Of Dialogs and Detritus

The fifth in a series of Learning from Lusers.

My neighbor… ask[s] for help with a word document, couldn’t figure out why it was locked…. She loads up the document, closes a pop up box, and Word 2k3 loads in the document [but she can't edit it]. She then leaves me to my own devices to which I closed the document, reopened the document, read the pop up. [It says] she hadn’t registered Word 2k3 with Microsoft yet and the trial had expired…. If a box pops up, read it! (Tech Tales)

Users don’t read messages, and it’s not just ignorant users. No one reads message boxes. Software project managers don’t read message boxes. According to Raymond Chen, programmers don’t read message boxes. According to Raymond Chen, Raymond Chen doesn’t read message boxes. Message boxes have become the detritus of computers, waste scattered through applications that users dismissively sweep aside.

Once message and dialog boxes were a key element of the graphical user interface, but today they are ignored with such tenacity, they’re becoming close to useless. To users, a message is an interruption, a distraction from their real work to get rid of as quickly as possible. But you’d think that users would learn to read messages -that there’s useful information in our carefully crafted copy that will actually solve their problem. That’s the theory anyway, but it seems, especially in the past 10 years or so, it hasn’t worked out. While most messages may be useful, most of the time a user sees a message, it’s not helpful at all. Too often messages are confusing or irrelevant.

It started to go downhill with the arrival of the web. There, we’ve seen the advent of advertising pop-ups. Opening a window in front of the user is a great way to get their attention, so it is ideal for important messages. Unfortunately that is also why it’s so attractive to advertisers.

'System Status: Your Urgent Attention is Required!' Click for full size. Click for full size.

Yes, pop-up advertisements aren’t real message boxes, but a novice can’t tell the difference. The browser is the typical user’s main application, except for maybe email. All that users know is some little window just appeared. Some pop-ups, like the one above, deliberately try to make themselves look like important system messages. After that happens a few times, novice users learn that “message boxes” are irrelevant to their task or worse, and so they quickly get in the habit of killing anything that suddenly appears unexpectedly. For many, it becomes an unthinking reflex executed with devastating speed.

[I ask,] “Is the error still on the screen?” [User answers,] “No I clicked the ‘X’ in the top right corner…. ” So I proxy in [and ask], “Could you rerun the application and tell me what the error says?” [So the user] opens up the application – error pops up. User clicks the ‘X’. “Whoa,” [I say], “Hang on there let me try this again,” [and I] open up application again. User aims the mouse for the X again. “Ok wait a second here – let me read this!” [I cry]. Turns out that he had a copy of the program already running and it would not allow him to spawn another one. (Tech Tales, link unfound)

But it’s not only the fault of pop-up advertisements. If you think about it, why should a actual message or dialog box be considered relevant to the task? They appear in a separate window, with no visual connection to the window that the user is actually working in. Why should a novice think it’s related?

Furthermore, real message boxes are also prone to being as confusing, useless, and irrelevant as popups, teaching users to ignore them. Submitted, for your approval…

The Gallery of Pointless Messages

It seems this lady had just purchased her computer, and it booted into Windows 95 where it asked for a password…. After having tried numerous passwords, she finally decided that she needed to sign up for Internet access so that we could supply her with a password to login to her own computer! Struggling to contain myself, I suggested that she tried pressing ‘Cancel’, which would pop her right into Windows 95. (Rinkworks)

Here’s the offending message:

'Enter Windows Password'

It might look like a login window, but it’s actually a window to set up a login account, although it doesn’t say that anywhere. It suggests the user doesn’t have to enter a password, but nowhere does it give the consequences of that. Will the user be able to use the computer?  Nowhere does it say it’s all optional. The title clearly says “Enter Windows Password.” There is no “Let me use the computer without a password” checkbox. By reading the message, the user managed to confuse herself. The advice from tech support? Just ignore the message box. Even computer experts know some messages should be ignored.  Heck, sometimes even the application knows you should ignore a message:

'Please ignore the next message.' From TheDailyWTF.com.

And we’re surprised when users eventually ignore all messages?

Just Do It, Dammit

Too often messages are used to say something that the user really doesn’t need to know. This includes just about any use of a message box to indicate that everything is perfectly normal. Here’s one from a custom-built app I used to use:

'User preferences are saved.'

Wow, you mean the program actually worked like it was supposed to? I never would’ve guessed. The bizarre part is that I hadn’t changed any preferences -users get this message every time they exit.

Then there are messages that give the user a choice when the right one is obvious. Here’s one from Firefox, only it has the bonus geekspeak to provide that little extra confusion (click for full size):'The page you are trying to view contains POSTDATA' Click for full size.

