Authorisation vs. Consent An Article by Terence Eden shkspr.mobi I recently read this interesting, and distressing, story of a man who was drugged and robbed. A form of crime which has been going on for centuries. But the 21st Century twist is that the thieves forced him to transfer large sums of money via his phone's banking apps. While under the influence, the victim used his usernames, passwords, PINs, and biometrics to send money to the criminal's accounts. Is there a "technological" way to stop this? His banks initially refused to refund the stolen money. Only once the press stepped in did they relent. One bank, Revolut, said: This was an unusual case where the payments were authorised by the customer but, as is now clear, without his consent. Upstream Color crime
Rethinking Twitter Verification An Article by Terence Eden shkspr.mobi The main problem, I think, is that no one knows what "Verified" means. If I were in charge (which I'm not) there would be various types of ticks. 🤖 is a bot 🆔 proved their legal identity 🏭 is run by a brand ⚖ is run by a government department 👮 Official law enforcement 😎 Celebrity And so on. iconographyidentity
What went wrong? If something ships from one of the companies I advise, and it is virtually unusable because of poor design (which as we all know occasionally does happen), you can bet I go directly to the designer and ask how this happened? It is absolutely on the designer to ensure this does not happen, so something went wrong. Similarly, if the product ships and performance is terrible you can bet I go directly to the tech lead with the same question. And most frequently of all, if something ships and the analytics show that it’s either not being bought or not being used, or it turns out that it violates some business constraint like compliance or privacy, you can bet I go right to the product manager with that question. Marty Cagan, Product vs. Feature Teams svpg.com Viability, usablity, feasibility