In order to improve user experience of our current SaaS, I planned to track user behaviours on several key pages with the support of paid external services. Heat-maps and screen replays would be quite helpful to validate many pending hypotheses. If not, at least I would have some clues to dig deep into during the upcoming feedback sessions with customers. That’s what I thought.

This morning I asked one of the developers to install tracking scripts but his replies took me by surprise “I’m not going to do it”. He simply made me realise that I had ignored two critical factors when making that suggestion. Security, and Privacy.

For less than a month I made two mistakes regarding site security. The first one was when I suggested the “Reveal Typed Password” (similar to Window 8’s fermata eye) and “Remember Me” features for login page. The second one was this time when I underestimated the complexity of installing tracking scripts on an IP-restricted site.

If you are to ask, I didn’t feel bad as there’s thing one must learn by doing it wrong, and the two mistakes were all thought-mistakes which caused no real damage.

But I felt extremely uneasy when our conversation got deeper towards the topic of user privacy. As I know it’s no longer a mistake, it’s already a fault in thinking and a wrong in mindset.

Living in today’s analytics-crazed world, many people take for granted information privacy and they bring this thinking into their profession. I was a salesman who used Hubspot to track whether my potential leads have opened the emails, a marketer who got obsessed with different professional analytic services and now a UX Designer who wants to capture everything from click to keypress, scroll to page transition and more. There’s nothing wrong about being data-driven, the problem here is more about how I gradually think of digital tracking as something “normal”.

Data is the currency of the world. Data-driven insights change the way we live, work and think. That would be our one and only future and I always feel so much positive about it, to the point that I subconsciously choose to ignore the growing uneasiness when using user data without their true consent. Think about it, users understand that agreeing to privacy policy and terms of service is a requirement for using the platforms, but that doesn’t mean they like it, they read it and they know all the implications of their decision.

When users are not those to blame, UX designer are. “Human error usually is a result of poor design: it should be called system error”. Should it be considered as “dark UX” when Privacy Policy can only be found at the bottom of the website where scrolling reach is the lowest, designed with a font-size of 10 or 12 point on a boring full-of-text layout? Or when they are so unreasonably long and complicated that users would need to spend 76 work days if they read every policy they encounter in a year?

These thoughts never occurred to me should the developer not bring up the topic and I felt quite ashamed for taking information privacy very irresponsibly and showing a lack of empathy to people. It reminded me of a recent article I read from Dear Design Student “Ethics can’t be a side hustle”, in which the author believed that “You can’t buy ethics offsets for the terrible things you do at your day job”. Thanks God I’ve just had a hard slap in the face and it’s still time to walk on the right path.

Though my personal design principles are not yet defined, from this moment I’ve decided to give my full support to privacy-aware design initiative of Sebastian Greger – who aims to create a discussion around privacy as encountered by interaction designers on the UI/UX level. Besides, I would actively promote the awareness of information privacy and research into the protection of users’ information.

I also wish to develop an attitude like the developer who brought me this important realisation. In response to my joke “Are you a fan of Snowden?” he just laughed at it:

“No, but I don’t feel okay about recording users’ screens. Other people may agree with you but I’m not going to implement that”.

And other people means our bosses.


Feature Image Credit: Guy Fawkes masks privacy protest