When good ideas aren’t thought through part 2

I’m all for advances in technology to protect users but why do some companies seem to handle things so clumsily and just not think how it is going to affect the end users? Sometimes these actions can actually be damaging to other trading companies.

I have two examples of just this happening today.

Firstly with regard to Mozilla rolling out a new policy when it comes to SSL certificates (this will be within Firefox 3). Essentially if you self certify or get an unapproved provider to sign the certificate any users of Firefox 3 will get a massive scary message - the kind that most people have a little panic and push the back button.

Mozilla are trying to do the right thing but in too bullish a way. If a certificate is actually invalid this of course should be displayed but if it is simply by an unapproved provider an alternative message should be provided.

In the case of SSL certificates they are provided for two reasons.

1. To encrypt data sent to and from the server.
2. To authenticate the website is what it says it is.

The second point can only be trusted when a third party reputable provider issues the certificate and this is what Firefox is trying to protect against. Why not have a bit more user friendly message that explains that? If a self certified certificate is being used simply to ensure secure transfer of data strictly speaking the certificate is not invalid so why say it is?

My second annoyance is with McAfee and their SiteAdvisor system they have in their security software. Every McAfee’s users’ search engine results pages have icons put next to each result to signify if McAfee has tested if the site as safe or not.

Sounds like a good idea yes? Certainly gives piece of mind for the average user however if as a company you are unlucky enough still to be in McAfee queue for testing websites it’s not such good news.

If a user is confronted with a red cross next to a search result (failed McAfee’s tests) you’d understand people avoiding it like the plague but how about if they have a yellow exclamation mark next to them?

Well for the average users they too would avoid this like the plague - why take the risk?

So when a company I’ve been working with had this very problem (and notably their competitor’s have already been awarded the magic green tick) I contacted McAfee to see if they could move things along. A brick wall is about the best description - wait your turn. Hardly the response you want when an action by another company could actively be turning away paying customers.

I’m not saying that McAfee shouldn’t have come up with this solution just the implementation is lacking. Surely a more carefully categorised queuing system could have ensured no uneven roll-out through competitors? Or maybe if such a thing was to happen there could be conditions when a website could be fast tracked?