-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New principle: When introducing heuristics or "magic", also include a way to override them #455
Comments
From the breakout today, it turns out there is some nuance that I did not consider when filing this:
|
As discussed above, some people have a much narrower view of what a heuristic is, and the kinds of heuristics I discuss here they’d call "magic". Not sure which definition is correct, but for the sake of maximizing comprehension, perhaps we should use "magic" as well (or both). Thoughts, @hober? |
I'm not comfortable with this example. First of all it's very much unclear whether end users can accurately describe entities (yahoo.com and yahoo.co.jp are different entities for instance, whereas google.com and youtube.com are the same; neither implicit connection means that the end user is prepared for these site to be able to share data).
Actually, the way this was setup upheld the same-origin policy, the problem is that cookies do not uphold that policy and operate under a same-site policy (as does most of the privacy work). As such github.io had to be added to the PSL. |
I agree with @annevk that same-origin as a heuristic is a bad example. It seems like the goal is to use same-site as the example, but even that is now very precisely defined, such that it is not really magical. In the same way, media type sniffing might be a heuristic that browsers employ that is perhaps more appropriate as an example, though again the fact that it is now precisely specified means that it is no longer fundamentally heuristic in nature. Is there any case where we have something that is a true heuristic, in that browser behavior is permitted to vary in ways that are unpredictable to sites? Perhaps the right thing to say there is: that is a bug. |
Heuristics are great because they save time and ease migration costs, but when they fail they can degrade the user experience far more than if there was no heuristic at all, especially if they are used in parts of the platform that cannot be avoided. As a general UI/UX principle when introducing heuristics, one should also include ways to override the heuristic.
Overriding should be possible in both directions, if it makes sense in both directions:
No override is necessary if the heuristic is 100% accurate in one direction.
The need for overrides is affected by two factors:
Examples from the web platform:
:where()
). It worked so poorly that developers ended up avoiding querying with selectors altogether, and managing querying with JS or manually (see BEM)z-index
property to override it, but it only works some of the time and is absolute, rather than relative, resulting in "z-index war" where authors setz-index
to huge values to "win" over other elements.array.concat()
heuristically determines whether to append the value itself to the array, or the values it contains (the heuristic is very simple: is the value an array or not?). This means it's not possible to use it to add an array as an element of another array (e.g.[1, 2].concat([3, 4])
will produce[1, 2, 3, 4]
, not[1, 2, [3, 4]]
). That's ok since a) the heuristic predicts intent correctly >95% of the time and b) users can simply use other functions to deal with the remaining use cases.Example that came up later: The web’s same origin policy is a heuristic that is attempting to infer the end-user’s desired privacy boundary from the URL structure. In many cases that matches user intent, but in some cases it does not:
There are no mechanisms to override false negatives that I’m aware of. Mechanisms to override false positives include CORS, First Party Sets, Cross-window Messaging etc, but each imposes different restrictions. However, this is likely acceptable, since making it possible to override heuristics that exist to protect end-users’ privacy and security should be approached with a lot of care.
The text was updated successfully, but these errors were encountered: