The importance of HIPAA compliance is being recognized by many authorities as the online services for healthcare becoming more common each day.
Here is a quick guide for you to better understand what HIPAA compliance is if you are not that familiar with the concept.
As medical professionals started to keep their patients’ medical data online, they must have clear protocols of keeping that data safe according to HIPAA compliance.
Mike Andrews, CEO of NovaStor Corporation knows the importance of HIPAA compliance and data protection more than most as he is a 25 year veteran in the data security industry.
In our interview, Andrews provides his thoughts on the importance of HIPAA Compliance and data protection in general.
What drew you to the data protection service?
Making quality data protection affordable. NovaStor has been developing data protection services for well over a decade. Backup/data protection software/service is all we do, it is our DNA. What continues to drive us is that there is a growing need for data protection based on industry regulations and compliancy requirements. Data increases at exponential rates, yet technology budgets and qualified IT staffing budgets are on a much slower, sometimes declining pace. NovaStor focuses on removing the burden and helping these overwhelmed and underfunded businesses meet their tough compliancy requirements. Each NovaStor support person has several years of experience as an IT administrator and most have several in the field of data backup protection as well. Most IT admins need to be a jack of all trades and backup is a small (but important) part of their responsibility. If backup becomes a large part of their job, it usually means problems. NovaStor helps enable by putting preventative measures in place so that backups just work and they can focus on their other tasks.
Why are data saving and protection important in HIPAA?
It’s important because any breach of Patient/Protected Health Information (PHI) is against the law and subject to severe penalty. Being HIPAA compliant also allows you “peace of mind” knowing that, your practice meets the requirements that ensure confidentiality, integrity, and availability of all Patient Health Information. Having a backup and recovery plan provides high levels of security and immediate accessibility to patient data, which are the main components of being compliant with HIPAA. Also with HIPAA, even if you have a plan and there’s a breach, having such a plan in place protects you from a penalty as it demonstrates you took precautions and had proper intentions. The answer so far explains why data saving and protection are important in HIPAA, but what is even more important with establishing a backup and recovery plan is your own business continuity. You’re in business to keep your doors open and make a profit through customer satisfaction. Preparing for HIPAA prepares you for a better opportunity at success. More than just complying with legislation, having a Backup and Disaster Recovery Plan and testing it frequently can avoid revenue losses and damages to your company’s image.
What are the benefits of having a HIPAA compliance?
The top benefit of HIPAA compliance is that having taken the proper precautions to protect your patients’ information and are protected from penalties associated with being non-compliant. Reputation is critical in any service field and by being HIPAA compliant, you have agreed to set higher standards of data protection for your company. Compliance also ensures that you are prepared for disasters, system failure or cyber-attacks. As headlines show daily, data loss is growing exponentially and companies are suffering from post-incident losses to the point of going out of business. While being HIPAA compliant may seem time-consuming, a little prevention can save you a lot of trouble in the future. This is comparable to installing a fire alarm over dealing with the aftermath of a fire.
How often should we backup our data?
While every environment is different, we recommend starting out with these 3 standard backups and making adjustments: a System Image Backup once a month, a Full File Backup every week and a Differential File Backup every day. A friendly reminder is that a backup is only as good as your ability to restore from it. So do test restores of your backups frequently. It is also important to make certain that your plan includes having a backup of your data offsite. The question you need to answer is “How far back can I afford to lose data without affecting my business?”. You want to make certain that this is the minimum requirement of your plan.
What is the importance of patients’ data protection?
The data in the electronic medical records contain patient’s names, addresses, phone numbers, places of work, IDs, card numbers, historical medical information, medical and social insurance. With that, hackers’ interest in this type of information has increased sharply in recent years. Cybercriminals have found many ways of making money with stolen medical information. However, material losses are not the only harm that this type of cyber attack can inflict. Stealing patient information can endanger the health and lives of people. One simple example: an unconscious patient arrives at the emergency room and needs immediate treatment, but the doctors don’t have their allergies on record. Following HIPAA guidelines strictly can safeguard patients’ information and prevent severe consequences.
What are the penalties of HIPAA breaches and how to prevent them?
The HIPAA violation penalty tiers vary according to the level of perceived negligence found within your organization at the time of the HIPAA violation. Medical institutions can face a fine up to $50,000 as well as imprisonment up to 1 year for disclosing individually identifiable health information. If there was a proven intent to sell, transfer or use individually identifiable health information for commercial advantage, personal gain or malicious harm, institutions can face fines of $250,000 and imprisonment up to 10 years. Some companies pay millions in settlement costs for having failed to adhere to this federal law. You can prevent these penalties by working continually to train and inform employees about HIPAA in addition to constantly ensuring that your organization complies with each HIPAA guideline and have documented plans in place.
How many categories of backups are on your website and what is the most secure one?
All NovaStor backups, when implemented properly are secure. Each solution protects data (PHI) at the source, the destination and even during transmission. High levels of encryption are employed that make even compromised data unreadable. NovaStor has solutions for every backup category and supports every local or offsite (cloud) based storage device. The best or most secure solution depends on your environment. NovaStor technical backup experts help each customer determine the best solution for their environment. NovaBACKUP, our backup solution for small business owners, offers backup and restore for Windows Systems on both PC and Server and also supports virtual environments (Hyper-v, VMware) as well as Microsoft SQL and Exchange. We also have a large scale-enterprise data protection solution called DataCenter, available for those with multiple server networks or a large amount of data.
All solutions provide the same high level of security to users, with outstanding support by industry experts and competitive pricing. NovaStor constantly feeds their customers with news, educational articles and tips about data protection. By having a strong and reliable backup solution in place combined with a backup and disaster recovery (BDR) plan, you can concentrate on your business while knowing that your data is completely secured.
Health professionals can easily tell that having HIPAA compliant solutions to store their sensitive data is vital. Especially nowadays there are more medical professionals who are taking appointments and get their patients’ data beforehand on their personal website. In this case JotForm’s online forms are perfect since they can also be HIPAA compliant.
Every week users submit a lot of interesting stuff on our sister site Webdesigner News, highlighting great content from around the web that can be of interest to web designers.
The best way to keep track of all the great stories and news being posted is simply to check out the Webdesigner News site, however, in case you missed some here’s a quick and useful compilation of the most popular designer news that we curated from the past week.
Note that this is only a very small selection of the links that were posted, so don’t miss out and subscribe to our newsletter and follow the site daily for all the news.
Apple’s New System Fonts Page
Why Cancel Buttons Should Never Have a Color
What’s Wrong with Landing Pages
Awesome Design Tools
Most In-demand Tech Jobs in 2019
3 Routines that Made Me a Better UX Designer
6 Predictions for Creatives in 2019
New Design Tools, Spring 2019
Google Doc-based Personal Website
A New Religion for Designers
DeviantArt Rolls Out Sleek New Look
The Matrix Code Came from Sushi Recipes
Form Validation in Under an Hour with Vuelidate
The Truth About UX/UI Designers
Am I the Only One Seeing the ’90s Retro Theme, with the Unicorns and Sparkles?
Load Google Fonts Faster in WordPress
You Probably Don’t Need that Hip Web Framework
Building Spotify’s New Web Player
How to Create a Culture of Open Design
10 Heuristic Principles for Mobile Interfaces
What is Cognitive Overhead in Design and How to Reduce It?
The Feedback You Choose not to Give is as Important as the One You do
Google Maps Revives Snake for an April Fools Game
How ‘Good Design’ Failed Us
Orange You Accessible?
Want more? No problem! Keep track of top design news from around the web with Webdesigner News.
I wanted to implement a notification message in one of my projects, similar to what you’d see in Google Docs while a document is saving. In other words, a message shows up indicating that the document is saving every time a change is made. Then, once the changes are saved, the message becomes: “All changes saved in Drive.”
