On Design: Don’t be Paranoid
January 5, 2007
Let me tell you a little story about a restaurant I love.
The restaurant is Churrasco Villa (beware the audio). I like them because they are fast, the quality is always good, their meals are nutritious, their facility is clean, their staff courteous and I can collect a take out dinner when I need to (usually 3-4 times per month). It’s the kind of neighborhood restaurant that always has people in the take out line and most of their seating capacity is full.
A few weeks ago I was deliriously hungry. You don’t have to spend much time around me to learn I eat every 3-4 hours and the wheels start to fall off if I have to wait much longer than that. So I called up the take out line and ordered.
When I went and picked up my food, I asked if I could sit at an unused table near the door and quickly eat my meal. The take out person said no. I then offered to tip the wait staff even though they would not be serving me – just for the quick use of that area and because I thought that might be the issue. The answer? No. And guess what? Now I’m mad.
As I quietly turned way from the counter I asked myself, “how did I turn so quickly from loving this place to being SO mad at it?” I was so mad I wanted to tell everyone what a dump it was. The trouble was I knew that was untrue…my rational mind still knew I loved the place.
So what happened? Clearly the staff at the take out window have been given some kind of policy that runs something like this: you can’t eat in if you order take out. Fair enough! The trouble is, how often do people really ask to do that? Once a month? Once a quarter? I’m willing to bet I looked awfully hungry when I collected my food, and as a regular customer, could they not cut me a break? Sure they could, the trouble is businesses fear the worst when they open the door to something like this because they fear it will be abused – the reality is they shouldn’t be afraid. Few people abuse your business and your policies and this fact is true of web applications too.
Inevitably when you are designing a web app or a website you will think of a scenario where a user can – in small way – abuse your site or game your system. It might be a really small thing like not entering a valid email address then they sign up. To prevent this you may force them to validate their email address before they can access their account. In theory you convince yourself that you are acting in your own best interest. The truth is you are not.
Trust your users and don’t worry about the small percentage of abusers – they won’t act ethically no matter what you do, so don’t invest your time trying to change them. The fact is very few people will abuse your sign up form, and invariably it takes more time to develop a form so that people can’t “trick” you. Also, designing and developing with a paranoid state of mind almost always adds a barrier to entry (i.e. “I have to check my email to get started? What a pain…forget it.”) that will get in the way of ethical users who want to use your service. These barriers will slow adoption and cost you in the long run.
about the author
FreshBooks, the world’s #1 cloud accounting software for self-employed professionals. Built in 2003 after he accidentally saved over an invoice, Mike spent 3.5 years growing FreshBooks from his parents’ basement. Since then, over 10 million people have used FreshBooks to save time billing, and collect billions of dollars. A lover of the outdoors, Mike has been bitten so many times it’s rumored he’s the first human to have developed immunity to mosquitoes.Mike is the co-founder and CEO of