Slashdot Mirror
Pop-Under Deception and Private Property
RogerRamjet98 writes "I was browsing the web today and I got hit with a pop-under ad. Annoying but no big deal, right?
Wrong. This one managed to change my home page to (CT:Link removed. Why would we send these dicks traffic?)
Which pretends to be yahoo, and is convincing enough to fool the average computer user, but is really a platform for launching more pop-under ads.
Combine this with the AOL/WinXP news, and it makes me think that the settings on my computer ought to enjoy legal protection as private property: Changing them without my permission (such as adjusting my home page, or whatnot) should constitute assault or trespass." Or turn of JavaScript. Or don't run IE. But good luck on that trespass case. With a history of laws like the DMCA, Uncle Sam can only make it worse.
Most recent browsers provide a function in their scripting that lets you set the home page for the browser. This is what sites use when they provide a button that says "Click to make this site your home page" or some such. If you've got sensible browser security settings in place, you'll get prompted before the browser will actually do it, but many people have security settings too low for that. For those people, all it takes is a web site that hooks up the script to set the home page to run when the page is finished loading, and bang, one reconfigured browser.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Probably not. In fact iexplore has considerably finer-grained controls for javascript (or as it says, "scripting of java applets") than netscape (or at least current versions of netscape).
Options -> Internet Settings -> Security -> The Internet -> Custom -> Scripting
and set everything to either "Prompt" or "Disable" as whim requires.
I don't know much about javascript but what I have worked with is that there is a command to actually change your homepage. it was originally intended to be like "click here to make this your homepage" kind of thing. unfortunately javascript also allows things to happen automatically like linking automatically, etc. so these people put 2 and 2 together and voila. annoyance without a lot of effort. ;)
I would look up the commands for you, but I thought it wouldn't be that great to post 'em all over.
p.s. not tested for accuracy
"It has always been this way and it won't change, god bless the fucked up USA" The Briefs
I have a link on my homepage that allows you to set your browser homepage to that page. If you click on it, IE displays a message box confirming the change. Either this guy is not running IE, he clicked Okay, or there is some security setting that I don't know about that turns off warnings. In the second and third case, its his own damn fault for either accepting the change or having his security settings so open.
Hit his URL:o ns/javascript.html#7 for Netscape's guide to how to use JS to change user prefs...
http://developer.netscape.com/support/faqs/champi
The one that hijacked my IE browser was http://searchnow.ws. Whatever set that to my homepage also added porn sites to my bookmarks. These people should be shot.
I've been to several pages with code that tries to alter my homepage and every time this little IE window pops up with a home icon and says "Such-And-Such is trying to make this your homepage, do you want to proceed? [OK][Cancel]"
This is on IE's Medium security level. On High I'm sure it is even more protective. So can we please be clear about this? Is this new trick able to bypass these kinds of protections? Is this a problem only on Netscape or IE or any JavaScript enable browser?
Keeping in mind that MS wants everyone's homepage to be MSN.com (the first thing IE goes to after installing is a page with code to make MSN your homepage) I can't believe they would allow any website to so easily snatch this setting without user interaction of some kind.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing