is a blog about design, technology and culture written by Khoi Vinh, and has been more or less continuously published since December 2000 in New York City. Khoi is currently Principal Designer at Adobe. Previously, Khoi was co-founder and CEO of Mixel (acquired in 2013), Design Director of The New York Times Online, and co-founder of the design studio Behavior, LLC. He is the author of “How They Got There: Interviews with Digital Designers About Their Careers”and “Ordering Disorder: Grid Principles for Web Design,” and was named one of Fast Company’s “fifty most influential designers in America.” Khoi lives in Crown Heights, Brooklyn with his wife and three children.
An article published yesterday in The Washington Post demonstrates the danger of design’s failure to broaden popular understanding of our craft. It tells the story of hackers compromising Nest Cams in private homes by taking advantage of lax security on the cameras. And it pins the blame for this on technology companies’ focus on reducing “what Silicon Valley calls ‘friction’—anything that can slow down or stand in the way of someone using a product.” The assertion is that Nest and other companies could better secure devices like the Nest Cam by requiring measures such as two-factor authorization of user accounts, but are reluctant to do so because that would make the products more difficult to use.
Nik Sathe, vice president of software engineering for Google Home and Nest, said Nest has tried to weigh protecting its less security-savvy customers while taking care not to unduly inconvenience legitimate users to keep out the bad ones. ‘It’s a balance,’ he said. Whatever security Nest uses, Sathe said, needs to avoid ‘bad outcomes in terms of user experience.’
It’s certainly true that more could be done to encourage better security practices for Nest Cams (and in fact for most every other smart home device; the category is in desperate need of a privacy and security overhaul). But the concept of user experience writ large is not to blame here; what’s actually at fault is bad user experience practice.
There are at least a few other designs that could have been more conducive to users’ interests here: Nest could force users to consciously opt out of two-factor authorization; it could more clearly warn users of the danger of not opting into two-factor authorization; it could offer an option where account access is restricted entirely to local IP addresses; and many more possibilities. Privacy and security are not at odds with user experience; in fact privacy and security are raw materials that designers must use to create good products.
Nest just happened to make an injudicious design decision. But the framing of the problem in this article equates a focus on low-friction user experience design to be suspicious at best, and inherently compromising at worst. Any professional product designer knows that’s hogwash, of course, but the gospel of our profession—the idea that designers are motivated to make people’s lives better—is lost on the audience of a mainstream news organization like The Post’s.
We could chalk this up to lazy journalism but in fact the fault lies with us, with designers who have utterly failed at explaining what it is that we do to the world at large. There is little comprehension of what design does or how to define user experience, and what possibilities exist within these broad, amorphous concepts for everyday people. Design, as I’ve argued many times, is still a mystery to the uninitiated—including otherwise savvy reporters. In absence of understanding, suspicion and fear rush to fill the void, which is what is on display here.