I don't get it. It's a site designed for public sharing -- the word "showcase" is right on the front page, as username223 points out. I just loaded it up and walked through uploading a file to it. It's incredibly explicit about what it's doing. Under "Visibility," it says:
"Public on the web
Anyone can find it on the web. Search engines will find the doc, giving it a larger audience."
It's not unambiguous. It's very clear. The only way you can't tell what it's doing is if you just pay no attention whatsoever to what you're doing. It's not the default sharing method from either Office 365 (web, traditional or Android/iOS) or OneDrive. You have to opt into using it at all at an IT department level if you have a corporate Office 365 department. You really just can't stop users from footgunning themselves when they're on the open Internet.
In my experience, the least technical users are the ones who read more than the rest of us. While I just want to click the "Next" button or whatever is in its place until something like "Cancel" takes its place, my grandpa wants to read every word to make sure everything is happening correctly, and even asks me questions about what the words mean. He doesn't like to proceed until he's sure that everything will work just the way he wants it.
As GP said, users got a very obvious warning. It's not like there was a 1000-word long essay greyed out which contained the words "oh and this is all public" in a random location. This isn't about how technical users are, it's just a user error that anyone could make. I would be extremely surprised if you told me that, for example, there are less than a hundred Google Docs with sensitive information that are publicly viewable. In fact, I would probably call anyone above the age of 20 a liar if they said that during their entire life they had never, ever shared something they didn't mean to share. Even when it comes to things we're very familiar with, like our own mouths, we sometimes share more than we intend to.
It seems like it should be this way, but I've often found another level of cautious user. My mother has stopped using her computer for a week while waiting for me to come visit so I could tell her how to proceed past a popup she hasn't read. Typically, I'll come home, she'll ask me to help her with a problem, show me the popup and ask me what she should do next. I'll instruct her to read it, which she hasn't yet, and then once she does, she'll make a decision and ask me if it's the correct course of action before proceeding.
I think generally non-technical users are just pretty diverse, and I'd wager there's more non-readers than readers...
That said, in this case, I'm not sure what more MS can do beyond simply not offering this service.
Sure, but for every user like you, there are 5 users that think they are like you, only less pattern recognizing and keep pressing "Next" even when it installs trojans/searchbars/uploads stuff publicly/etc.
It is very clear, to you. To me. To other people? The evidence doesn't support that claim.
So again: was it clear enough? Apparently not.
You can argue about this as long as you want, but interpretation of an interface is not complete until you get the context. Ours is that of someone who's either looking for it, or aware of the possibility of its existence.
If you're neither, perhaps you'd need to be able to see other people's documents as well. Perhaps you need a big ol' warning sign with tick-boxes before you dismiss it.
Maybe the default should be hidden, and sharing made optional. I realise this doesn't make much sense for a "sharing" feature, but maybe it's been labelled wrong. "Sharing" doesn't necessarily (read: "by definition") mean "everyone in the whole world can browse your stuff".
Okay, but what's the acceptable defect rate for users not being able to understand the UI? Because I don't think it's possible to design a UI so unambiguous that a user, no matter how determined, cannot manage to misunderstand it.
Surely the acceptable rate depends on the system? A UI defect in something that could launch missiles, for instance, would be a disaster.
As for the design here - how about a big red banner with "by ticking here this document will be available to the public and can be found through search engines" or similar?
Anyone given access to a missile system will also be trained in it's usage, so the bar for usability of a missile system is much lower (e.g., it can assume knowledge of military terminology)
Doesn't mean less care should be given to the interface. Doesn't mean they aren't subject to the monotony of repeating actions each and every day.
While they should be able to react quickly, I'm also sure that they have to switch to "able to react quickly mode", and won't always be ready to launch missiles at the push of a single button!
It all depends on the context. Microsoft's audience is for everyone from kids playing Minecraft to corporate O365 users. So it's not surprising that it's a mess.
People often assume a level of security at work that doesn't match reality.
Acceptable rate of UI failure depends on the consequences of misinterpretation of the interface.
Apparently, for a document uploading service, this case shows an example that's below the acceptable rate.
See it this way; you don't want someone to accidentally trigger a nuclear bomb even once. However you probably don't care that a knife sometimes cuts a finger.
My work switched pretty recently (December last year) that is one thing I've noticed that has really annoyed me is that all the Office apps have One Drive set as the default location to save anything. I've never used One Drive, I don't want to use One Drive but every time I hit save in word or excel it defaults to "One Drive" I have to physically click "This PC" button and browse to my local disk to save a copy locally every single time.
No one in my building uses one drive, no one asked for one drive but Microsoft keeps trying to shove it down our throats. It feels like an anti-pattern like the forced windows 10 "upgrade" for home users.
According to word I have Office 365 ProPlus version - I note there is no option to save to docs.com.
I am curious what your resistance is to OneDrive. Personally, I try to put as much in there as I can as I frequently switch machines that I am working on. I keep my work code in there as well (Git repo and all) and it's convenient when switching between VMs or when needing to wipe my workstation and start fresh.
I encounter many co-workers though who like to do things "the old way" and just email copies of documents around and then spend time merging them back together instead of sending a link to their OneDrive. Just more files for me to juggle on my computer. No thanks.
There are a few reasons, partly because of corporate policy which says no sensitive documents on cloud.
Partly because I need to access stuff offline so prefer to have a local copy. For example if I have to take my laptop travelling with between sites I may not have access to a internet connection.
Your right that a large part is familiarity - we use Sharepoint (which I also hate) to share documents between teams rather than email.
It sucks worse if you have compliance requirements because the controls really suck in the product. It exists because Google Drive exists.
You missed the serious suckabe. 3 years ago you could put the sync client on a fresh install of Windows 8 and do nothing with it and it would break itself.
Exactly what I was thinking. Maybe even after sharing with "everyone" it takes the approval of N people on your team to fully share it out.
With a safeguard like that I bet a lot less docs would be accidentally shared to the public.
I have unfortunate news for you: If you read http://reddit.com/r/talesfromtechsupport , you will very quickly learn how much attention the ordinary corporate PC user pays for warnings and error messages. I don't ordinarily link to reddit, but the stories on that page are the perfect illustration of just how blissfully ignorant and clueless many people are.
That would sort of defeat the point of having a site designed around public sharing, wouldn't it? It doesn't seem like good UI to have the default be something other than what the typical usecase for the UI is supposed to be.
I'm not sure how requiring an explicit change from private to public would create an undue burden, also it would most likely reduce the potential harm that certainly comes from unintentionally publicly sharing something.
Assuming a particular number of users are going to be too stupid, careless or rushed to set the privacy option, I think I'd err on the side of caution. What's worse: Not having the document available to all, but accessible by the link? or having the document available to all and the link unwittingly?
It is of course the users fault, but that doesn't mean the devs can't take extra steps when a flaw is pointed out.
The worst for the owners of the sharing site would be for the site to fail in the marketplace because grandma couldn't figure out how to share her photos with her grandkids and gave up on it.
Some people would benefit from more safety features but nobody wants to ride in a car with a full roll cage and a helmet.
Well it's not a photo sharing site, it's a document sharing site under the MS Office branding.
Funny you should bring up auto safety when we've now got at least 4-6, and sometimes as many as 13 airbags in the average new car despite the fact they'll often never be used, and all because of the drivers. Certainly lane departure and collision avoidance systems aren't there for the people using vehicles properly.
Microsoft clearly made this to be a Scribd alternative. O365 defaults to private sharing everywhere. To quote from the article, "Office 365 and Azure Tenant administrators must 'opt-in' to enable users with organizational accounts to use the service".
On https://docs.com/docscom the description of the service is "Docs.com by Microsoft is an Internet site for publishing Office documents that anyone can find, browse, and share". The only way this could be clearer is if the word 'anyone' was changed to 'anyone in the world'.
Finally, (for some license types) O365 offers precisely the kind of DLP capabilities that would let users use such a service while blocking the sharing of SSN's etc.
