Why Your Pop-Up Blocker Doesn't Work Anymore

An anonymous reader writes "If you've noticed that pop-up ad windows seem to have made an unwelcome return into your life, it's because they're not using the same easily blockable technology as before. The Adimpact system uses DHTML to annoy you, and there's no immediate prospect of a solution."

Great article

[Wonko+the+Sane]

Almost completely devoid of content.

Re:Great article

[ByOhTek]

The simplest, and most reasonable content would be:

If people are blocking popups, and you try to force upon them a popup advertisement, you are probably being counterproductive to your cause, and are a complete RETARD.

Re:Great article

[computational+super]

I can't tell if you're trying to be sarcastic or not, but if not, I sort of agree with the sentiment as in - I don't see what the big deal is. I don't think you're "stealing" anything if you block or ignore the ad any more than you're stealing if you mute the commercials or get up to go to the bathroom when you're watching TV.

Since there's absolutely no content whatsoever in the linked "article", I can't figure out for sure what they're talking about, but I think they're referring to those floating "window within a window" advertisements that show up entirely within a page's browser frame. If so, I'm not even sure calling them "pop-ups" is fair, since the page author is still respecting my "space". Pop-up windows were legitimately evil, because those windows would pop up more windows when you tried to close them and you would end up spending 10 minutes trying to shut the damned things off. If some website wants to pop up a "window" inside its own window and run an ad for a couple of seconds, I really don't see the problem; I sit through the things as a courtesy to whoever provided the content. If I don't like the ad, I can close the browser (or even just the tab), and it all goes away.

Re:Great article

[Fross]

Just because they've chosen a flawed business model, doesn't mean they are entitled to protection to ensure it works.

Re:Great article

[Galactic+Dominator]

You have to Cancel or Allow on every site...?

I do realize that it learns what you tell it learn, but it's big internet out there.

I suppose it's fairly good if you don't visit a large number of sites, but if you do RTFA consistently it's a real PITA.

Re:Great article

I think what you meant to say was "Many web designers count on Javascript for BASIC functionality such as layout, menus, and following links these days. Turning off Javascript neuters almost every site you browse."

Don't blame NoScript for that problem. Blame sloppy developers that use JavaScript for duties that they shouldn't.

Re:Great article

[ewhac]

How is it not intrusive? I browse to a website I haven't been to before - something I do several times daily - and it doesn't work right unless I click that little S and allow it permission to run javascript.

That pretty much defines intruding on my experience.

Uh, no. You have it backwards.

If I browse to a Web site I haven't seen before and suddenly find my desktop (and other programs) covered by a barrage of pop-up ads, that is intruding on my experience. Injecting code into my browser in an attempt to get it to reject right-mouse clicks -- that is intruding on my experience.

The computer is mine, not yours. It obeys my commands, not yours. If you want it to run some of your code, then you're first going to have to convince me to let you. And you do that by earning my trust and not treating my browser and desktop like your own private playground. NoScript lets me enforce this policy, and it clearly exposes the children who won't play by the rules. Google.com has earned my trust (Google-analytics.com, however, has not.)

If your site doesn't work with JavaScript turned off, your site is broken. Period, end of chapter. This is not a secret, and it is not something new. This has always been the case. (AJAX-heavy sites complicate this only slightly -- you should clearly explain what's not working and why (I'm looking at you, OKCupid...).)

And while we're about it -- Have you ever clicked on that little "S" in the corner to reveal a skyscraper of 15 different domains trying to execute JavaScript on your machine? Does this bother you even slightly? Why or why not?

Schwab

Re:Great article

[Mr_eX9]

The websites that execute all of that stupid code on your computer are what's intrusive--not NoScript.

Re:Great article

[LordSnooty]

test it with the "Temporarily allow..." option for all the relevant parts of the site,

This is the problem I found - if I have to test it, what is the point of blocking it in the first place? OK, it can stop cross-site attacks in their tracks, but if the bad code is hosted on the server I chose to visit, it's game over anyway. I suppose there is more protection offered by NoScript around what can be run but ultimately if I can't sandbox the code that is about to fire, why am I bothering at all? I can take care by other means - most malware is still of the "Would you like to install this virus?" ilk. It's useful in specific situations like going to visit some known dodgy sites (but maybe do that in a VM anyway...) For everyday usage it quickly becomes tiresome.

