If you were paying attention to pop culture news this past weekend you’ve seen that a whole lot of photos of female celebrities in various levels of undress, leaked onto the Internet. The photos—illegally taken from the iCloud accounts of these very famous people—were the subject of many conversations online, though one topic was rarely discussed.
That topic is my bread and butter, the way I make a (pretty decent) living: user experience. While many people (very wrongfully) “blamed the victim,” I see another source of blame: bad user experience design. Bad design because it took choice away from these people. Bad UX, because it allowed hackers to access these photos way too easily. And this bad user experience came from a company renowned for it’s great user experience: Apple.
Let’s tick off the instances where Apple has failed these (and other) users, shall we?
UX Fail #1: Automatic photo and video backups to the cloud
Apple, in their desire to keeps things simple, defaults the choice to save photos and backups to the cloud. This means many people don’t even know that their photos are saved somewhere else. When the user selects something, even if they are distracted, they are still making that decision. By taking the decision away from the user, even if you tell them you did something on their behalf, they are much more likely to forget. And most users aren’t “tweakers”—they don’t go in and change settings to customize their experience. Apple, of all companies, should know this.
Most users don’t go in and change settings—Apple, of all companies, should know this
When it comes to this type of decision—moving important personal content to another location—complexity needs to be a part of the experience. Simplicity, for all its virtues, can result in lack of understanding and awareness. The right thing to do is to make things just a little more complicated: make users have to opt-in, not have to opt out. This needs to change, Apple. Now.
UX Fail #2: Lack of visibility
How many “backups” did these celebrities have saved to the cloud? Who knows, especially the end users. Go to your various iDevices and try to quickly discern how many backups you have “up there.” Go ahead, I’m waiting. Yes, you can eventually find this, if you access your iCloud directory through a file explorer … but how many people know how to do that? Many, if not most of these stolen photos were taken from backups—the actresses deleted the nude photos, but the backups still had them.
UX Fail #3: Keeping (almost) everything
How many backups does iCloud keep? How many photos? In their desire to be competitive with every other cloud service, they keep a lot, instead of intelligently purging old files. And, as referenced above, users have no idea what is up there unless they go look. I bet a lot of people are a little more curious today.
UX Fail #4: Unlimited password retries
Apparently the hackers (or perhaps hacker) got into many of the accounts by using a “brute force” attack, which meant they entered multiple password attempts without being stopped. Apple needs to lock this down, hard, and do what many in the tech and banking industry do: Three strikes, and your account is locked. And if you want in, you have to enter a code that is texted to your device and your correct password.
UX Fail #5: Lawyerly language, instead of apologizes
The press release Apple put out after this news broke was … well … it was a big ol’ pile of CYA (cover your ass). It basically blamed the victims, and implied that their passwords weren’t strong enough. It was written by a room full of lawyers, instead of an empathetic human being. What they should have done was say how secure that the iCloud was, how upset they were, and how they will be making their secure system even more secure for users everywhere.
Thankfully for Apple, only the tech media paid attention to this release, so it wasn’t as bad a PR blunder as it could have been—but we’ll see how Apple handles things next week, when it is scheduled to announce a new iPhone or two.
Closing
So, where does this leave Apple? Best case scenario, their reputation has taken a temporary hit that has impacted the biggest and best “feature” Apple iDevices have: Trust. Users trust Apple and Apple devices.
Apple has long understood that these were not consumer electronic devices—they were personal devices, with an emphasis on personal. When the first iPhone came out a friend of mine said that it was like “an extension of my own hand.” It was a trusted extension of his self.
If Apple can’t protect celebrity pictures, how can protect user’s bank accounts, or health information? Once trust is lost, it is hard to recover. Time will tell how many users will no longer trust their iDevices because of this, and go to the many alternatives out there. I know some celebrities are probably looking very closely at the newest Android phones right now…
Image of Jennifer Lawrence courtesy s_bukley and Shutterstock.
Comments
I think pinning this on “Bad UX” might be little naive. All listed reasons except #4 are missing the point as far as the question “who’s to blame” is concerned. The accounts got hacked through a brute force attack due to lack of rate limiting. That was a technical error and has nothing, or very little, to do with UX.
In terms of the other points it needs to be said that these photos are only as safe as the password or security mechanism that protects the location where they are stored. That’s not necessarily the iCloud account of the person who took the photo. In theory all those photos could even be stolen from an entirely different source and accumulated in a single person's iCloud account (or Google Drive, or Facebook album, or private tumblr, you get the idea). To blame automatic backups (or the users' lack of awareness) for this is almost like saying they shouldn’t have taken the pictures in the first place.
Password security, two-factor authentication (or lack thereof) and security questions are the real vulnerabilities and UX issues with cloud storage in general and iCloud in particular.
meh
I assume the image at the top of this article is one of the stolen photos? Not sure that's a great idea.
The photo of Jennifer Lawrence is an image we found on Shutterstock—definitely not one of the stolen imges. Thanks for reading!
I don't really see Apple as a company that really uses UX. They are design centric though, which is close enough for some, but we all know that is not UX.
A pure product masters complexity and makes it profoundly simple. Apple didn't get to where they were for adding comllexity for the sake of being complex. Passwords are a bad experience period, they have plagued the digital world since its conception. This feels a link bait article with an ill thought out back story more than a measured and balanced one. Really if celebreties valued privacy they would buy a Boeing Black http://www.boeing.com/boeing/defense-space/ic/black/index.page
Apple has always played the 80/20 rule. Those ladies unfortunately fell into the 20% which Apple simply do not care about. Unfortunately for Apple, they are famous so they make the news.
You obviously haven't encountered #1a on some services: Automatically SHARE all your images. Installed the Flickr app to check out something (ideas for client) and it started putting everything I took in the PUBLIC photostream.
I had to google about to find the setting (#2) to turn this off. That's VERY BAD. Your article is a good example that UX is not UI. Cannot let default tech behaviors of yore, arbitrary business decisions and laywers create the experience for your company. At a purportedly UX-leader like Apple no less.