Hi all, and welcome to the second edition of Under the Hood, where I hope to keep you updated on what we’ve been doing with the inner workings of the Be Well Tracker and the Be Well Plan mobile application. This quarter* we’ve been very busy working on the Tracker. Unfortunately a lot of the work centres on the sort of intensely fascinating and fun background work that makes my wife’s eyes glaze over and respond with, “Yes honey, I’m so glad you migrated the devops pipeline, but did you remember to migrate the nappy bags into the bin?”. So, in this edition I’ll try to stay focussed on the externally-relevant changes we’ve made.
My regular reader (hi, babe!) won’t need any introduction, but for the rest of you, I’m Ben Ashley, the resident software developer at Be Well Co. I’ve been here for just over a year now, which means I can finally stop pretending I’ll ever clean the Coke No Sugar cans off my desk.
In the last edition of Under the Hood, I promised two things. The first was that it was possible to cook some of Jamie Oliver’s Crackin’ Crab Briks and fill in a pulse wellbeing measurement in 17 minutes (2 min for the latter!), and the second was that we were planning to streamline the sign-up and login process. I’m still confident in the first, but I regret to say due to procurement issues (apparently 3 tonnes of crab meat is “not an acceptable business expense”) we have yet to run a proper double-blind trial to prove it. The second however I’m happy to say we have made significant progress on.
We have improved the sign-up and login process in three main ways, in addition to making it even more secure and extensible for the future:
The current flow for accepting an invite to take a wellbeing measurement dumps new users out on the registration page of the Tracker, with no information about what to do next. Now, the invitations usually have context surrounding them explaining that they need to create an account or log into an existing one, upon which they’ll get redirected to the measure. However, it’s a well-known fact that users (yours truly being no exception), never read any instructions, which can lead to confusion here. Now when clicking on an invitation to accept a measure, the user is shown a message on the registration page explaining what they need to do in order to take it.
Social Media Logins
If you’re anything like me, when you’re faced with the prospect of creating another account and hence password (you don’t share passwords between sites, right?) you groan audibly. This is made even worse when you return to the site a month later and can’t remember the password, leading to the dreaded password reset email dance. By adding social media logins (Facebook, Google and Apple) we’ve given you the option of just using an existing account to access the Tracker and the Be Well Plan App. This has the added bonus of allowing new users to skip the email verification step, as the social media providers have already verified ownership of the email address. For those more comfortable with the original username and password accounts, we have no intention of removing these. Existing users who are already using an email that matches one of the social media logins will have the option of adding the social media login as an alternative way of authenticating their account, rather than needing to create a brand new one.
Reducing Information Gathered
We take the data privacy of users of the Be Well Tracker very, very seriously. So seriously, that I have resisted the urge to make a reference to the movie “Airplane” here to avoid undercutting how seriously we take it. Obviously, we do a lot of technical work around making the application and your data secure, but there’s also work done around reviewing what information we collect and why.
Originally on sign-up, a new user was invited to provide a set of information, most of which was optional. Only first name and year of birth (to calculate age for access to resources) were required, and we went so far as to encourage people to provide a pseudonym for their first name if they wanted. The optional information collected was last name, full date of birth, and location. Our review of this set of information came to three conclusions:
It was not sufficiently clear that first name need not be a real name
The research benefit of the extra demographic data was outweighed by enhanced privacy risk
Altering the required age to access the Tracker to 16 removes the requirement to collect year of birth at all
As a result, the new signup process is much more streamlined, and involves collecting only one piece of additional information (in addition to consent): a username.
As always, we’re looking to improve the existing functionality of the Be Well Tracker, whilst maintaining the security and privacy of your wellbeing data. There are a lot of exciting things on my to-do list for the coming year (and no, cleaning the cans off my desk is not one of them). One of the most exciting is the implementation of an organisation dashboard, allowing organisations to view deidentified, aggregated and confidentialised wellbeing data for their employees.
Until next time, stay safe and look after yourselves.
*: For some definition of "quarter"