Public Outcry Over Popup Ads

JCMay writes: "FoxNews is reporting that more and more people are growing tired of so-called "pop-under" ads. Most fascinating I think is the comparison between these ads and gangland street violence: "They?'re like drive-by shootings," said Kipp Cheng, interactive news editor at Adweek. "Consumers will not put up with that." To FoxNews' credit, they even mention ways people can control pop-up ads, including a link to one of the worst offenders, offering a way to shut up those X-10 ads, even if for only a month." Fortunately, Konqueror allows you to disable popups with a single checkbox.

More than 30 days hack?

[Eagle7]

The link for the opt out is:
http://www.x10.com/home/optout.cgi?DAY=30&PAGE=htt p://www.x10.com/x10ads1.htm

I wonder if changing the DAY= value will actually work... looking at the resulting cookie didn't tell me much, but I've never actually used cookies, so I am not familiar with the format.

Re:More than 30 days hack?

[Tackhead]

> I guess the only problem is that X10 actually has to honor their own cookies. If they start noticing a bunch of cookies that have values greater than 30 days then they might just consider it invalid or issue another cookie and everyone will have to put up with those "pop-under" adds again. Then again, maybe they will get smart and just get rid of the pop-under ad alltogether... or maybe not...

This comment -- and the fact that other companies are going to start using the same technique -- is why I reject opt-out "cookie" solutions altogether.

The popup/under/banner/whatever ad-generating code is adversary code.

If you're going to jump through hoops to avoid these ads, might I point out that jumping through hoops to trust your adversary is a poor strategy. If you're going to jump through hoops, jump through hoops that will eliminate his ability to [ab]use your resources.

Option 1: Hack code to place a button on your menu bar (Mozilla, sorry about you IE users) that will toggle ALL Javashit on/off. You're usually only surfing one web site at a time, right? Click to turn it all on (your bank, your broker), click to turn it all off (X10, pr0n-hunting). I do this manually through the 2-3 menu-subtrees in Nutscrape 4, and I've found that I never miss Javashit, although it has the side effect of greatly reducing my tolerance for idiot webmasters that use Javashit buttons where a simple HREF would do. Thankfully, I don't go to many such sites on a regular basis.

Option 2: Find the location of the pop-under providers -- usually ad-servers like Doublefuck. Kill 'em in your HOSTS file on 'doze.

Option 3: Use a local proxy like Junkbuster or Proxomitron.

Bottom line: From a strategic perspective, it's stupid to use countermeasures that rely on either the integrity or negligence of your adversary, especially given the availability of other countermeasures that are not only more effective to begin with, but are (relatively speaking) immune from any action your adversary may take in the future.

The enemy can't run code on your box if you don't allow him to. And the enemy can't even deliver the damn payload (be it Javashit code, huge-azz Flash and .GIF banners, or Doublefuck tracking cookies) if you've blocked his ass at the firewall or proxy.

Re:More than 30 days hack?

[DJGreg]

Actually, Mozilla has some great features to deal with pop-up windows. This page goes over quite a few things that you can mess with that aren't available via the standard options dialog. Most notable is buried in the Other Useful Preferences section which discusses the user.js file. Within there are some great features to control when and what javascript is available to a page.. I personally love this feature.

This will help greatly with those websites that "require" that you have javascript enabled in order to view them, while also killing any javascript that you don't want to function..

Enjoy, and have fun.. ;)

-Greg

More to come...

We're going to see quite a few more of these in the very near future. My ad broker has infomed me that Orbitz.com, GetSmart Mortgage, ConsumerInfo, GetSmart Credit Card, and LowerMyBills are going to join the same campaigns. Someone should let these companies know that this sucks before they run with it...

Anonymous to protect my job...

Be prepared to pay

[SaturnTim]

Hey, I hate these ad's as much as anybody, but I hate the alternative even more. If you disable the advertising on a given site, that site stops earning money from that advertising, and either turns into a pay site, or closes it's doors.

--ST

Well...

[Violet+Null]

For Win32, all you need is regex knowledge and The Proxomitron.

Many ways to block ads

[crow]

There are many ways of blocking ads.

You can use a filtering proxy, like Junkbuster. Unfortunately, I find that Junkbuster slows down my connections too much, and doesn't forward error messages correctly, so it's not 100% transparent.

