Suppose that when you started your car today, it displayed a question on the dashboard: “Should I advance the timing by 4 degrees?” The car wouldn’t go until you responded. What would you think?
What if you were having a house built, and the builder sent you a text message: “Should we put your floor joists 16 inches on center? I need an answer immediately, or my workers are going to another job.” Would you know how to respond, without asking any questions back and risking losing the day?
How about if you tried to visit a web site, and your browser responded with a popup that said, “There’s a problem with the site’s certificate. Should I accept it anyway?”
Oh, you say that last one happened to you just this morning... or yesterday, or last week? Indeed. It’s happened to us all, many times. So many times that we just say, “Yeah, yeah, yeah,” and we click “Accept” without really thinking.
But why on Earth are we programming these things this way? Why do our computers persist in asking questions that 99-point-some-number-of-nines percent of the users have no hope of understanding, much less answering correctly?
“What should I do with this certificate?”
“Program XYZ wants to access the Internet on port 3271. Should I let it?”
“There was an error reading the preferences for this program. What should I do?”
We should never ask a user a question that most users are not qualified to answer.
No one would program a car or a toaster or a microwave oven to ask such questions. No builder or plumber or doctor would ask such questions without sitting down with you and explaining the options and the reasons. Why do we accept this stuff from our computers?
It’s because, however familiar we’ve become with computers, they are still mysterious things that work by some kind of magic, and magic words and mumbo-jumbo are still thought of as part of how they operate.
We have to make that unacceptable. We’re at a point where we ask the users a million questions, and the “correct” answer is almost always “yes”. But the consequences of saying “yes” when it’s the wrong answer are serious: your computer gets infected with a virus, you wind up on the wrong web site, your account number and password get stolen.
We need to get to the point where we ask the users very few questions, and the correct answer is almost always “no”. We teach people that, and get them used to saying “no” if they aren’t sure what to do. And then the system fails safe: the consequences of saying “no” when it’s the wrong answer are that you remain secure.
After that, we stop asking the questions altogether. Sure, some people will want to put their computers into “expert mode” and continue to get the questions, continue to make the decisions for themselves. But most people, that 99-point-some-number-of-nines percent of the users, will have safer, more secure computers, because they won’t be trained to say, “Yeah, yeah, yeah,” and to click “Accept” without having any idea what they’re accepting.
We should never ask a user a question that most users are not qualified to answer.
Corollary: Every security-related question is in that category.
