The fundamental attribution error, pain + reflection = progress

Hey all -

+ what I learned or rediscovered recently #

* The fundamental attribution error

The fundamental attribution error is a cognitive bias which frames positive outcomes and negative outcomes differently, depending on who did it.

For example, if I cut someone off in traffic, it’s because I was in a rush or I happened not to see the other driver. But if someone else cuts me off in traffic, it’s because they’re a bad driver[1].

The same goes for positives: if I do well on an exam, it’s because I studied hard and earned it. But if someone else does well, maybe the exam was simply easy or they happened to guess well.

This matrix illustrates how we explain behavior in ourselves versus others:

Of course, as the bias’ name implies, this asymmetric framing is an error, so it’s something we have to be aware of in order to fix. Since the natural tendency is to be biased, I think a prudent strategy is to lean a bit in the opposite direction.

If someone else does something good, now it’s a bit more likely it’s because of their personality. And if they do something bad, chalk it up to circumstances.

Similarly, if you do something well, better to attribute it just a bit more to luck than to ability (which can cause arrogance). And if you do something bad or poorly, it may be a signal to look inward rather than finding something else to blame[2].

* Pain + Reflection = Progress!

Ray Dalio suggests that we find personal growth through both pain and reflection. This short essay sums up my thoughts on it (as well as this one[3]), but here are two of my takeaways:

1. There needs to be some pain. A life with no pain, no challenges, no testing our limits, and nothing to overcome means we don’t have an opportunity to grow. This reminds me of kaizen and becoming complacent.

2. Pain without reflection is wasted pain. If we don’t learn from the negative feedback, we are destined to suffer the same pain again. So whenever you feel something uncomfortable, it is immediately a good idea to reflect on why that is and how you can fix it going forward.

A very similar idea is explored in the book Peak Performance: stress + rest = growth.

+ parting thoughts #

I’m reiterating this on behalf of Khe because it’s so important: “your phone is the weakest link in your digital security” (3 min. read).

If you use your mobile as a “recovery phone” for any online account (e.g. bank account, investment account, PayPal, etc.), here’s how easy it is to compromise your account: The hacker knows some personal information about you (eg. address, birthday, last four digits of SSN). All of this information was exposed in the recent Equifax hack, for example[4].

1. The hacker calls your mobile provider (e.g. Verizon). “Hi my name is . I'd like to change transfer my phone number to a new phone. Oh you need my address and birthday to verify my identity? Here it is."

2. The hacker successfully transfers your phone number to the “new phone” that they own.

3. The hacker goes to a service you use, like Gmail, and says “I forgot my password.”

4. Gmail issues a “Reset password” code to your phone, but now “your phone” is the phone that the hacker possesses.

5. The hacker receives the “Reset password” code on their phone, enters it onto the website, and is now prompted to set a new password.

6. The hacker resets the password, logs you out and completely owns the account.

It really is that simple. Terrifyingly simple.

And, not to scaremonger, I tried this on a few accounts. It’s surprising how little information you need to provide in order for a website to send a “Reset password” code to your (potentially compromised) mobile - often just a birthday or sometimes even nothing at all.

So here’s a preventive measure you must immediately take:

• Call your mobile provider. Tell them you’d like to set up a PIN or pass phrase in order for someone to transfer your phone number to a new phone. This way, when a hacker calls with your personal information on hand, they’ll also need to know the pass phrase or PIN. That alone should make a huge difference.

Thanks for reading,

Alex

[1] Also known as: “When I do it it’s okay, but when you do it it’s wrong.”
[2] Counteracting the self-serving bias.
[3] Interesting to see the late Aaron Swartz (founder of Reddit) also write about this topic.
[4] I think a precautionary mindset is to assume that hackers know a lot of personal information about you, just like Google, Facebook, Netflix, etc. Just imagine how many times you’ve written your billing address and birthday on some airline website - a single hack on any of these means your information is now forever in some hacker’s database.