I’ve yet to ever not want the latest content when I view a page. I don’t see a reason Firefox shouldn’t refresh the page automatically without user authorization. If there is some edge case for a user seeing what used to be on a web page, then cache the old page before refreshing and provide a menu option for viewing it. It doesn’t make sense to divert the vast majority of users to try to capture a very rare issue.

'Spelling check stopped before it finished. Do you want to send anyway?'

Well, given the user is the one who stopped spell check, it’s a reasonable assumption that she or he would know that. This message seems aimed at a rare scenario that isn’t worth it. There’s no warning before sending if the user entirely skips spell check, which is the more likely error.

Not all such messages give the user a choice. Sometimes they’re just there to satisfy natural user curiosity. Like this one that popped in the middle of a lengthy installation:

'DirectX 8.1 or greater is already installed on this system'

Oh, I’m so glad you told me, because I was like watching every byte copied to my hard drive and was really expecting an installation of DirectX while at the same time I’m totally clueless on the fact that I already have DirectX, and this saved me so much time, unlike all those other lusers who walk away for 30 minutes during an installation only to return to find it stuck a fraction of the way through waiting for the user to click “OK, I understand you don’t need to install friggin’ DirectX.”

Look, do whatever you need to do. Users don’t need a play-by-play.

'You have chosen a link that leads off of the site.' Click for full size.

(Click for full size)

Unless you make a habit of including links to phishing sites, this is going to be apparent to the vast majority of users. But someone told the lawyers about the web, and now my surfing is interrupted to tell me the obvious. And, of course, I get this message. Every. Time. I. Select. A. Link. From the site. This provides more reason for users to learn to ignore unexpected messages.  If the lawyers really insist on this kind of “protection,” how about an asterisk or other symbol beside links that go off site? A linked page or legend for the symbol can provide this content. Actually, the web could use a standardized symbol to indicate off-site links.

Meanwhile, let links do their linking. Apps should do what they’re told to do the first time.

We’ll Fix it with a Message

'Object transformations and settings will be lost when re-editing text'

You get this message in CorelPaint if you edit a text object’s characters after setting the color, size, or other formatting of the text. Well, I guess users need to know that they’re about to destroy their formatting work by making a little edit, but like so many such warnings, this occurs every time the user goes to edit text even though most of the time, they’ll have to edit it (and re-apply the formatting). It gets users in the habit of quickly choosing whatever moves them forward in warnings without reading the message.

“I was going to save my work, and I accidentally clicked Delete rather than Save,” user explains. Usually, a dialog box asks if you’re sure you want to do this, [a tech] points out. “Yes, one did,” says user, “and I clicked OK.” Why? “I always click OK,” user says. “I don’t have time to read them, so I just click OK.” (Shark Tank)

The ubiquitous delete confirmation message has the same problem. Since the vast majority of deletes are intentional, it gets users in the habit of smacking the “Yes” button so quick that when they are about the delete the wrong thing, oops, too quick. Even if users do read the confirmation message, it’s not telling them something they don’t already know most of the time (that they selected file X and then selected  Delete). The only thing such a confirmation can potentially protect against is accidentally hitting the delete key or menu item, like in the example above. Here’s a little usability heresy: if your app has an easy way to undo deletes, don’t have a confirmation message. If you don’t have an easy way to undo deletes, your app is broken. Any reasonably usable app should have undo, especially for dangerous actions. Using a confirmation message instead is a band aid to a sucking chest wound of a usability hole. And Search should also search the trash (especially if it can’t find the file in the selected place). That way, when the user realizes something is gone days later (due to an slip of the key), she or he can find it and recover it.

Which brings us back to the CorelPaint message. The answer is not to do away with the message; users are not going to expect editing text to obliterate their formatting work. The answer is not even to add a “Don’t show me this again” checkbox to the message. The answer is don’t destroy the formatting when re-editing text. I mean, that’s just a bad design. A message is no way to fix it.

Here’s another in the same category:

'Do you want to save changes you made to file?'

Yeah, yeah, you say. You and Alan Cooper have been arguing for implicit save for years. But this one has a twist: I hadn’t actually made any changes to the file. Excel sometimes shows this message whether I’ve made changes or not. I don’t know how to react to such a message. I don’t think I made any changes, but maybe I did but forgot, so I better say Yes. Or maybe I accidentally hit a Secret Accelerator Key of Doom, and totally hosed the file, so I better say No. Either way, such messages teach users that a message is not a place to get helpful information.

'Which device did you plug in?' Click for full size.