For business accounts, not only has someone actively turned on this capability, they have then failed to communicate its purpose to users. The users themselves have then failed to understand what they were doing.
I'm sorry, but while I can sympathise with people this is clearly not MS' problem.
For the record, my current employer (a university) has not enabled this function.
It does say right on the front page: "Showcase and discover Microsoft Word, Excel, PowerPoint, OneNote, Sway, Minecraft world and PDF documents for free," so it's pretty clearly intended for public distribution of e.g. document templates. On the other hand, how on earth did MS release it and let it live without noticing that people were using it completely wrong? They should have quickly noticed that people were using it to exchange sensitive documents, then pulled the service and redesigned it so that sort of behavior became exceedingly rare.
Even sophisticated users will misuse these services: remember the fad of putting all your dot-files on Github, when a bunch of people uploaded their Amazon credentials? This is giving the same opportunity to much less sophisticated users, with predictable results.
I understand people may want to upload documents for sharing by link for example, but its obviously not clear enough to users that their documents can be searched by anyone and MS is even providing a document search with OCR it seems.
I doubt these people intended to share, in a publicly searchable form, copies of their tax forms, passports, medical records, client lists, etc.
It's easy to call the users careless or stupid, but that expectation should've been baked into the product. For a document to be indexed and publicly searchable should be an explicit setting, not a default.
The messed up thing here, if I understand the article correctly, is that documents shared via a private URL containing a private key were all searchable via the search box on docs.com.
That's beyond being a UX issue, it's just.. wrong. So wrong that I could see lawsuits from this issue.
It's also a class of bug that I really couldn't imagine happening outside of Microsoft in terms of consumer software services from large-scale companies.
Here's a free idea for Google: Create a safety index service for saas stuff and then apply it to Chrome. I'd use it.
Maybe a UX issue because it allows people to, easily without proper warning, create a link for sharing like Dropbox, but unlike Dropbox it not only makes everything indexable, they even do it themselves and provide a search engine for the docs.
I dont understand why docs.com even has a search bar in the first place?
Apart from a "direct link" - who would want to go to docs.com and search for a topic?
I've been able to find lots of interesting documents searching for some medical, business and financial terms. There must be thousands if not tens of thousands of sensitive documents available...
Then putting it under a brand that for so long has been associated with (and pushed on, and designed for) internal enterprise documents or other sensitive/personal docs might not've been the best move?
I don't know that there's a "social docs" brand, to figure out what it would call itself; but if MS exerted the minimal effort to understand its audience (which is required of any tech company that sells to domain experts who are more occupied with their work than what the workspace is configured to do), it wouldn't take them long to figure out how to pitch things to those users to accomplish whatever it is they're trying to do.
My guess is docs.com will be merged into LinkedIn at some point; that would largely solve the problem since people already have a mental model of LI's purpose and sharing semantics, etc. (or at least the cost of acquiring one is amortized over other services/features that are part of LI)
In many ways the real story here is that the cloud makes certain kind of shortcuts thats incredibly common in aggressive organizations where "does" are promoted over "critics" exponentially more likely to lead to serious negative consequences.
In the past an insecure shortcut was a unsecured and unaudited consumer grade network-share sitting somewhere on a lan, today it and Internet facing cloud service designed for publication used to collaborate on "internal only" document that should not even have been viable to the entire company.
It's not that the cloud is "insecure" but that it makes it way to easy for those who should not make IT decisions to turn to shadow IT solutions in order to avoid having to adhere to cumbersome bureaucratic processes and corporate governance frameworks and "get stuff done".
Facebook sneaked in Docs.com to all Facebook users due to a deal with Microsoft (they bought 2% of the shares around the same time). So back then, one had to search through the mess of Facebook settings only to deactivate Docs.com. Otherwise users uploaded Office documents got shared with Docs.com for friends and the internet. Facebook had some simple note taking and user pages feature that allows uploading Office docs back then. I wouldn't be surprised if these old files still somewhere online even after the repurposed and their service.
