Slashdot Mirror
The Return Of The Pop-Up Ad
SYFer writes "Shortly after upgrading my Macs to OS X 10.3.8, I noticed that I was getting pop-up ads on Safari. It had been so long since I'd seen a pop-up, I completely forgotten how annoying they can be. I went over to Apple's Support site to see if there was a relationship, but learned that the timing is just a coincidence (even though there's a lot of the usual FUD and flailing of arms in the discussion forums). In fact, it turns out that the pop-up advertisers (what's the proper denigrating term here?) have finally defeated the pop-up blocking functionality found in many browsers. MacFixIt is running a front page article on the topic and says 'Contrary to initial reports, this problem isn't limited to Safari; subsequent reports have noted pop-under ads victimizing a number of browsers that provide pop-up-blocking features, including the latest versions of Safari, FireFox, Mozilla, OmniWeb, and Camino.'"
I've had this trouble too just recently. I get one off and on at this site: http://www.scienceblog.com/cms/index.php.
Call me crazy (ok don't) but I thought I had spyware. I certainly don't. I'm running Firefox 1.0.
Hopefully they don't catch on too quick.
UID 1000000 is just around the corner.
In any event, it's going to be something of an arms race between advertisers and pop-up blockers. Ideally, these jerkwad marketers should realize that people using pop-up blockers do not want to see their ads and display them to someone else who does want to see them. If they can find anyone like that.
How am I supposed to fit a pithy, relevant quote into 120 characters?
I haven't had any popup ad troubles yet (Mozilla on Linux/x86) but the first time I tried to click on the "Read More" link below the story from Slashdot's main page, the web browser spontaneously closed itself. Interesting feature...
Do not look into laser with remaining eye.
-- Note: These Comments are Generated by ME! Not You! ME!
while browsing macslash.org, oddly enough. Fortunately there's nothing really interesting enough to justify the annoyance. The best way to fight this is to stop using pages that have these, and to let the owners know why you're not giving them your eyeballs any more. Scratch that, the BEST way is to find out what's powering these new ads and kill it on the browser. Ad arms race (again), here we come!
Lately I've been hearing complaints by people using Firefox of some sites having pop-ups come up again. The biggest complaint coming from people that visit The Drudge Report. I too have seen them.
However, ever since I started using the Adblock extension, as well as keeping an updated list of definitons, I haven't had these problems lately.
Urge to download...NCSA Mosaic...rising...
Opera is affected if you have javascript enabled and block unwanted popups set. Opera like Konqueror is immune if either javascript is disabled or block ALL popups is set.
The popup is done with a flash applet. I have flashblock installed, so I didn't see a popup intially. Then I clicked to start the tiny flash thingy in the left-hand bar, and a popup came right up.
http://z1.adserver.com/w/cp.x;rid=52;tid=4;ev=1;d
That javascript changes each time you load it (I think there are only a handful and the server picks one pseudorandomly). This means that sometimes it will hit you with popups, and sometimes it won't.
The code is obfuscated and I haven't sorted through it. The easy way to block it is to redirect z1.adserver.com in you /etc/hosts or block it at your firewall.
You may need to click on a link in order to experience the popup, though the links themselves are legitemate http hrefs.
Sig:Why copyright isn't a fundamental human right
AdBlock FireFox Extension
foo(bar(baz(fum())));
I use Only tabs, and think "new window"s are an absolutely horrible bug which should never have been included. I loath new windows. I think it's sickening that you need to install a seperate extension in order to hack on a way to use only tabs. I _NEVER_ use new windows.
And I've been getting popups for the past couple of weeks. Like, one or two. (they open in new tabs, not windows, but they still pop up)
So, no, it's not that.
