Unfortunately, this means the conclusion that “subjects preferred the gaze-based password entry approach over traditional approaches.” must be taken with a big grain of salt. Actually I’d completely disregard it.

The test passwords are not strong enough. With the test-passwords used, the subjects only use the Shift function 6 times, out of 94 characters that are inputted (94 = 84 password characters + 10 “enter” characters to mark the end of the password). The passwords are mostly recognizable words, occasionally with up to 3 extra characters tacked on. Real passwords shouldn’t look like that. This makes me skeptical of the published speeds and error rates, because many passwords need more capital and special characters to be accepted by a system. The paper did not give me an understanding of how the eye-tracking system could be expected to perform with a password as strong as the one I use for this blog.

But most importantly (to me) there was no testing with a randomized keyboard layout. Without a randomized keyboard, a camera only has to record people’s eye-movements to get their password. A randomized keyboard is necessary for strong security. But the paper gives no data on how this would affect usability. Not even a gross rule-of-thumb, or qualitative advice.

Still, eye-tracking is an interesting idea, and it could do a lot to stop “standard” shoulder surfing, even if it is not effective against an attacker with some hardware.

EDITED TO ADD: another benefit of gaze-based PIN entry is that it is more hygienic. You don’t have to touch a keypad that thousands of other people have touched today. (ATMs near bathrooms are always kinda scary). Input for transactions could also handled only via eye-movement tracking. Obviously for transactions lot more feedback could be provided for the user, making it a very pleasant experience.

Safe Cut

August 30, 2007

EDITED TO ADD: I have been told Windows already does this. Oops. This is one of the few places Windows has a better UI then a Mac. For shame, Apple.

Finder lets you copy and paste files, but it does not let you cut them. Presumably, this is to make it hard to accidentally delete files. This means there’s no way to move a file using only the keyboard. It’s reasonable to trade a little speed-of-manipulation for safety. But, we can have both.

It’s easy to lose sight of what’s really going on when we use the cut/copy/paste metaphor from wordprocessing for file manipulation. Files are not blocks of text on a page. copying and pasting a file is really copying the file. (Unless you paste it where you copied it, in which case you are duplicating it, but there is already a command — ingeniously titled “Duplicate” and crafty placed under the “File” menu — that does this). Copy and Paste let you copy a file using only the keyboard.

Cut and paste (should) let you move a file using only the keyboard. A move operation is never destructive to the source-file being moved. You can destroy an identically named file in the destination location, by over-writing it with the source-file. But no move operation can destroy the source-file. But the first thing a cut operation does in word-processing is destroy it’s source-operand.

Here’s a solution: rather then immediately deleting the source-file, instead mark it (grey it out, and/or make it semi-transparent, and/or put an X over it) to clearly indicate that it is about to be deleted, and then finish the deletion once it has been pasted somewhere. If the user never pastes the file, and puts something else onto the clipboard, then the file should be un-marked. If the user moves the marked file around, or otherwise modifies it, then it should be un-marked. The source-file’s path should be kept in the clipboard until it is replaced by something else. This makes the modified cut-command’s behavior familiar to a user already used to the wordprocessing metaphor.

What about using this safe-deletion behavior in wordprocessing? My intuition is that it would be a bad idea, but only testing can give a definitive answer. In wordprocessing, visual layout is very important. Deleting a block of text changes the whole layout of a page, as text ‘falls-up’ to fill the gap. If an author issues a cut command, they immediately see how the deletion changes the layout of the page. Their decision of where (or if) to paste the text is affected by the page’s new layout. More importantly, safe-deletion is more complex, and the added safety is not necessary since wordprocessing programs all have powerful undo capabilities.

The Power of Emotion

August 25, 2007

For anyone who has ever doubted the power of emotional appeal over technological appeal
“… consider the self-winding Rolex, which sports 1/10th the accuracy of a Timex at 1000 times the price.” — Tog.

Don Norman’s book Emotional Design: Why We Love (or Hate) Everyday Things is about just this. It’s definitely worth reading.

People do better at creative tasks and problem-solving, when they are less stressed. So a graphic-designer may end up producing better work, faster, with a provable less-efficient, but more enjoyable, interface.

Disaster is in the Details

August 23, 2007

Little details matter because they prevent big disasters. This might seem counter-intuative at first; logically it seems like big disasters should have big causes. In reality, they have a series of little causes that add up into a big problem:

Disasters Don’t “Just Happen”
One of the first things I learned in flying was that airplanes don’t just fall out of the sky. (This, by the way, comes as welcome news to the student pilot.) Airplane accidents can almost always be traced back to a series of mistakes and events: The night was dark AND visibility was limited by fog AND the area being flown over was water, lacking in reference lights, AND John Kennedy, Jr. had only a few scant hours training in instrument flying AND he was flying illegally based on his visual flight rules license, perhaps causing him to hesitate before asking for help AND….

The investigation of the near-meltdown at Pennsylvania’s Three Mile Island nuclear power plant in March, 1979, listed a remarkable series of seemingly disconnected events that converged to almost cause a major disaster. Along with other causes were such human factors as lack of operator training and a confusing and misleading control layout. As with many disasters, the series of events that arose from a single trigger could have been short-circuited at any point, had anything gone right.

–Tog on the butterfly-ballot disaster

This is why good design is especially valuable. In isolation, fixing a small detail only seems to have a small benefit. But if that one small fix breaks one small link in a chain of events that would lead to a disaster, then there is enormous benefit.