Apart from whether "publicly searchable" should be an explicit / implicit setting, this seems like something that could also largely be mitigated with some simple keyword flags. Words like "SSN" or "confidential" or the like are probably good indicators that this doc shouldn't have been shared and something that requires an extra approval dialog. That keyword list could also be something you'd expand over time and could use to retroactively remind users that they might have inadvertently shared something they shouldn't have.
If your UX involves introspecting content to determine whether it is being misfiled, you're already doing something wrong. Such gimmicks work as 'syntactic sugar' (think google's "did you forget an attachment" message) but they shouldn't be the first the user sees of the feature (in goog's case, having an always-visible attachment icon.)
If they absolutely want to go the idiotic route of public-by-default, a 'private'/'public switch might be too noisy; a 'create new document'/'create new private document' too redundant... Honestly, I don't see why they would want to go that route anyways. The model is practically handed to them on a silver platter; most users want to keep docs private, unless and until they wish to have a document pool for sharing (easy to build infrastructure for), explicitly share single docs (again, just add a 'share' button and people get it), or make it publically accessible (i.e. "post" or "publish" to a platform.)
As I said in another comment here - everything gets explained away once you assume MS' incompetence in things. (I mean for god's sake, there are so many other solutions in this space that they have all the hard thinking be done for them!)
I think you're missing the context. Office Online/OneDrive/etc. already implement more or less the default behavior you recommend. docs.com is a separate service intended specifically for public sharing, i.e., it's a platform to which you post or publish.
I would guess this is less of a technical or UI design problem and more of a branding/product concept/positioning problem, i.e., (some) people don't seem to understand the overall concept of the product, possibly because of the name
I think it's hard to say how well this was communicated to the public without knowing the total amount of users of the service. Maybe 99.99% of people did NOT upload public documents by mistake. Maybe only 95%. Depends on how many documents are safely private.
Ouch. That seems pretty egregious. I would hope that Microsoft would at least make 'public' sharing the thing you would have to select and authorize rather than making it the default. But apparently that wasn't the choice here.
So Microsoft is still mediocre security-wise, despite all of those people claiming the company has been reinvented?
I can belive the reinvented claim (that's the kind of thing a new, good CEO can influence), but quality goes very deep, into each employee. Any one hire can screw up fatally. It takes a lot of hard work to build a security conscious culture/company hierarchy.
You're being downvoted because this is a gross oversimplification of what happened as well as a completely non-productive comment, not because everyone on HN works for Microsoft.
Not just the people, but the structure. You can't just change the head and assume the body will change itself. If aspects of design and execution stay the same, you're not magically going to build better QA or better-thought-through systems/architecture because "new face".
It's far safer to operate on the assumption that MS is just through-and-through incompetent at this point than try and pinpoint the cause of any one problem in a long history of them. I gave up on them around the mid-IE days (think I might've been particularly miffed when they scrapped the Courier concept) but I haven't looked back and haven't regretted it since.
I dunno, I'm inclined to agree with your first impulse - after all, the assumption of "well it's been a while, surely they've gotten their shit together by now?" would be the reason one would think they'd be on the ball today :P
If the code's retired, it could just as easily be because some inferior process led by devs without the proper guiding vision just swapped it out for some overengineered platform they 'know how to code in better' that's being hailed as the future of such-and-such that doesn't reimplement nearly as completely or robustly features that people had come to expect, and is less stable to boot. ("Secure time" [0] anyone?) But hey, just spitballing here.
MS is like the Hammer Industries of our world; never rely on Hammertech. Though I guess as long as they keep enough enterprise dinosaur contracts they'll keep limping on like Hammer too. shrug
"Public on the web Anyone can find it on the web. Search engines will find the doc, giving it a larger audience."
It's not unambiguous. It's very clear. The only way you can't tell what it's doing is if you just pay no attention whatsoever to what you're doing. It's not the default sharing method from either Office 365 (web, traditional or Android/iOS) or OneDrive. You have to opt into using it at all at an IT department level if you have a corporate Office 365 department. You really just can't stop users from footgunning themselves when they're on the open Internet.