Going behind my back

by Raffi Krikorian

My friend, Glyph, pointed me to a post on Joel on Software -- Joel has issues with this dialog box:

When you follow a bookmark in OmniWeb 4.5 to a site that issues you a HTTP 301, a permanent redirect, OmniWeb puts up this dialog box to give you the option to "fix" your bookmarks.

Joel on software:

... I think it's a nice feature that shouldn't be advertising itself, it should just happen automatically and silently. It's a permanent redirect, that's what it means, and designers of web browsers know that a lot better than users, so why should users be inflicted with the need to make a complicated decision about something they don't understand as well as the software designers? Especially in the form of a modal dialog that interrupts whatever the user is trying to accomplish.

Putting aside the statement "...designers of web browsers know that a lot better than users...", I think Joel is wrong on this one. The permanent redirect is a notification, it is not an authenticated and verified statement; HTTP can't live up to the "burden of trust" necessary perform destructive actions behind a user's back. This is not a valid, authenticated, and secure transaction between the web site's designer and the web site's viewer. Where is the protection for spam and hacking?

Software should not do anything destructive without asking me first. What would happen if Windows's or OS X's software updates just installed without asking you first? How confused would you be when your favorite scanning application stops working because of the latest software update that was installed in the background?

I would agree that this is a UI problem -- the dialog box might be a little confusing if you don't understand what the phrase "permanently redirected" means, but software should not be doing things behind my back. Its not the job of the software engineer to make choices for me, its the job of the software engineer to properly explain to me the choice I have to make.


2003-06-27 12:35:25
When software should do things for you
> software should not be doing things behind my
> back. Its not the job of the software engineer
> to make choices for me, its the job of the
> software engineer to properly explain to me the
> choice I have to make.

Perhaps the disconnect here comes from at what point various classes of users *want* software engineers to make choices for them.

Certainly, some users want those choices made for them at the lowest level. Even the hardest-core of the hard-core would probably be annoyed if, when saving a file, they had to explicitly select which disk sectors the file should reside in. Or even be presented with a choice among sector arrangements.

At another level are a sizeable group of technically adept users which understand what HTTP is and does, the advisory nature of 3xx status codes, and other system guts. They don't want the software "going behind their back" and want to make choices on this level of technical specification themselves. Raffi, it sounds like this is the terrain you roam. I often find myself thinking this way, too.

But most users are not that way. Most users of computers don't (and shouldn't have to) know how HTTP works. They perhaps understand that certain incantations (what we adepts call "URLs") make certain arrangements of stuff appear on their screen. They aren't equipped (and shouldn't have to be equipped) with the underlying knowledge that helps them distinguish between a permanent redirect to a new URL that looks plausible so they'll update their bookmark and one that looks like a glitch on behalf of the site creator so they won't update their bookmark. It should, as the famous phrase goes, "just work".

And I suspect (although some spidering and usability testing would be necessary to back this up if I were actually making product design decisions for a browser instead of just spouting off) that in almost all cases, the nature of redirected bookmarks is that silent updates are the right thing to do.

Some people, when browsing the Internet, are the equivalent of the characters in The Matrix who look at the drippy green glyphs and see the blond lady and the businessman. In between picking a bookmark from a list and seeing the page appear, they can watch the status line in the browser and the page rendering and know that a DNS lookup is slow, or a table with a lot of content in it isn't rendering until the </table> tag appears or that images are coming from multiple servers. In this mindset, the bookmark corresponds to a URL. "If the URL changes, the bookmark is different, so I better be notified before the system just changes my data!" the thinking goes.

But most users are like Neo fresh out of the goo -- worse, actually. They don't even see the drippy letters or know that they're there, dripping in the background. They select a bookmark from a list and up pops a page. The bookmark doesn't correspond to a URL -- it corresponds to the content that you get when you select a URL. In that line of thinking, the system should be doing whatever it can to update the bookmark so selecting the bookmark produces the same content.

It would not be appropriate if the browser popped up a dialog box saying "Last time you selected this bookmark for www.google.com, that hostname resolved to and now it's Do you want to send the request to the new host or the old one?" This is approximately the same behavior as an HTTP permanent redirect, just at a different level of technical expertise and abstraction.

A valid counterpoint raised in the discussion at
http://www.37signals.com/svn/archives/000243.php is that the people using OmniWeb 4.5 are more likely to be techie folks that understand HTTP and want that level of control. If so, then perhaps that's a good choice for *that particular app*. But in general, I think Joel's on point -- most users don't know what "permanent redirect" means, don't care, shouldn't have to care, and bugging them about it is a bad idea.

2003-06-27 15:38:08
What's the false positive rate

I think you have a point in theory that breaks down in practice. If a particular dialog has the same "right answer" 100 times in a row, the user will start clicking on the "right answer" instinctively rather than stopping to think about the question being asked. I'm so accustomed to "Are you sure" dialogs in Windows, for example, that I tend to click Yes before I check to see whether I'm really sure. If there were fewer such dialogs, which appeared when I was most likely to actually want to reconsider my decision, they would be infinitely more useful.

In theory, it's quite possible that a 301 error could be spoofed. Since this hasn't been seen in the wild, so far as I'm aware, and since the odds of a user actually running into it are so small, though, users are quickly going to figure out that there is a "right answer" to this dialog and start clicking the "right answer" every time, giving them no more control than if the software did it transparently.

If you present someone with a choice the answer you know ahead of time in 99% of the cases, it's probably best not to ask the question.