Archive for May, 2014

Why I Don’t Like Infinite Scrolling

May 31, 2014 Comments off

Infinite scrolling, a somewhat recent trend in Web design, is a technique in which long lists of items, rather than being broken into separate pages, are loaded a few at a time via AJAX and appended to the current page. If you’re not familiar with it, you can find more information in a Smashing Magazine article by Yogev Ahuvia: “Infinite Scrolling: Let’s Get To The Bottom Of This.” Ahuvia tries to present a balanced look at the strengths and weaknesses of the technique, but it seems that there are more cons than pros. The comments are overwhelmingly negative.

In addition to Ahuvia’s piece, Hoa Langer’s “Infinite Scrolling is Not for Every Website” says that infinite scrolling “plays a nasty trick” because it “breaks the scrollbar,” and concludes that the technique is “not the answer for most websites.” Dan Nguyen and Dmitry Fadeyev both write about how infinite scrolling didn’t work when Etsy tried using it for search results. There’s even an xkcd cartoon. 

I’ll admit to being a bit biased in my selections, but I haven’t seen nearly as much praise for the technique as I have criticism of it. This doesn’t surprise me. Personally, I don’t like infinite scrolling at all. It doesn’t seem to be solving a real problem, at least as far as I can tell, but it certainly causes problems.

The problem that most often affects me personally is the jerking effect that occurs when I try to scroll by clicking-and-dragging the scrollbar. When there’s not a lot of content loaded, the sliding portion (called the “thumb” if the Wikipedia article is to be believed) is fairly tall. As more content loads, not only does the thumb shrink, but the point on the scrollbar representing where I was also moves out from under the pointer. As soon as I move the mouse again, the thumb jumps toward the pointer and the viewport winds up somewhere I didn’t expect. It’s very disorienting.

I’ve noticed that this isn’t exactly the behavior I’ve been encountering lately. Instead, on occasion, I find that my mouse pointer is below the scrollbar’s slider, but it still moves with the mouse, not unlike the way it continues to move even when the mouse slides off it to the left or right. Unfortunately, in my experience, this doesn’t stop the page from jumping around a bit when the new content first loads. Consequently, I still lose my place even if the viewport does end up in more or less the same spot. I’m not sure if there’s a script that fixes it, or if browser vendors have made efforts to accommodate infinite scrolling; Benjamin Milde mentions in a comment on Ahuvia’s article that he sees the above behavior in Firefox but not Chrome, so maybe that’s it.

One especially annoying situation occurs when infinite scrolling is implemented on a page that has a footer. There is something at the bottom of the page, but the user can’t actually read it, because as soon as it’s scrolled into view, it gets pushed back off-screen by the newly-loaded content. Making sure there’s nothing under the infinitely-scrollable column might seem obvious enough, but it does get overlooked every now and then. MorgueFile, for instance, has this problem.

In fact, according to Ahuvia, even Facebook did this (at least at the time that article was written). As I look at Facebook now, it seems like there’s a quasi-footer at the bottom of the right-hand column, but it doesn’t have nearly as many links as the footer in Ahuvia’s screen shot. As far as I can tell, Facebook doesn’t have the footer at all anymore; after several minutes, I gave up on trying to reach the point when Facebook refuses to load any more posts on the news feed, so I can’t say that for sure.

Another issue is that infinite scrolling automatically loads content in response to an action, namely scrolling, that normally doesn’t prompt that action. It’s bad enough that the page is taking action without the user’s permission, but downloading additional content in such a fashion can a problem for people who have slow connections or data caps. Whether this is a serious problem depends on what’s being loaded. Another handful of DuckDuckGo search results won’t hurt much, but another couple dozen Google Image Search results may be a problem. Anyway, I think users would like to decide for themselves how much whittling away at their data allowances is acceptable.

Finally, infinite scrolling tends to create a continuous stream of content with no end in sight. This problem is not unique to infinite scrolling: Some pages on deviantArt (but not others) have back/next buttons but no way to jump to specific pages and no indication of how many pages there are in total or which page is the current one. Neither is it impossible for an infinitely scrolling page to avoid this problem: Discourse, an open-source forum project that uses infinite scrolling, solves it with a floating box indicating the post currently being viewed and the total number of posts in the thread.

It’s worth noting that infinite scrolling (without an indicator like Discourse’s) is often used for things like social network posts and search results for which people frequently don’t care about being able to keep their place; indeed, keeping “a place” in such contexts is often meaningless, because what’s on “page 5" of 10,123” today might be on “page 120 of 11,050” tomorrow as new content is posted and sort algorithms are adjusted. On the other hand, even if the association of a certain page number to certain results is ephemeral, it can still be useful for users returning to the result list using the Back button. Besides, I prefer to be able to decide for myself whether I need pagination.

One thing that would solve most of my complaints would be the solution that deviantArt uses (in addition to optionally switching to back/next buttons): Instead of loading more content as soon as the bottom of the page is scrolled into view, the page displays a “Show more” button. This adds a bit of friction to the process of loading more content, but it also puts control back in the user’s hands. It still has the potential to break the things that AJAX in general breaks, such as the back button and the ability to bookmark or share URLs (especially when sharing with non-Javascript users), but so does infinite scrolling, and in either case these problems already have solutions in widespread use.

For that matter, simply using AJAX to implement pagination would solve the problems as well, not add much more friction than the “Show more” button, and not lack much of anything that infinite scrolling offers except the ability to return to previous pages just by scrolling up. A hybrid design could potentially address even that issue, if the feature turns out to be really necessary to some application.

