User Experience: A User's Perspective

The Problem
 I am graduating from Washington State University (WSU) in December of this year with a B.S. in Computer Science. During 2006-2007 I received an unwanted call on my cell phone and discovered that my phone number (and possibly my address) was published in a public-facing part of the WSU website/directory. Anyone who had my name and knew I was attending WSU could find my cell phone and call me. Unacceptable.
 To that end, I restricted my directory information.
 WSU informed me that I needed to sign and return a document in order to have my name appear in the commencement program distributed during graduation ceremonies. The letter also informed me that WSU would not verify my degree to potential employers unless I removed the restriction!
 

 
  After all I've done to get to this point in my life, it is absolutely unacceptable to not appear in the commencement program. Worse yet that WSU would not verify my degree to employers. That's ludicrous.
 

Washington State University:
Let's examine their web interface and see what my options are to fix this:

   I blacked out my address & phone. The red highlighting around the "restriction" option is the only choice for modifying that option. It's binary: restrict or not. Given the problem space, that seems a little restrictive! What if I want to expose my name and email, but not my phone number? What if I want to hide all my information from the public, but allow employers to request information about my degree? Nope!
  WSU's web interface (and background software) forces me to choose between being invisible or being fully exposed, with no in-betweens. Given I'm a user and that I have given them quite a lot of money to obtain my degree, it makes no sense that I have only those options. I pay for services, I should have options.
 
  Let's examine the behavior of other sites for which I don't pay directly for services: Facebook and LinkedIn.

Facebook
  Facebook allows me to choose whether I display any contact information at all. If I choose to display information, I can limit accessibility to it by groups that make sense in the context of Facebook.

   What you're seeing in this picture is that I have chosen not to show my mobile phone number at all. If I chose to show it, I could choose to show it to "all my networks and all my friends", to "all my friends" or to "all my networks". That covers all the bases. I have full control over my privacy. You can see that those options pertain to all of my contact information.
  You could argue that Facebook is unlike Washington State University in that it doesn't provide some of the services a university might. You're right. The university has more stringent requirements and more real-world effect on the lives of its high-paying (student) customers. So why doesn't the university offer the options that a social website does? At the very least, there should be options that allow users to classify acceptable uses for their data.

LinkedIn
  LinkedIn is a site for professional networking. You can view my profile here.
  Notice that none of my private contact information is exposed. I've chosen to allow anyone to contact me, but to have my email remain anonymous. I've chosen to allow people in my network to see my email information. When I edit my profile, those options are explicitly called out:

   LinkedIn appropriately hides everything else. The management pages allow me an appropriate level of choice based on the problem space.
  This is quality behavior that Washington State University's site should emulate.

The Solution
  Washington State University is not exactly at the top of it's game with respect to use of technology. As an example, many students of Computer Science consistently have issues with wireless connectivity in the Computer Science classrooms. But I digress. In this case, the problem is that it has multiple uses for personal data, and is attempting to smash the numerous possible privacy options down into a single yes/no option. 
  When there are multiple uses of a single set of data, those uses should be categorized (hierarchically) into permissions, and users should be provided with intelligible and intelligent management options for those permissions. In this case, the settings around public directory listings should not be coupled to either the settings related to the commencement program or the settings related to the confirmation of degree completion.
  As an example, you might allow a global "do not show" setting that restricts directory listings, appearance in the commencement program and verification of degree completion. The other option would be to enable user choice for each of the sub-settings.
  The user would then choose which to enable. If they chose to appear in the directory, they should also be able to select what is displayed and what is not. The same goes for the commencement program and for degree verification.
  Degree verification is a suitably complex space that another system should exist to manage it. In particular, users should be able to specify whether their degree is verified without question, or whether they receive email notices of verification requests which contain links to a management page that allows them to confirm or deny such requests.
  

  Debit/Credit cards offer a number of security flaws to exploit.
  An easy one revolves around the number itself. If the number is compromised, the card can be used by someone other than its owner. The workaround for that, of course, is to use the 3-digit security number on the back of the card. However, not all transactions require that 3-digit security number.
  Combine that with the fact that many places print the full credit card number on receipts, and it becomes a problem. Thankfully Safeway doesn't print credit card numbers on receipts. My hope is that they only retain them digitally for end-of-night transaction processing. The likelihood, of course, is that the number is still visible to Safeway staff.
 