Let’s take a look at how we might do that using a boolean value, but actually covering three possible states. This definitely isn’t the only way to do this, and frankly, I’m not even sure if it’s the best way. Either way, it worked for me.
Here’s an example of that “Saving…” state:
The “Saving” notification displays any time a change is made to the document.
…and the “Saved” state:
The “Saved” notification displays once a change or set of changes has completed.
Using a Boolean value for to define the state was my immediate reaction. I could have a variable called isSaving and use it to render a conditional string in my template, like so:
Now, whenever we start saving, we set the value to true and then set it to false whenever no save is in progress. Simple, right?
There is a problem here, though, and it’s a bit of a UX issue. The default message is rendered as “All changes saved.” When the user initially lands on the page, there is no saving taking place and we get the “Saved” message even though no save ever happened. I would prefer showing nothing until the first change triggers the first “Saving” message.
This calls for a third state in our variable: isSaving. Now the question becomes: do we change the value to a string variable as one of the three states? We could do that, but what if we could get the third state in our current boolean variable itself?
isSaving can take two values: true or false. But what is the value directly after we have declared it in the statement: let isSaving;? It’s undefined because the value of any variable is undefined when it’s declared, unless something is assigned to it. Great! We can use that initial undefined value to our advantage… but, this will require a slight change in how we write our condition in the template.
The ternary operator we are using evaluates to the second expression for anything that can’t be converted to true. The values undefined and false both are not true and, hence, resolve as false for the ternary operator. Even an if/else statement would work a similar way because else is evaluated for anything that isn’t true. But we want to differentiate between undefined and false . This is fixable by explicitly checking for false value, too, like so:
We are now strictly checking for true and false values. This made our ternary operator a little nested and difficult to read. If our template supports if/else statements, then we can refactor the template like this:
Have you ever created a well-intentioned, thoughtful design system only to watch it grow into an ever-increasing and scary codebase? I’ve been working in sort of the opposite direction, inheriting the scary codebase and trying to create a thoughtful system from it.
Here’s Alex Sanders on the topic, explaining how his team at The Guardian has tackled the task of creating design systems while combating complexity:
Systems that try to contain complexity over long periods of time by convention will inevitably tend toward entropy, because one significant characteristic of convention is that it is trivially simple to break one.
You do not even need to be malicious. A convention is not a line in the sand. You can have a very good case for breaking or stretching one, but once a convention is no longer fully observed, subsequent cases for breaking or stretching it are automatically stronger, because the convention is already weakened. The more this happens, the weaker it gets.
Complexity and entropy can be two outcomes in the same situation, but need not be mutually exclusive. Interesting to think that our best intentions to guard against complexity can be somewhat destructive.
I also love how Alex explains why it’s not possible for their team to use a Tachyons-esque approach to writing styles because of the way that their development environment is kinda slow. It would be painful for the team to make that switch, despite how it could solve some other problems. This reminded me that measuring problems in this way is why there can never be a single way to write CSS. We need that inherent flexibility, even at the expense of introducing inconsistencies. Hence, conventions being less of a line in the sand and more of a guide post.
On a separate note, I really like how Alex describes styles and attributes as the reasons why his team is writing those styles. It’s about aligning with business objectives:
…tens of thousands of rules that are intended to describe a maintainable set of responses to business and design problems.
That’s interesting since I don’t think we spend much time here talking specifically about the business side of CSS and the functional requirements that a styled user interface needs to accomplish.
And perhaps thinking about that can help us write better styles in the long term. Is this line of CSS solving a problem? Does this new class resolve an issue that will help our customers? These are good questions to keep in mind as we work, yet I know I don’t spend enough time thinking about them. I often see the design I’m turning into code as a problem to be solved instead.
Perhaps we should expand the way we styling a webpage because maybe, just maybe, it will help us write more maintainable code that’s built to solve a real business objective.
There are so many decisions you have to make as a web designer and it can sometimes be a tricky balance trying to put all the right elements into place. When you add the ecommerce piece, it gets even more complicated.
According to this infographic by Subscriptionly.net, consumers have very high expectations for ecommerce websites. But if you design it right, there’s a lot of up money up for grabs:
We’re talking trillions of dollars in sales that ecommerce brings in every year. That’s why the decisions you make for your clients’ websites are so important.
Even as the future of ecommerce platforms introduces more advanced and intelligent ways to sell online, one thing will always remain the same:
The need for a strong, secure, and fast ecommerce payment gateway.
The following isn’t going to be your typical guide to learning about leading ecommerce payment gateways. You know which ones I’m talking about:
Stripe
PayPal
Amazon Pay
Braintree
Authorize.net
For the most part, they all do the same thing and provide just as secure and stable payment processing as one another.
Instead, this guide will show you what kinds of options you have to work with based on the ecommerce platforms you use to build websites.
The Best Payment Gateway for Your eCommerce Platform
Depending on which website builder solution you use, your choice of payment gateway may differ. So, in order to help you find the best ecommerce payment processing solution, I’m going to break this down based on ecommerce platforms and the options you have to choose from within each.
Let’s start by defining which are the leading ecommerce platforms. Based on market share data from BuiltWith, these are the most popular:
Let’s explore the payment gateway options for the three most common ecommerce platforms:
WooCommerce
WooCommerce is not a standalone solution like the others as it requires WordPress to function. Because of this, you’re going to have a vast number of third-party payment processor integrations to choose from.
WooCommerce, a plugin integration for WordPress itself, comes with a number of payment options upon setup:
As you can see, there are a number of in-person payment methods WooCommerce allows you to use as well as PayPal.
While PayPal is a reputable payment processing resource, this option doesn’t actually allow you to accept payments on your website. Instead, shoppers will be shuttled over to PayPal to make their payments. That might not be a bad thing, for a couple of reasons.
For one, if your client’s business is new, it would be beneficial to leverage the name of a company like PayPal. Rather than leave customers wondering whether it’s safe to shop there, PayPal’s recognizability can help instill trust at checkout.
Secondly, there’s server processing to consider, too. An ecommerce store is already quite sizable and will consume a bunch of bandwidth from your client’s web server. If you try to add a different payment gateway through a plugin to WooCommerce, you could potentially slow down the loading times of your site even further (which can be problematic in WordPress).
Plus, PayPal is a great option regardless of which ecommerce platform you use. Processing fees are low. You can accept credit cards and PayPal payments. It’s super fortified and comes with fraud protection. Plus, it accepts payments from dozens of countries and currencies.
Best Payment Gateway for WooCommerce: PayPal
If your clients are okay with payments being handled on PayPal’s site and servers, then your best bet is to go with the built-in option.
Shopify
Shopify is a hosted store builder solution that’s not only easy to use, but helps users build very impressive ecommerce websites in little time. If all your client needs is a store — and they’re not thinking about adding extra website features (like a daily blog, social media feeds, email marketing automation, etc.) — Shopify is a solid choice.
While you can add more “stuff” to a Shopify store, it’ll cost you. And the same goes for its payment gateway options.
When you first install Shopify, you’ll notice that your store is automatically equipped with the Shopify Payments payment gateway. Although it’s labeled as “Shopify”, this payment gateway is powered by Stripe, a leading payment gateway solution in its own right.
If your client is insistent on using a different payment gateway other than Shopify Payments, point this out to them:
In addition to paying the processing fees from the gateway of their choice, they’ll also get hit with an additional fee from Shopify. In some cases, this can effectively double what they have to pay just to accept orders through their Shopify store.
But there’s a lot of good that comes from using Shopify Payments. For instance:
Lower processing fees
Fraud protection
Automatic payment processing integration
Quick deposit of funds into your account (generally, a couple days)
A Stripe partnership backing the platform
Best Payment Gateway for Shopify: Shopify Payments / Stripe
Your best bet with Shopify is to use Shopify Payments. In all honesty, there’s no reason not to, unless your client is conducting business from a country the payment gateway doesn’t support.
