I don’t normally want to criticise websites, but I’ve heard so many complaints about our National Day Parade (NDP) website and I can’t help but agree with them. It’s almost a national embarrassment that a country with such advanced and developed infocommunications capabilities could not find someone better to showcase its most important national event on the Internet.
It’s not even just one aspect where the NDP website is failing. There are problems with security and privacy, design and layout, HTML coding, and more.
Let’s start with security and privacy. It’s one of the biggest thing on the Internet that everyone is concerned about. You see, the ticket balloting submission, in the sub-site http://eballot.ndp.gov.sg/, does not use SSL to encrypt its web communication. They are going to ask people to submit private personal information, but they don’t think to use encryption on their website. Really?
As you can see above, the form data is submitted in a plaintext HTTP POST. Adding SSL is such a simple thing to do, but apparently there was no one on their team with even some basic common sense to think about it.
The personal data comprises full name, telephone number, and NRIC number. Our government frequently talks about Internet security, data protection, and most recently the Personal Data Protection Act (PDPA) which will become fully enforced from 1 July 2014, yet the NDP website doesn’t think about their basic sense of responsibility to protect the transmission of personal data. Sure, sure, I know, the government is excused from the PDPA.
I’m not done with security. Have you heard about SQL injection attacks? Unvalidated input? Well, the fellows behind the NDP website seem to know a little bit about that. They decided to be so paranoid about restricting input that your name, for example, is only permitted to contain alphabets and spaces. So, I’m very sorry, Singaporeans with See-Toh or Aw-Yeong family names, you are not permitted to join the ballot. The same goes for those who chose fancy names like D’Souza. Similarly, Nagaratnam s/o Subramaniam and Rajadarshini d/o Balakrishnan, you can’t be in the running either. Whoever wrote the specs for this app ought to be fired.
The HTML coding of the NDP website is also nothing short of atrocious. Totally embarrassing. 176 errors according to the W3C’s Markup Validation Service.
Yes, there are no doubt many repeats of the same type of error. But there are plenty of examples showing a complete lack of grasp of basic HTML. Or perhaps a total disregard for writing proper HTML. Whichever way, this says so much about their level of professionalism.
Let’s talk about site design. Oh dear, where do I start. At the top navigation bar, as you mouseover its various links, they become highlighted as you’d expect. However, the drop-down panel is completely the same. It’s the same because the drop-down panel is already populated with all the 2nd level navigation links. Then, in that case, there’s no need for so many individual entries in the top-level navigation eh?
Next, let’s talk about those greyed out links. Sure, I can understand it may be far too early before the actual NDP event, so some of the links may not yet be relevant. For example, they may not be ready to give out traffic information at this time. That’s fine. Then why put the link there at all? There’s no excuse for so many links to be not working. There are a total of 29 links in that drop-down panel, 15 of which are greyed out. That’s more than 50% of the links not working. Please tell me what impression that leaves you.
I’d say this website is a mock up to show how the final product will look like. That’s what a web design firm might do to demonstrate to their client what they propose to build. You don’t go live with such a half-baked website.
It gets worse. On the main page, as you mouseover the big tiles, you’d notice some tiles are clickable (indicated by your mouse pointer). The Photo of the Week, for example, seems to be clickable. Click on it, but nothing happens. Oh yes, that’s right, it’s probably not ready yet. This is a mock up. I’m sorry, let’s not dwell on not-ready things anymore.
Let’s talk about how the information is presented. For example, in the Media Releases page, the link for Theme, Logo & Concept is a ZIP file. The link for Ticket Balloting is a PDF. In fact, this style of just tossing in files, instead of putting proper content on a webpage, seems prevalent in other sections of the NDP website. Another example is the page on the Junior Red Lions, which simply contains a link to a JPEG picture about, well, the Junior Red Lions.
There’s yet another example in the Big-Hearted Family page. There isn’t even an effort to, say, properly lay out the image, again another fault that seems to be repeated in other pages.
If you ask me, this aspect of the NDP website almost seems to be a document repository. Just stash PDFs, ZIPs, and JPEGs in there.
Let’s talk about design again. Can you see the plethora of fonts used on the main page? Usually, you shouldn’t use too many fonts together. The page will simply look very haphazard, lacking consistency, lacking an identifiable style. It’s definitely possible to pull off a design that includes a myriad of carefully selected fonts. Obviously, this NDP website isn’t that.
Moving on, let’s check out the NDP website on a smartphone. Oops. They did not design for mobile. There’s no responsive design, and there’s no mobile site. It’s alright. Maybe they did intend for mobile users to use their prominently featured mobile app. Let’s take a look there. There’s a link to download the Android app. But wait, there’s no iOS app? Wow.
Last, but certainly not the end of it, the NDP website is not on IPv6. IDA has been pushing hard for IPv6 adoption in Singapore. They’ve said last year that 95% of government e-services are IPv6 enabled. It’s probably true. Oh, but not the NDP website. I suppose someone in the organising committee didn’t get the memo about IPv6 adoption.
I know the NDP website is fronted by Akamai, but Akamai does support IPv6. So it is strange that the NDP website would not be served on IPv6. I want to mention Akamai here, because it brings me back to the issue on security and privacy. Yes, the ticket balloting sub-site is also served through Akamai. Would you believe it, your personal data is being sent in plaintext, unencrypted for anyone in-between to see, across the Internet to a Content Delivery Network? What is wrong with the people behind the NDP website?
You see why I’m dismayed with the NDP website. We are a nation that’s strong in ICT capabilities. But we put up such a website for the most important national event. This is an embarrassment.