Backseat Software

About 10 years ago I tried installed Little Snitch on my laptop. I set it up to check with me every time any native app tried to connect to the internet. "Here we go" I thought. "I'm going to actually see what apps are doing!".

I think I naively thought I'd end up with 10 rules or something, blocking telemetry. Oh what a sweet naive child I was. Its constant. Everything on my computer seemed to use about 8 different telemetry and update services. The sheer number of packets of environmental waste being produced every second by modern computers is breathtaking. It never stops.

Reading this article, I wonder what would happen if you tried selling software the old way again. "Buy our software! Pay once. We'll mail you out a USB stick with the program on it. Our software does not access the internet." It would be terribly inefficient, but it'd probably be fun to try. It would definitely force a lot more rigour around releases & testing.

In the old days, you'd take a survey on a McDonald's receipt and get a coupon for a free fry or something. These days, every product will sign you up for a newsletter without consent, ask for a review, or beg you to spend your time on a survey after the smallest interaction. Everything from the Art Institute of Chicago to Cava (a fast casual restaurant). And it's not just once, they'll send you reminders too. In-app, the prompts stack up on each other. I dread opening Jellyfish because I know I'll have to click through more than one pop up every time I want to check something quick. No, I still don't want to go to your conference, I'm trying to get work done.

Why can't they at least offer something of small value, like 10% off your next food order, or some API credits, so it's a fairer exchange? I guess because everyone's doing it, no individual product gets penalized for annoying their users.

There are exceptions of course, like Kagi. But they're far and few between.

As the joke goes,

Do you think [big tech company] understands consent?

> Yes

> Ask me later

It might not have a great impact, but I've started to fight back. Interrupt me in the middle of an important task? You get a 1-star rating. Ask me for some random information you shouldn't need? Get bogus answers. And so on.

This was the reason I switched from Windows to using Linux full time back around 2006. Windows used to be somewhat peaceful bu around then it increasingly started interrupting me instead of me generating interrupts for it. I gather Windows hasn't gotten better since then.

At least with Android it is mostly the apps that generate interruptions, so I can choose apps that do not, and control notification permissions for those I need.

Enshittification didn't start recently. It was always there. You just didn't notice it because of your age. Your youth and childhood days always have good memories, doesn't matter how shitty those days were.

Selling is just as old as money. Every business that tried sell you soaps and cosmetics had to scare you about bacteria, making you forget that bacteria was always there with you for millennia. What you call enshittfication is the change accumulation that you witnessed over decades. Ask children who hasn't seen all that change. They see everything is just fine.

>And yet, this is how a lot of modern software behaves.

Not in my experience. Typically all of the "news" happens either during startup, or as part of some other flow. It doesn't happen in the middle of using software. Google Docs is not throwing up a blocking dialog in the middle of you typing a sentence.

>The analytics didn’t prove the feature was unwanted. The analytics proved that we buried it.

If I actually wanted a feature I would go through 10 menus to flip the switch. If the analytics says no one is uses it that is proof that no one wants it. It is possible that the user is unaware of it though.

>the product stops being a finished artifact

When you are doing constant software updates it is not a finished artifact anyways.

We can all play victims here of course but we also have our own responsibility when creating software. I've been on many projects where people got sucked into "this just is the way this ought to be done" kind of thinking without questioning any of it.

I suspect many cookie consent dialogs come into existence this way. All the mindless onboarding nonsense, notifications, etc. come from a rather dogmatic application of growth hacking type advice. You get startups hiring people that specialize in that out of a belief that they have to do that that then start doing stuff. And once you have those people they start justifying their presence by imposing a lot of that stuff.

If you ask a lawyer for advice on legalese, they'll give you plenty of terms and conditions, consent forms, etc. Mandatory scroll to the end thingies are a good example of an anti pattern here. The thing is that laws don't specify much in terms of UI/UX. Some lawyer once upon a time decided that "we have to twist user's nipples and make sure they read my 20 pages of legalese before they are allowed in the app". This is completely stupid if you think about it for more than 4 seconds. But it's being copied over and over again by world + dog. Convoluted cookie consent screens are another good example. Corporate lawyers invented those because they are being paid to justify their existence. They come up with implausible scenarios and then protect their clients from those. A lawyer will never tell you to skip an optional/redundant step but they'll come up with reasons to add more of those. Removing complexity is not their job.

If nobody applies any critical thinking and fact checks these things you end up with a lot of ass coverage, legalese, "better safe than sorry" type features and shit that is not needed that adds up to a lot of user hostile behavior, onboarding friction, and application complexity.

Authentication is a thing that many product owners just blindly imitate from others. Including all the negative patterns around it. I've had this discussion with more than a few product owners. "We have to 'own' the user relation ship and therefore we must have a email/password thing and can't do openid, sso, email links, etc.". This is nonsense but if nobody challenges that, you go down the path of repeating decades of mistakes on this front. But it's OK because everybody else does it too.

People don't even question this any more. As soon as you go down this path it leads to a lot of fairly standard and boring stuff that you just have to do, apparently. Over and over again. If you have a password, you got to have a reset my password. Is "secret" an acceptable password? No, so we got to have a password complexity thingy. Do we add 2FA? Notification preference screens, Push notifications, and all the rest.

Modern logins should be simple. "send me a login link" "login with X, Y, or Z", passkeys, etc. Make sure the process is password manager friendly if you have passwords (why?!). Bias towards enabling your users to getting started with your thing ASAP. Get them in and then consent; not the other way around.

Get a good product person that understands these things rather than one that does things because he heard about a person that knows a person that is totally legit that told them that you gotta do X because reasons that are too complicated for you to worry your petty head about. Most bad decision making boils down to BS, urban myths, and bad advice like that. Ask the "why" questions. Make sure you understand and fact check the answers. Do what you actually have to do. But nothing more.