Slashdot Mirror
Blocking Pop-ups at the ISP Level?
roXet asks: "I work for a small ISP that offers dial-up and DSL in Louisiana. In the wake of the big boys' new wave of pop-up and spam blocking advertisements, I am looking into providing these services for our customers. I hate the thought of filling my customers machines with proprietary software, if for no other reason than I see it creating a support nightmare for our call center. I have found several options for blocking spam at the network level, but I have yet to find a good solution for getting rid of pop ups. Has anyone found a good method of doing this at the ISP level?"
You can set them up with an alternative browser. Mozilla Firebird is fast and does popup blocking, and is by no means proprietary.
Blocking website popups at the ISP level would be hard. Sure, you could set up your own http proxy and replace occurances of "open(" with something else, but it's so easy for a web site to obfuscate their popup code to get past such a filter and you would also be breaking countless sites that don't use popup ads.
You can no doubt block gator and a bunch of other insidious adware though. Just block all their domains and executable filenames. Most low end firewall/routers have a url filtering feature that's adequate for this. The people who are hit by the most popups often have one or more of these installed and don't know about it.
Wouldn't that involve the ISP looking at what you're doing, and be a horrid invasion of privacy?
I definitely do not want my ISP monitoring my packets. And yes, I expect many replies to this to say "Oh they watch everything you do". I don't subscribe to that level of conspiracy theory.
propz to GNAA.
The problem with popups isn't the window it opens, but rather it opening without expressed permission. Use Opera or Mozilla and popups are no longer a complaint. Why filter at the ISP level? There are some sites that use them legitimately. (Not auto popups, but opening of popup windows via click.)
"Derp de derp."
There have been several replies already saying "give them a different browser". However, reading the request, it is quite clearly stated that changes to the client machine are not desireable due to the support time involved. :)
So shaddap about the browsers already!!
But, back to the question at hand, I'm afraid that blocking at the ISP level will be:
A - fairly difficult due to obfuscations. The ISP really isn't going to be doing anything different than a normal pop-up blocking mechanism at the client would in terms of figuring out what is or is not pop-up code and the pop-up people (insert scary mental image here) are already doing their level best to defeat that.
B - potentially a legal problem as any blocking mechanism that the ISP implements at the network level will, in effect, be interfering with the clients' "communication" with the website in question. The FCC might have something to say about that.
However, I'm sure there could be a way to set up a database and have people opt-in for pop-up blocking service. IANAL but I would think that them actually requesting such service would clear most legal hurdles.
As for solutions, I wonder how hard it would be to extract the relevant code from Open Source browsers and make a little routine to rewrite/replace scripts on the fly...? It would almost have to be a proxy though so you could track (and allow) pop-ups which were actually requested.
So the answer is: Don't set up a transparent proxy. Instead, set one up that customers can "opt-in" to use.
Your savvy customers will thank you, and people won't be offended by having the choice taken away from them.
This page appears to cover everything you need to know. But I suspect you've been too busy closing random pop ups to be able to use google
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
A popular solution is Privoxy's popup blocking chained with Squid's caching. In my opinion, that's the way to go. Privoxy by default also blocks ads and webbugs and nasty javascript and other things, but you can disable those features.
These could probably be configured as a transparent proxy if you don't want to set it up manually on users' computers, but speaking as a power user, I would never sign up with an ISP that stuck me with a proxy I couldn't avoid.
Random and weird software I've written.
http://www.proxomitron.info/
Proxomitron is a proxy that provides that as well as many other features. Since it is a proxy you could put it on your servers and provide access only for your subscribers. Make it optional. Most good browsers offer easy switching between proxy and non-proxy mode.
Proxomitron offers more then just popup blocking, and also by letting them use the ISP as a proxy they have an additional level of anonymity.
You would need to configure Proxomitron to a useful, but not too invasive level, or offer multiple proxies at different levels of restrictiveness. Then the use can pick which one they want depending on their needs. Document it all really well on your support site.
"Anything is possible with enough programmers, time and pizza." (Substitute caffeine for time as needed.)
> Strongly insist that they use a modern, good quality web browser
You don't have to insist; just put it in the Internet Connection Kit that you
send them and have your installer set it as the default browser and change out
the IE shortcuts on the desktop for your approved browser. If the user wants
specifically to use IE, they still can, but most will just click the big fat
shortcut on the desktop and be happy. Make sure you configure it so that
unrequested windows are not loaded by default.
While you're at it, put in a decent mailreader (Pegasus is good). Your users
will be believe that your email service is better, because most users can't
tell the difference between the service and the client software. Users who
try a competitor's service will get frustrated with MSOE and come back to you.
Cut that out, or I will ship you to Norilsk in a box.