stuart test blog

This is a quick rant about some common annoyances I come across on websites…

• SnapShots – these are those annoying JavaScript popup windows which appear when you hover your mouse over a link. In theory they are supposed to help you by proving a thumbnail screenshot of the site being linked to, but in practice they are annoying and can’t be easily disabled. The option to disable the previews requires you to enable 3rd party cookies, which is a feature I always disable for security and privacy reasons. If you have SnapShots enabled on a site you run, please turn them off – you may think they make your site look flashy, but they are just annoying.
• No contact details – it never ceases to amaze me how many websites don’t provide any contact details or information on who is running the site, especially sites that are selling products. Why would you not want to say who runs your company on your website, are you trying to hide something? I immediately get suspicious of any website which doesn’t give out the names of the people behind the site. If you have an "About us" page on your website, please make sure you have information that lets me know who you are and where you’re based.
• JavaScript widgets – bloggers love widgets as they provide visitors with lots of cool information like Twitter updates, or recent visitors, or page stats, or feed subscribers, etc… But when these JavaScript widgets take so long to load that it prevents your main content from loading – then you have just failed. People visit your site to read your content first and foremost, make sure you place the widget’s code at the end of the page so even if one of the widgets isn’t working, your main content should still load OK. And while you’re at it, have a look at all your widgets and ask yourself if they are really adding value to your site – if not get rid of them.
• Email me my password – if your website has some sort of registration process and you are saving passwords in the database in clear text, then you really have no respect for security or users’ privacy. All passwords should be hashed and then stored in the database, that way only the user knows what their password is and nobody else. Hashing a password is a one-way encryption process – when a user logs in again, the password they entered is hashed again and compared to the hash in the database. There is no way to ‘unencrypt’ a hashed password apart from brute-force guessing. Any website that emails your password to you in clear text after you’ve clicked on one of those "I lost my password" links is a culprit of this and shouldn’t be trusted – there are no excuses.