How I got spammed by my internet provider, and how they could have prevented it

October 1, 2021. 4 min read.

IMG_9193

Within a few minutes, I received a deluge of SMS updates from my internet provider about an outage in my area.

What happened?

My internet provider has a portal where customers can check if there’s a known outage in their area. They can then register to get notified by sms when the issue is resolved. This prevents customers from having to regularly check if the internet is back. isp43434

So I input my phone number and clicked the submit button but there was no feedback. The button did not change state, there was no error message, no loading indicator. I had no idea if my click was even registered, so I kept trying.

Fast-forward a few minutes, I get the first sms. Within the next hour, I receive the same message more than 50 times. My phone was almost unusable during that period. This was a frustrating experience but also a waste of resources on their part.

How could they have prevented this?

1. By providing UI feedback for the button click

The design should always keep users informed about what is going on, through appropriate feedback within a reasonable amount of time. - https://www.nngroup.com/articles/ten-usability-heuristics

This is a well known UI heuristic. Users should not have to guess what happened after they performed an action. The system should explicitly tell them. If I had received some visual feedback the first time I clicked the button, I wouldn't have retried so many times.

2. By making the sms registration an idempotent operation

Idempotence is the property of certain operations in mathematics and computer science whereby they can be applied multiple times without changing the result beyond the initial application. https://en.wikipedia.org/wiki/Idempotence

Subscribing for a service is the kind of operation that should be idempotent. No matter how many times the user clicks the submit button it should result in just one entry in the system. Users implicitly understand this. When they sign up more than once for a newsletter, they do not expect to receive the same email multiple times.

One way to achieve idempotence in this case could be: when a user submits their phone number, search your system for an existing entry with the same phone number and incident_id

  • An existing entry is found, they already registered: do nothing.
  • Nothing found, it is their first attempt: create a new entry.

incident_id here is important because the user should be allowed to subscribe for updates for another incident.

Software EngineeringPersonal