-- 'The' Lord and Master Bitman On High, Master Of All
I'll second the recommendation of others here: block the ads at the DNS level. Windows users need to add entries to their local hosts file. Myself, running Unix at home, I use a three-step approach. First is a very small web "server" running on a scratch server. It's only job is to respond with a "404 Not Found" to any HTTP request (it does SSL and listens on ports 80 and 443). Second, I create a wildcard zone file for BIND that returns the address of my 404 server for any name in or below the zone's root. Third, I modify the named.conf file for the copy of BIND that serves my network, pointing each domain that's a problem (eg. "fastclick.net", "doubleclick.net") to the wildcard zone. Presto, as far as everything on my LAN's concerned any hosts in or under the domains I list now belong to me and my 404 server, not the companies who registered them. This can obviously be worked around by using IP addresses instead of hostnames in URLs in the ad HTML/JS, but nobody's doing that yet and if they do I can deal with it with some appropriate IP-level redirect rules in my firewall.
Advice to obnoxious advertisers: we control the clients, not you. If we don't like what you're doing, we'll do something about it. If you make it too hard to do something about it and won't change your ways, we can make you cease to exist. And with a Linksys router with custom firmware and configuration the non-geeks can get a turnkey solution too.
I haven't seen any popups in Safari. I'm on MacOS X 10.3.8 but I suspect this is not due to OS or app upgrades, it's some new technology. There is, however, a better solution to popups for Safari users, the plugin PithHelmet. Stops popups and almost all ads dead. Other OS users may find successful solutions with gadets like Privoxy.
Now if only I could figure out a way to get rid of "pop-IN" ads, like those annoying popup-style ads that appear inside the browser window, it's some sort of DHTML trick to make a closable window inside a frame. It's used on sites like wunderground.com and I hate it. Nothing can kill those yet.
A solution to this is to install the AdBlock extension for Mozilla/Firefox. Once you've done this, grab this list of search strings. Once you've done this, import the text file and you should be home free. Try to keep that file updated as it should be a good starting-off point, but will become outdated as time goes by.
I haven't tried this with the specific examples referenced here, but it ought to work in general in Firefox and other *zilla browsers.
1) Type about:config in the URL bar
2) find dom.popup_allowed_events
3) change the value to the empty string
Now no events allow popups by default. That means if you want to let a site pop up a window from Javascript you will have to whitelist it.
This blocked the popups on drudgereport.com for me when I tried it a few months back. I don't leave this setting on, for now, since I prefer to choose not to frequent sites that maliciously abuse me with ads. However, if it starts to become a regular nuisance, I will set Firefox back to this aggressive anti-popup setting. After all, nobody really NEEDS to use Javascript popup windows, and if I can see where a legitimate site is trying to do so, it only takes a few seconds to whitelist them in FF's popup blocker.
Just turning off JavaScript is horribly shortsighted.
As per the cousin post, there are good reasons for pop-ups in an application context; because JavaScript variables can be retrieved from spawned windows, pop-ups also make a good alternative to session cookies without placing anything in local magnetic storage.
But no sane developer is willing to rely on such an approach, mostly because of BOFH's with attitudes like that.
...When in doubt, think for yourself.
Well, here is what I do in Firefox. I haven't received any pop-ups (yet). In the options dialog, under "Web Features" you'll find that on the far right across from the "Enable Javascript" checkbox is a button that says, "Advanced."
"Allow scripts to: " (remove check marks next to the following)
- "Move or resize existing windows"
- "Raise or lower windows"
- "Disable or replace context menus"
I also uncheck "Hide the status bar" but that's a personal preference.After unchecking those along with having the pop-up blocker enabled I no longer get any pop-ups. And I really don't see unchecking those having any profound viewability problems on the web. If a site needs to resize your window, it's usually because they want to open a pop-up along side it. :P Same goes for raising/lowering too.
1. Get an old POS PC from a trashpile
2. Install Smoothwall on it. It's free..
3. Install Ad Zapper following THESE directions.
Any and ALL system that you connect into your lan will have ads blocked whether they want to or not.
The second result on google for 'links' is the web browser. The first result on google for 'elinks' is a derivative web browser.
It's not a plug-in, but for protecting/removing annoyances from a number of users at a time, it's even handier.
Take a look at Privoxy.
If the advertisements use images, animations, flash, or any other scheme that significantly impacts page loading or distracts from the content on the page, they are just as bad as popups/unders.
Also blocking popup/unders is easy. Blocking banners and flash ads is a little more difficult and those who are doing so will not be buying from your ads anyway.
I don't doubt that an update or plugin will be made soon to stop even these, if one's not already out and I just haven't noticed.
Setting 'browser.block.target_new_window' to true in about:config seems to work, I haven't noticed any.
Though I've advocated (read, bored ppl with) firefox (FF) usage over the last 2 years, I've been brought to the boil with the pop-up ads coming to view on FF over the last few months, my tolerance having been extensively tested with the very sluggish page rendering of FF on Win XP as compared to FF on my Mandrake (Does anyone know why and can he/she be bothered to tune up the engine?) and I decided to try out Maxthon, despite knowing it's built on IE. Maxthon's not as versatile and add-on friendly as FF (unless someone can point me to untapped un-Googled resources out there?), but it's holding up to the pop-up on-slaught very well so far. And hopefully, :-p, this post won't bring Maxthon's usage to the attention of the pop-up coders...
Which, if I may digress, brings to mind the question, who are the people responsible for the evils- pop-ups, spamming, spyware? (ok, before you release the hounds, I'm not looking for M$ as an answer) Gasp, could they be among us? :-/ I mean theses are geeks and/or coders, who are they? Can someone drive some civic sense into their selfish criminal little brains?
Lynch them but don't you dare Flame away!
The 'popup' at the Hidustan Times link does not create a new browser window. The popup content is displayed on top of the html content using a CSS layer. --Bruce
HaHa: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Has anybody seen DHTML pop-ups around? They effectively utilize JavaScript and CSS in collaboration to unhide a centered page element containing an ad. They tend to contain a link to activate a JavaScript function to hide the block. I've also seen them disappear after a short amount of time.
How is a web browser supposed to block that kind of pop-up? Why don't we just all disable JavaScript since it is going to be abused so much? And like a previous poster has mentioned, not too many sites seem to absolutely require it; I surf with JavaScript disabled for quite a while before remembering I turned it off.
Audioscrobbler
The number of people doing this [clicking and buying] is enough to make it worthwhile for them to continue doing this [serving popups].
http://www.drudgereport.com/
with javascript enabled i get a popup in mozilla-1.7.5 even with "Block unrequested popup windows" checked in preferences, but if i disable javascript i don't get popups...
That's just java script and a div tag that contains a flash element.
Stop intellectual property from infringing on me
It's a text adventure game of Metroid based on an old Penny Arcade strip. You can't actually go anywhere, it's kind of a simulated text adventure game. I wrote it (and the compression routine it's encoded in) for the 5k competition, but it looks like that's dead.
The drudge report did not bring up a pop up, but the Gurinder site brought up a blank advert in the middle of the page.
If you turn off javascript, Gurinder's hack no longer works.
It's likely Flash which is doing the popup. Use Adblock to get rid of most of the advertising Flash files. Liquid Generation is a good test of whether or not your browser blocks Flash popups as it always seems to open up a new window.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I've been using Mozilla and Privoxy http://sourceforge.net/projects/ijbswa/ for over six months now and haven't had a single problem with popups. Granted, sites that are heavily dependent on javasctipt and flash are not always functional.
Site with popups
Note that it doesn't always pop-up.
Le français vous intéresse?
Haven't you heard of gmail?
Are you really going to complain loudly to the webmaster of every little javascript-based site you want to use and wait for them to redo the site?
Do you realize that many sites are actually faster with javascript on, because there is a non-trivial application running on the client site, and it needs to download no (or very little) data for many of the requests, as opposed to loading the whole damn page every time you want to change the width of a column in a table?
They're getting around the popup blocker by using Javascript. Turn off Javascript - no popups. Enable it, and there they are. i-mockery.com is a good place to try this.
In my opinion, here is the proper way to deal with this and any similar scourge:
1. Install Privoxy. It writes every bit of HTTP activity to its log file.
2. Wait for a pop-up ad to appear.
3. Immediately consult the Privoxy log file. Determine what URL the pop-up came from.
4. Block out the entire domain from which the pop-up came from. Use whatever IP blocker you like best: Your DNS relay, your firewall, your hosts file, or Privoxy.