Magento is the third most popular ecommerce platform. It also happens to be part of the Adobe Commerce and Experience Clouds, which makes it much more than an ecommerce platform. It’s an all-in-one ecommerce business solution where things like design, marketing, business management, CRM, analytics, and more collide.
For larger ecommerce clients, this is a great solution.
Now, because you’re going to be designing a premium shopping experience for a premium client, you really have to make sure you get the payment processing element right.
Out of the box, Magento gives you three payment processing options:
Unless your client’s customers are all in North America, you won’t want to use Braintree. It just doesn’t provide a global reach like the other two options do.
PayPal may seem like the logical solution. It’s a recognizable payment processor. It gives you a number of options for accepting payments — on site or through the Payflow payment gateway on PayPal’s site. And processing fees are reasonable. In all honesty, though, it’s not really built for larger ecommerce shops.
Just keep in mind that your client’s business must be based in the U.S., U.K., Canada, Australia, or Europe. Customers can pay for goods from all around the world, though, and use a large assortment of payment types — credit cards, digital payments like Apple Pay, e-checks, and more.
In addition, you get much more control over payment processing and security than you would with other payment gateways.
Best Payment Gateway for Magento: Authorize.net
Because of the nature of the Magento ecommerce platform, Authorize.net is the clear choice for thriving ecommerce businesses.
Wrap-Up
It might seem odd that I’m recommending you use the payment gateways that your ecommerce platform comes with out of the box when there are so many other options to choose from.
However, there’s a good reason why those gateways were hand-picked and integrated into your ecommerce platform. In addition to having the right kind of features, security, and performance, the deep integration with your store-building software will speed up your workflow.
If you haven’t heard, here’s the TL;DR: WebAssembly is a new language that runs in the browser alongside JavaScript. Yes, that’s right. JavaScript is no longer the only language that runs in the browser!
But beyond just being “not JavaScript”, its distinguishing factor is that you can compile code from languages such as C/C++/Rust (and more!) to WebAssembly and run them in the browser. Because WebAssembly is statically typed, uses a linear memory, and is stored in a compact binary format, it is also very fast, and could eventually allow us to run code at “near-native” speeds, i.e. at speeds close to what you’d get by running the binary on the command line. The ability to leverage existing tools and libraries for use in the browser and the associated potential for speedup, are two reasons that make WebAssembly so compelling for the web.
So far, WebAssembly has been used for all sorts of applications, ranging from gaming (e.g. Doom 3), to porting desktop applications to the web (e.g. Autocad and Figma). It is even used outside the browser, for example as an efficient and flexible language for serverless computing.
This article is a case study on using WebAssembly to speed up a data analysis web tool. To that end, we’ll take an existing tool written in C that performs the same computations, compile it to WebAssembly, and use it to replace slow JavaScript calculations.
Note: This article delves into some advanced topics such as compiling C code, but don’t worry if you don’t have experience with that; you will still be able to follow along and get a sense for what is possible with WebAssembly.
Background
The web app we will work with is fastq.bio, an interactive web tool that provides scientists with a quick preview of the quality of their DNA sequencing data; sequencing is the process by which we read the “letters” (i.e. nucleotides) in a DNA sample.
We won’t go into the details of the calculations, but in a nutshell, the plots above provide scientists a sense for how well the sequencing went and are used to identify data quality issues at a glance.
Although there are dozens of command line tools available to generate such quality control reports, the goal of fastq.bio is to give an interactive preview of data quality without leaving the browser. This is especially useful for scientists who are not comfortable with the command line.
The input to the app is a plain-text file that is output by the sequencing instrument and contains a list of DNA sequences and a quality score for each nucleotide in the DNA sequences. The format of that file is known as “FASTQ”, hence the name fastq.bio.
If you’re curious about the FASTQ format (not necessary to understand this article), check out the Wikipedia page for FASTQ. (Warning: The FASTQ file format is known in the field to induce facepalms.)
fastq.bio: The JavaScript Implementation
In the original version of fastq.bio, the user starts by selecting a FASTQ file from their computer. With the File object, the app reads a small chunk of data starting at a random byte position (using the FileReader API). In that chunk of data, we use JavaScript to perform basic string manipulations and calculate relevant metrics. One such metric helps us track how many A’s, C’s, G’s and T’s we typically see at each position along a DNA fragment.
Once the metrics are calculated for that chunk of data, we plot the results interactively with Plotly.js, and move on to the next chunk in the file. The reason for processing the file in small chunks is simply to improve the user experience: processing the whole file at once would take too long, because FASTQ files are generally in the hundreds of gigabytes. We found that a chunk size between 0.5 MB and 1 MB would make the application more seamless and would return information to the user more quickly, but this number will vary depending on the details of your application and how heavy the computations are.
The architecture of our original JavaScript implementation was fairly straightforward:
The architecture of the JavaScript implementation of fastq.bio (Large preview)
The box in red is where we do the string manipulations to generate the metrics. That box is the more compute-intensive part of the application, which naturally made it a good candidate for runtime optimization with WebAssembly.
fastq.bio: The WebAssembly Implementation
To explore whether we could leverage WebAssembly to speed up our web app, we searched for an off-the-shelf tool that calculates QC metrics on FASTQ files. Specifically, we sought a tool written in C/C++/Rust so that it was amenable to porting to WebAssembly, and one that was already validated and trusted by the scientific community.
After some research, we decided to go with seqtk, a commonly-used, open-source tool written in C that can help us evaluate the quality of sequencing data (and is more generally used to manipulate those data files).
Before we compile to WebAssembly, let’s first consider how we would normally compile seqtk to binary to run it on the command line. According to the Makefile, this is the gcc incantation you need:
On the other hand, to compile seqtk to WebAssembly, we can use the Emscripten toolchain, which provides drop-in replacements for existing build tools to make working in WebAssembly easier. If you don’t have Emscripten installed, you can download a docker image we prepared on Dockerhub that has the tools you’ll need (you can also install it from scratch, but that usually takes a while):
As you can see, the differences between compiling to binary and WebAssembly are minimal:
Instead of the output being the binary file seqtk, we ask Emscripten to generate a .wasm and a .js that handles instantiation of our WebAssembly module
To support the zlib library, we use the flag USE_ZLIB; zlib is so common that it’s already been ported to WebAssembly, and Emscripten will include it for us in our project
We enable Emscripten’s virtual file system, which is a POSIX-like file system (source code here), except it runs in RAM within the browser and disappears when you refresh the page (unless you save its state in the browser using IndexedDB, but that’s for another article).
Why a virtual file system? To answer that, let’s compare how we would call seqtk on the command line vs. using JavaScript to call the compiled WebAssembly module:
# On the command line
$ ./seqtk fqchk data.fastq
# In the browser console
> Module.callMain(["fqchk", "data.fastq"])
Having access to a virtual file system is powerful because it means we don’t have to rewrite seqtk to handle string inputs instead of file paths. We can mount a chunk of data as the file data.fastq on the virtual file system and simply call seqtk’s main() function on it.
With seqtk compiled to WebAssembly, here’s the new fastq.bio architecture:
Architecture of the WebAssembly + WebWorkers implementation of fastq.bio (Large preview)
As shown in the diagram, instead of running the calculations in the browser’s main thread, we make use of WebWorkers, which allow us to run our calculations in a background thread, and avoid negatively affecting the responsiveness of the browser. Specifically, the WebWorker controller launches the Worker and manages communication with the main thread. On the Worker’s side, an API executes the requests it receives.
We can then ask the Worker to run a seqtk command on the file we just mounted. When seqtk finishes running, the Worker sends the result back to the main thread via a Promise. Once it receives the message, the main thread uses the resulting output to update the charts. Similar to the JavaScript version, we process the files in chunks and update the visualizations at each iteration.
Performance Optimization
To evaluate whether using WebAssembly did any good, we compare the JavaScript and WebAssembly implementations using the metric of how many reads we can process per second. We ignore the time it takes for generating interactive graphs, since both implementations use JavaScript for that purpose.
Out of the box, we already see a ~9X speedup:
Using WebAssembly, we see a 9X speedup compared to our original JavaScript implementation. (Large preview)
This is already very good, given that it was relatively easy to achieve (that is once you understand WebAssembly!).
Next, we noticed that although seqtk outputs a lot of generally useful QC metrics, many of these metrics are not actually used or graphed by our app. By removing some of the output for the metrics we didn’t need, we were able to see an even greater speedup of 13X:
Removing unnecessary outputs gives us further performance improvement. (Large preview)
This again is a great improvement given how easy it was to achieve—by literally commenting out printf statements that were not needed.
Finally, there is one more improvement we looked into. So far, the way fastq.bio obtains the metrics of interest is by calling two different C functions, each of which calculates a different set of metrics. Specifically, one function returns information in the form of a histogram (i.e. a list of values that we bin into ranges), whereas the other function returns information as a function of DNA sequence position. Unfortunately, this means that the same chunk of file is read twice, which is unnecessary.
So we merged the code for the two functions into one—albeit messy—function (without even having to brush up on my C!). Since the two outputs have different numbers of columns, we did some wrangling on the JavaScript side to disentangle the two. But it was worth it: doing so allowed us to achieve a >20X speedup!
Finally, wrangling the code such that we only read through each file chunk once gives us >20X performance improvement. (Large preview)
A Word Of Caution
Now would be a good time for a caveat. Don’t expect to always get a 20X speedup when you use WebAssembly. You might only get a 2X speedup or a 20% speedup. Or you may get a slow down if you load very large files in memory, or require a lot of communication between the WebAssembly and the JavaScript.
Conclusion
In short, we’ve seen that replacing slow JavaScript computations with calls to compiled WebAssembly can lead to significant speedups. Since the code needed for those computations already existed in C, we got the added benefit of reusing a trusted tool. As we also touched upon, WebAssembly won’t always be the right tool for the job (gasp!), so use it wisely.
Further Reading
“Level Up With WebAssembly,” Robert Aboukhalil A practical guide to building WebAssembly applications.
Aioli (on GitHub) A framework for building fast genomics web tools.
fastq.bio source code (on GitHub) An interactive web tool for quality control of DNA sequencing data.
Have we been meditative about withdrawal your pursuit as well as starting work during home enterprise?
If we have referred to your craving to any a single alternative than an additional businessman we competence have been discouraged. For most people, it is tough to assimilate since any a single would wish to leave “the reserve as well as security” of pursuit as well as “risk their sharp-witted hood.” But if we have ever been a strike by an entrepreneurial physical condition there is something which happens which is unexplainable.
If we have been peaceful to reply to this low tension we will never be happy vital your hold up by a pursuit description. You wish more. An apartment will feel similar to jail as well as until we emanate something we can call your own we will feel similar to any day a part of we is origination an understanding with a devil.
According to It-Rare.co statistics, for most people starting a commercial operation is a frightful proposition. So how do we emanate a surrounding which pulls we towards success? What can we do to enthuse yourself to take your hold up behind as well as set up resources from home? Creating a role driven home formed commercial operation is a winning multiple which blends vital your passion as well as profiting from it.
Here have been 77 stairs we can take towards a role driven work during home career:
1. You can emanate a prophesy as well as an idea for your home formed craving which inspires you.
Life is as well short. When we have a preference to leave a rodent competition we don’t wish to emanate a commercial operation that’s simply an additional job. So since have been we receiving this journey? What do we wish your commercial operation to demeanor like?
For example, we are transparent which my home formed try is as most about lifestyle as it is profit. Whenever we work upon my commercial operation we demeanor during my idea which includes income grown by pacifist income as well as operative no some-more than twenty-five hours a week.
Why? Because after 15+ years in Corporate America we schooled which what has been critical to me have been my personal relationships. we no longer longed for to traffic my time for money. At a finish of my hold up, we don’t wish to recollect how most hours we worked for someone else or sacrifices we have done for a company. As a result, my prophecy is to emanate a lifestyle which allows me to suffer hold up with a people we caring about.
What is your prophesy for your business? Try to embody all of your senses. What will it demeanor similar to when we get there? How will we feel? Who will be there to applaud with you? With we smell a zephyr of a sea H2O or a sharp incense of relocating honeysuckle? The some-more we bond with your prophesy a some-more we will be inspired.
2. Create your commercial operation formed around something we have been ardent about.
There is something enchanting which happens when we have been handling in something we adore to do as well as have been singly great at. Have we ever had a pursuit we hated? How did we feel? You will never live a hold up of a role we do something we do not like. Discover your passion as well as give it all you’ve got.
For years we worked in jobs which we were great during though hated. However, when we struck out upon my own we longed for to have a hold up we loved. we unclosed my singular talents as well as went to work. And what happened for me can occur for you.
When we begin to live a hold up we were innate to do a star creates all of the resources accessible to we which we need to be successful. So what have been we ardent about? What skills do we have we can emanate a hold up as well as commercial operation around? Write down dual or 3 skills have which would be employed in your role is driven business.
3. Make your commercial operation a commercial operation which is bigger than you.
What would it feel similar to know which your commercial operation was without delay obliged for impacting a universe in a little way? How would we feel to know which when we upheld upon people from around a universe would appreciate we for a partial we played in formulating something of worth which was critical to them?
At first, this line of meditative can be overwhelming. However, not when we begin to consider what is during the core of any business. Your idea is to find a resolution to your customers’ problems. And in sell, they have been peaceful to compensate we for it. To a border which we get to know their hopes, desires, dreams as well as heedfulness as well as we assistance to successfully scheme an obstruction of hold up they will be perpetually grateful.
So how can you try to have a symbol in a world? My idea is to assist people to find their passion, monetize it as well as live a hold up they love. we privately wish to assistance 1000 people in a subsequent 3 years take their hold up behind as well as set up resources from home. The real suspicion which we could fool around a small part in assisting someone else to do this gives my commercial operation a role most bigger than me.
Write down a single idea which we have for your commercial operation which is bigger than you. Make certain we keep an idea in front of us where we can see it every day.
4. Develop a commercial operation devise which supports your values as well as beliefs.
Whenever we have been operative to get ahead something great we contingency have a plan. The origination of your commercial operation devise is a map which we will have use of to beam we by your journey. One of the keys to a successful devise is to have certain all we do is unchanging with your values as well as beliefs.
For example, if we have a family as well as wish to outlay some-more time with them we don’t wish to set up a commercial operation which requires we to outlay prolonged amounts of time divided from them to build.
Don’t get me wrong. You will have choices as well as sacrifices. However, those should be things which have been reduced tenure as well as spelled out. You wish to be transparent what we have been giving up or origination adjustments as well as what we will get in return.
“Strive for integrity–that equates to meaningful your values in hold up as well as working in an approach which is unchanging with these values.” —author unknown. When we have been an office building something which is unchanging with who we have been as a chairman your everyday actions will feed your soul.
5. Consider giving a commission of an increase to a classification we love.
We adore a quote, “No a single has ever turn bad by giving.” – Anne Frank.
Actually, lives have been enriched when we give.
For example, maybe we have an eremite classification we would similar to tithe to. Or we competence similar to assistance a means which is tightened to your heart. One of my a single preferred free organizations is a Junior Achievement.
Junior Achievement uses hands-on practice to assistance immature people assimilate economics of life. These classification partners with commercial operation leaders as well as educators. The idea of Junior Achievement is to pierce a genuine universe to students as well as open their thoughts to their potential.
I chose to minister to this classification since we adore to see immature people find their passion as well as follow it early in life. we feel similar to my hold up is enriched when we can assist an immature chairman to find their passion as well as equivocate a rodent race.
Do we have a classification we would similar to minister to? Think about how we would feel if your association was contributing to a classification which was assisting to have a disproportion in a world.
6. Extend your palm to assist someone who wants to do what we do.
One of the ways to give the role to your commercial operation is to teach, manager or coach a person. There have been people who would adore to great from a believe as well as images we have acquired.
You competence wish to learn a category or emanate a coaching club. You can stroke multiform people during once as well as precedence your time.
Who can we stretch out to as well as help? What car will we have use of to have a disproportion for someone else? Write down 3 ideas as well as exercise a single immediately.
7. Create a village by enrolling others to have it happen.
Have we ever gifted energy of what happens when multiform people have been committed to a single goal? There is an absolute force which happens when we verbalize your role out shrill as well as entice others to turn a part of it.
Look for opportunities to have customers, friends, family as well as colleagues to turn a part of an idea of your business. Your association could turn a means for the shift in a world.
For example, who would ever suppose which the role of a nod label association was to shift peoples lives a single label during a time? Well, it’s true. we had an absolved of a conference a CEO of this nod label speak.
He told a story of how he had a call to contend goodbye a single some-more time to his hermit when he was relocating as well as unsuccessful to do so. Shortly after a pierce, he got a phone call which his hermit had died tragically. He was condemned by an actuality he had unsuccessful to contend great bye.
Later he was desirous to emanate a nod label association which allows people to action upon their promptings. Never again, would any a single skip any event to send someone they caring about a card. His passion as well as joining about his commercial operation is contagious. He indeed embodies the characteristics of a purposed driven home formed business.
So preference is yours. You can emanate a commercial operation which focuses only upon origination a sire as well as during a formidable time it competence was not sufficient to get we through. Or we can emanate something with purpose. These 7 traits have been a winning combination. Life is indeed happiness when we can have a home formed commercial operation with the role as well as distinction from it.
Websites have a tendency to decay all by themselves. Link rot, they call it. Unpaid domain name registrations. Companies that have gone out of business. Site owners that have lost interest. What’s sadder than a 404? Landing on a holding page of a URL that used to exist, but now has fallen into the hands of some domain hoarder after it expired, hoping someone will pay a premium to get it back.
That stuff is no fun. But what about sites that are totally still around, just old? What kind of fun things could we do to indicate oldness that’s, like, on purpose?
On the CodePen blog, we call out blog posts that haven’t been updated in at least a couple of years. We update documentation, sure, but we tend to leave blog posts alone as a historical record. So, we’re pretty clear about that:
<?php if (get_the_modified_date("Y") < 2017) { ?>
<p class="callout"><strong>Heads up!</strong> This blog post hasn't been updated in over 2 years. CodePen is an ever changing place, so if this post references features, you're probably better off checking the <a href="/documentation/">docs</a>. Get in touch with <a href="https://codepen.io/support/">support</a> if you have further questions.</p>
<?php } ?>
We style it up like a little warning:
But what if it was less obvious? What if the text just kinda started going all to crap? Words falling off their lines and going out of focus? The older the content, the more decay:
What if you let a site decaye on purpose? Say, perhaps, you’re holding oto client work and the client hasn’t paid their bill. Dragoi Ciprian has a little idea (repo) for that. You set the due date and deadline:
var due_date = new Date('2017-02-27');
var days_deadline = 60;
Here’s a demo of that. As I write, I’m 30 days into a 90-day deadline. If the demo looks blank to you, well, I guess I should have paid my bill so this code could have been removed ?
Or maybe the screen could kinda flash red, like you’re getting hit in a video game.
Dave once mentioned this would be a cool browser extension, like the browser window could flash red when certain bad things are happening, like layout jank.
Or you could get all glitchy! (This demo is click-to-load, fast colors and motion warning.)
Perhaps rather than basing things off a payment due date or the age of the content, these effects come into play based on how long it’s been since the site’s dependencies have been updated. Or at least had some kind of deployment push.
This is only sorta tangentially related, but it reminds me of the very, very scary game Lose/Lose:
Lose/Lose is a video-game with real life consequences. Each alien in the game is created based on a random file on the players [sic] computer. If the player kills the alien, the file it is based on is deleted. If the players [sic] ship is destroyed, the application itself is deleted.
Although touching aliens will cause the player to lose the game, and killing aliens awards points, the aliens will never actually fire at the player. This calls into question the player’s mission, which is never explicitly stated, only hinted at through classic game mechanics. Is the player supposed to be an aggressor? Or merely an observer, traversing through a dangerous land?
High fives to Wufoo, our long-time sponsor here on CSS-Tricks. It’s powered the vast majority of forms I’ve built over the past decade. If you’ve never used it or heard of it: it’s a form builder. It makes the arduous task of implementing forms trivially easy. Building a form on Wufoo means you’ll get a form that does everything right UX-wise, gives you full design control, integrates with anything, and that you can put anywhere.
The feature list is too long to cover in the confines of a single post, so I always like to cover little bits that I’ve used recently and liked.
Don’t forget they have a robust API. I used the API to submit form entries on a form just the other day. I wanted to do some special things on a form, like be able to react to the DOM event of submitting the form. That’s not really possible when the form is in an , but just fine when you host the form yourself and submit via API. Worked great.
Many conversations in our industry tend to circle around strong opinions and universal answers. Choosing a shiny new technical stack or sticking to an old-school paradigm; betting on a trendy framework or building a custom light framework of your own; using an attention-grabbing pop-up or sticking to calmer, less annoying solutions. We tend to have strong opinions about design and development, and so we agree and disagree, and argue endlessly, trying to protect and explain our views. Sometimes (and maybe a bit too often) to the point that conversations escalate and result in annoyingly disgruntled camps not agreeing on anything.
It’s not the stubbornness that brings us there, though. It’s the simple fact that we all have different backgrounds, expectations, and experiences. But sometimes we end up debating answers that are all acceptable and seeking the ultimate truth in a place where it really can’t exist. This pattern shows up for the usual suspects: accessibility, performance, tooling, workflows, and naming conventions. It also repeats itself with topics that are often considered to be ephemeral: ethics and privacy.
In the past, these topics could be spotted sporadically on the remote fringes of Twitter threads and blog posts. These days we’ve become very aware of the frightening dimensions that collection and use of personal data have gradually and silently gained. So we’ve started fighting back. Fighting back by publicly complaining about privacy-related dark patterns, unsolicited emails, shady practices, strict legal regulations, and ad-blocker wars against disruptive ads from hell. Of course, these are all important conversations to have and raising awareness is important; but we also need an applicable, pragmatic approach for designing and building ethical and respectful interfaces within our existing, well-established processes. We could use a few established patterns to bake in privacy-aware design decisions into our interfaces by default.
As a part of Smashing consultancy and teaching at universities and schools, over the last several months I was privileged to run interviews with 62 customers of various ages and experiences in Belgium, the Netherlands, Germany, Ukraine, USA, Serbia, Bosnia-Herzegovina, Austria, and Canada. My objective was to ascertain the role privacy plays for users these days, and how the interfaces we so thoroughly craft are perceived when it comes to various touchpoints. The findings from these interviews are the foundation of this article series.
In this four-part series, we’ll explore some of the respectful ways to approach privacy and data collection, and how to deal with notorious GDPR cookie consent prompts, intrusive push notifications, glorious permission requests, malicious third-party tracking, and offboarding experience:
Part 1: Privacy Concerns and Privacy in Web Forms
Part 2: Better GDPR Cookie Prompts
Part 3: Designing Better Notifications
Part 4: Privacy-Aware Design Framework
Why Aren’t Privacy-Aware Interfaces a Default?
