Difference between revisions of "Notification"
From MgmtWiki
(→Problems) |
(→Anti-Pattern) |
||
| Line 15: | Line 15: | ||
##The site may infect the user with malware and no legal entity is identified that would be responsible. | ##The site may infect the user with malware and no legal entity is identified that would be responsible. | ||
##The user is encouraged to click on a link that is not known to be trustworthy which re-enforces a bad security practice by the user. | ##The user is encouraged to click on a link that is not known to be trustworthy which re-enforces a bad security practice by the user. | ||
| − | #The first and last sentence are contradictory, but apply to an action that the user should be able to perform | + | #The first and last sentence are contradictory, but apply to an action that the user should be able to perform; that is to contact the sender if the message is sent in error! |
#The importance of the message is not indicated, nor is there any indication if user action is required. | #The importance of the message is not indicated, nor is there any indication if user action is required. | ||
#The provider is not identified, probably for privacy reasons, but if the user has more than one family member using more than one provider, the messages is completely unhelpful in any disambiguation. (Theoretically the message ID should do that, but the creator of that ID is not knowable from the rest of the message.) | #The provider is not identified, probably for privacy reasons, but if the user has more than one family member using more than one provider, the messages is completely unhelpful in any disambiguation. (Theoretically the message ID should do that, but the creator of that ID is not knowable from the rest of the message.) | ||
Revision as of 16:33, 19 February 2019
Full Title or Meme
Several best practices and laws require that users are informed of a change of state, or a periodic confirmation of state, then user Notification is required.
Context
Whenever a Web Site encounters a condition that policy or legislation requires that the User be informed, or when action by the is required, the site needs to put some message in front of the user.
Problems
In Notification the concepts of Security, Privacy and User Experience all collide and make any solution a compromise among competing mandates.
Anti-Pattern
This example is an email from a Health-Care provider that has a variety of problems which are enumerated below. The first four problems are security issues, others are user experience issues:
- The sender of the Notification is not clearly shown. Specifically there is no legal entity identified that is responsible for the email.
- There is not the slightest attempt made to prove the trustworthiness of the Notification.
- There is a link to a web site which creates two security issues:
- The site may infect the user with malware and no legal entity is identified that would be responsible.
- The user is encouraged to click on a link that is not known to be trustworthy which re-enforces a bad security practice by the user.
- The first and last sentence are contradictory, but apply to an action that the user should be able to perform; that is to contact the sender if the message is sent in error!
- The importance of the message is not indicated, nor is there any indication if user action is required.
- The provider is not identified, probably for privacy reasons, but if the user has more than one family member using more than one provider, the messages is completely unhelpful in any disambiguation. (Theoretically the message ID should do that, but the creator of that ID is not knowable from the rest of the message.)