5. Repeat as needed.
http://www.photosig.com/
There's a wonderful little extension for Safari called Pith Helmet that does a fair amount of adblock filtering, blacklisted hosts and some other voodoo. I can't remember ever seeing it 'break' a site or the design of a site: even ones using crazy CSS tricks to get revenge on those of us with adblockers. Combined with Safari's built-in popup blocking, I've yet to see the problem everyone has been metioning. There's a possibility that the ad servers responsible are in my blacklist.
At first I felt guilty for blocking all ads, even good-faith, not-horribly-annoying ones like on
God help you if you've got Flash, Shockwave or Java ads, though. All I see is a big white hole in the page.
That's only one of the popups. They have more than one. The one that gets past doesn't always show up.
Le français vous intéresse?
You can modify your hosts file to point back to localhost for ad hosting sites. Mike Skallas maintains one here. There is even an installer for Windows users.
(%i1) factor(777353);
(%o1) 777353
This is very useful. It's worth noting, also, that removing all "allowed" popup events doesn't completely kill your ability to use sites that need popups...it just causes Firefox to warn you that it has blocked something, allowing you to adjust settings for that site.
Seems to have fixed all those new popups for me.
Zophar and other sites that pop in Firefox seem to be using javascript that traps the click and mouseup methods on all links. If they don't get you when you click, they get you when you let up on the button. Technically, these are user-initiated pops, so FF doesn't block them.
You don't have to kill all allowed events, just hash out click and mouseup.
dom.popup_allowed_events = "change #click dblclick #mouseup reset submit" works well and still alows legitmate popups when you click form buttons and other user-requested behavior.
As always, you can always allow a site you need popups on.
It's worth noting, though, that target="_blank" is deprecated in XHTML strict. If you're trying to write strictly compliant web pages (that is, XHTML 1.0 Strict/1.1), there's no answer except javascript for firing off a new window.
That said, I like the idea of NO popups of ANY sort without authorization. As long as Firefox clues me in that it stopped a popup so I can approve the site, I'm in. Though, I'd like to see a "one time" authorization. As in, I'm on some website I don't intend to be at again, I need to see one popup to complete some task, and that's it. I don't want it on my whitelist, I just want to see the one popup. Sort of like a firewall. Do I want to allow this: once, always, not this time, never.
I actually spent several hours researching this because I was getting them in Firefox on OS X, but not Safari or Firefox on Linux. When my roommate started getting them on Linux I was quite surprised.
In every case I eventually tracked it down to either Flash or Java objects loaded into a page that requested a window be opened. Also in every case it seemed to be a well known advertising site that the object originated from.
The reason I never got any in Safari but did in Firefox is because I use Safari as my main browser so I've got PithHelmet installed, which comes with a healthy list of things to block, whereas I use Firefox only for testing so I've got little to nothing listed in my AdBlock rules. At work where I use a Linux desktop I have a healthy list of AdBlock rules.
If you're concerned about your privacy, avoiding ads, or popups you need to have at minimum AdBlock, CookieCuller and X installed for Firefox. If you're using Safari, PithHelmet is absolutely the best.
If you want to curb the popups until Firefox releases a new patch, you can set dom.popup_maximum to 1. This will keep 99% of legit items that pop up working while limiting the amount of popups you have to take care of yourself.
Actually no, they're not.
The DNS Service in WinXP and 2000 Pro are simply caching services, you can disable them and have DNS still work. I do at home here because I have a DNS caching server on the gateway machine so I don't need another cache, it does speed things up in the proper configuration.
Hooray AdBlock!
The REAL reason that I cannot ever use any other browser than Firefox. Not only can I surf without annoying pop-ups, I can surf without ads all together. I wish I could remove those less-annoying text-ads though.
I too noticed this, but contrary to most, realised that they must simply be doing what has been possible for a long time but which no one had really bothered with, with the exception of porn sites and other spyware "value adders", until now.
