Simon Willison’s Weblog

Google asked people in Times Square:“What is a browser?”. Stuff like this makes me despair for creating a secure web—what chance do people have of surfing safely if they don’t understand browsers, web sites, operating systems, DNS, URLs, SSL, certificates... # 20th June 2009, 1:25 am

Reviews of the Pownce app on the iPhone app store on Flickr. I had to stitch together a screenshot because you can’t actually link to content in the App Store (unless you don’t care that people without iTunes won’t be able to follow your link). Three out of the four reviews complain about the OAuth browser authentication step, which is frustrating because Pownce have implemented it so well. # 12th August 2008, 11:05 am

The Truth about Web Navigation. Jeremy Zawodny on regular users understanding the browser address bar: “They don’t. And they never will.” Then they’re going to get phished, and there’s absolutely nothing we can do to help them. # 19th July 2008, 11:42 pm

8 More Design Mistakes with Account Sign-in (via) Second of a two part series by Jared Spool. I agree with all of them with the possible exception of #15 which advocates providing a non-email password recovery solution. Security “questions” are usually dreadfully insecure, and introduce the need to lock users out of their accounts after just a few tries. # 17th January 2008, 4:35 pm

Amazon makes you lie to log off (via) Amazingly, the only way to sign out of Amazon these days is to use the “If you’re not XXX, click here” link—the traditional “sign out” link has quietly vanished. # 2nd October 2007, 1:19 pm

Usable Security: Look Beyond the “Fundamental Conflict”. Security and usability are not conflicting goals. # 18th March 2005, 2:27 am

User Education Is Not the Answer to Security Problems. Smart thinking on security from Jakob Nielsen. # 1st November 2004, 1:22 pm