Don’t hand out masks of your own face

In catching up on some blog reading, I came across this article on Ars Technica, talking about the recent Google Docs worm. This earlier article gives the background: basically, this bit of malware used Google’s own tools to pretend to be Google, so that they could get access to your account and do evil things with it. (Including spreading the worm further.) Even knowledgeable folks got suckered by this one, because it looked enough like Google.

Obviously Google has a bit of egg on their face, but there’s a more general lesson here.

In the modern cloud world, especially for startups, many of us are trying to create platforms. The meaning of that word varies, but we’re creating systems that are about empowering creative users to make their own content. We put a lot of effort into making those platforms powerful, and pretty, and capable of all sorts of stuff.

But there is a risk here, and a rule that goes with it:

You must *never* give the users a tool that lets them impersonate the platform itself.

Yes, there are probably exceptions — but you should keep this one in mind when thinking about your designs. It’s a subset of the more-universal rule, “Always assume that every feature will be used for abuse.”

Any time you let creative users define content and formatting, think about how those can be combined. Can they get access to information about the reader? Are you giving them enough power to impersonate a login screen? Remember, they don’t have to make a perfect replica of the real thing — just something credible enough to fool people who aren’t paying close attention, long enough for them to give away their passwords.

Stick this one in the back of your mind if you are designing any sort of platform. Empowering folks is great, but make sure you keep a clear distinction between the platform and the content running on it.