Basically, it just uses the age old technique of using the document.write method, but obfuscated, to write other, obfuscated tags which are not recognized by the blocker as being new script tags, which themselves call a new obfuscated pop.js code that actually, in yet another round of obfuscation, produces the actual pop-under code: In essence, if one can block any request for the server of the obfuscated pop.js, or pop.cgi or whatever code, one will be in peace for a while. This can be done via adding the following lines to the hosts file on Windows (C:Windows(or WinNT)\System32\drivers\etc\HOSTS) or on Linux or MacOSX (/etc/hosts) or simply via your firewall software, which I'm sure we all use, don't we?
127.0.0.1 www.fastclick.net
127.0.0.1 media.fastclick.net
I have the code from the above server, as used by scienceblog.com, but I won't post it, as it's copyrighted, because the last thing I want is some internet low life trying to sue me for their own low life purposes.
Actually, if you're using a personal firewall, the DNS service opens up a way around that for sneaky applications. DNS requests can transport arbitrary information and if you allow the DNS service through, then any application can use it to phone home. The DNS client service however is required if you use IPSEC.
if you see PopUps in Firefox, please file them here : https://bugzilla.mozilla.org/show_bug.cgi?id=25383 1 (no link, Bugzilla doesnt like /. links)
Go look at Google maps and Gmail. You can do some really good stuff now with Javascript, particularly as you can make a request back to the server with it and update part of the page without a reload.
Like any web tech it can be abused, but if you are a half decent developer the reason you are putting in JavaScript is to make the app a better experience for the user.
Maybe you want a world of basic pages and lots orf reloads, but most user seem not to.
Would it be possible to write some browser plugin that automatically follow the links in ads and loads whatever page comes up "invisibly", off screen somewhere - just so that the avertiser registers a click and has to pay the site for it? With the sacrifice of a little bandwidth to load the advertised site in the background, you benefit the maintainer of the site you're reading (which presumably you'd want to do, if you like the site), and costing advertisers money for which they get no real return.
The two caveats I see are 1) How to distinguish ads and follow links only on them?
2) The lower purchase-to-click ratio would force the advertisers to pay less, so the site owners woudl have to advertise more to make the same ad revenue, and in the end you only see more ads.
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
https://bugzilla.mozilla.org/show_bug.cgi?id=17607 9
- go to about:config
- right-click and select New/Integer preference
- make a pref called "privacy.popups.disable_from_plugins"
- set the value 2
Now plugins are treated just like javascripts trying to open popups--they get blocked by the popup blocker. You have the option then to show the popup or to allow them for that site if you want.
Most pop up windows these days are let through by the browser if the user first clicks on a link or something to open the window. I've seen some web pages where they will capture the clicks for the entire document then open a pop up window.
Norton Internet Security does exactly this, and has done for many years.
Switch off all the "intelligence" of the package, like auto-program recognition, and set the firewall to "paranoid plus" (only specific ports to specificcally permittied programs) and then set the defaults to non-script/activex/java, etc.
Works for all browsers, since it installs an invisible proxy (not as bad as it sounds - none of my *really* weird software conflicts with it, and software doesn't need to be proxy aware), and all traffic is rerouted through that, so it appears like a secure TCP-IP stack. Damn bulletproof, in my opinion.
Winds up the GF, who has to ask me to relax the security on a new site occasionally (twenty seconds click-work), but that's a small price to pay knowing that only sites that prove trustworthiness to me get to use flash/java/script/activex/cookies/popups.
I'm *not* affiliated with Symantec, and the only downside with NIS is their new fetish with key-based software activation, which means I'm looking for a similarly-accomplished alternative firewall package for this reason only. But I've not found it yet.
You've just written inline javascript. window.open is a javascript method. Loading the target module would break strict doctype compliance, which is either fine or not fine, depending on your personal stance. I prefer to have the strict doctype and figure out a better way, myself.
flashblock replaces all flash with an (F) icon, which can be clicked, enabling the flash to play. 99% of the time i don't want flash, but in the case of strongbad, of course, i click :)
Flashblock http://flashblock.mozdev.org/ seems to take care of this. I can visit http://www.howstuffworks.com/ without any popups.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison