back to article Devs SLAM UK.gov's JavaScript-astic, 'shoddy' security education website

A high profile UK government cyber security campaign aimed at changing attitudes to online security has come under criticism for the poor quality of its expensive website. Cyber Streetwise was launched with great fanfare, and much positive comment from the IT security biz, last month. It was part of a campaign led by the Home …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Bears and woods....UK Gov IT is all bears and woods!

    Like others I've worked on internal UK Gov projects, seeing this has absolutely no surprise to me. The biggest problems I saw on the projects I was involved in, were the constant interference from the 3:1 manager-to-developer personnel ratio!

    1. Valeyard

      Re: Bears and woods....UK Gov IT is all bears and woods!

      Having worked in gov IT i see your 3:1 manager to dev ratio and instead of a grin at a jolly good exaggeration i'll just join you in a solemn, knowing frown

      It got to the point when they realised so many of the normal staff were now managers that they had to invent new lower paygrades for the new people joining as non-managers

      1. HollyHopDrive

        Re: Bears and woods....UK Gov IT is all bears and woods!

        ...ditto. And most of the guys who worked there were learning on the job and weren't that good at learning either. They were far more interested in lunch time, their holidays and general entitlements not to mention getting their moneys worth out of the sick leave. Oh, and you never see one do any extra hours without 'overtime'. [which was rarely on offer....so no extra then]. And the manager seem hell bent on making the wheels turn as slowly as possible.

        Not saying everybody who works in Gov tech are all like that, but I've worked on gov projects a couple of times over the years and none of the projects have ever left me to conclude anything different than the above.

  2. JayB
    Unhappy

    Govt/Civil Service Vs Anything to do with computers

    Seems to be pretty much doomed really... first we had the road accident that is The Year of Code, now we've got Cyberstreetwise....

    Also, I note CyberCrapWeb gets 4 million and fusterclucks it, yet a national initiative to teach kids "code" fusterclucks it with only half a million.. Much better value for money there!

  3. Anonymous Coward
    Anonymous Coward

    Great!

    Perhaps they can persuade the UKs banks and large online retailers to take online security seriously - far too many sites have password and ID verification policies that appear to have been thought up by a primary school class or seem more aimed at limiting the organisations liability (very UK) than preventing breaches.

    1. Anonymous Coward
      Anonymous Coward

      Re: Great!

      Perhaps they can persuade the UKs banks and large online retailers to take online security seriously

      Alas. I refer you to a statement:

      The Cyber Streetwise campaign aims to effect behavioural change

      The best behavioural change is effected by giving a good example. This site seems to be too much "do as we say, not as we do" which is EXACTLY the wrong message to give.

      BTW, the problem you illustrate have little to do with taking online security seriously - it's more about allowing them to evade liability if they have followed some basic rules. This is really the main problem in industry: practically all budgets I have seen are aimed at doing just enough to avoid liability, not to actually SECURE the place. As long as the focus remain on that instead of a genuine desire to protect the clients I fear nothing will change from the presently more or less ritualistic overpaid administrator approach to IT security.

      ALL IMHO of course..

      1. BlueGreen

        Re: Great!

        > aimed at doing just enough to avoid liability, not to actually SECURE the place

        It pains me deeply to say it but this is in fact a perfectly logical approach. Where you can offload liabilities so others get the hurt, this is the 'sensible' option for a business short of cash, or legally required to maximise profits.

        It says so much about our society, I think.

      2. Anonymous Coward
        Anonymous Coward

        Re: Great!

        "The Cyber Streetwise campaign aims to effect behavioural change"

        Yeah, the comment was more hope than expectation, this being gov.uk.

        Re liability: one of the little lines that really irks me that banks regularly deploy is "...taking steps to safeguard your money" or thereabouts. It may well be 'our money' in some greater scheme of things, but if they can't take the appropriate steps to stop it getting nicked, its their problem as far as I'm concerned; tinkering with the paintwork may help them avoid legal liability, but they'll still be thieving shits.

        I had a card lifted in Thailand about 10 years ago, found out quickly and duly reported it, at which point as I understood it, it stopped being my problem. There were several small transactions some hours after that and I remember calling their call centre and pointing out to the Purveyor of Canned Tritisms at the other end that these were not my problem. He agreed and they were removed, but he still insisted on banging on every other sentence about the steps they were taking to recover "your money" even though he'd just agreed it wasn't. It feels like social engineering; blame the victims till they believe it themselves - really so much 'UK'.