Imagine a beautiful, authentic historical street, paved with half-broken cobble stones, tiny vintage stores, and flourishing flowers randomly placed across the pathway. Sauntering along such charming streets is a wonderful experience, full of smells and sounds of the city that aren’t easy to capture in the daily stream of mundane tasks.
Now imagine the very same street packed with lookalike merchandise farms stacked right next to each other, plastered with promotional posters, blinking advertising, loud music, and repeating marketing messages fighting for your attention over and over and over again. Compared with the previous experience, that’s very different, and most likely much less enjoyable.
Unfortunately, in both of the scenarios above, the more often we walk down that same street, the more we become accustomed to what’s happening, and in the end these experiences become normal — and even expected — along that path. Over time, we tend to get used to the way things appear and function, and especially when it comes to advertising, over time we’ve learned fairly well how to dismiss the marketing messages streaming endlessly and loudly our way.
Not all marketing messages are ineffective, of course; in fact, most people are receptive to them, mostly because they are literally everywhere, often heavily personalized and hence relevant. We see them as an unnecessary evil that enables and finances our experience, be it reading an article, playing a game or watching a video. What came along with it, though, isn’t just visual noise and a substantial performance footprint of adverts, but also ever-increasing tracking, collection, and ongoing evaluation of private data.
As a result, many of the online experiences we attend to on a daily basis feel more broken and frustrating than refreshing and inspiring. Over years of daily training on the websites we love and hate so much, we’ve got used to it — and many of us no longer notice how distracting, invasive, and disrespectful the websites have become.
While boring pop-ups and annoying blinking ads might be easy to ignore or dismiss, sneaky push notifications, ambiguous copywriting, shady backdoors in seemingly friendly apps, and deceptive ads camouflaged as parts of the UI are nothing but a notorious, well-executed hustle. Not many website owners would willingly impose this kind of experience on their customers, and not many customers would knowingly return to a website that shared their private data for retargeting or reuse. With such experiences, trust and loyalty are at stake, and these days they are extremely rare and precious values that are hard to reacquire once they are lost.
Pop-ups are rarely friendly and respectful, as they interrupt the experience. However, Medium goes to extremes when trying to make the interruption friendly and humble with strong, thoughtful microcopy. (Large preview)
If we ask ourselves why honest interfaces haven’t made a breakthrough yet, bypassing and pushing away all the culprits out there, it’s not easy to find an answer at first. It’s not that designers want to manipulate customers, or that developers want to make experiences slower, or that marketeers are happy to endlessly frustrate and confuse users’ experience for the sake of one-off campaigns.
In a world where every brand demands immediate and uninterrupted attention, attention has become incredibly scarce, and so competing against loud guerrilla campaigns with a subtle, humble marketing message might feel remarkably inferior. Clever, subtle campaigns can be effective, but they need to be constantly invented anew to remain interesting — and there is no guarantee they actually will work. On the other hand, it’s much easier to rely on solutions that worked well in the past — they are predictable, easy to measure, and not too difficult to sell to clients.
In fact, we tend to rely on predictable A/B tests that give us clear answers for measurable, quantifiable insights. But when it comes to ethics and the long-term impact of an interface on loyalty and trust, we are out there in the blue. What we are missing is a clear, affordable strategy for meeting business requirements without resorting to questionable practices that proved to be effective in the past.
In most conversations I’ve had with marketing teams over the years, the main backlash against all the UX-focused, customer-protective changes in marketing was the simple fact that marketing teams didn’t believe for a second that they could be as competitive as good ol’ workhorse techniques. So while, of course, calm, ethical, and privacy-aware interfaces would benefit the user, moving away from the status quo would massively hurt business and make companies less competitive.
Sadly enough, they might be right. Most of us use well-known services and websites that have all the despicable practices we so love to hate. Tracking, and collection and manipulation of data are at the very core of their business models, which allow them to capitalize on it for advertising and selling purposes. In fact, they succeed, and for many users, trading privacy is an acceptable cost for all the wonderful benefits that all those giants provide for nothing. Beyond that, moving away from these benefits is remarkably hard, time-consuming, and just plain painful, so unless a company hurts its users on a level that goes way beyond harvesting and selling data, they are very unlikely to leave.
Many of you might remember the golden days when the first mobile interfaces were clunky and weird and slow, and when everything seemed to be out of place, and we were desperately trying to fill all those magical rectangles on shiny new mobile phones with adaptive and pixel-perfect layouts.
Despite good intentions and wondrous ideas, many of our first interfaces weren’t great — they just weren’t good executions of potentially great ideas. As time passed, these interfaces slowly disappeared, replaced by solutions that were designed better, slowly carved out of thorough efforts in research and testing, and gradual, ongoing refinements. It’s rare we see and regularly use some of those old interfaces today. Sometimes they remain locked up in app ecosystems, never updated or redesigned, but the competition pushed them away hastily. They just aren’t competitive enough, because they weren’t comfortable enough to enable users to reach their goals.
I wonder if the same will happen with the new wave of privacy- and ethics-aware applications. Well-designed, small applications that do simple tasks very well, with a strong focus on ethical, respectful, and honest pixels, without shady backdoors and psychological tricks. We can’t expect giants to change overnight, but once these alternative solutions start succeeding, they might be forced to refine their models in response. I strongly believe that taking good care of users’ data can be a competitive advantage and a unique selling proposition that no other company in your niche has.
For that to happen, though, we need to understand common pain points that users have, and establish interface patterns that designers and developers could easily use. We’ll start with common privacy concerns and seemingly obvious interface components: privacy-related issues often raised in web forms.
Eliminating Privacy Concerns
So you designed a wonderful new feature: an option to connect your customers with their friends by importing contacts from Facebook, LinkedIn, Twitter, or perhaps even their contact list. Imagine the huge impact on your sign-ups if only a fraction of your existing customers choose to use the feature, connecting with dozens and hundreds of their friends on your wonderful platform! Unfortunately, the feature is likely to have difficulties taking off, not because it isn’t designed well, but because of the massive abuse of privacy that users have been exposed to over the years.
Remember that awkward conversation with a few friends wondering about an unusual invitation they received from you the other day? You didn’t mean to annoy your friends, of course, but the service you’ve just signed up to was happy to notify your friends on your behalf, without your explicit permission. Perhaps recommended default settings during installation contained a few too many checkboxes with ambiguous labels, or perhaps the app just wouldn’t work correctly otherwise. You didn’t think anything at the time, but you’ll definitely think twice next time, before leaving all of those checkboxes opted-in.
In general, when asked about what kinds of privacy issues customers seem to be worried about, the following concerns have been raised, in order of magnitude or severeness:
Tracking and evaluating user preferences, location, and so on
Convoluted privacy policy changes
Lack of trust for free or freemium services
Disturbing and annoying advertising in apps or on websites
Targeting with commercial and political messages
Unwanted notifications and marketing emails
No proper control of personal data
Exposing personal preferences to third parties
Difficulty to delete personal details
Difficulty to cancel or close account
Safety of stored data on servers
Uploading a photo of a credit card or passport scan
Use of personal data for commercial purposes
Exposing private messages and emails publicly
Exposing search history publicly
Social profiling by potential employers
An app posting on user’s behalf
Difficulty to export personal data
Difficulty to cancel a subscription
Hidden fees and costs not explicitly mentioned
Importing contact details of friends
Trolling and stalking online
Data breach of login, password, and credit card details
Hacked Gmail, Facebook, Twitter, or Instagram accounts
It’s quite astonishing to see how many concerns our humble interfaces raise, producing doubt, uncertainty, and skepticism in our customers.
They don’t come out of nowhere, though. In fact, conversations about privacy often share a common thread: dreadful previous experiences that users had to learn from — the hard way. Usually it’s not those password input nightmares or frustrating CAPTCHAs; instead, it’s credit card fraud after an online purchase, and never-ending emails from companies trying to lure you in; and unsolicited posts, check-ins, and recommendations graciously posted on user’s behalf. So it shouldn’t be very surprising that for most customers the default behavior and response for pretty much any request of personal data is “Block,” unless the app makes a strong, comprehensible case of why the permission should be granted.
This goes for importing contacts as much as for signing in with a social login: nobody wants to spam their friends with random invitations or have an app polluting their profile with automated check-in messages. On the other hand, anonymous data collection always wins. Whenever the word “anonymous” made its appearance in privacy policies, security updates, or web forms, customers were much less reluctant to share their personal data. They understood that the data is collected for marketing purposes, and wouldn’t be used to target them specifically, so they had no issues with it at all across the board. So if you need to gather some data, but don’t need to target every individual customer, you are likely to cause fewer concerns with your customers.
One of the most dreadful features out there: importing contacts from other social networks. Very often, customers associate this feature with nothing but annoying and irreversible spam. (Large preview)
In our interviews, users often spoke about “being burned in the past,” which is why they tend to be careful when granting permissions for any kind of data or activities online. Some users would have a dedicated credit card for online purchases, heavily protected with 2-factor authorization via their phone; others would have dedicated spam or throwaway email address for new accounts and registration, and yet others would never share very personal information in social networks. However, all these users were in a small minority, and most of them changed their attitude after they had experienced major privacy issues in the past.
We have to design our interfaces to relieve or eliminate these concerns. Obviously, this goes very much against dubious practices for tricking customers into posting, sharing, engaging, and adding value to our platforms, hence exposing their personal data. This might also work against the business goals of the company that is heavily dependent on advertising and maximizing customer fees. However, there is a fine line between techniques used to keep users on the site and exploiting their privacy. We need to eliminate privacy concerns, and there are a few straightforward ways of doing so.
Privacy In Web Forms
While it’s been a good practice to avoid optional input fields and ask only for the information required to complete the form, in the real world web forms are often poisoned with seemingly random questions that appear absolutely irrelevant in the user’s context.
The reason for this isn’t necessarily malicious in intent, but rather technical debt, as the site might be using a site-wide component for all forms, and it simply doesn’t allow for enough flexibility to fine-tune the forms appropriately. For example, when asking the user for their name, we’ve become accustomed to breaking a full name into first name and family name in our forms, sometimes with a middle name in between.
From a technical perspective, it’s much easier to save structured data this way, but when asking for a person’s name in a real-life conversation we hardly ever ask specifically for their first name or last name — instead we ask for their name. In some countries, such as Indonesia, the last name is very uncommon, and in others a middle name is extremely rare. Hence, combining the input into a single “Full name” input field seems most plausible, yet in most web forms out there, it’s rarely the case.
That means that in practice, seemingly random questions have to be asked at times, even though they aren’t really required. On the other hand, marketing teams often need personal information about their customers to be able to capture and present the reach and specifics of the audience to their potential advertisers. Gender, age, preferences, habits, purchasing behavior and everything in between falls under this category. And that’s not the kind of data that users are happy to willingly hand over without a legitimate reason.
When running interviews with users, we’ve identified a few common privacy-related data points that were considered to be of a “too private, too intrusive” nature. Obviously, it heavily depends on the context too. Shipping address is perfectly acceptable at a checkout, but would be out of place in an account sign-up form. Gender would be inappropriate in an anonymous donation form, but would make perfect sense on a dating website.
In general, users tend to raise concerns when asked about the following details (in order of magnitude or severeness):
Title
Gender
Age
Birthday
Phone number
Personal photo
Credit card or bank details
Signature
Passport details
Social security number
Admittedly, only a few users would abandon a form just because it’s asking for their title or gender. However, if the questions are framed in an inappropriate way, or many of the questions seem to be irrelevant, all these disturbances start to add up, raising doubt and uncertainty at the point when we, as designers, want to ensure clarity and get all potential disturbances out of the way. To avoid that, we need to explain why we need a user’s data, and provide a way out should the customer want to keep the data private.
Explain Why You Need A User’s Data
With numerous data breaches, scam mails, and phishing websites permanently reminding users of the potential implications of data misuse, they rightfully have doubts and concerns about sharing private information online. We rarely have second thoughts when asked to add a few seemingly harmless radio buttons and input fields to a form, but the result is often not only a decrease in conversion, but a long-lasting mistrust of customers towards the brand and its products.
As a result, you might end up with people submitting random data just to “pass through the gates,” as one interviewer called it. Some people would creatively fight back by providing random answers to “mess up the results.” When asked for a phone number, some would type in the correct number first (mostly because they expect the input to be validating the correct format of the phone number), and then modify a few digits to avoid spam calls. In fact, the more personal data a website is attempting to gather, the more likely the input is to be purposefully incorrect.
Just-in-time explanations with the info tooltip in forms. Explaining why you need a user’s data matters. Image source: Claire Barrett. (Large preview)
However, customers rarely have concerns when they fully understand why particular private information is required; the doubts occur when private information is required without an adequate explanation. While it might be obvious to the company why it needs particular details about its users, it might not be obvious to users at all. Instead, it might appear suspicious and confusing — mostly owing to the simple lack of understanding of why it’s actually needed and if it might be misused.
As a rule of thumb, it’s always a good idea to explain exactly why the private data is required. For example, a phone number might be required to contact the customer in case a package can’t be delivered. Their birthday might be required to customize a special gift for a loyal customer. Passport details might be required for identity verification when setting up a new bank account.
All these reasons have to be explicitly stated as a hint next to the input field; for instance, revealed on tap or click behind an info icon, to avoid confusion and misunderstanding. For the same reason, if you’re aware that some questions might feel weird for a particular set of customers, make them optional and indicate they can be skipped if they seem to be not applicable.
It’s also a good idea to reassure the user that you take their privacy seriously, and that their data will be protected and, most importantly, will not be used for any targeted marketing purposes nor shared with third parties. Surprisingly, the latter seemed to be even more important to a large number of users than the former, as they didn’t want their data to “end up in random, inconvenient, places.”
Always Provide A Way Out
We have all been there: the reality is rarely a set of straightforward binary choices, and more often than not, it’s a spectrum of possibilities, without an obvious set of predefined options. Yet isn’t it ironic that our interfaces usually expect a single, unambiguous answer for reasonably ambiguous questions?
When designing the options for title and gender, we tend to think in common patterns, providing a strict set of predictable options, basically deciding how a person should identify themselves. It’s not our place to do so, though. Not surprising, then, that for some users the options felt “patronizing and disrespectful.” A common area where this problem occurs frequently is the framing and wording of questions. Gender-neutral wording is less intrusive and more respectful. Instead of referring to a specific gender, you could keep the tone more general; for instance, asking for the age of a spouse rather than wife or husband.
The world is rarely binary. Always provide a way out when specifying gender. Check the article on inclusive form design for gender diversity. Also, askingaboutgender.tumblr.com collects good UX practices for collecting and displaying information about gender. (Large preview)
To avoid lock-in, it’s a good strategy to always provide a way out should the customer want to specify input on their own, or not want to share that data. For title and gender it might be as easy as providing an additional input field that would allow customers to specify a custom input. A checkbox with “I’d rather not say” or “I’d like to skip this question” would be a simple way out if customers prefer to avoid the question altogether.
Always Ask For Exactly What You Need, Never More
What question seems to be more personal to you: your age or your birthday? In conversations with users, the former was perceived much less personal than the date of birth, mostly because the former is more broad and general. In reality, although companies rarely need a specific date of birth, the required input contains masks for the day, month, and year.
There are usually three reasons for that. On the one side, marketing teams often want to know the age of the customer to understand the demographics of the service — for them, a specific date of birth isn’t really necessary. On the other side, when a company wants to send out custom gifts to a customer on their birthday, they do need the day and the month — but not necessarily the year.
Never ask more than you need. For its age prompt, Carlsberg used to ask only the year of birth, and ask for month and day only if necessary to verify that the customer is over 18 years old. (Large preview)
Finally, depending on local regulations, it might be a legal requirement to verify that a website visitor is over a certain age threshold. In that case, it might be enough to ask the customer if they are over 18 rather than asking them for their date of birth, or ask them only for the year of birth first. If they are definitely younger than 18, they might not be able to access the site. If they are definitely older than 18, they can access the site. The prompts for the month should appear only if the user might be just below or just above 18 (born 18 years ago). Finally, the day input would appear only if it’s absolutely necessary to check if the user is old enough to enter the site.
When designing an input for age or date of birth, consider the specific data points that you need and design the form accordingly. Try to minimize the amount of input required, and (again) explain why for what purpose you need that input.
When Asking For Sensitive Details, Prepare Customers Ahead Of Time
While users can find a way to “pass through the gates” with title, gender, age, birthday, and even phone number input, they will have a very difficult time finding a way out when asked for their photo, signature, credit card, passport details, or social security number. These details are very personal and customers tend to spend a disproportionate amount of time filling in these input fields, slowing down massively as they do so. Often this area would be where the users would spend most of their time, and also where they abandon most frequently.
When asked to type in this kind of data, customers would often linger around the interface, scanning it from top to bottom and right to left or scrolling up and down — almost hoping to detect a reassuring confirmation that their data will be processed securely. Almost nobody would mindlessly load their personal photo or type in their passport details without a brief reassurance phase, both on mobile and on desktop.
There are a few strategies to alleviate the concerns users might have at this point. Because users slow down significantly in their progress, always provide an option to save and finish later, as some users might not have the details to hand. You could ask for their phone number or email to send a reminder a few hours or days later. Additionally, consider reassuring users with a noticeable hint or even pop-up that you take their privacy seriously and that you would never share details with third party.
It might also be a good idea to prepare the customer for the required input ahead of time. You could ask them to prepare their passport and bank account details before they even start filling in the form, just to set the right expectations.
The more sensitive private details are, the less room for amusing remarks there should be. The voice and tone of accompanying copywriting matter a lot, just like the copy of error messages, which should be adaptive and concise, informing the user about a problem and how it could be fixed.
Don’t Expect Accurate Data For Temporary Accounts
You’ve been here before: you might be having a quick bite in a coffee shop, or waiting for your spouse in a shopping mall, or spending a few layover hours at an airport. It probably won’t take you long to discover a free Wi-Fi hotspot and connect to it. Suddenly, a gracious pop-up window makes its glorious appearance, informing you about 15 free minutes of Wi-Fi, along with a versatile repertoire of lengthy text passages, auto-playing video adverts, painfully small buttons, tiny checkboxes, and miniature legal notices. Your gaze goes straight to where it matters most: the sign-up area prompting you to sign in with Facebook, Twitter, Instagram, SMS, or email. Which option would you choose, and why?
Throughout our interviews, we’ve noticed the same behavior over and over again: whenever customers felt that they were in a temporary place or state (that is, they didn’t feel they might be returning any time soon), they were very unlikely to provide accurate personal data. This goes for Wi-Fi in airports as much as in restaurants and shopping malls. Required sign-ups were usually associated with unsolicited marketing emails, mostly annoyingly irrelevant. After all, who’d love to receive notifications from Schiphol Airport if they’ve only flown from it once?
Every time a temporary account requires email, expect a throwaway email to be entered. Such forms just don’t work, so it’s about time to stop designing them. More examples of such interfaces can be found here. (Large preview)
In fact, users were most unlikely to log in with Facebook, Twitter, or Instagram, because they were worried about third-party services posting on their behalf (we’ll cover these issues in a bit more detail later in this series). Many customers just didn’t feel comfortable letting an unknown third party into what they consider to be their “private personal sphere.” Both SMS and email were perfectly acceptable, yet especially when traveling, many customers didn’t know for sure if they’d be charged for text messages or not, and referred email instead. Hence, it’s critical to never enforce a social sign-in and provide a way out with an SMS confirmation or an email sign-up.
With the email option chosen, however, only a few people would actually provide their active personal or business emails when signing up. Some people keep a trash email, used for new accounts, quick confirmations, random newsletters and printing documents in a print shop around the corner. That email is hardly ever checked, and often full of spam, random newsletters, and irrelevant marketing emails. Chances are high that your carefully crafted messages will be enjoying the good company of these messages, usually unopened and unread.
Other people, when prompted to type in their email, provide a random non-existent @gmail.com account, hoping that no verification will be required. If it is required after all, they usually return and provide the least important email account, often a trash email.
What happens if the service tries to ensure the validity of the email by requiring user to retype their email one more time? A good number will try to copy-paste their input into the email verification input field, unless the website blocks copy-paste or the email input is split into two inputs, one for the segment before the @ symbol, and one after it. It shouldn’t be too surprising that not a single customer was particularly thrilled about these options.
Users seem to highly value a very strict separation between things that matter to them and things that don’t matter to them — especially in their email inbox. Being burned with annoying marketing emails in the past, they are more cautious of letting brands into their private sphere. To get their attention, we need to give customers a good reason to sign up with an active email account; for example, to qualify for free shipping, or auto-applied discounts for loyal customers, or an immediate discount for next purchases, or a free coffee for the next visit. One way or another, we need to deserve their trust, which is not granted by default most of the time.
Don’t Store Private Data By Default
When setting up an account, it’s common to see interfaces asking for permission to store personal data for future use. Of course, sometimes the reason for it comes from the objective to nudge customers into easy repurchasing on future visits. Often it’s a helpful feature that allows customers to avoid retyping and save time with the next order. However, not every customer will ever have a second order, and nobody will be amused by an unexpected call from the marketing department about a brand new offering.
Customers have no issues with storing gender and date of birth once they’ve provided it, and seem to be likely to allow phone numbers to be stored, but they are less likely to store credit card details and signature and passport details.
Hence, it’s plausible to never store private data by default, and always ask users for permission, unchecking the checkbox by default. Also, consider storing details temporarily — for a few weeks, for example — and inform the user about this behavior as they are signing up.
In general, the more private the required information is, the more effort should be spent to clearly explain how this information will be processed and secured. While a subtle text hint might be enough when asking for a phone number, passport details might need a larger section, highlighting why they are required along with all the efforts put into protecting user’s privacy.
Users Watch Out For Privacy Traps
The more your interface is trying to get silent consent from customers — be it a subscription to email, use of personal data, or pretty much anything else — the more customers seem to be focused on getting this done, their way. It might seem like a tiny mischievous checkbox (opted-in by default) might be overlooked, yet in practice customers go to extremes hitting that checkbox, sometimes as far as tapping it with a pinky finger on their mobile phones.
With a fundamental mistrust of our interfaces, customers have become accustomed to being cautious online. So they watch out for privacy traps, and have built up their own strategies to deal with malicious and inquisitive web forms. As such, on a daily basis, they resort to temporary email providers, fake names and email addresses, invalid phone numbers, and random postal codes. In that light, being respectful and humble when asking for personal data can be a remarkably refreshing experience, which many customers don’t expect. This also goes for a pattern that has become quite a nuisance recently: the omnipresent cookie settings prompt.
In the next article of the series, we’ll look into these notorious GDPR cookie consent prompts, and how we can design the experience around them better, and with our users’ privacy in mind.
