Is There Anyone Left At YHOO With A Brain?
I get a call from someone about Yahoo blocking them from sending e-mail. I say “don’t touch anything. I’ll be right there.
I arrive a few minutes later to see the situation. Yahoo had allowed a fake PayPal message to get through. The user was forwarding it to me with a question: “Do I have a PayPal account? Do I need to be concerned about this?” Yahoo recognized that this was phishing, and prevented the user from sending it.
I’m so mad that you can’t come near me unless you’re prepared to hear the F-word. If you could tell it was a phishing attempt, why in the world didn’t Y! prevent it from reaching the user’s inbox? Do we need any reminder that regular users depend upon us who are technical to act as their shields against these online scumbags? What kind of system says “phishing attempts are okay, as long as their incoming instead of outgoing”?
Here are some recent discussions and events, in case no one at YHOO has been watching:
- First of all, ReadWriteWeb published an article about a login alliance between Facebook and AOL. The article’s comments were overrun with Facebook users trying to log in. The problem? They didn’t enter the Facebook URL into the address bar at the top of their browsers. Instead, they entered “facebook login” into the search engine on their browsers’ home page and then clicked the top link. It had always worked before, but for a short time, the RWW article was the top link for “facebook login”, and so their ingrained habit didn’t work. So they used their Facebook login credentials to ask why the page looked so different and why they could not log in to Facebook.
- Comments about that incident filled the tech blogs for a few days afterward.
- Related commentary continues to this day. I pointed out, for example, that sites where users log in should never present a link that replaces the page with an off-site one, unless it first uses a page that says, “you are leaving our site and will be logged out; is this okay?” Without that confirmation page, the site should always present logged in users links that open in new tabs. Simon Willison also posted about the lack of understanding URLs recently.
- “Are you online?” I was asked this recently by a family member as I sat at my computer. Well, yes, I’m online. We are connected to the Internet whenever we turn a computer on (except between 1 AM and 7 AM Pacific, when the router is programmed to deny access to everyone). Perhaps inside of Yahoo, they don’t have any non-technical users to ask that question. Come work where I work for a week. You’ll soon recognize that the apparent meaning of “online” to non-technical users is “actively using a Web browser”. (And it is important to point out that dial-up users know when they are online, because no one can use the telephone. Pervasive connectivity isn’t quite comprehended by the general public. That’s why they buy iPhones, with their connection to the very spotty AT&T network, instead of buying the Pre or the Pre Plus, with its much more reliable Sprint and Verizon networks. I would have smashed the phone to bits if I had a phone that was an Internet device, but it was on a network where Internet connectivity was unreliable.)
I have long had a lot of love and respect for “Y!”, even after I worked downstairs from one of their locations and experienced how rudely their staff treats people who work for other employers. Over the past year or two, I really believe that anyone with any sense in that company is getting their resumes into as many hands as possible, trying to get out before the whole thing implodes.
Y!, again, I love you, but you had better straighten up and fly right. Remember that people can get good search results from a number of places (Google [also known as “bigG”], Bing, DuckDuckGo, Cuil, Wolfram Alpha, etc). They can get webmail and the other services you offer from other providers as well. Simple things like protecting your users from phishers can go a long way toward making sure your company stays around. Incidentally, I recently found that DuckDuckGo doesn’t just link UPS’ tracking page when you enter a tracking number–they redirect your browser to that page–I was impressed at the way they saved me a step.
IMPORTANT: This is my personal opinion, and not that of any other person, organization, employer, or government agency. As an opinion, it is subject to change. In particular, being a fan of bigG and Y!, I tend to expect more of them, but once everything is all better, it really is all better. If you’re a lawyer: I don’t have any money, so go bother someone else.
Powered by ScribeFire.
Entry filed under: Web.