February 26, 2010

PCMP Lesson 2: You Can't Trust Users

Over the weekend, I created a small app called PleaseCallMyPhone.com. It does just that— it calls your phone. I made it as a remedy for lost phones, however it is simple enough that you could use it for other things. It only took me a day to make, however I wanted to share a few quick lessons I learned from making it.

I created Please Call My Phone for me— I kept losing my phone, so I needed a way to find it. I decided to spruce it up, however, and throw it in my portfolio. After all, it couldn't hurt.

Deciding to let anyone use it, however, meant having to cut a few features. I could no longer let people enter in their own messages, since I knew I'd end up sending out a large number of monotone text-to-speech "I'm going to kill you" messages to unsuspecting recipients.

I figured my friendly "Hey, this is Gregory from PleaseCallMyPhone.com" message would be enough to dissuade people from using the application for nefarious purposes. Sure, people could still call their friends numbers- but, why? What would be the benefit of sending friends a phone call that clearly explains what it is, and how they can block the number?

I could have limited the calls per phone, or the calls per IP. But what if someone really couldn't find their phone? They might need to call it 2-3 times, especially if it's on vibrate (I recommend people add the number to their phones and set the ringer to a non-vibrating one, although I know most people won't be that proactive). I wanted my application to be as useful as possible.

I was wrong to trust people. The amount of people (both friends and people I don't know) who abused the system was unbelievable. So, I had to take the service offline temporarily until I have time to lock it down.

I know I should learn, but I'm still surprised by peoples boredom— everything from weird emails from my contact form to finding SQL injection attempts saved in my signup forms. It's a shame I couldn't make a simple little toy, and have people use it the way I intended it.

But that is my problem, I suppose.

About Gregory Koberger

I'm a freelance developer and designer, formerly of Mozilla. I talk a lot about web development, technology and user experience — sometimes on my blog but mostly on Twitter.

Keep Reading

Your Turn