Giving BooksOnBoard a second chance
After all the feedback I got from reporting my first impressions of BooksOnBoard, I decided I might have been hasty in judgment, and that I should give them another chance. After all, they are an ebook seller that accepts PayPal and I sometimes end up with client payments in PayPal that take days to transfer to my checking account. It would be convenient to be able to use them as a vendor.
Forewarned with the knowledge that I would have to carefully examine the file format options before clicking «buy», I went to find The FairTax Book by Neal Boortz and John Linder, recommended to me by my father in response to a recent post.
BooksOnBoard’s website is still rather cluttered, but that can be forgiven. I’ve built a few cluttered websites in my time and I could see the potential charm in a website that feels like an independent bookstore with piles of books stacked willy-nilly and a system of organization understood only by the proprietor. I typed «Fair Tax» into the search box and got zero results.
Search
I nearly left the site in search of a site that does carry the book, but then I thought to look for other books by the same author. I typed «Boortz» into the search box and came up with five results, two of which were for The FairTax Book. Note that there is no space between the words «Fair» and «Tax.» That’s what my friend Scott Munro calls concapenation and what many programmers call camel case. Typing «fair» and «tax» into the search box as separate words failed to provide the result.
Now I have to ask: are they incompetent? I wrote a search algorithm for a website back in 1998 that returned results for partial matches, and in 1998 I didn’t know anything about object-oriented code or interfacing with databases (I kept my search index in a comma-separated text file) and barely understood the concept of local versus global variable scope. In short, in 1998 I was an incompetent programmer with tools that would today be considered archaic and I wrote a more useful search engine than the BooksOnBoard team.
Book formats
Well, again, everyone has room for improvement. After all, I did find the book I wanted on the second try, and that’s not too bad. So I pressed on. There were two results for the book I wanted. One for $14.99 and the other for $10.99. What’s the difference? I looked at the page for one of them, then at the page for the other. I couldn’t see any difference at all. I remembered that BooksOnBoard sells both eReader-style PDB books and Adobe PDFs and went back to the more expensive one to see if it listed a file format. Nothing on the book page about the file format, but then I saw that «format» is a tab on the page. Not obvious, especially considering that choosing the wrong format could mean a non-refundable and non-readable purchase, but OK, at least I saw it when I was looking for it. I clicked on the tab and found that this was not an ebook but an audiobook. That’s why there were two listings with two different prices.
That it took that much research to find out that I wasn’t even looking at the right category of product is a strike. It should be obvious from the search results whether a book is an ebook or an audiobook. Most people, looking for one, would not be happy to receive the other. Failing a distinction on the search page, leaving that information off the main book’s description? I trust it would be clear before getting to payment what the format was, but nevertheless: how much work should a customer have to invest in order to give a vendor money?
I went back to the less-expensive book and found that it is an ebook and, as BooksOnBoard’s representative claimed (though not true for the earlier book I purchased) that it is available in several formats. I clicked to add the book to the cart and the system picked a format for me, which was not changeable from the shopping cart. So once again I backtracked to an earlier page, clicked on the format I wanted rather than the main «buy now» button and went on.
I was tempted to go with the Adobe DRM version, but I still haven’t given BlueFire Reader a test run. I’ve installed it, but I never started reading the other book that I bought from BooksOnBoard because my experience with them turned me off. I ought to get around to it, but there is no point in having two books as guinea pigs for reader software I haven’t used. So I went with the old eReader-style DRM.
Security
Now the topic of security comes up. I mentioned earlier that one of the appealing factors of BooksOnBoard is that they accept payment through PayPal. They wouldn’t have made a sale today if not for that, because their secure website contains both secure and non-secure items. Usually that happens with images that are linked from the main webserver address, but it is possible for someone on a server that the packets are traveling through to manipulate the unencrypted parts of the page, which could be images, or stylesheets, or javascript or even Flash objects. My recommendation is that unless you know how to examine the contents of the page and know that what you’re doing is safe, you should never input your credit card information on a site where the security lock icon has a red X and where the letters «https» are stricken with a red line.
PayPal does all their transactions on PayPal’s own site, so I ignored the security warning from the browser. I wouldn’t have to put any sensitive data in to the form. So I bought my book and lived happily ever after.
…and security, again
This brought up another issue that should be disturbing to the publishers that work with BooksOnBoard: eReader-style ebooks are keyed on the user’s credit card number. As BooksOnBoard’s representative pointed out, some people aren’t comfortable with using their credit card number as a password, but I think it’s a clever and fair system. The credit card information is not visible after the book has been unlocked, and it allows for limited lending of an ebook. You might well copy an ebook to a friend, but most people are unlikely to give their credit card numbers to any but their most trusted friends. The most one might do is copy the book to the friend’s device, key in the credit card number themselves, and let the friend read the book. Like a printed book, the book might be passed around a couple of times, but it won’t be posted on the Internet with the key for just anyone to read, except by someone who doesn’t care who has their credit card number.
Since I paid through PayPal, what would I do for a key for my newly-purchased ebook? I confess I didn’t even think of this until I was prompted by BooksOnBoard to enter my name and credit card number so that my new book could be encrypted.
I have no reason to disbelieve the disclaimers on that page, which assured me that my card would not be charged or stored and that the information would only be used to encrypt my new book. I’m sure that is all true. However, here they were asking me to enter my credit card number into a form with compromised security. No way. I do know how to check to see which elements of a page are insecure but frankly I’m too lazy to do that when I’m not getting paid for it.
So I tried something that may run me afoul of the DMCA, but to which I had no reasonable alternative: I entered a fake credit card number into their form, and downloaded my book.
Not only did I enter an invalid number, I entered a number with an invalid number of digits. American Express cards have fifteen digits, but none of them start with the numeral 4. Only Visa cards start with 4, and they all have sixteen digits. In a perfect world, BooksOnBoard should have run what is called a ZDA or zero dollar authorization on the card. If the card number came back from the card processor as invalid, they should have asked me for another number. Failing that they could at least have run simple pattern-matching to see if the number could possibly have been a valid credit card number.
So I don’t think I’m the one who ran afoul of the DMCA by circumventing the eReader security system: it is BooksOnBoard who made the DRM on eReader-format books they sell toothless. Anyone can buy a book with PayPal, probably enter the single-digit number 3 and the name «John Doe» into the credit card number entry fields, and have a book that they can upload to any number of FTP servers and websites with the unlock instructions, and never have that be traced back to them. BooksOnBoard may as well just hand the books out without any DRM. That would make them popular with a lot of people (including me) but probably not popular with the publishers whose books they sell.
I’m sorry to slam BooksOnBoard twice in a row. I really want to be able to say that they are a great company to do business with. I love independent businesses and would much rather support the smaller upstart business than the huge ones. I can only hope that BooksOnBoard will invest some of their developers’ time into correcting these faults.
BooksOnBoard, if you don’t have good UE (user experience) people, I can send you résumés for some excellent UE people, at least a couple of whom I know are actively looking. Or you could hire me. My rates are reasonable and I’d love to help out a small business like yourself. UE is not my specialty but it’s an area even I could help you with and it’s not the only area in which you need help. I really do wish you the best, but you’ve got work to do.
Postscript: in the two hours it took to write this, I have yet to see my receipt from BooksOnBoard. I have a receipt from PayPal, which arrived instantly but not from BooksOnBoard. I checked my spam filter mailbox and it’s just not there. BooksOnBoard, you’ve got things that need fixing.