Field notes on digital friction

Security is everywhere, yet almost never designed for people.

A semi-blog about unsafe defaults, hostile UX, account recovery nightmares, and the small product decisions that make the internet feel brittle.

Read the latest Send a note

Recovery flows Trust erosion Security UX

Featured essay • 7 min read

Most “secure” products still punish the careful user first.

The average user is told to enable more checks, save more codes, confirm more devices, and trust more alerts. When something goes wrong, the legitimate user becomes the suspect while the product hides behind policy.

Read featured piece

Why it matters

Security systems often optimize for internal certainty, not user recovery. The result is friction that looks responsible but feels punitive.

Short essays and observations

Opinion

Why account recovery is the real security product

Open post

Case note

The damage caused by vague “suspicious activity” warnings

If users do not know what happened, they cannot make a good next decision. Fear is not guidance.

Open post

Two-factor authentication should not feel like a side quest

Security steps can be strict without being exhausting. Most products just never bother to prove it.

Open post

Recurring themes

A publication shape, without the newsroom bloat

Trust

What products ask users to believe, often without evidence.

Failure

The overlooked moments when systems break and the interface gets cruel instead of helpful.

Design

How wording, timing, and defaults can make safety feel legible instead of punitive.