Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Never Attribute to Malice…


“Never attribute to malice that which is adequately explained by stupidity.”

That pithy statement is referred to as “Hanlon’s Razor“.

It keeps coming to mind as I hear from people who are absolutely convinced that malice is at play in whatever they’re experiencing. That’s rarely the case.

Become a Patron of Ask Leo! and go ad-free!

Hanlon’s Razor extended

When it comes to computers and technology, I extend the aphorism a little further.

Never attribute to malice that which is adequately explained by stupidity, error, or failure.

Just as it’s rarely malice at play, it’s not always stupidity either. All people, smart and stupid, make mistakes. Failures —  particularly hardware failures — happen.

Any or all of those can be used to more than adequately explain the various and sundry problems we experience with technology.

My ISP is blocking a website…

Hanlon's RazorThis topic came to mind recently when I received a question about an individual’s inability to access a specific website. He knew that other customers of his ISP also could not access the site, whereas customers of other ISPs could.

Clearly, to him, his ISP was blocking the site.

That could be.

However, there are other more likely explanations.

More likely, his ISP’s DNS had a problem and couldn’t resolve the IP address for the website in question. It’s also possible that the website in question experienced something it mistakenly interpreted as an attack1 and blocked the ISP. It’s possible that the website’s DNS was misconfigured, and due to DNS caching, his ISP was the first to see a problem that would eventually affect everyone.

Or it could be something else.

Malice is possible, as might be stupidity somewhere along the line; but errors and failures are much more likely.

My computer is behaving oddly…

Whenever someone’s computer behaves in an unexpected way, many people’s first response is, “Oh my God, I’ve been hacked!”

No. Just … no.

Seriously, hacking as an explanation for odd computer behavior is so rare, I’m quite comfortable just saying “No.”

Software bugs, hardware failures, failed updates, flaky internet connections, worn-out batteries, exceeded disk capacities, and much more are much more likely. All of these manifest in obvious ways that make it clear what’s going on, or in ways that appear completely random, as if the machine is “possessed” — just not by hackers.

And that doesn’t even begin to touch on what we lovingly refer to as “operator malfunction”: mistakes made by the person using the computer.

Ads are stalking me…

I have to include this class of behavior here, though it may be the most difficult to accept.

Without doubt, there are privacy issues on the internet. But ads following you around is not one of them. Showing ads for something you’ve seemed to express an interest in isn’t malicious; it’s marketing. It’s nothing more that salesmanship using current technology.

Creepy? Maybe, if you don’t understand what’s happening. But malicious? No. Not in my book.

Speaking of marketing…

Things change just to piss us off…

I hear this one after any major change to an operating system, application, or web service. Things looked one way yesterday, and look different today. Companies must be doing this just to annoy us, right?

If you think about it, that doesn’t even make sense. Change intended to annoy your customers is business suicide, as is change for the sake of change. No company wants or does that.

If your favorite OS, app, or website never changed, it would be just as bad for business. Never changing means not keeping up with current trends, taking advantage of new technologies, and adapting to new ways of doing things. You may be happy with an operating system that works the same way as it did 20 years ago, but the company that made it would be out of business if that’s what they offered.

Businesses that don’t change, adapt, and grow die. It’s a simple as that.

Growth is not malicious. Bad decisions about how to grow are not malicious — they’re just bad decisions. To refer back to my extension of Hanlon’s Razor, they’re errors or failures.

That you’re pissed off is certainly not intentional.

So, is there malice?

Of course there is malice out there. Hackers hack, scammers scam, and spammers spam. Businesses knowingly leverage your information in malicious and often illegal2 ways.

My point here is that when you experience something unexpected with your computer, technology, online experience, or data, unless you have real data that says otherwise, malicious intent isn’t the place to start looking.

The actual causes are usually significantly more mundane.

And, honestly, that’s a good thing. More mundane causes are easier to deal with.

Podcast audio


Video Narration


1: Every website, server, and device connected directly to the internet is under some form of nearly constant attack. Really. Any server operator can find the evidence in their server logs. This is something you can attribute to malice.

2: Interestingly, the two are not synonymous in either direction.

13 comments on “Never Attribute to Malice…”

  1. Timely article. Just this past week, I started having problems accessing my bank account on line. When calling the bank to find out why 3 different browsers refused to let me log in due to a problem with the site’s security certificate and following their instructions to clear browser caches, restarting my gateway and even trying a different computer, it turned out that the bank’s system had decided to block my IP address for some reason. Malicious? No. Annoying? Heck, yes! Neither I or the bank’s representative could figure out why it happened, other than some kind of software glitch.

    • Or a PEBKAC (Problem Existing Between Keyboard and Chair) on their end. A PEBKAC is often the weakest link in a system.

  2. Change.
    Being recently ‘promoted’ (I use the word advisedly) to IT Manager, I often get a number of complaints – most often about Office 365 – that things have moved or changed, and they want them put back. I have to explain, patiently, that I have no control over what software companies ultimately choose to update, revise, or remove from their products.
    “Back in the Day”, when software was purchased, it was a choice whether the latest version was necessary. However, the current business model for a lot of software is that you rent it, not buy it (they call them services now) – and as such, you are more or less forced to use the most up to date version or not use it at all.

  3. Wikipedia is hardly a definitive source, as anyone can write anything in there they chose. The quote about malice has been attributed to surely100 other people as well, everyone from Benjamin Franklin to Hitler.

    • Actually Wikipedia is pretty good. Being open source, you are welcome to correct any wrong conclusion or interpretation. Maybe a quote like this isn’t critical enough to generate comment, but try to change the inaugaration of Diocletian from 284 AD to 294 and see what happens! There is a lot of good scholarship on Wikipedia. For detail it beats the free version of Britannica any day. If nothing else, it will often give you a good bibliography to follow up on writings about your subject in greater detail.

  4. My favorite example of this is the “new & improved” Ribbon “gooey” in Office 2007.

    There were a couple of reasons of implementing it
    . * They didn’t have enough other new features so they came up with this one (maybe malicious, maybe trye
    . * The Ribbon is locked down to (virtually) eliminate user customization support calls (true)

    And then there is Windows Update. There have been volumes written about it! Although the effects of bad updates feel malicious, the problems are more realistically attributed to “stupidity, error, and failure”:
    . * Stupidity because MS has cut back on internal quality control / testers.
    . * Error, because MS simply cheaped out and no longer fully tests changes
    . * Failure, because MS failed to pay enough attention to their unpaid “crash test dummies”, their “Insiders”, those lost, lone voices screaming in the dark …

    Unfortunately, the simple reality is that testing anything in the Windows environment is a Sisyphean task. There are so many combinations and permutations of hardware and software that it is effectively impossible to test everything.

  5. When speaking about being hacked, does that include being infected by malware or ransomware, or is it something more specific and rare ?

    • Hacked generally refers to someone taking control of your computer, your network, or your online accounts. A malware infection can be one way they accomplish the hack, but generally refers to any software with malicious intent.

  6. Thank you. Now that brings some comfort.

    My setup has grown maddeningly slow at times, and of course the lingering thought is to suspect a virus. But repeated scans keep giving clean results. I’ll blame it on Windows rot… (and lack of RAM for part of the problem, that’s for sure).

  7. Leo, this article was words of wisdom and worthy of framing and hanging on the wall.

    Between Hanlon’s Razor and Occam’s Razor, most computer problems are addressed.

  8. Great article, but I can only agree about 80% on change for the sake of change not being a thing. I’ve seen many changes that improved nothing. As an example, on my first 2 Android smartphones, when I received a phone call (yes, you can use them for that) I would swipe the icon right to answer the call or left to reject it. On my latest phone, running Android 8, and the same manufacturer as the first 2, I have to swipe up to answer and down to reject. And since the icon is already near the bottom of the screen, about half the time the downward swipe accomplishes nothing. I challenge anyone to explain how changing from a right/left swipe to an up/down swipe was anything but change for the sake of change.

    • The reason change for the sake of change isn’t a thing is because change costs money. The motivation behind change is to improve. It could be an improvement in performance, added features, bug repair, ease of use or enhanced user experience etc. Or even a change to enhance the revenue flow by pointing people to Bing and Edge. The problem is that one fix can break something else. A wow interface which people hate etc. A disastrous result in change generates all kinds of speculation of motive. But a company’s motivation in spending money on change is always to improve something.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.