This job never came with a manual. If you’re like me, you got into the business of building websites writing bad teenage poetry or photoshopping crude posters for your band. Eventually, you learned the skills to put your creation on the Web and became addicted to the thrill of instant self-publication.

Over the years I’ve come to realize that most difficult part of making websites isn’t the code, it’s the “hidden expectations”, the unseen aspects I didn’t know were my responsibility when I started: Accessibility, Security, Performance, and Empathy.


Sir Tim Berners-Lee designed the Web to deliver Hypertext to any computer, on any hardware, anywhere in the world. Behind a myriad of devices are a myriad of people with none or any combination of visual, auditory, cognitive, and/or motor disabilities. Modern accessibility abides by the POUR acronym, which (to oversimplify) expects your website to be screen-readable, keyboard-navigable, have easy-to-read content with a sensible document structure, and be usable on any device.

It’s all too easy to mess this up. You can make a tabbed interface with three lines of JavaScript or a checkbox hack, but it would likely be unusable for non-sighted users. You can make custom-styled <select> boxes using <div> elements, but sacrifice all the accessibility features of the native form control. Our cleverest implementations often fall short.

And it’s complicated. If I’ve learned anything from 3 years of The Accessibility Project, it’s easy to get discouraged by such a nuanced field. Just when I’m ready to quit trying, I remember that (by some estimates) 1 out of 5 people –whether temporary or permanent– count on us doing a good job at Accessibility.


Security and its twin sister Privacy have made quite a few headlines in the last few years: Heartbleed, Shellshock, DNCLeaks, and a rash of security breaches for many major online retailers. The consequence? Our personal information leaking out like sewage into the Dark Web.

Those of us building websites probably all need a better working knowledge of common attack vectors: XSS, CSRF, click-jacking, Social Engineering, etc. And how to defend against those dark arts: SSL, enable CORS on both the client and server, strict Content Security Policies, encrypting all sensitive data, and anonymizing any personally identifiable information (PII). We need to 2-factor authenticate everything. Our sites, its systems, its data, its settings need to be secure by default. Similar to how cars have seatbelts.

Designers may be quick to wring their hands of such a complex and technical responsibility as a problem for neckbeards to solve. However, Security and Privacy start with design. In a talk titled “How Designers Destroyed the World”, Mike Monteiro retells the story of a woman who’s sexual orientation was unintentionally revealed to her conservative father due to a flaw in Facebook’s privacy settings. Monteiro makes a convincing argument that situations like this are not a technical problem, they are a design problem.

So Security and Privacy are actually all of our problems. Personally, I expect this space to heat up now that high profile political and corporate hacks are happening on the regular.


Web Performance is a hot topic. Faster websites make happier users, who click more links, who generate more revenue. It’s the perfect meeting point between User Experience and Business Analytics.

Performance is measurable, but not visible. Web Performance is almost a feeling that we use metrics to diagnose. It’s difficult to keep top of mind. Performance tends to be the last step of our build cycle yet design decisions that directly impact overall performance happened months ago.

To top it all off, our standards are probably too lax. How we measure, describe, and collectively perceive “fast” probably needs rehabilitation as well.

It’s hard work to stay on the bleeding edge of speed. Everything changes every six months. It takes a mix of server, front-end, automation, and teamwork kung-fu but the good news is that Performance can be 💸 very rewarding 💸.


All of these can be summed up in a simple word; Empathy. Design is ultimately about making connections with people. Dealing with humans (who have emotions and unlimited number of contexts) requires empathy for what they might be experiencing.

In their book Design for Real Life, Eric Meyer and Sarah Watcher-Boettcher set the bar for Empathy fairly high. I think it’s a good bar. They introduce the idea of “stress tests”, that is to say, does our design and software serve people who aren’t in an ideal state? Do our animations or witty bot responses frustrate users who have zero fucks to give? In most situations I’d wager; Yes.

It’s difficult to sustain the level of empathy required to build software that actual real, emotional people use. The Web’s greatest strength, human connectivity, requires that empathy. Mastering Empathy means we can make the Web and possibly the world a better place for everyone.

Managing the Hidden Things

It takes a level of constant vigilance to manage the hidden things correctly. Accessibility, performance, security, and content audits easily slip through the cracks as budgets and timelines slim down. “Get it done” trumps “Do it right”. In fact, “Do it right” is a bit of a problematic call-to-arms, because the moral implication has an air of religiosity to it. What’s “moral” and “right” to one person may be different to another. Unfortunately, “Function well and protect the individual legal rights and dignity of every user” doesn’t make a good soundbyte.

The only way I’ve found to deal with the immense responsibility of these hidden expectations is to take each task up for a season. I personally feel myself embarking on a season of Security. Lo, heavy is the tin foil hat…

Becoming a generalist in these areas can be difficult. Discovering who to trust and what information is current is half the battle. To add insult to injury, some communities (like Security and Accessibility) have vocal minorities that reject novices becuase they have the potential to create more problems than solutions. So be careful, thar be dragons.

If there’s any silver lining, it’s that more practice makes it easier to be more mindful. Over time, it’s less difficult to jump back into a different mindset if you’ve dedicated yourself to one for a season. If you have a team doing these things, it’ll be easier to remember too.

It’s important to know your blindspots. When in doubt hire a professional dedicated to one of these trades for help. Don’t neglect the things you cannot see or measure.