Monthly Archives: December 2010

Transalating a webiste automatically based on users IP address

Why is it that sites that provide localization always try to assume that the best content for you is the one based on your location?

Most people sometimes aren’t in their hometown. They could be on a trip to Asia or the middle east, but this doesn’t mean that when researching for a site or information, they want to see these sites in mandarin or in Arabian.

I may say that the majority of users try to look information first in English because the majority on sites are already in this language. You have more probabilities in finding what you need when querying in English.

What I’m saying is, don’t try to provide information on your site with automatic translation based on the visiting’s user IP address. Give the information in your primary language, be it English, Spanish, French or Portuguese and then give the user the option to select the language in which they would like to see the website and save that on cookie or the user profile for when they comeback. If the user queries google in English and when it enters your site it is then automatically translated to Spanish because the user happened to be in Cabo for vacations, he might leave, inferring the original language of the site is Spanish.

A different approach about passwords in registration forms

With the hacked of Gawker Media sites and the release of a list of users and passwords stored on the sites, people all over the Internet started reacting to the news and offering techniques on how this can be resolved.

Some of the proposed techniques include getting rid of the user database implemented on many websites and let an external application handle the customer login using credentials from others sites like Twitter, Facebook and OpenID. In my personal opinion, I really don’t like any of these mechanism because I really don’t trust these companies. Your could argue that they might have better protection than some guy’s new web service that just launched in 30 days to test an idea. Maybe it’s true, but also this guy might have a better mechanism to prevent this kind of leaks than the big companies.

Also, I think it’s not true that having a single point for user authentication is going to resolve the whole issue. Compare it with credit card fraud. Do you think you can solve the credit card theft problem by just having ONE card with a $300,000 limit than having multiple cards with, say $5,000 limits? If someone steals one of the cards, you only loose the 5,000. If you someone steals your ONLY card, you might loose $300,000 and you’re left with NO card. This is call spreading the risk.

A different approach that we use on our sites is to generate a random and strong password automatically for the user and send it to their email. We give them access to what they’re requesting on the site with just entering the email (and other information if necessary) and then email them the password generated. When they decide to come back to the site, they used the autogenerated password. They can change it if they want, but we took that step out of the funnel (guessing and thinking what password to put on) and just let them proceed to perform the requesting transaction and letting them now in an email how to continue using our sites in the future with their new strong password.