        Physical banking required the exercise of very few skills on the part of consumers to keep it reasonably secure; online banking and electronic transactions need to reach something of a similar standard, and pushing the liability bar much higher would seem to be the best way to make that happen.

        1. Wensleydale Cheese

          Re: Great!

          "The Cyber Streetwise campaign aims to effect behavioural change"

          We want you to switch Javascript on.

  4. blofse

    The cynic in me thinks this is just because they want to censor the internet.

    By 'advertising' that the web is insecure and you should be more savvy, it makes filtering easier to swallow. We have had months of media about cyber stalking, bullying and paedophilia and this is the next step toward acceptance.

    It's all a lovely organised ecosystem of information control and censorship don't you think?

    It's funny how the system works. Global warming (as another example of a government hot topic for manipulation) has moved into a strange state at the moment - it's now barely mentioned, it's just implied. I have not seen many news articles blaming the 'extreme' weather on global warming, and yet a year ago that's exactly what they did and ten years ago it was bad to even mention the idea!

    Happy Friday everyone!

    1. Bogle

      Off topic, but the front page of The Grauniad today has a large piece on global warming (and squabbling politicians).

  5. Snivelling Wretch

    Oh how sweet - they've recreated the Flash "loading, please wait" splash screens of yesteryear.

  6. MatsSvensson

    Check out the site with images turned off.

    The entire visible content is the word "Loading"

    1. Tyrion

      > Check out the site with images turned off.

      Or with Noscript installed.

      1. John Tserkezis

        "> Check out the site with images turned off."

        "Or with Noscript installed."

        It gets worse. I have NoScript, GhostScript, and AdblockPlus installed and running.

        I have to disable all three, and thus make my browser inherently insecure, just to view their site that doesn't even tell me how to make my browser secure.

        Not only that, with LightBeam, I see they connect to a number of sites that are considered the pinical of security: Facebook, Twitter, Mookie1.com, doubleclick.net... (there may be more, I have a lot disabled)

        If you visit the Privacy Policy page, note how they collect information about you, then spread it via Twitter, Facebook, Mookie1 and doubleclick. If there is text with a scroll knob, try using your mouse scroll wheel to scroll up and down the text. Then try watching their sample videos, the first half loads quickly, and when it waits to buffer again the second half loads quickly - I'm appalled to say, but the YouTube experice is by far superior.

  7. batfastad

    Accessibility requirements?

    Official government line: Any accessibility requirements? Then go F yourself.

  8. Bob Dunlop

    Javascript disabled

    "It looks like you have Javascript disabled. You will need to enable JavaScript in order to use this site."

    As a security measure I only enable JavaScript for sites that I trust. Government web site, trust ? FAIL.

  9. frank ly

    Is this what's called a 'cyber jerk'?

    According to my Request Policy plugin, cyberstreetwise.com puts out requests for content to rackcdn.com, which them puts out requests for content to cyberstreetwise.com. As well as the usual suspects such as facebook and twitter and google analytics, they then try to load javascript from mookie1.com. WTF is mookie1.com and why should I trust it?

    1. websey

      Re: Is this what's called a 'cyber jerk'?

      You shouldn't it is a marketing agency (I assume the ones who built the site)

      1. Semtex451

        Re: Is this what's called a 'cyber jerk'?

        mirky1 more like

    2. John McCallum
      Windows

      Re: Is this what's called a 'cyber jerk'?

      they then try to load javascript from mookie1.com. WTF is mookie1.com and why should I trust it?

      If Internet Explorer willnot show the page WHY should anyone trust them?

  10. Elmer Phud

    Hmmm

    Another 'We know what's best' -- file with 'Ask Frank'.

  11. David 138

    That site is HARD going. There is some useful information but how the hell do you find it!!! Whoever designed it should be shot.

    1. Frankee Llonnygog

      RE: Whoever designed it should be shot.

      Nudge Digital, a leading marketing agency in Bristol

  12. Frankee Llonnygog

    Cyber?

    It's 2014. Cyber Streetwise - my cringe-o-meter just exploded.

    If you use the word "cyber" in a security context, it means the following:

    - You work for UK Government

    - You are clueless about security but responsible for it

    - You will implement it in ways more damaging than the threats you're mitigating

    - You will be ripped off by your suppliers

    - You clueless bosses will see that all security checkboxes have been ticked, so you'll be promoted

    Our in-house security team always use the word "cyber" and all these principles apply

    1. Anonymous Coward 101

      Re: Cyber?

      I honestly thought the website was aimed at teenagers, due to the cartoon images of young folk and the use of 'down wiv da kids' expressions like 'streetwise'. Was it really the case that the website was aimed at SMEs and woman of a certain age?

      From what I saw of the website, the content isn't terrible, but it should have been better.

  13. Tyrion
    Linux

    Which OS?

    It only has instructions for Windoze and OS X. Guess I'm Sh*t out of luck then because I run GNU/Linux.

    1. Anonymous Coward
      Anonymous Coward

      Re: Which OS?

      "Guess I'm Sh*t out of luck then because I run GNU/Linux."

      Well it does still only have a 1% market share. Can't expect them to cover every wierd and wonderful possibility.

  14. JonP

    point and click

    Looks like one of those '90s point and click adventure games, but less responsive. An awful lot of effort and waiting for a couple of paragraphs of bland text and a few links to other websites.

    Still, a bargain for only 4 million...

  15. Nick Ryan Silver badge

    If the site was aimed squarely at children or as an online game then the overall presentation with the parallax (layered) scrolling and cartoon style graphics is actually very good. And they even avoided using Flash.

    The navigation, however, sucks balls and is very much along the level of incompetence exhibited by flash "web designers". e.g. they have no clue whatsoever about web design, optimisation or anything so they just made an all inclusive flash "site". Generally a desire to control everything and re-implement everything in a custom manner that makes no sense and is not optimal for any user or device. But it looks pretty when a screen shot is taken.

    ...and this is pitched both at businesses and home users???

  16. AlbertH

    The utter cluelessness, incompetence and stupidity shown on this site ensures that nobody will take it seriously. Also, much of the information is just plain wrong and there's no mention of Linux or BSD.

  17. Anonymous Coward
    Mushroom

    Really?

    FOUR MILLION for a cartoon street.

    Well I suppose those 5-6yr old budding CEO's of the future might find it fun to look at.

    I know you have to design things to appeal to the lowest audience who may have limited attention spans, but still, FOUR MILLION...

    .

    1. Frankee Llonnygog

      Re: Really?

      To be fair, it's £4million for the campaign. That includes plastering posters and ads everywhere. Still a waste of our money though

  18. foxbat42

    WTF?

    69 Accessibility errors on the homepage alone. 2 HTML5 code failures, doesn't work with Javascript disabled.

    If they were planning on how to show you NOT how to do a website properly I'd say they've done a pretty good job.

    1. I am not spartacus

      Re: WTF?

      Certainly for me, they've managed to completely mess up site navigation, too. OK, I wasn't expecting to be very impressed, but I was expecting to be able to go back.

  19. Anonymous Coward
    Anonymous Coward

    Haven't time to actually check it. First thought reading the article was 'sounds like Microsoft Bob'. Then ViOS came to mind.

  20. Camilla Smythe

    Fucking Knobs

    http://urlquery.net/report.php?id=9435208

  21. Allonymous Coward
    FAIL

    Well, I don't know about you, but I'm convinced

    > The FAQ also deal with why the site site was so JavaScript-heavy.

    >

    > "We used JavaScript to create an immersive user experience for both

    > audiences, allowing them to explore the content – learning the basics

    > on their journey, while being able to choose to read further.

    So by clumsily breaking out of a well-understood and well-tested user experience (browsing web pages) they've somehow made it more immersive? As opposed, to, say, introducing introducing a jarring dissonance?

    And what happens to the "immersive" user experience when the user hits one of the (many, many) external links and end up off on some banking website or wherever?

    > There are no page refreshes throughout the experience, which is

    > completely served using HTML5 and JavaScript."

    Okay. So the site's JavaScript-heavy because it's completely served using HTML5 and JavaScript. I don't think that explanation has quite the causal relationship they were looking for.

    And anyway, what's wrong with a few page refreshes? Are we still all on dialup? Clearly it's much more immersive to spaff a great wad of JavaScript into the user's browser and have a cute little Shoreditch "loading" throbber every so often.

    > Women aged 35-55 and SMEs

    It's 2014 for $DEITY's sake. A surprising number of people know how to use websites without being patronised by cartoon graphics and so-called immersive experiences. Yes, that includes women aged 35-55 and SMEs.

    > "Small changes in behaviour^H^H^H Wasting less taxpayer money on

    > badly thought-out digital campaigns could save the public and small

    > businesses in the UK a tremendous amount of money."

