This is a true story of my experience of trying out testing a Vietnamese web service. There are many things to improve about its business model, PR strategy, usability, security. In the context of this entry, I only focus on Privacy and Customer Support which raised much concerns in me.
I could have named the service with all screen shots, but eventually I decided to keep it confidential to save space for them to improve on what I have to say here.
I paid to be trapped!
Company C launched a revamped version of their web service W.
Deciding to try it out, I paid the activation SMS and went to my profile only to end up in horror:
My profile was completely public:
- My email was NOT masked. Full mailto: link
- My phone number which had been used for activation was public
- Postal address was mandatory
I felt like was accurately trapped:
- There was NO option to hide profile from public view (let alone hide from other users)
- There was NO option to change email as it was login credential
- There was NO option to change phone number as it was registered as credential
- There was NO option to delete or deactivate my account
- The only thing I could do was change my postal address, which I had been carefully enough not to put my real postal address in the first place
Bare-naked, trapped, public my profile lay.
Gotta find my way out
Horrified, I looked around the site for a cure and there was 3 options to contact them: email, phone or IM
I emailed them via a form… to receive a script error. I switched from Firefox 3 to IE 7, the form hung. I tried Safari, no help either. There was no sign my email had reached them. No email was given either.
I picked up the phone and dialed their numbers one by one… no answer.
I buzzed their IM… no sign of living.
After two months of continually buzzing them through IM, eventually I was served.
And this is the show conversation:
Tai Tran: hello. Ciao
Customer Support: Ciao
Tai Tran: I’m the user of W. I have a request for W to remove my account. I wonder how do I do this?
Customer Support: please provide me your username
Tai Tran: username: <censored>
Customer Support: I deleted it for you
Tai Tran: oh, please let me check it. <verified that my account was deleted from the site> Thanks a lot Have a nice day
When I saw this SQL error upon refreshing, I knew my account was deleted. An SQL command, Run. Simple. Quick. Painless.
I shifted from horrified to stunned:
- S/he should have and could have asked for credentials: email, phone number, secret question, other details. S/he did NOT.
- The Yahoo! account I used had NOTHING relating to my account at W.
- So it means ANY one can delete ANY account just by giving a username which is public.
- On the sale perspective, s/he should have and could have asked the reason why I decided to stop using their service. S/he did NOT.
Shocked. Stunned. Speechless.
Morals Well I understand
I understand that privacy feature consumes their money and time.
I understand that the number of users with very strict requirements for privacy like me isn’t that many.
I understand that the number of users willing to stop using the service after paying isn’t that many.
I understand that Customer Support / Contact Center department is always busy it’s best to solve an issue as quickly as possible.
… so it leaves room, way too much room for improvements.
I have some tips to give away on this
- Provide privacy options. To save web service providers efforts to analyze, I give away a high-level specification on privacy for free below
- Do NOT enforce poor privacy on users. If it’s your policy not to allow certain amendment, speak it out before registrants hit Submit on registration form.
- Start training programs for your crew so each could do the sale.