UX, nude selfies, and the cloud

If you were paying attention to pop culture news this past weekend you’ll have seen that a whole lot of photos of female celebrities, in various levels of undress, leaked onto the Internet. The photos, illegally taken from the iCloud accounts of these very famous people, was the subject of many conversations online… though one topic was rarely discussed.

That topic is my bread and butter, the way I make a (pretty decent) living: user experience. While many people (very wrongfully) “blamed the victim”, I see another source of blame: Bad user experience design. Bad design because it took choice away from these people. Bad UX, because it allowed hackers the ability to access these photos way too easily. And this bad user experience came from a company renowned for it’s GREAT user experience: Apple.

Let’s tick off where Apple has failed these (and other) users, shall we?

UX fail #1: Automatic photo and video backups to the cloud.

Apple, in their desire to keeps things simple, defaults the choice to save photos and backups to the cloud. This means many people don’t even KNOW that their photos are saved somewhere else. When the user selects something, even if they are distracted, they are still making that decision. By taking the decision away from the user, even if you tell them you did something on their behalf, they are much more likely to forget. And most users aren’t “tweakers” – they don’t go in and change settings to customize their experience. Apple, of all companies, should know this.

When it comes to this type of decision – moving important personal content to another location – complexity needs to be a part of the experience. Simplicity, for all its virtues, can result in lack of understanding awareness. The right thing to do is to make things just a little more complicated – have user opt-in, not have to opt out. This needs to change, Apple. Now.

UX fail #2: Lack of visibility.

How many “backups” did these celebrities have saved to the cloud? Who knows, especially the end users. Go to your various iDevices and try and quickly find out how many backups you have “up there.” Go ahead, I’m waiting. Yes, you can eventually find this, if you access your iCloud directory through a file explorer… but how many people know how to do that? Many, if not most of these stolen photos were taken from backups – the actresses deleted the nude photos, but the backups still had them.

UX fail #3: Keeping (almost) everything

How many backups does iCloud keep? How many photos? In their desire to be competitive with every other cloud service, they keep a LOT… instead of intelligently purging old files. Amd, as referenced above, user have NO IDEA what is up there unless they go look. I bet a lot of people are a little more curious today.

UX fail #4: Unlimited password retries

Apparently the hackers got into many of the accounts by using a “brute force” attack, which meant they entered multiple password attempts without being stopped… Apple needs to lock down this, hard, and do what many in the tech and banking industry do – Three strikes, and your account is locked. And if you want in, you have to enter a code that is texted to your device AND your correct password.

UX fail #5: Lawyerly language, instead of apologizes

The press release Apple put out after this news broke was… well, it was a big ol’ pile of CYA. It basically blamed the victim, and implied that their passwords weren’t string enough. It was written by a room full of lawyers, instead of any empathetic human being. What they should have done was say how secure that the iCloud was, how upset they were, and how they will be making their secure system EVEN MORE secure for users everywhere.

Thankfully for Apple, only the tech media paid attention to this release, so it wasn’t as bad a PR blunder as it could have been – but we’ll see how Apple handles things next week, when it is scheduled to announce a new iPhone or two.


So, where does this leave Apple? Best case scenario, their reputation has taken a temporary hit, and has impacted the biggest and best “feature” Apple iDevices have: Trust. Users trust Apple, and Apple devices.

Apple has long understood that these were not consumer electronic devices – they were personal devices, with an emphasis on personal. When the first iPhone came out a friend of mine said that it was like “an extension of my own hand.” It was a trusted extension of himself.

If Apple can’t protect celebrity pictures, how can protect user’s bank accounts? Or health information? Once trust is lost, it is hard to recover. Time will tell how many users will no longer trust their iDevices because of this, and go to the many alternatives out there. I know some celebrities are probably looking very closely at the newest Android phones right now…