Category: Annoyances

Posted on
by

I’ve dealt with a couple of companies that try to plug the general lack of security in email by using a “secure email” service. The way this works is:

  1. The company sends you an email with a link to a third-party or co-branded website, asking you to click on it in order to read important information about your financial/insurance/whatever account. (Or better yet, the third party site sends you the mail on the company’s behalf.)
  2. You click on the link and open the site in your web browser.
  3. You register for the site (which usually involves entering your name, choosing a password, and possibly entering other personal detail like a reminder question.)
  4. You log into the site and actually read the message.

Can you see what the problem is?

That’s right: Steps 1-3 are exactly what you see in a phishing attack. Only in a phishing attack, the third-party site is a fake that’s trying to collect account information (like your login and password) or personal information (like your SSN).

So while they may be solving the immediate problem of “someone might intercept this message,” they’re perpetuating a broader problem by training people to fall for phishing attacks.

Sadly, this is not new.

Update 2022: A decade later, they’re still doing it.

Posted on
by

If you’ve been following the Firefox 4 betas, you’ve probably noticed that they’re dumping the status bar. OK, a lot of people didn’t use it, but here’s the thing:

When you hover over a link, the status bar tells you where it will take you.

This is important (especially for security) — important enough that they’ve moved the functionality elsewhere…but in a broken manner. They’ve put it into the location bar — you know, the field where you type in a URL, or look to see where you are.

The problem is that there isn’t room in the location bar to show the full URL of a hovered link except for very short links. The status bar has the entire width of the browser. The location bar has to share that space with the navigation buttons, the search box, the feedback button (during the beta), any custom toolbar buttons, the site name on secure websites, etc.

Just about every link I hover over ends up with critical information cut off in the “…” between the start of the hostname and the parameters at the end. That’s almost useless. (Almost, because at least the hostname is visibla, but it would help to see the page name as well.)

Displaying the target URL in some way is core functionality for a web browser, and you shouldn’t remove or break core functionality. In some ways this is worse than the proposal a few years ago to remove “View Source,” because that at least isn’t core functionality for a browser (though it is core functionality for the web, because it encourages people to explore and tinker and learn how to make their own websites — which is exactly why that was put back in). It’s crazy that I need to install an add-on to get back something as basic as a working preview for links.

Posted on
by

While writing up my last post, I remembered something that really bugs me on Metrolink’s website.

The fare calculator tries to make the train cost look more appealing by showing you how much you’d spend driving the same trip, using a factor of 54.1 cents per mile from AAA’s driving cost formula.

Two problems:

1. They’re using the average value of all the cars on the road. Drive a gas-guzzling Hummer? A fuel-efficient Prius? Same cost estimate.

2. They’re using the formula wrong. It’s not intended to answer the question of “How much does this trip cost?” but “How much am I spending overall to use this car?” So in addition to fuel and maintenance, it also includes static costs of owning a car, like registration, insurance, interest payments, etc. Things that you’ll be paying whether you drive it today or not.

So unless you own an average car and plan on getting rid of it entirely, the comparison doesn’t actually tell you anything useful. But it does make Metrolink’s ticket prices look cheaper.

Posted on
by

There’s something wrong with this advertisement for flu vaccination services:

Flyer advertising flu vaccine: Your First Line of Defense Against the Flu

The slogan just bugs me, because they got the metaphor wrong.

Think about it: Vaccines work by training your body’s immune system to recognize a particular type of germ ahead of time, so that if you get exposed to the real thing later on, you can fight it off before it actually manages to make you sick. In terms of a warfare metaphor, it’s about training the troops who guard the home front so that if the enemy successfully invades past your borders, you can fight them off before they become entrenched.

The first line of defense would be something that stops them from invading in the first place. A well-defended border, in terms of ground troops. The Coast Guard in terms of sea. Radar and anti-aircraft missiles to identity and shoot down incoming enemy aircraft.

Your first line of defense against the flu? That would be your skin.

So wash your hands!

</pedantic>