    FTFY.

  22. Anonymous Coward
    Devil

    "We used JavaScript to create an immersive user experience"

    I'd love to give these people an immersive experience in a bath of acid.

  23. Tom 7 Silver badge

    Accessibility

    If you start with accessibility in mind you generally end up with a web site that does the basics of what 'the customer/client' needs it to do in a simple, logical easily tested and easily maintained way. Then* once you've done what you want in the no-frills does what it say on the tin accessible site then the graphic designers and coding monkeys can be let on board to fuck the hole thing up with code and graphics done on a friday afternoon and it turns into a battle of unproductive wannabees trying to sell their snake oil.

    *The achievements in my career that give me the greatest pleasure are the ones I managed to get the accessible but functional site live due to some government milestone.

    They've just paid four fucking million for about 100 html pages cut and pasted from other sources.

  24. Will Godfrey Silver badge
    Meh

    Oh come on now

    Is anyone really surprised? I'm actually quite impressed. They have a huge range of website usability to get below... and they succeeded!

    P.S.

    I wonder how their 'immersive' site would help a 40 year old blind woman, who runs a small music promotions business.

  25. Mephistro
    Devil

    The privacy angle?

    So the UK government has now another easy and convenient method to pwn the computers of the general populace. Great!

  26. Stimpy77

    CyberStreet = Sesame Street

    In case it was missed (seems it was), the "Cyber Street" was clearly themed in accordance to Sesame Street as its inspiration. If you don't know what that is, it might be an American thing. Google it.

    1. Jamie Jones Silver badge
      Happy

      Re: CyberStreet = Sesame Street

      Sesame Street is well known this side of the pond too!

      I think 'aqua' was the first foreign word I learnt! Dunno why that particular word featured so prominently!

  27. Anonymous Coward
    Mushroom

    regarding the size of the javascript.

    Maybe the same people who developed VMware 5.5's web interface did it.

    1. Christopher W

      Re: regarding the size of the javascript.

      Lest we forget, that's also a Flex abomination... Wait until uk.gov sites start asking you to install 'browser plugins' to enable such advanced functionality as page changes, and link clicks. Probably about a year off at most given this latest effort.

  28. Jamie Jones Silver badge

    People use mobiles and tablets these days too!

    Crawls along so slowly on my tablet, it's unusable.

  29. ecofeco Silver badge
    Paris Hilton

    You get what you pay for

    You read that right.

    They paid for a crony to make millions who in turn, paid for cheapest code monkeys he could find.

    Nobody wants to pay a website designer these days.

    Nobody.

    And this is what you get.

  30. Adam Foxton

    Now now, this does seem to be a wires crossed thing.

    The intention was likely to have no 'buffering' or slooooow page transition to give a good user experience.

    Somewhere down the line a middle manager has made that 'page load times as close to zero as possible', and the next one down says 'zero page loading times ever.'

    Its the same management structure that thought you could target women 33-55 and SMEs with exactly the same site. And the same management structure who didnt think that 'good practice is good practice, regardless of who you're talking about'.

    Never attribute to malice what can be attributed to incompetence.

  31. Shell

    Web application != website. That's the fail here. There's nothing intrinsically *wrong* with a JavaScript framework application (BackboneJS, EmberJS, pick your flavour), but in this context it was just a horrible choice of technologies. What were they thinking?

    Some of the upstream notes about payload side are a little naive. Moderns applications will localstorage assets, so it's essentially a non-issue. Same goes for navigation/state.

    1. I am not spartacus

      "What were they thinking?"

      I think that you are misunderstanding the development process here. The 't-word' is one that just does not apply.

  32. AndyDoran

    javascript & cookies

    When browsing to the site:

    www.cyberstreetwise.com

    I get redirected to the SSL version:

    https://www.cyberstreetwise.com/

    which seems fair enough. I then see a polite message telling me I have Javascript disabled (I use NoScript). Fine. I enable Javascript for the domain cyberstreetwise.com and then.... absolutely nothing, just a blank page! Only when Javascript from (apparently completed unrelated website) rackcdn.com is enabled is there any content. Hopeless.

    Good to know I can enjoy the website without any annoying page refreshes - yes, those "Loading" pauses are just fine.

    I had to laugh when I read the first few lines of the Privacy Policy: "Cyberstreetwise.com collects your personal information through cookies placed on our website either by a third party or hosted by Cyber Street". Good to know they have these cookie-things under control.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021