A reason to install Microsoft Edge on your Mac: viewing cookies

As a web developer, I actually don’t use cookies that often (mainly because I’m not interested in tracking users’ behavior). But I do need to use them occasionally, such as to remember when they’ve clicked the “X” to close a modal alert, so I don’t keep showing it to them on each new page they visit.

That’s what led me to today’s surprising discovery. My cookie wasn’t working properly, so I wanted to investigate a) whether or not it was actually being saved, and b) what data it was saving.

I work on a Mac, and Safari is my primary browser. But I already knew Safari doesn’t let you inspect the contents of cookies, so I fired up Chrome, which is my go-to for testing anything that I can’t test with Safari. I know Chrome always used to let you inspect the contents of cookies, so imagine my surprise today when I discovered that, at some point fairly recently, Chrome apparently removed that capability. You can still see which sites have stored cookies, and how many, but you can’t investigate the details any further than that. Seriously??

Next I tried Firefox. Nope, same.

At this point I was highly dubious that the fourth browser in my testing queue would handle things any differently, but I had no alternative, so I reached for that rarely-clicked-upon blue-green swirl icon in my Dock, loaded my page in Microsoft Edge, and… what do you know, Edge does still let you inspect the exact contents of stored cookies.

But for how long?

Anyway… for now, I have a justification for keeping Edge installed on my Mac.

Google is no longer a search engine

This is old news, but it’s a useful demonstration of what absolute garbage Google has become as a search engine. It is now an ad engine.

The scenario: I need to set up WordPress Multisite. I’ve done this several times, but since I only have to do the initial setup once every 2-3 years, it’s not something I have memorized. So… I google it! That’s what you do in the 21st century.

So, I went to Google and typed:

'WordPress Multisite installation' Google search

Now, the real solution to this that a smart search engine, which was designed for maximum usefulness as a search engine, would be to provide a link to the official WordPress documentation on the topic.

Is that what it returned? Of course not, silly! It returned four ads, which, depending on your window size, could take up the entire screen:

Google ad results
But then, the first “organic” result should be the official documentation, right?

Wrong!

The first organic result is a page from the dreadful wpbeginner.com, which is overflowing with the most verbose, poorly written, surface-level articles that are designed not to be genuinely useful but to ensure that Google’s search algorithm places them exactly where it did in these results.

Yes, of course, I did click the wpbeginner.com link, because I always do, and then I get annoyed with myself for falling into their trap. And multilingualpress.org is not much better… and also always near the top of the results.

Then, of course, before we finally get to the page I really was looking for, Google makes one last ditch effort to keep me from going where I want to go, by inserting its “People also ask” block, with quick answers scraped from real websites, designed specifically to keep you from actually venturing any deeper than Google’s search results page itself.

Thanks Google for doing your part to make the Internet suck.

P.S. What do you think happened when I clicked “I’m Feeling Lucky”?

Not everything needs to be secure

Just saving this for future reference. I got on the “all HTTPS all the time” bandwagon without questioning it, because enough of the sites I create do collect user data that needs to be secure. But some — like this blog, for instance — do not.

But here’s an angle on it that I hadn’t considered:

If Google succeeds, it will make a lot of the web’s history inaccessible. People put stuff on the web precisely so it would be preserved over time. That’s why it’s important that no one has the power to change what the web is.

Dave Winer

Google of course is always trying to change what the web is, just as Facebook does. I really got into a lather over AMP because it was immediately clear to me as a web developer how it is bad for the open web. Forcing everything to HTTPS is not quite as obviously “wrong,” but when you investigate it… yeah, it is.

This site uses HTTPS because… well, why not? I use Let’s Encrypt, so it’s free and easy. And I configured the server to automatically redirect HTTP traffic, so old links still work. But people shouldn’t be expected to understand what I understand about the web in order to use it… and not just as passive consumers, but as active contributors.

That’s the real power of the web, and what we lose when we let companies like Google or Facebook change the nature of what the web is.

I’d like to end with another quote from Winer:

The web is not safe. That is correct. We don’t want every place to be safe. So people can be wild and experiment and try out new ideas. It’s why the web has been the proving ground for so much incredible stuff over its history.

Lots of things aren’t safe. Crossing the street. Bike riding in Manhattan. Falling in love. We do them anyway. You can’t be safe all the time. Life itself isn’t safe.

Google’s bad UX can even cause seasoned professionals to make novice mistakes

Today I did something that, when I realized what I had done, I metaphorically kicked myself over. It was so stupid. It reminded me of something I did at one of my earliest professional jobs… over 20 years ago.

I’ve been using email for nearly 30 years, and I’ve been a professional web developer for 25 of them. I know the difference between CC and BCC.