To be honest, I just don’t see an advantage to infinite scrolling. There may be a few minor benefits, but there are other ways to get them, and they don’t justify the high cost of usability. As far as I’m concerned, infinite scrolling is a bad idea and it should probably be avoided.


“It Just Works” vs. Security

May 1, 2014 Comments off

I have written before about the “it just works” problem: Training people to expect not to need to think about their technology gives rise to the self-fulfilling prophecy that most people can’t think about technologyThe usual problem with the “it just works” attitude, namely the users being completely lost as soon as something doesn’t work, is at least something that people recognize as a problem once it occurs. When something doesn’t work, they know it doesn’t work, and they know that they don’t know why it doesn’t work or how to fix it. However, the same attitude creates another problem that’s more difficult to recognize: A lack of security. Non-tech-savvy users not only do, but are encouraged to do, some rather unsafe things in the name of having everything just work.

To be a bit more specific, the problem is that people end up being compromised because they don’t know to take simple precautions or treat things they find online with an appropriate amount of suspicion. As a normal part of browsing the Web, people allow—without even realizing it—dozens of JavaScript scripts, Java applets, and Flash (and occasionally Silverlight) objects to run without their knowledge or consent. A large portion of these pieces of software are not even hosted directly on the sites users are trying to view, but pulled in from somewhere else, whether to add functionality (like blog comments, social media widgets, or embedded videos), to show ads, or just to track users (which, of course, pretty much all of them do). Users have no way of knowing whether some kind of malware has been inserted into the chain, something that has been known to happen even to perfectly legitimate Web sites.

A related issue is that people click without reading or thinking, don’t know enough to understand that it’s a problem that their homepage has suddenly switched to some search engine they’ve never heard of, and can’t figure out why their computers are so slow. Between deceptive “ads” that look like download buttons and installers for legitimate programs also installing “legitimate” (or at least nominally legal) adware and spyware if you’re not extremely careful, it’s easy to get tricked into installing something unwanted.

Of course, it’s a long-standing piece of security advice that if you let others run arbitrary software on your computer, it’s not your computer anymore. It’s just that most people don’t realize this and often don’t even realize that they’re letting people run arbitrary software on their computers. After all, it tends to happen completely transparently in the course of normal Web surfing.

What gets me is that people do know better. Technology is the only area of life I can think of where we let people get away with this.

Think about this: Just about everybody knows to lock the doors to their houses. They may not always do it, but they know they’re supposed to do it. It’ the same with cars: People know to turn them off, take the keys out, and lock the doors. Most people know better than to leave the car unlocked and running in the parking lot while they go shopping, because if they do, it probably won’t be there when they get back. And they certainly wouldn’t hand over their keys to anyone and everyone who asked for them. Yet pretty much any site on the Web can ask for something very nearly equivalent to that, and by default, the browser will allow it.

Admittedly, I may be making the problem sound worse than it is. Most of the software that is run in this manner is perfectly harmless, or at least not doing anything more harmful than tracking users to show them targeted advertisements. Moreover, at least in theory, there are limitations in place to keep these kinds of software from being able to do too much damage. However, I strongly recommend against depending on this. Most people probably wouldn’t let just anyone do just anything to their cars, even if they trusted the one doing the tinkering not to do anything deliberately harmful and trusted the car to limit the damage.

So why is that people take risks with their computers they wouldn’t take with their cars? I still think that it’s mainly a desire not to have to think about technology in order to make it work. That sounds like I’m accusing people of laziness, and maybe laziness is probably a part of it, but I actually can’t blame anyone for feeling that way. For one thing, security is an intimidating topic, whether you’re talking about computer security or any other kind. Blocking potentially harmful elements isn’t exactly trivial, either. (Firefox, for instance, doesn’t even allow JavaScript to be disabled from the Options menu anymore, for fear that a user will unwittingly “break” something—another example of the self-fulfilling prophecy.)

Additionally, there’s an education problem: People can’t understand the risks involved with using the Web unless someone explains it to them. After all, just surfing the Web while not deliberately blocking anything doesn’t sound any more risky than going out in public and walking around. Yet it seems to me that the industry doesn’t make much of an effort to explain it, and they probably won’t because it’s not in tech companies’ best interests. Vendors are too invested in their mythical ease of use to admit that using things safely requires a little time and effort to be spent up-front. Moreover, they face a lot of pressure from (or, in some cases, are) advertisement companies that have a financial interest in being able to track users to show them targeted ads.

After all this, what would I have people do? First, and foremost, I urge people to take some time to get a basic understanding of how the Internet works and what kinds of dangers it presents. This burden can’t rest completely on the shoulders of non-technical end users; people who already have in-depth understanding need to be able to explain it simply and quickly. After that, I recommend sticking to the principle of not letting anything run on your computer unless you know what it is and you know you need it. Makers of Web browsers (and other software) ought to make this easier than it is, but it will still take some time and effort. Tools like AdBlock Plus, NoScript, and Ghostery can be helpful here, though even they shouldn’t be trusted implicitly.

Nothing I’m suggesting is fool-proof, of course. The vast majority of computer users aren’t going to become security experts, and it would be wrong of me to expect them to. Computer security is really hard to understand, and even harder to implement correctly. However, I would argue that the same is true of physical security, and that doesn’t stop people from taking basic precautions. After all, people haven’t given up on locking their car doors just because smash-and-grab theft is possible.

Here’s the bottom line: People should be willing to spend the time, thought, and effort to use their technology safely, and using technology safely shouldn’t be as time-consuming, confusing, and difficult as it often is.

Categories: Security, Software Tags: