Slashdot Mirror
Blocking Pop-ups at the ISP Level?
roXet asks: "I work for a small ISP that offers dial-up and DSL in Louisiana. In the wake of the big boys' new wave of pop-up and spam blocking advertisements, I am looking into providing these services for our customers. I hate the thought of filling my customers machines with proprietary software, if for no other reason than I see it creating a support nightmare for our call center. I have found several options for blocking spam at the network level, but I have yet to find a good solution for getting rid of pop ups. Has anyone found a good method of doing this at the ISP level?"
Wouldn't that involve the ISP looking at what you're doing, and be a horrid invasion of privacy?
I definitely do not want my ISP monitoring my packets. And yes, I expect many replies to this to say "Oh they watch everything you do". I don't subscribe to that level of conspiracy theory.
propz to GNAA.
The problem with popups isn't the window it opens, but rather it opening without expressed permission. Use Opera or Mozilla and popups are no longer a complaint. Why filter at the ISP level? There are some sites that use them legitimately. (Not auto popups, but opening of popup windows via click.)
"Derp de derp."
There have been several replies already saying "give them a different browser". However, reading the request, it is quite clearly stated that changes to the client machine are not desireable due to the support time involved. :)
So shaddap about the browsers already!!
But, back to the question at hand, I'm afraid that blocking at the ISP level will be:
A - fairly difficult due to obfuscations. The ISP really isn't going to be doing anything different than a normal pop-up blocking mechanism at the client would in terms of figuring out what is or is not pop-up code and the pop-up people (insert scary mental image here) are already doing their level best to defeat that.
B - potentially a legal problem as any blocking mechanism that the ISP implements at the network level will, in effect, be interfering with the clients' "communication" with the website in question. The FCC might have something to say about that.
However, I'm sure there could be a way to set up a database and have people opt-in for pop-up blocking service. IANAL but I would think that them actually requesting such service would clear most legal hurdles.
As for solutions, I wonder how hard it would be to extract the relevant code from Open Source browsers and make a little routine to rewrite/replace scripts on the fly...? It would almost have to be a proxy though so you could track (and allow) pop-ups which were actually requested.
There are 2 types of popup blockers.
Nope, three. Konqueror has 'smart' popup blocking where it allows popups that result from an action I take (click a link, keystroke...) and blocks the rest.
It's great because it doesn't break sites that use popups for various legitimate reasons.
Here before all but 8486 of you.
So the answer is: Don't set up a transparent proxy. Instead, set one up that customers can "opt-in" to use.
Your savvy customers will thank you, and people won't be offended by having the choice taken away from them.
This page appears to cover everything you need to know. But I suspect you've been too busy closing random pop ups to be able to use google
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
Argh. No. Not transparent proxies, unless you're providing an opt-in mechanism (say, a value-added service) to do so. It's *so* frusterating when ISPs start mucking with my network connection (firewall incoming and outgoing SMTP or transparently proxy it, block outgoing DNS, etc).
ISPs bitch about how they can't provide tiered service. Spam blocking, popup blocking, firewalling, are *all* great things to toss in value-added packages to provide tiered service. They, however, drive many people (who don't *want* said "service") to tears.
Another option would be a opaque proxy and to provide a mini application that sets it up.
May we never see th
To be honest, I couldn't give a toss whether the ask slashdotter found that page or not. My main point is that he should make this service opt in, as no one likes to be forced to use a transparent proxy.
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
I'd like like to plea with you (and all ISPs) not to do anything like this.
As far as I know, your only options are:
* Making the user use some sort of filtering software, e.g. Proximotron or Google Toolbar.
* Making the user use a browser with built-in popup blocking.
* Filtering HTTP requests.
I recently had a big problem getting an XML-RPC based app to work. Turns out that Proximotron had been installed (without my knowledge) on the client system, and was adding it's popup blocking stuff to the XML-RPC response. While this is fine for HTML, it is definitely not ok for XML.
You can argue that XML-RPC/SOAP is a perversion of the HTTP standard, but apps using it are already deployed, and as a network admin I have to deal with it. Please don't make my job harder.
> Strongly insist that they use a modern, good quality web browser
You don't have to insist; just put it in the Internet Connection Kit that you
send them and have your installer set it as the default browser and change out
the IE shortcuts on the desktop for your approved browser. If the user wants
specifically to use IE, they still can, but most will just click the big fat
shortcut on the desktop and be happy. Make sure you configure it so that
unrequested windows are not loaded by default.
While you're at it, put in a decent mailreader (Pegasus is good). Your users
will be believe that your email service is better, because most users can't
tell the difference between the service and the client software. Users who
try a competitor's service will get frustrated with MSOE and come back to you.
Cut that out, or I will ship you to Norilsk in a box.