Software Integrity


Software security and the user interface

We had an internal discussion the other day about the pros and cons of connecting professionally with random folks. During that discussion a separate thread was started about how to hide who you are connected to from your other connections. The idea was that it is OK to connect with someone but not allow that someone to see all of the people you were connected to. Sounds reasonable.

Since I wanted to control a feature of a web application, I went over to the Settings screen to hunt for the right feature to configure. This particular site provided quite a few settings to configure (which is nice) and after some hunting around I came across a link that looked promising. It was titled “Select who can see your connections”. This option looked perfect, as that is exactly what I wanted to do. Selecting this option presented the dialog below with a single drop-down box with just two options.

Who Can See Your Connections

Who Can See Your Connections 2

This looked very promising. “Only you” is exactly what I was trying to do – not display any of my connections to those folks connected to me. Now to be fair to the site and all of you out there that read all the text in the dialog, I just read the nice title bar “Who can see your connections”, saw the “Only you” drop-down, checked what my options were, selected “Only you”, and hit the “Save changes” button.

For those of you who read all the text in the dialog box, you no doubt read the important caveat, “Note: people will still be able to see connections who endorse you and connections they share with you”.

So I am willing to take part of the blame for not reading all the text presented to me but even if I had read all the text, I still think the UI is a bit confusing. “Only you” should mean only me, not only you and bunch of other people based on other settings.

I bring this up because the IEEE CSD recently released ten common design flaws to avoid and one of those flaws is titled “Always consider the users”. Here is a brief excerpt from one of the bullets:

When designers don’t “remember the user” in their software design, inadvertent disclosures by the user may take place. If it is difficult to understand the authorization model, or difficult to understand the configuration for visibility of data, then the user’s data are likely to be unintentionally disclosed.

That second half of the last sentence seems to apply here.
What do you think – is this kind of UI clear to you?