Product & Security Update April 2021

As part of ongoing security audits across our platforms, we need to remove the ‘no browser bar’ option in UserZoom GO. This affects both unmoderated and moderated studies for desktop studies, and will not impact mobile studies. The option will be removed in the next few weeks.

 

What’s the ‘no browser bar’ option?

This option simply hides the browser bar and back button at the top of the window. This option is mainly used when teams are concerned about sharing the URL of an experience, either to reduce bias in the study or to prevent a participant from accessing a URL (usually a prototype) after their session. But it has never prevented participants from accessing that URL in another way, such as via their browser history.

 

Why is it being removed?

Hiding the browser bar does not meet the best practices of being fully transparent with our participants. Hiding the browser makes it seem unrealistic on desktop, most desktop testing is for websites, which have a browser bar, back buttons. Hiding the browser bar can also enable potential security issues, such as clickjacking or browser bar spoofing.

It’s due to these security issues that no other solution, that we are aware of, offers to hide the browser bar on the desktop. It’s for this reason that this capability has never been available in the UserZoom platform. However, we are not removing this capability on mobile. 

 

Why is mobile different?

Our mobile solution allows the test participant to engage with a website or prototype with our UserZoom GO mobile app acting as the browser. As it is our own native app, we can control the environment and are better placed to ensure the security issues mentioned above (clickjacking and browser bar spoofing) are not possible. 

The additional benefit of hiding the browser bar for mobile is that it allows mobile app prototypes to look and feel like an actual mobile app, and not a mobile website. In contrast, hiding the browser bar on the desktop can be confusing to the participant, as the vast majority of prototype desktop experiences tested are for websites, where a user would expect to see a URL.

 

What’s the impact?

There are two main impacts of this change:

  1. Removing the ‘no browser bar’ option means that participants in Moderated studies now have no browser extension to install, making it easier to join and participate in your sessions.
  2. Removing this option now means you are unable to hide the browser bar during either a moderated or unmoderated study.

If you are concerned about losing this capability, there are several options available to you.

 

What are the options?

There are several options you can use to help prevent bias in your studies and stop participants from accessing the experience you are testing after their session.

  1. If your company name is in the URL of the prototype you are sharing, you could change this within your prototyping tool. For example, to learn how with Invision click here.
  2. Consider password-protecting your prototype. Learn how for Invision, and Adobe XD
  3. Consider disabling your public prototype links after your sessions, before starting your next study.
  4. For moderated studies - consider asking your test participant to delete their browsing history for the past hour at the end of their session.

Please provide any feedback you have on this article. Your feedback will be used to improve the article and should take no more than 5 minutes to complete. Article evaluations will remain completely confidential unless you request a follow-up. 

Was this article helpful?