Slashdot Mirror
Pop-Under Deception and Private Property
RogerRamjet98 writes "I was browsing the web today and I got hit with a pop-under ad. Annoying but no big deal, right?
Wrong. This one managed to change my home page to (CT:Link removed. Why would we send these dicks traffic?)
Which pretends to be yahoo, and is convincing enough to fool the average computer user, but is really a platform for launching more pop-under ads.
Combine this with the AOL/WinXP news, and it makes me think that the settings on my computer ought to enjoy legal protection as private property: Changing them without my permission (such as adjusting my home page, or whatnot) should constitute assault or trespass." Or turn of JavaScript. Or don't run IE. But good luck on that trespass case. With a history of laws like the DMCA, Uncle Sam can only make it worse.
Actually this is a common problem and growing more so at the moment - it was only on warez sites and porn sites but is increasingly common. The other night i was involved in 'ahem' warez surfing (i know i know) and came across a link i thought looked good, clicked on it and copped 12 popup windows (yep i expected it and should have) what i didnt expect is a changed home page and 10 new favourites not to mention that lovely code that locks a window at full screen and you cant close it - you have to CTRL-ALT-DEL
no warnings and no question - this can be done and according to my developers is really easy to do - and as these days to get all web pages to work you need to use IE- theres not a lot of choice - of course you can lock it down but that means many things wont work properly anyway - so whats the solution ?
someone come up with an answer for this ? PS popup killer doesnt work with My IE - i use cable and of course it doesnt work as its a customised version.
So any ideas ? (please dont advise me to change to Mosaic or Netscape or opera as i cannot do that with my cable provider (i love opera but it wont work properly with most of my plugins without playing and i dont see the point of having a broadband link and a crippled browser - i spend my days playing with servers and dont want to spend my nights configuring browsers - this is why i dont use linux at home)
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
Changing them without my permission (such as adjusting my home page, or whatnot) should constitute assault or trespass.
Actually, this may constitute breaking the law. After all, if you hack into someone's computer and change any data on their computer, then you've broken the law. If you write a virus that goes in and changes data on someone's computer without their knowledge, again, you've broken the law. Seems to me that this qualifies. You don't have to do any damage, per se, but changing the data on their computer is enough.
IANAL, but I don't see a real distinction between a virus and what these ads are doing. Just MHO.
If CmdrTaco does so much as to even mention the name, that will almost guarantee increased hits, which is exactly what they want. Advertising is not about making people happy. It's about making people remember you and visit your website. It's based on one of the oldest principles of advertising: An entertaining ad is not nearly as effective as an annoying one.
.sig the way it is drives more hits to my MP3.com page than anything else I've tried -- internet pyramid schemes, MP3.com's auctions, and submitting to search engines.
Slashdotters are curious. We'll click any link and search any subject to learn more. Look at my post. Posting to slashdot with my
No, I can't help but feel that CmdrTaco did the right thing; even speaking their name here helps them out.
But of course, it's only a matter of time before some friendly poster mentions who it is anyhow.
Are there any people (who have enough knowledge of Internet Explorer or the Windows OS in general) how this could be achieved? I find it very disturbing that such settings (such as your browser's home page) could be altered remotely without your permission, which could constitute a breach of computer security. As far as I know, (depending on your jurisdiction) there isn't any specific legislation that marks your computer's settings as your private property. The only thing you can do is, like Taco said, disable JavaScript or don't run IE. Which makes sense anyway.
----------
When the pin is pulled, Mr. Grenade is no longer our friend.
Granted, I agree that we shouldn't send "those dicks" any traffic. And I agree that companies who do this sort of thing are indeed dicks. And I also agree that it would be most amusing to see an entire
But it would also get old quickly. So, Taco, what's the name of the organization whose link-to you removed? Not a domain or anything, just a noun that we can use instead of "those dicks."
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
But an IP address would also be nice, to give to the Code Red Worm...
There are any number of really good reasons to run both JavaScript and IE. As a web developer I love JavaScript. If I validate a form with JavaScript I save the user time since they don't have to wait for the server to validate and respond (the server its own validation, of course, so I don't save any CPU cycles). This is a win for both of us: the user gets a faster response and I get a happier user.
For people running Windows (nearly everyone, last I checked), IE is the fastest, most stable, and most feature-rich browser available. Yes, it's chock-full of security holes. That's by design. Microsoft is pretty explicit in trading usability for security, and it shows. [Some of] Their products are very user-friendly.
To avoid getting modded down as a troll, I'll say that Microsoft sucks and only lusers use IE. Lusers like my mom, of course, who has trouble enough on the web without me updating Mozilla to milestone "slightly faster than a melting glacier" every other week on her P200. I use Mozilla, and it kicks IE's ass for my use, and on my computer.
My point? The problems here are (a) lack of security focus by Microsoft. There should be no setting, anywhere, that allows changes to local software without explicit user consent. They have fucked this up royally, time and time again, and I don't think it's ever going to change. Plus, if they have their way, the concept of "local software" will go away entirely.
The other problem ((b), if you're keeping track) is human capacity for evil. Some PHB had a brilliant idea: "Ok, we need to change every directory name on the computer to 'Porn-R-Us.com'. You can do that, right?". Some low-life programmer said, "Sure, there's an ACtiveX control for it."
It all comes down to human decisions. Somewhere along the line a human being decided to fuck another human being to make a buck. The only way to stop this is to remove the buck. This is often done with a lawsuit, or other legal action. So I say yes, sue these bastards 'til they can't walk straight.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
Hit his URL:o ns/javascript.html#7 for Netscape's guide to how to use JS to change user prefs...
http://developer.netscape.com/support/faqs/champi
So when somebody portscans my system, I can't prosecute them because they "did nothing illegal". Even if they root my box, I can't prosecute because they "were just exposing how flawed my security system is"...
;) and information wants to be free.
When somebody distributes a copy of an MP3 ripped from a licensed piece of music, it's OK because you would not have bought the album anyway
But somebody changes your homepage, and suddenly it's a job for the federal government.
BTW, the DCMA, as stupid and flawed as it is, probably gives you some legitimate avenues to address this sort of offensive behavior.
I know the DCMA is the only reason you won't be seeing those dreaded "smart links" in the next version of Internet Explorer.
Mathematically impossible requirements are technically not against policy.
I've been to several pages with code that tries to alter my homepage and every time this little IE window pops up with a home icon and says "Such-And-Such is trying to make this your homepage, do you want to proceed? [OK][Cancel]"
This is on IE's Medium security level. On High I'm sure it is even more protective. So can we please be clear about this? Is this new trick able to bypass these kinds of protections? Is this a problem only on Netscape or IE or any JavaScript enable browser?
Keeping in mind that MS wants everyone's homepage to be MSN.com (the first thing IE goes to after installing is a page with code to make MSN your homepage) I can't believe they would allow any website to so easily snatch this setting without user interaction of some kind.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
"Don't touch a hot stove, dear."
"But Mommy, what does a hot stove look like?"
"I can't tell you that, dear. You might touch one."
You cannot apply a technological solution to a sociological problem. (Edwards' Law)