My favorite solution is to use /etc/hosts to list all the known ad servers and direct them to 127.0.0.1. I then run a webserver on my local box with the not-found error set to redirect to a transparent image. (I use IP aliasing on the loopback device for sites that use direct IP numbers for their ad servers.) This works for most sites, though some (like slashdot) serve ads off the same server that serves regular images.

Using the /etc/hosts method, I occasionally look through my cookies file and find indications of sites that need to be added. It's not perfect, but I'm satisfied with it.

Browser-based solutions are a good idea. I would love to block images that match certain dimensions (1x1) or have a URL that matches some regexp (/ads/).

Of course, the issue here is pop-up ads, which should be blocked by having browsers reject requests to open new windows that aren't in response to a mouse click.

I would like to thank X10

[chrysrobyn]

I had apparently forgotten to turn Java and Javascript off when I recently installed Mozilla. Thankfully, X10 was right there to remind me to take care of that oversight. Sincerely, A Former X10 Customer

From the Horses mouth

[cbowland]

Q: Can you turn your ads off so I never see them again?

A: Click Here! This link will prevent your computer from having the X10 "pop-under" ads appear for the next 30 days! You must make sure you have your cookies enabled, for this link will give your computer a cookie that will disallow X10 pop-under ads from appearing on your computer as you "surf" the Internet. If you clear or delete your cookies, then it will be possible for X10's pop-under ads to appear on your machine. If you don't know what a "cookie" is, then you're probably set and don't have to worry about it - just click this link to remove the ads!
A. Other: if you disable JavaScript in your browser the ads will not open, though this may prevent you from seeing some things you want to see. Ad-blocking software will also help with this problem.

I love that the call their own business a "problem"!

Give a man a fish and he will eat for a day.

Mozilla 0.9.2 Blocks Popups

[Meltr]

> Fortunately, Konqueror allows you to disable popups with a single checkbox.

Mozilla 0.9.2 can block popups, too, but there's no UI for it yet. Add this to your prefs.js file:

user_pref("capability.policy.default.Window.open", "noAccess");

You can also allow popups from some sites. See the 0.9.2 release notes for details.

What I did

[karmawarrior]

As I run my own (private, natch) name server, I put myself as "owner" of the x10.com domain in it, and had ads.x10.com resolve to a non-existant address. I've done much the same with doubleclick.com and other sites that have regularly pissed me off.

The result of this isn't that the windows don't continue to pop up, they do. But as they appear under the browser, it's no great deal. Most importantly, the ads don't suck dry my limited bandwidth (across a modem link) so I can browse at a reasonable pace.

For those who need to know, this is what I did (BIND4, as I'm using OpenBSD as my firewall/NAT-based proxy):

I added the line:

primary x10.com x10.com

to my named.boot file. Then created a x10.com file in my namedb directory, reading something like this:

@ IN SOA x10.com. nic.pillory.peh.link. (
19971003
28800
7200
3600000
86400 )
NS pillory.peh.link.
ads A 10.255.0.0
Actually, any half competent DNS admin should be able to do something similar with their setup.

This has benefits over putting the entries in your /etc/hosts in two ways: to begin with, everything under x10.com is blocked, so if x10.com start putting out stuff as ads2.x10.com, the block will still take effect. Secondly, the file applies to every machine on your network. If you have an Intranet at home like I do, that's useful.

Ultimately, if companies want money for their content, they'd be better off asking for it from me than bombarding me with ads. I fully intend to stop visiting certain sites, however much it pains me, until they start providing me with a way to turn off intrusive, bandwidth sucking, unstable browser crashing (y'hear me Netscape? ;-) advertising, whether it be via a subscription or some other means.

And yep, I put my money where my mouth is. I've put in my two year sub to Salon with donation. There's stuff out there I'm willing to pay for. I want to read the site, not get too pissed at it and impatient I end up surfing somewhere else...
--

Re:X10 opt out doesn't work

[Logic+Bomb]

Your question is at the crux of the advertising business. What marketers have learned is that recognition is everything. If you walk up to a grocery store shelf and recognize one brand name out of four offering a comparable product, you are far more likely to buy the one you recognize. There are good reasons for this (i.e. knowing Sony equipment is reliable), and marketers simply exploit it. No matter how annoyed people get at ads, few will say "oh, I hate those damn ads, I'm going to buy this product from a company I've never heard of instead." Companies will go to great lengths to get their name in your brain, and for good reason.

Re:Java and Javascript

[Rick+the+Red]

Here is the solution: Turn them off.

OK, so does anyone make a browser with a simple button that turns Javascript on and off? And another that turns Java on and off? And yet another that turns ActiveX on and off? MSIE can't turn them on and off individually, and they make it very hard to do that. Netscape 3 allowed us to turn them on and off window by window, but now (Netscape 4 and above) all instances of Netscape share the same process, so turn Javascript on in one window and you've turned it on in all of them (also, you crash one and all the others crash too, but that's another gripe). And even then you have to drill down through the menus and dialog boxes to do it.

Why won't at least one browser let the users decide how they want the browser to behave? Why do they all have this arrogant attitude that they know what's best for us? Pick a browser: for every "feature" they cite as an example of why their browser is best, I can cite five reasons why their browser is crap*. They all suck**.

* Slight exaggeration for dramatic effect.
** Severe understatement to avoid offending minors.

I am surprised that no one has mentioned this.

[Glowing+Fish]

Most fascinating I think is the comparison between these ads and gangland street violence: "They?'re like drive-by shootings," said Kipp Cheng, interactive news editor at Adweek. "Consumers will not put up with that"

Am I the only one who thinks this is ridiculous? I see one thing in common between drive by shootings and pop ups ads, that they are unexpected and unpleasent. But having a little shiny thing advertising a visa and having a bullet cripple or kill you are very, very different things, both in scale and in intention.

If I was going to compare pop up ads to anything that is annoyingly found in everyday life, it would probably be dogshit or those damn sugar ants...

Re:Mozilla does not allow on site by site basis.

[jacobito]

With some manual tweaking, you can disable popup ads for specific sites. (I assume the converse would work, too)

For instance, my user.js looks something like this:

user_pref("capability.policy.strict.sites", "http://ads.x10.com http://popup.msn.com");
user_pref("capability.policy.strict.Window.open", "noAccess");

Despite what the release notes say, user.js seems to be a better location for custom settings, because configuration changes made through the UI will often cause the entire prefs.js file to be overwritten.

See the Configurable Security Policies document at Mozilla.org for more info.

Of course, it would be nicer to disable ad sites on the fly, as they are encountered. If I knew a bit more about how Mozilla worked, I could probably do it myself, but I'm lazy, and Mozilla documentation is still a bit scattered. For all I know, it might be possible to do this sort of thing now with Galeon, but I haven't tried the latest release.

-jacob

This is just another arms race.

[MagikSlinger]

First the surfer strikes back with ad-blocking and simple browser configurations. Then the advertisers strike back with Java code that seeks out your ad-blocking software, disables it, then resets your browsers configurations. Surfers will then up the ante by using firewalls and java filters that spot the ad-code, but wait: the advertisers unleash their next generation of ads.

You innocently click on a site and laugh as you see your firewall happily report the Java counter-counter-measure has been stopped, but then you notice something's wrong with your firewall. The advertiser's website detected your counter-counter-measure and has responded with its own counter-counter-counter-measure. It procedes to hack your firewall, deletes your ad-busting software and changes your browser's executable so that you can only surf the web by going through the advertiser's site.

This goes on until surfers are using high-powered automatic assault rifles with teflon-jacketed "cop-killer" bullets to fend off the full marketing assault team busting down your door wearing flak-jackets and using Waco-style tactics screaming, "It's the world's tiniest camera! You must buy it!" Damn those conservatives on the Supreme Court for allowing marketers these liberties under First Amendment protection! But at least they allowed you to use your Second Amendment rights to defend yourself.

A hundred years later, civilization is in ruin. After the nuclear assault launched simultaneously by the Internet Advertising Bureau and the EFF, the world is reduced to rubble. In anger, everyone destroys their modems and Ethernet cards and a Great Burning goes up to punish those who brought the world to this. But somewhere, in a Utah monastary, monks work feverishly copying the last technological works of the 20th century: C++ User's Guide by Bjarne Stroustroupm, and Introduction to Berkley Sockets Programming. Will humanity be doomed to repeat this endless cycle of aggressive marketing?