It's a little thing, but if we are to have a hope of educating users to protect themselves online that reputable sites don't behave just like the fraudsters.
Here's a quick spot of fuckwittery from Harvard Business Review.
I was at the HBR's site, and just wanted to check the subscription rates. There's a handy link slap-bang in the middle of the page:
Follow the link to 'Subscribe Today at a Special Rate' (with javascript on) and it handily gives you this:
So they're asking for credit card details, but they've stripped off all the browser toolbars, so you cannot see who you are talking to. You can tell it is a secure connection, if you look in the corner, but only if you are very diligent will you click on that and find out what's going on.
There are two other links on the front page to 'Subscribe Now' and 'Subscribe Today' which are unadulterated links. They give you this page:
So the credit card handling is really done by a third-party – secure.customersvc.com. That could be fine, but it needs to be made very clear to the user. This approach practically tries to hide the fact, and provide reassurances of security in the page, rather than helping users use their browser to assure themselves of trust.
I'm always dismayed when organisations with plenty of clever people screw these things up. We must do better as technologists to help people build systems where users understand what is going on with the security. That job is made a lot harder when legitimate sites behave like this.
Tagged: Rants, Fuckwittage, Security, Technology, Web
Posted at 10:29 GMT, 21st February 2008.
No comments. Add one.