From the Mind of Trevor Stone

Attempting to make a purchase from a website using Paypal, I got the following message.

You will have to come back and confirm your bank in order to use it to make payments. In the mean time, please enter a credit card to continue.

Sounds nice and helpful, right? Like I can log on to PayPal's site and they'll have a friendly "Confirm your bank account" dialog or something.

Nope. "Coming back" to PayPal's site accomplished nothing useful. My "wallet" showed the checking account I've had associated with my PayPal account since the late '90s, plus two expired debit cards, both linked to that checking account. I noticed my billing address was out of date, so I changed that. No help.

I googled the first sentence of the error message, hoping to find a PayPal help page explaining how to confirm a bank account. Instead, I discovered that PayPal runs a whole online community for people who can't figure out what's going on with their account. This error has been confusing people since at least 2012. Fortunately, some user speculatively interpreted "confirm your bank" as "add a credit card", which made the bank-related error message go away. Maybe their system only has a single E_BANK_STATUS_ISSUE error.

When checking out, there was an explanatory message that the debit card I'd just associated with my account would be used if there were insufficient funds in my checking account. But since the debit card is backed by the checking account, that's not a very robust risk mitigation strategy.

User interface lessons:

• Make sure your error message contains enough information for a user to take useful action.
• If your backend can't distinguish between two error conditions that require different resolution steps, send a feature request to the backend team to add a new status code.
• When a user flow involves "Give us money," make sure you do extensive user testing, covering many possible error conditions. How people fail to use your product is some of the most important knowledge you can gather.

Internet Explorer 7 recently showed up on a few servers at work which I access through Remote Desktop. Microsoft has had several years of feedback and development time since IE6 and their among their main foci were user experience and anti-phishing technology.

One of our internal web servers requires authentication (using windows domain security) and so runs under https so that passwords aren't sent in the clear. The certificate is assigned to the fully qualified host name, but the shortened host name resolves on our network and is easier to type. Visiting the internal name in Firefox pops up a dialog complaining that the certificate hostname and the URL don't match; if you hit OK (the default button) you view the page without further intervention. As I recall, this is also the behavior of Internet Explorer 6.

Internet Explorer 7's solution to the problem is to produce an HTML page stating "There is a problem with this website's security certificate. Security certicicate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website." (Emphasis in original.)

It then has three icons with links. A green checkbox accompanies "Click here to close this webpage." A red X marks "Continue to this website (not recommended)." A down arrow in a circle says "More information," which will slide out some details but does not show any information specific to the security certificate.

This interface is really annoying. Never mind that they can't seem to settle on "webpage" vs. "website" terminology in the same option list. I'm begrudgingly okay with the fact that I can't see what's wrong with the certificate -- most users wouldn't know how to read the information. The problem is much more insidious:

Yes means stop.

Think about confirmation dialogs you encounter when you use a computer. "Are you sure you want to quit the application?" "The trash contains 42 items and 69 MB of disk space. Delete from system?" In just about any situation you can think of, "Yes" means "Yes, do exactly what I asked you."

Look at any GUI with a set of buttons. If there's a red circle with an X it probably means "Stop" or "Error." If it's an X not in a red circle, it probably means "Close." If there's a check mark icon, it probably means "This item is OK." Occasionally it will mean "Continue." Until IE7, I don't think I've ever seen an X icon that continues to the next step, and I know I've never seen a checkmark icon that closes a window.

Look at any country with traffic lights. A red light means stop. A green light means continue in the direction of your choice.

But in Internet Explorer land, a green check means "Don't do what I asked you to do. Close the window instead." And a red X means "I don't care about your security warning system, take me where I asked you to go." The justification for this nonstandard interface seems to be that "Yes" means "Yes, Microsoft daddy, this site is insecure and I'll stop using it" and "No" means "No, I'm smarter than you and I'll do what I feel like." But is this a good metaphor for user interaction?

Update 12/6/2006: From IE7 I hit a diagnostic JSP page on localhost, which spun for several minutes. It turns out all threads were busy, so I restarted the server. Since the connection was dropped, IE wanted to show me an error page. But first it had to alert me that a page was blocked because it was not in the Trusted Zone. The page? about:internet When I went to add it to the Trusted Zone (along with windowsupdate.com) it complained because it didn't start with https:// about: pages are implemented entirely in the browser; if there's a security problem with an about: page it's a browser bug, not something malicious in this internet I'm trying to find out about.

One of the axioms of security systems is that when operating securely is too annoying for legitimate users, they'll choose or find ways to operate inssecurely.