But today, when I was sending a mass email to a number of my clients, I made a critical mistake. I always handle these emails in the same way: I set the To field to a generic, non-existent email address on my own domain, and I put all of my clients’ email addresses — the real recipients — in the BCC field. That way, they all receive the email and, critically, they can’t see who else I sent it to.

Unfortunately, that’s not what happened today. Instead I unwittingly put all of their email addresses in the CC field. Sure, they still all received the email. But now they can also see who else received it, and, much worse, they can potentially hit Reply All and send their response to the entire list of recipients.

That’s not only embarrassing, but given the nature of the message, it could cause them to potentially blast some of my personal financial information out to a huge swath of my other clients.

Ugh.

I felt like a fool, and I nearly sent a second message (being sure to use BCC this time!) explaining my error… but then I realized that would just make me look like an even bigger fool, and the best thing to do was nothing, and just hope it goes away quietly. (So, of course, I’m writing a blog post about it.)

But the more I thought about it, the more I realized that the real culprit is Google’s bad UX design. For years I’ve been railing against Google’s “Material Design” or whatever they’re calling what they do these days. It’s too vague and unintuitive. Too much is hidden.

Good design should be obvious. Users should be able to see at a glance what they’re able to do with a piece of software. Of course in the early 2000s, Microsoft took that concept to an absurd extreme with the “Ribbon” in Office: a giant mosaic of every imaginable feature of the program, thrown together in a jumble of icons and text that would overwhelm anyone. Thankfully that approach has fallen by the wayside, but in its place is something arguably even worse: the illusion of simplicity, created by hiding so many features away that users probably don’t even know they exist, and then compounding the problem by stripping down the visual elements of the interface to such an extreme that it’s difficult to even know what’s clickable.

Such is the case with Gmail, something that should have a pretty simple interface, even with all features exposed.

I learned email back in college in the ’90s, using Eudora. Oh how I loved that program. Every mail client that has come since has been a downgrade, in my opinion. These days, practically speaking, my options are to use Apple’s Mail app, or Gmail’s web interface. For better or worse, I use Gmail. But in light of today’s debacle, I decided to do a comparison.

Since the days of Eudora, mail programs always had separate and distinct To, CC, and BCC fields, each on their own line. It made it very difficult to accidentally use the wrong field, and easy to tell if you were making a mistake. Apple Mail still does something very similar… with the modification that the BCC field is off by default, and you have to go to a menu to show it. Then it appears on its own line. All of which reinforces the deliberate choice of using BCC when you want it. All in all, it’s remarkably similar to what I remember from Eudora, but a bit cleaner.

In comparison, Gmail hides both of those fields by default, and the way to get one of them is to click the light gray text for the one you want, on the right side of the same line as the To field, right next to each other.

Oops! My cursor was a few pixels too far to the left — and since there’s no visible button, it’s not clear where exactly the clickable areas end — so I accidentally clicked CC without noticing.

And then, once you do click one of them, it appears on a new line, but again, if you’re moving quickly, as I regrettably was today, it was far too easy not to notice the mistake I had made. Since either CC or BCC doesn’t appear unless you’ve clicked it, you have to specifically look at the label on the left side of the line to know which one is on. That’s not possible in Mac Mail (or Eudora), where CC is always there, so BCC, if you’re using it, is always two lines below To.

The only way I realized what I had done today was when one of the clients replied to the email — thankfully he did not “reply all” — and I saw the “CC” dump of email addresses in my original email quoted at the bottom of his reply. Eek!

This is the current state of supposed “best practices” in UX design… flaws in things so basic, things that were already solved a generation ago, that someone who does this for a living makes novice mistakes.

Addendum, January 17, 2022: It gets worse. Over the past few days I have been working with some agency partners on a proposal for an RFP. There have been two glaring problems that have occurred as a direct result of Gmail’s interface quirks. First, I was waiting over the weekend for my partners to email me a link to their draft document. Late Friday, one of them emailed me a one-sentence message saying they’d send over the proposal on Saturday. I didn’t bother opening the email to read it, because I could read the entire thing in the preview. (This was in the Gmail app on my iPhone.) I waited Saturday and Sunday for another email from them, but I got none! Except, I did. But because Gmail only shows the first unread message in a thread, with no indication that there are more unread messages in the thread, I had no idea that they actually had sent another email until this morning, when I took the time to open the email on my desktop.

Then, to make matters worse, I was just preparing a new email to send them, with my latest draft, and as I entered their email addresses in the “To” field, Gmail suggested the RFP client as another recipient. No no no no no. It would have been far too easy, if I were in just slightly more of a hurry, for me to have accidentally clicked the client’s name, and sent them my draft of the proposal and the associated internal comments. Yikes. This wouldn’t be the first time its suggestions have led me astray… I’ve accidentally sent emails intended for the drummer in my band to a client, because they have the same first name and as soon as I started typing it, Gmail decided for me which person I was emailing and autocompleted the address.