  Another easy security flaw revolving around these cards is the PIN. If someone sees your pin, they can use your card. They could steal your card to use it, or they could spoof your card and use the PIN to authorize it.
  That's what bothers me most about the closed-circuit television cameras (CCTV) in Safeway. They have CCTV mounts directly above the registers...and directly above the debit/credit card interface.
  PIN entry is accomplished on a surface that's tilted upward, shielded in the direction of other customers. But what about above? No such luck. The visual input pad is oriented upward and requires use of a pen...which causes the user's hand to move away from a position where it could block the CCTV's view. Thus anyone with access to the CCTV recordings can watch every user input their PIN.

  CCTV has a time stamp, as do the receipts. To exploit this system, a Safeway employee (or someone with access to the receipts and video) simply needs to correlate the PIN and card number. Done. Now every customer at Safeway needs to be concerned about exposure of their banking information. I don't know about you, but I'm using cash from here on out.

 If there are three things that must be nailed in your software's use model, these are it:
-Consistency
-Consistency
-Consistency
 
 If your use model is dead on, it will feel intuitive to users. They will know how to accomplish a task with little or no intervention from you.
 If your model isn't dead on, you wind up training your users to do things. They have to read your dialogs and make a decision, then act. As time goes on, they stop reading the dialogs. They don't have to think about it anymore.
 
 Take, for example, a file-tree-browsing tool that always displays a right-facing triangle to indicate a selection can be expanded. You can reuse that graphic elsewhere and users automatically know what it does. "I click here, I see more stuff under that selection." You want to avoid reusing the graphics in different contexts if there is different meaning.

 The same goes for dialog boxes.

  I recently loaded the "del.icio.us bookmarks" add-on for Firefox. Most of the yes/no dialogs in this OS in that web browser have the "yes" selection on the left. This tool's "no" selection is on the left. I wanted to add my bookmark to del.icio.us, but I quickly clicked the left box without reading the full dialog. Their software didn't do what I wanted, but that's what I've been trained to do.
 In the grand scheme of things that's no big deal. I can quickly recover from my "mistake" by manually uploading that bookmark to del.icio.us.

 Such was not the case the other day, however, when using my Palm Treo's calendar. I've edited my calendar any number of times. I've been trained to know that "yes" edits only one item in a set of recurring items. "No" edits the entire series of items. If I want to shift my schedule around for one day, I hit "yes." Easy enough.

 

  As you can clearly see, it's important to click "Yes" if you want to edit just one thing.

  My Friday class was canceled. I wanted to delete that one recurring item from my calendar for this week only. Easy enough, right? Click "delete", then click "Yes" to just delete one thing. But, wait...

   Well, you guessed it...I deleted the entire series. I clicked "yes" as I had been trained to do by the "edit" dialog. Deletion is an action so akin to editing that the buttons should behave similarly. Ah, well...maybe in the next version!

  When designing your interfaces and software behaviors, take care that affirmative and negative choices, or choices that result in similar behaviors, are always represented in the same way. Doing otherwise is a disservice to your users.

  I've used an Epson 1650 for years now, and I recently began using the Canon LiDE 70. Epson did one major thing right that Canon did not, and it revolves around "verbs" on their dashboard buttons.
  For those of you not accustomed to this term, a "verb" is an action-oriented word used as a label. The idea behind verbs is that you give the user an option with a name based on what they expect to do. In Word, "Print" is a verb.
  Running the Epson software, the main button I used was "Scan to File." That's what I wanted to do. It makes sense.
  Canon's dashboard offers these options: "Copy," "Print," "Mail," "OCR," "Save," "Photo-1," "Photo-2," "PDF" and "Settings." My first thought was that I wanted to "Copy" my document. I tried. Not it. I tried "Photo-1." Same problem. "Photo-2"? Nope. Canon apparently thinks a user wants to use a scanner to "Save" their paper into their machine. That's not the verb I had in my mind and I doubt it was in yours either.
  Here's the punchline: Epson is horrible about updating their software. It won't run on Vista. That's why I bought the Canon in the first place. I wasted hours screwing with Epson's software, trying to find registry hack fixes, etc. No luck.
  My recommendation would be to use Canon products so they work, but be prepared to be trained in a new way of thinking. Their software isn't as intuitive as Epson's (assuming Epson's runs on your system).

 Having read "Clear Blogging" recently (linked below), I decided to further experiment with blogging.
 I've used LiveJournal and Microsoft's Live Spaces, but I hadn't played around with some of the other providers.
 To that end I started a personal blog, a blog for sardonic reflection, and when I started this blog I wasn't sure what to do with it. How many "personal" blogs can you do before being accused of self-centered narcissism, after all?! The solution came to me in the car the other day. I'm going to review web site and software usability on this site.
 After a second internship in software-land this summer it dawned on me that the user's voice isn't heard as clearly as it should be everywhere. Apropos that "Vox" should host my attempt to give users' a voice on the internet!