Re:Great article

[Deagol]

No, you must only "allow" for sites that don't work sufficiently with JavaScript disabled. There are plenty that render just fine w/o JavaScript. Then again, there are plenty of stinkers out there that use JavaScript to send you the page's CSS, which while horribly lame, is probably done to send a hacked page for IE and compliant CSS for most everyone else.

Re:Great article

[commodore64_love]

>>>How is NoScript instrusive? You set it to block by default, and if you hit a site that doesn't work correctly, test it with the "Temporarily allow..." option

I call that intrusive, or at the very least, a pain in the ass. I'm constantly having to select "allow" for sites I visit, and I've grown tired of it. NoScript is now disabled on my browser, except for when I'm visiting porn sites which are often dangerous.

As for pop-up ads, the alternative is that I'd have to pay $5 or $10 a month for accessing ad-free websites, and I can't afford ~$200/month worth of website subscriptions. I'd rather take the ads, and get my entertainment for free.

Re:Great article

[tftp]

So you never spend money? Nor talk to anyone else about any product, ever?

I don't quite see how it relates to allowing hordes of salesmen into your house and listening to their endless pitches (if we equate your desktop with your house.) I personally spend money, of course, and talk about products, but I do that when I want it, not when someone else decides that for me.

I suspect you really have no idea how many times a day some brand is imprinting itself on you.

I suspect the GP does have an idea, and that's why he blocks everything that deserves it. My mind belongs to me, not to advertisers, and I decide what I allow to imprint on it. In my browsers everything ad-related is blocked by default; it's a favor to advertisers too because my browsers don't download stuff that is useless to me.

Besides, "brand imprinting" is harmful to your purchasing choices because you often decide not because the product is good but because it is made by a company that you recognize. This is unreasonable. Compare technical specs, read reviews - that's what you need to do, not to look for a brand name.

Re:Great article

[CodeArtisan]

Then how do you pay for the content? Do you send the site owner checks directly?

About as often as I send checks to the TV networks when I skip their commercials.

There is no problem.

[ivan256]

DHTML popups are no big deal at all. They don't open a new window. They don't "pop under". They don't re-open when you try to close them...

The solution to them is simple and already implemented. Close the tab, and never return to that site again. Ever.

Problem solved.

Re:There is no problem.

[berend+botje]

It would be useful if, instead of just closing the tab, there was a button that increments a counter at the site for the marketers to see, blocks the site completely and irrevocably for all eternity and thencloses the tab.

That way there is a running total of customers lost due to stupid marketing.

"Unblockable"

[betterunixthanunix]

"The Dynamic Popup Generator can create pressure pop-ups, unblockable DHTML pop-ups, PictoPop-ups, conditional popups, instant opt-in pop-ups, and rotating pop-ups"."

Wait, I have the answer...keep Javascript disabled for websites that do not really need it! Right now, I have Javascript enabled for...3 websites, all of which are trusted sites from either my job or my school. Popup free browsing, and incidentally, pages use less CPU time.

Seriously, why do we need Javascript to read articles or blogs? If your web apps are abusing Javascript to display ads, maybe it is time to consider not using web apps, or finding "friendlier" companies.

Re:"Unblockable"

[Skye16]

You don't need Javascript. I want to provide a more feature rich interface than HTML by itself provides. If you're not interested, then I am not angry with you. You can ignore what I have to offer, and I can accept that you're just not interested. I really don't care whether you look at it or not; in the long run, you're such an infinitesimal minority who is part of the unique overlap of a: having the technical knowledge to be able to equate the misuse of DHTML on other sites to the usage of JavaScript within browsers in general and b: having the personal distaste for such misuse to such a degree that you would eschew the primary building block (JS) altogether except for a few very specific instances.

To whit: I'm not going to cry about 0.00001% lost traffic, and more surprisingly, neither are my customers when I explain to them the pitfalls of making "web applications" with JavaScript. When I tell them they may lose a few geeks who are ideologically opposed to the use of JS in their "webapp", they basically just laugh and call you a retard.

(Note: I don't feel you're a retard; I get fired up over stuff like this too, usually. For me, this isn't a hot button issue, but I have other ones and I'm sure people call me a retard for feeling that way also).

Long story short: people want an application delivery mechanism that doesn't require a software install, update management, etc, and they're trying to make browsers be that mechanism. If you are really that against it, find a way of distributing that mechanism to every computer currently using the web, and then I can try convincing people that they should use that rather than fitting it into a browser. But until your mechanism reaches every computer a browser currently reaches, they aren't going to bite. And at the end of the day, I'm working to support my family, so if the customer really wants a "rich, dynamic Web Application Experience", then I'm going to give that to them.

Sorry :(

Re:"Unblockable"

[Skye16]

I'm sorry, I didn't realize that in your world JavaScript, CSS2, and XHTML Strict were "ignoring standards".

Web Application does not necessarily require ActiveX, you know.

The smart phone platform presents some very interesting problems of its own. In my opinion, your web application as a whole should not be tailored to the phone; the cost of making your entire application readable and usable for a touch screen phone would cost more than just reproducing the front-end for a smart-phone-only audience.

A significant problem with smart phones are the differences between touch screen and non-touch-screen user interfaces, and trying to take advantage of the ways each works. The advent of the iPhone really brought a different (from traditional web/desktop) way of looking at UI development for smart phones, and people have been doing some very impressive things as a result. I don't think you try to have your "rich, dynamic Web Application Experience" (whatever that means) work the same on both a smart phone and a PC. This seems to be too diverse of UI domains to use the same View code for each without falling into the "jack of all trades, master of none" situation.

I'm not entirely sure about the rest of your post, as it doesn't seem like you understand in the slightest what a "web application" currently means. It's simply a web page that offers application-like functionality to its users. If you can add UI enhancements with JavaScript and DHTML, you can make a better usability experience for the vast majority of people. If your a significant portion of your target audience would be accessing it via a Smart Phone, you need to write two sets of presentation logic and associated views while maintaining the core business logic as being the same for either. But this diatribe about IE is simply you not having a fucking clue about what I am even talking about. You apparently hear "web application" and think an ActiveX nightmare, eschewing all standards at every moment.

I validate each and every page, thanks. I test in 5 different browsers; Safari, Firefox 2, Firefox 3, IE 7, and IE6. I will soon be adding IE 8 to the mix. I have to write my own share of IE hax, and I, too, am fucking sick of it. I wouldn't piss on the developers of IE 6 (and 7) if they were on fire, though I'd uncork on the IE 8 development team. They still have a long fucking way to go before I don't despise their very existence, too.

But none of that changes a single bit of what I said.

In conclusion, you don't know what you're talking about, you threw up a strawman and shot it down, and I dub thee Lord High Asshat of Douchebaggia.

(It's a rockin' title. Wear it with pride.)

Re:Won't be long

[kabloom]

Or just block adimpact.com in your /etc/hosts file (if you're smart enough). They want to sell it as a "hosted web application" and therein lies its vulnerability.

Blocking it

[Todd+Knarr]

I found it much less intrusive once every host in the adimpact.com domain started serving up 404 Not Found for all pages.

DNS is your friend, especially when your nameserver is declared a master for that domain and the zonefile contains a wildcard record pointing all names to the IP address of your own dedicated nothing-there Web server.

Re:That's why Adblock plus exists !

[gfxguy]

Been using always... one of the first things I do when I install a new Firefox is get Adblock Plus and NoScript (which is really annoying in and of itself, but that's another story).

So when I saw this thread I was like "I didn't notice anything lately."

Re:Annoying but expected

[smooth+wombat]

Nothing more annoying than getting a huge flash video animation splatted in front of the article you are reading,

There is a solution to this "problem". Don't install Flash. Flash is evil. Flash must die.

NoScript makes the web useless.

[Samschnooks]

NoScript (which is really annoying in and of itself, but that's another story).

You got that right! I removed 'NoScript'. Every, and I mean every, stinking website I went to had most of their content dependent on scripts. So, I had to constantly click on allow for this time, or for this page, etc... And many times, even after enabling scripts for that page, they still wouldn't run. Very few websites didn't have that problem. Scripts are just too ubiquitous to block.

Re:NoScript makes the web useless.

[SirGarlon]

Scripts are just too ubiquitous to block.

Here's a little parable. When I was a child, I lived in the country and my family never locked the front door of our house. Now I live in a multi-family home in the city and every time I go out, I lock both the door to my home and the door to the building. Man, I tell you, it is a pain in the neck to have to fumble for my keys every time I want to go inside my home. I still think it beats leaving the door open.

It boils down to whether you think anything bad will happen if you leave your door open. I consider a popup ad to be "something bad," and I am well aware there are also far worse things a script can do to you.

Re:NoScript makes the web useless.

[goodmanj]

In the case of your house, the hassle of locking up every day is small compared to the hassle of having everything you own stolen.

In the case of ads vs Noscript, many people feel the cure is almost as much of a hassle as the disease.

Re:Annoying but expected

[eln]

Flash is indeed evil, but it's also necessary to get anything out of an increasing number of sites. The choice is basically live with the occasional Flash abuse or cut yourself off from an ever-growing amount of content on the web. Whether that additional content is worth the annoyance of the occasional Flash ad is a personal decision.

I tried Google Chrome last week...

[Joce640k]

"Bloody hell", I thought, is that what the web looks like?

Then I went back to Firefox with AdBlock/NoScript.

Do not want.

to those who don't use javascript or flash:

[circletimessquare]

this "solution" to the return of pop ups is of course akin to curing your hangnail by cutting off your foot

are you familiar with the phenomenon of the guy who doesn't own a television, and must remind every stranger he meets of this fact, constantly? if you look at the comments here, this article seems to have brought out the similarly quirky "look at me! i don't use javascript! i don't use flash!" brigade

ok, so you are proud of your bare html existence. good for you

but you might have noticed that the internet has evolved since 1994, and technologies, such as AJAX, are transforming the web browsing experience in GOOD ways, such as google maps. javascript is not merely cruft to make your anchor links animate. likewise, can you argue with the success and value of a site like youtube? which, by the way, works in flash?

javascript and flash are not in any way absolute negatives for the internet experience. they are merely useful tools whose usage is evolving, in good and bad ways. to disavow that obvious observation and just flat out block them does not make you wiser, it makes you an odd appendix of history. trumpeting your monklike ascetic internet existence doesn't add anything of value to the conversation, because, no, blocking javascript and flash is most definitely not the solution, really

when you announce that you don't use these technologies, all you show us is that you are indulging in some sort of odd attention-seeking disorder with a strange misplaced pride

Re:HOSTS file FTW!

[gad_zuki!]

This really is the best method. Its cross-platform and no matter what strategies the ad people try, I'm still blocking their server. Not to mention ad servers are a security risk. Most "Antivirus 2009" infections are from compromised ad servers delivering fake ads for the malware. These malware ads look a lot more legitimate when served up by forbes.com.

Just block them wholesale. Perhaps they will learn that we dont want overlays and popups. A simple ad that targets me really is a lot more effective than these tricks.

Re:That's why Adblock plus exists !

Wow, is that a free anonymous proxy?

http://www.adimpact.com/cgi-bin/webapp/nph-demo.cgi/000000A/http/google.com/

Re:Annoying but expected

[smooth+wombat]

but it's also necessary to get anything out of an increasing number of sites.

If a site relies on Flash to convey its message, I don't go to it. I was looking for a car repair shop after the latest moron hit me and one site was nearly unreachable because the front page was entirely Flash-based. Had it not been for a site map link, I would not have been able to see anything.

Nor is this the first time this has happened. I have come across several sites, including restaurants, who have an entirely Flash-based site. I don't bother going to them either online or offline because of this nonsense.

