DEV Community

Tomislav Buljević
Tomislav Buljević

Posted on • Originally published at about.njuskalo.hr

Cobra effect and what we can do to mitigate it

As web developers working on a product, we continuously strive to improve it, adding new features to build trust and to better connect with our users. We try to help them use our product better, coming up with solutions which can guide them and help them reach a positive result. At the end of the day, we want our users to be happy with the experience they have using our product. But, sometimes the solutions we implement can have undesired consequences. This can be due to bad actors who are trying to exploit features we implement or simply an undesirable side-effect of a feature. This is called the Cobra effect.

Why Cobra effect, though?

Well, it all dates back to British rule of India. The British government in Delhi was concerned about the number of venomous cobras in the city. Therefore, they issued a decree in which they offered a bounty for every dead cobra brought to them. And to be honest, it seems like a win-win – they incentivize the population with money, and reduce the number of cobras, which in turn reduces the threat to human population, right?

The bounty worked for a while. But, as always, people find ways to “hack” the system. A large number of cobra breeders emerged as a result. They would breed cobras and collect the bounty. Now, as soon as the government realized what had been going on, they canceled the program altogether. By that time, though, the damage had been done. The breeders released the cobras into the wild, and suddenly there was a surge in cobra population instead of the actual decrease.

As you can see, situations happen where trying to fix a problem actually makes it worse. In the case of the British government, the “solution” for a problem stemmed from misunderstanding the folk of India. Their traditions are radically different from Britain’s Western sensibility, and they didn’t have enough foresight to predict the inevitable outcome.

Cobra effect in web development

Sometimes a feature looks good on paper. For example: You have a product, and you decide to incentivize your audience in some way. Say, you want people to sign up for a newsletter, and by doing so, they get a redeemable code for some activity on your site. One code per mail, right? But if you’re not careful, you could find yourself in a situation where a user, to get more redeemable codes than they are allowed to, makes fake email addresses, signs up for your newsletter, and then has enough redeemable codes to finance a small country. Or they start making fake accounts to sign up for the newsletter for the same mail address and start racking up the redeemable codes. Or some sort of combination of the two. This effectively exploits your product and you just wanted to give somebody 10% off on the next pair of shoes they buy.

Here’s another example. In an effort to increase user engagement, you devise a system of personalized recommendations to the user. Something in the vein of: “We see you like this thing you read, perhaps you would like that other thing that complements it as well?” If you are not careful, the user might get a multitude of such personalized recommendations. So much, in fact, that they start to ignore, or even leave your product altogether. This is definitely undesirable behavior, a direct opposite of what you were trying to achieve.

But you are a vigilant developer, right? You know the solution for both of these examples I stated, right? Well, sometimes. Sometimes the answer is not as straightforward as you might think. What I’m trying to say is: We’ve all been there. You implement a shiny new feature, release it into the wild, suddenly problems start popping out of the wood-works, and it’s back to the drawing board.

Cobra effects at Njuškalo

Throughout the years, we also had our fair share of situations where something that looked good on paper just didn’t work properly when implemented. Since we’re a marketplace platform, we do have features other marketplace platforms have as well.

For example, on PayProtect, we have a ratings and reviews system. It’s used for building trust with our user base. While planning it, we asked ourselves the 4 W’s:

  • Who can leave/get a review?
  • What is the desired outcome of a review left?
  • Where can a user leave a review?
  • Why should a user leave a review?

While brainstorming the feature, we noticed a possible Cobra effect. If we give a user the possibility to just leave a review, without certain conditions attached, that could lead to bad actors pumping up their reviews and ratings artificially. So we thought on that issue, and came up with a solution. A user can leave a rating and a review for another user only if they have finished a transaction. That means that a seller needs to send the item, the buyer needs to receive the item, the money needs to be paid out to the seller, and then a buyer can leave a review and rating. Also, there is a limit of only one review and rating per transaction. And when we solved the Cobra effect lying in wait, we suddenly had answers to all of our questions.

As you can see, thinking about Cobra effects can actually speed up your planning stages of a project, so much so that solving it opens up the whole feature to you.

How do we fight the Cobra effect?

Well, first of all, we need to be aware of a possible Cobra effect. We should think about how exploitable a feature is so we can patch up that loophole before it even happens. This mostly comes from experience. The more you develop apps, and the more you learn about them, the more you learn from other developers as well, the more you can think like possible bad actors do, and predict certain behaviors.

Also, embracing a user-centric design, getting feedback from users on possible pain points can mitigate the risks of a possible Cobra effect. User input is invaluable in these situations because sometimes we’re so wrapped up in all of the stages of a project that we don’t account for natural user behavior until it’s too late.

Stakeholders need to be notified of the ramifications of such effects, because they impact our reasoning behind implementing a certain feature in a certain way. Being transparent in the development of a certain feature is a must at all times. We should always implement mechanisms for monitoring, measuring and evaluation of our products so we can regularly revisit those results and see the positive or negative consequences of our actions in regards to our users. This way, even if we do have a Cobra effect on our hands, we can pinpoint the exact moment when it started to happen and react accordingly.

And in the end, we need to consider the ethics behind any given solution. If our products prioritize the well-being of users, in the long run, the Cobra effect may be mitigated entirely.One might say here that even if we do implement all this, bad actors will still find a way to get around all our efforts. They will still find some loophole to exploit. And while that may be true, we must always remain vigilant in monitoring to react as soon as possible. Also, our efforts may have unintended consequences of their own. It’s a neverending process, my friends, but we have mechanisms to fight it, as you can see.

Do we have some solutions for the Cobra effect already?

The answer to this question, pure and simple, is yes! The web community constantly works on increasing the ethics and transparency of the web.

Take GDPR, for example. As one of the solutions for data privacy and protection of users, GDPR is a regulation strengthening the privacy rights of EU residents. By making your product compliant to GDPR, a lot of Cobra effects can be mitigated. The Agile Manifesto, while not an ethics framework in itself, emphasizes principles of responding to change, customer collaboration and iterative growth which in and of itself, serves as a tool in adapting to possible Cobra effects. Constantly, people out there are creating ways to create a safer web for us all. Here at Njuškalo, we try to do the same for our users. That way, we create a better landscape for generations to come.

This doesn’t mean that we stifle innovation, however. Even with regulations in place, and with keeping the Cobra effect in mind, we can still be innovative and bring much needed value for our customers.In conclusion, all of our actions have consequences, intended or not. While we cannot prevent all of the negative side-effects of our features, we can strive to lessen them by using methods described above. This is the way we create such a successful, sustainable digital product in Njuškalo. So until next time, stay vigilant and remember: the cobra is a devious animal, and you never know when it might strike.

Top comments (0)