(Click for full size)

Oddly, there was no option button for, “I didn’t plug in any device, you moron.” RealTek was forgetting what was plugged in between boots, so I was getting this message every time I booted. I never did learn why checking “Enable auto detection when device plugged in” didn’t, you know, automatically detect a device it thinks I just plugged in, and instead threw up this message.

But I shouldn’t just blame the backend developers for trying to patch broken apps with messages. It’s us user interface designers too. We make apps that are intolerant of user mistakes, relying on messages rather than self-correcting designs.

'You must select exactly one' ...checkbox. From TheDailyWTF.com. Click for full size.

(Click for full size)

False Security

Suddenly I hear a few “Boings” and the poor girl saying “I keep trying to open it but nothing happens.” I look over and see her “ignoring” the Norton security warnings and about a dozen windows minimized to the task bar. I get up and look and she kept trying to open one of the attachments that sobig [virus] uses, over and over again. (Network World)

Why do so many designers think you can achieve security if you just have enough messages? There’s Vista’s User Annoyance Control, of course, which has garnered heaps of praise. But it’s hardly unique. Take for example security certificate warnings:

'The name on the security certificate is invalid or does not match the name of the site.'

It doesn’t work. The vast majority of the time there is no threat, and the few times there is a threat, there’s no way to tell. And users soon learn this, and so ignore the message and click on through. Even Bruce Schneier. The Host Operations System and Transaction Integrated Logic Environment that I’m required to use at work always shows this warning at login. You wouldn’t be able to use the web if you paid attention to these messages.

As another example, consider the Page has Expired message (click for full size):

'As a security precaution, Internet Explorer does not automatically resubmit your information.' Click for full size.

I’ve never understood how this message increases security. I’ve already sent my information. How can sending it again make it any worse? If all someone has to do is click Refresh to resend the information, how does this protect me from someone who sits down before the browser after I’ve left? I guess there must be some circumstances when I shouldn’t Refresh, but this message doesn’t give a clue on what it is. This is an example of an app asking the user a question they cannot answerrather than just doing the sensible default.

Well, just to be extra secure, if the user does choose to click Refresh, IE shows another message that essentially says, “I’ve told you to click Refresh to resend your information. Now that you’ve clicked Refresh, do you want me to resend your information?”

'Click Retry to send the information again'

Yes! Just send the bloody information! Whatever the risk, 99% of the time when these warnings are shown, the appropriate response is to refresh the page. So how are users going to respond on the 1%? They do what they’re in the habit of doing. Soon such messages become part of the background noise.

Here’s yet another:

'You are about to be redirected to a connection that is not secure.'

Same story, different message box. Is it any wonder that users ignore security warnings?

One on-line payment system would give overdraft warning message for every transaction, whether it represented an overdraft or not. There is no value in a warning that occurs almost always for something innocuous.

The IT department at my work is a full subscriber to the security through messages philosophy. First there’s this at every login:

'Unauthorized access subject to blah blah. All information monitored blah blah. All your base are belong to us.'

Important to know, sure, but it’s covered just fine by orientation. Dismiss that message and I get:

'Protect sensitive information,' to paraphrase three paragraphs.

Geeze, why stop there? Why not have me page through the entire employee handbook every time I log on? Please don’t get the impression that I’m loose with sensitive information on the job. Some data gets an extra layer of protection through TrueCrypt. Except I guess TrueCrypt is a security risk if I try to run it from a shortcut on my network drive:

'This file type can potentially harm your computer.'

Craftily, I moved the shortcut to the Start Menu, and the message disappeared. Aren’t I the 1337 h@kr?

Well, I guess I should actually get to work, starting with opening an Access database.

'This file may not be safe if it contains code that was intended to harm your computer.'

Does the file contain code that was intended to harm my computer? It doesn’t say, but I happen to know it doesn’t have any code -no modules or macros -since I created it myself yesterday. But I feel more secure getting this message to protect me from my own non-code every time I open the file.

Hang on, I just got an email. It looks like I got some comments back regarding a statistics procedure I wrote up for someone. Let’s see what they have to say.

'You should only open attachments from a trustworthy source.'

Well, since I sent them the file in the first place, I guess I trust them. Fortunately, once I save this attachment to my hard drive, I won’t get that useless warning anymore.

'Some files can potentially harm your computer.'

That’s right, I get to see an entirely different useless warning message.

While I’m saving attachments, I might as well rearrange my folders a bit. You know what makes using a GUI feel real natural and fluid? Drag and drop. Like take these pics over here, and put them in the folder over there.

'The page has an unspecified potential security flaw.'

I’m sorry, but in the name of all that is sacred, WHY? From dragging and dropping files, for Pete’s sake! And what is anyone supposed to do about an “unspecified potential security flaw” anyway? Do they seriously expect anyone to take a message like that seriously?

I’m sure there are other places with pointless security messages. Let me check Google.

'When you send information to the Internet, it might be possible for others to see that information.'

Oh, yeah, I get this helpful message everytime I submit any kind of form online, including Google. Various other actions in a web app will trip it too. As you can see, thanks to the override power of the IT department, checking “Do not show this message” has no effect. The checkbox is just there to taunt me.

A child would understand the folly of such warning messages. When you cry wolf often enough, people are going to ignore you. More messages mean less security. They just train the user that they don’t matter.

User Education

Some designers appear to have an inflated ego, thinking that if they could just tell users about their most wonderful products, surely users will start using them. Some such advertisements are of course more to benefit the product maker than the user.

Realplayer - 'Rhapsody - Download Now FREE!'

Others are attempts to educate the user on the availability of important features.

'A Windows Media update is currently available.'

But maybe, just maybe the reason why users aren’t using your feature is because it really isn’t remotely important to them. Why would a user want to interrupt their work to upgrade just because you think it’s necessary to do it right now? Keep in mind that any upgrade typically means:

  • Time for a lengthy installation.
  • Effort necessary to learn something new.
  • The not insignificant chance that it will actually make things worse.

One day Word threw this at me while I was deep in editing a document:

'Common French Autocorrections not currently installed. Install it now?'

Helpful, except that I wasn’t typing anything French. All I did was delete a period after the word “Yes.” In other words, installing the feature wouldn’t have helped me and could have resulted in incorrect autocorrections. The only education users get out of such helpful messages is that messages are not helpful at all. If some one suggest you put a message like that in your app, say, “Non, non, non.”

Resistance is Futile

Useless messages are the antithesis of the usability principle of User in Control. It’s the computer taking control, forcing the users to deal with a message at a time when the users are trying to do something else. Sometimes, it seems messages are used to rub in who’s the real boss of the human-computer relationship.

'Volume almost out of disk space'

As it happens, I don’t have any files on that particular volume, so there was nothing I could do about it, but I still got the message box popping up in my face every minute until it was resolve. Yeah, dance for me, user!

I swear, sometimes they just toy with me (click for full size).

'Download patch Vulnerability in Web Client  ready to begin.' Click for full size.

Gee, a vulnerability. I better install this patch right away. Except the Install button is disabled -the patch is already being installed… slowly and painfully. My job is to choose how often this message should return to annoy me. That’s a creative definition of User in Control.

'Security settings prohibit ActiveX, so this page may not display correctly' Click for full size.

(Click for full size)

This old message from MS Internet Explorer appeared for a homepage of a particular site, which means I got it every time I return to it. Click a link. Back. Get the message. Click. Click a link. Back. Get the message. Click.  Click a link. Back. Get the message. Click…. I get the feeling that Microsoft is trying to torture me into permitting ActiveX. You shall comply.

When you paste some records from a query result into a table in Access, you get this message if Access can’t resolve the query and table structures (click for full size):

'The value you entered isn't valid for this field' Click for full size.

For. Every. Record. You. Pasted. Turns out I was pasting 5000 records when I got this. There’s no button to suppress future messages, and no button to cancel the pasting. It doesn’t say what field isn’t working, so you can’t decide if you should cancel the pasting or not, if you could. The only escape is to kill the process with the Task Manager, which could corrupt the database table. On the upside, clicking OK 5000 times has made me super-fast at dismissing message boxes.

Sometimes apps take to lying just to demonstrate their control over the users. Like this time when I was renaming a file in Windows Explorer:

'Folder does not exist. Do you want to create it?'

The truth was the folder given did in fact exist and was in fact the location of the file I was renaming. Clicking “No” reverted the file name. Clicking “Yes” changed the name with no new folder created. How amusing.

Or how about this one from copying some text in an Acrobat document?

'An internal error occurred.'

Who knows what went wrong, but sometimes copying would work without error, and sometimes not, even for the same selection of text. At times, I’d have to retry copying several times before I didn’t get this error. The joke, of course, was that there was nothing wrong with the copying. The selected text was placed on the clipboard without any problem every time. I’m embarrassed to say how long it took me to figure that out.

And somewhere in some CPU, the Master Control Program is laughing maniacally at me.


Not satisfied with futile button clicking, some apps also seek futile message reading, using language or code incomprehensible to the user. For a while, I’d get two of these at a time at login:

'ConfickerSnitcher.vbs Permission Denied 800A0046'

The buried reference to the Conficker malware made me wonder if I might be unprotected or even infected. I called IT, and they said to just ignore it. That’s easy. I’m getting good at ignoring messages.

One day, one app started saying this to me at execution:

'msgOpen: unable to open message file: PROMSGS'

No idea what PROMSGS is or why it needed opening. Maybe it contained more useless messages for my enjoyment.

I’ve already discussed how bad terminology makes lusers. The point here is that geekspeak in messages train users to not read them. Why bother if they’re not going to be understandable?

For additional messages gone bad, see the classic Interface Hall of Shame. The more things change….

What to Do About It?

Given the current state of things, when users get a message box:

  • What are the odds the users can do anything about it?
  • What are the odds users actually should do anything right then?
  • Even if they can theoretically do something, what are the odds that users will understand the message enough to know what to do?
  • Assuming the users can understand the message and can do something about it, what’re the odds that the correct response is the default response anyway?

The odds are pretty slim that any careful reading of a message will result in a meaningful difference in user behavior. So from the users’ standpoint of just wanting to get on with their task without getting delayed or sidetracked, getting rid of the messages as efficaciously as possible can be seen as optimal behavior.

If we are going to continue to rely on message boxes to communicate with our users, we’ve got to substantially improve the chance that any given message box is worth paying attention to. We’re going to have to all follow some strict rules to maximize the chances that they are relevant and helpful.

Rule 1. Don’t use message boxes. Users will be less likely to ignore them if they weren’t so common. Message boxes should only appear for exceptional circumstances. It should not be necessary to read a whole lot of documentation each time the user uses an app. If normal use of your app results in a message box, then your UI is wrong. Find another way.

  • Instead of verification messages, show clearly in the main window what has happened and provide a clear way to undo it.
  • Use auto-correction, pictured/masked fields, and disabling rather than error messages.
  • Use good defaults and automation to avoid messages. For example, rather than showing an error message saying the user can’t upload because they’re not connected to the server, simply reconnect automatically.
  • Break commands along options. Rather than a message box to ask if the user wants to paste with or without formatting, provide two different commands in the menu.
  • Don’t have information messages spontaneously popping up telling the user everything worked fine (e.g., “Preferences Saved!”)
  • Don’t have pop-ups providing helpful hints or documentation. Provide a tutorial or balloon help if you can’t make your UI self-documenting.
  • Don’t have nagging “upgrade me” messages.
  • Use other means to display feedback and status information, especially modeless ones including notifications and on-page messages.

Rule 2. If you have to use a message:

  • Make the text as concise as possible to get the key information across. More text is not equivalent to more helpful.  If there are some users who will need more explanation than can be achieved in a brief message, provide a Help button or a “How do I…” link in the message box.
  • Use clear plain language and no jargon in the message. That includes “innocent” words like “dialog,” “database,” and “toner.” Do not take raw exception text and throw it in a error message. Do not include any error numbers or dumps; log these instead. Purge your app of any debugging message boxes left by developers. Better to simply let the app disappear on a fatal error than to put up a message full of jargon and then the app disappears.
  • Consider giving each message a unique icon or picture to represent the issue. This may help users distinguish one message box from another at a glance. It may cue the user to look at a message more carefully when it’s one they haven’t seen before.
  • Label the buttons of a message box with what the action does, not “OK” or “Yes.” At the very least, the users have to focus on the buttons to dismiss a message box. If that button is labeled something like “Delete” or “Install,” it should give them pause. You should never have to explain in your message text what each button does. By the way, such labeling is a GUI standard on most platforms.
  • Avoid algorithms that allow a message to occur repeatedly without providing more information.

Rule 3. Imprison those that make pop-up ads.

Summary Checklist

Problem: Users don’t read message boxes.

Potential Solutions:

  • Don’t try to make up for design problems with messages.
  • Don’t attempt security through messages.
  • Don’t use message to try to educate users.
  • Recognize that modal messages violate the principle of User in Control.
  • Make the appearance of message boxes a rare event. Rely instead on:
    • Preventing errors.
    • Easy means to see and undo errors.
    • Defaults and automation.
    • Separate commands for different options for an action.
    • Modeless feedback.
  • Make better message boxes
    • Clear and concise text.
    • Label buttons with action that will be committed.
    • Avoid repeating same message box.
    • Make sure each message provides meaningful options in all situations it appears.

One Response to “Of Dialogs and Detritus”

  1. Rohan Cragg says:

    We don’t even read what’s on the current UI never mind what pops up. Jeff Atwood discussed this recently http://www.codinghorror.com/blog/archives/001306.html in a follow-up to an older post regarding dialogs http://www.codinghorror.com/blog/archives/000114.html.