The ONLY exception I can see for using Flash is if you have a product which you want people to see all sides of and you have a short display of the product rotating.

I have said it before and will continue to say it: There is no reason to have an entirely Flash-based site. None. If people want to come back to your site for a specific reason, they can no longer bookmark a page to do so. If someone has eyesight issues and uses a screen-reader, you've locked them out.

As I said in my journal, Flash is the new blink tag.

where is the news?

[NudeAvenger]

DHTML overlays have been around for years - I know, I've been working in the industry for years *ducks* and they've been around longer than I have. Where is the story here? http://www.adopstools.net/index.asp?page=richmedia&section=layer go on - make your own.

still not the solution

[circletimessquare]

are you familiar with the idiotic windows vista practice of asking you to approve every executeable before it runs? after awhile, the average user just mindlessly clicks "approve" and doesn't even read the warning. and this is perfectly appropriate behavior: its the boy who cried wolf. an alert at every false positive leads people to completely ignore the alert

likewise, noscript is a wonderful extension... for the odd power user who likes such finetuned control over the minutiae of his browsing experience, and is keenly mindful and thoughtful about every site he visits and how he wants to profile his javascript footprint there

this describes perhaps 0.001% of web users

a real solution to the pop up problem is not to push the issue out to the end user and make them manage and fine tune their javascript footprint. in fact, as a solution, noscript represents a worse burden in terms of time and mental effort on the end user than simply closing pop ups when they open

and no, this doesn't mean the average end user is stupid simply because he doesn't want to exert the mental effort. a highly intelligent end user shouldn't have to work hard at his browsing experience, he just wants to browse with abandon, and that's a perfectly appropriate instinct. the end user, from the dumbest to the brightest, should not be expected to consider every click he makes on the web equivalent to the mental effort required to make a move in a game of chess

no, the real solution is to fine tune the browser's intelligence about how to handle pop ups. the advertising parasites are getting smarter, so the browser needs to get smarter. that's the real solution. an arms race between browser code and pop up code

but, no, i'm sorry: the end user must not be harassed even further, and that's what your noscript "solution" represents

Re:Annoying but expected

[default+luser]

Absolutely. Flashblock is a no-nonsense tool that is dead-simple to configure. I had everyone I know install it after a number of flash vulnerabilities started cropping up, and I've heard no complaints.

I consider Flashblock + Firefox my "compromise" with the advertisers: I will submit to viewing ads to help them pay for content, so long as they are not Flash, and so long as they are not pop-up/under. Really, I do not find static images and text annoying at all, and if an advertiser makes an animated GIF that is too annoying, I can just press ESC.

But if the advertisers insist on using this crap evervwhere and pushing an arms race, I won't hesitate to upgrade to noscript (and everyone I know) and shut the door entirely. I hope they won't force me to do that, because then they would get zero money from my page views.

Re:Annoying but expected

[cjb658]

I don't think Flash is going away any time soon. As someone who knows several web developers, I can tell you they love Flash because they don't have to code the page differently for different browsers.

The fact that it obfuscates your source code and animates things (makes them "flashy," if you will) are added bonuses that give the management and marketing departments a huge boner.

Re:Annoying but expected

[Nerull]

Websites done in flash are useless. I have never seen an exception. I can't bookmark anything. I can't link to a specific page. I can't copy any text. I can't search. Navigation buttons don't work.

All so some idiot can have spiffy transition effects between pages.

Re:You answer your own question

[orclevegam]

There are a number of sites I go to that have these damn click to pop ads, I'd still like to visit the site but without the ads. If I have to turn off NoScript anyway, it's gained me nothing.

Most sites don't host the script for their own ads, rather they use a third party script to do so. In most cases you can unblock a site, but still leave the ad providers site blocked. One of the replies to my original comment also reminded me of the fact that a while ago I modified my hosts file to black-hole all of the worst offenders with regards to ads/malware, and I run eDexter to serve up blank image files in their place.

Just as an example, right now I've got slashdot.org allowed, but doubleclick.net and google-analytics.com blocked, which allows me to use the comments and such on /., but blocks all the ads.