
Google bans its ads on sites that use annoying ‘pop-unders’ - janober
https://techcrunch.com/2017/07/11/google-bans-its-ads-on-sites-that-use-those-annoying-pop-unders
======
fredley
The apis used to control focus should just be put behind a permission, as
microphone/camera access etc. are. If a site wants to control window focus, I
should have to explicitly allow it.

~~~
CyberShadow
No focus APIs are necessary to implement pop-unders.

AFAIU, the way modern implementations work, is that they make some link
(occasionally the entire body) a target=_blank link, which points to some
other part of the website. This causes the link target to appear in a new tab.
Now, the _original_ tab has its contents changed to that of an ad; when the
user finishes browsing the website and closes the newly-opened tab, they will
see the "pop-under" tab (which is actually the original tab the user entered
the website with).

~~~
pinum
Couldn't this be avoided by refusing to run onclick/similar events for
target=_href links?

~~~
savanaly
Unfortunately, preventing those events from running code could be easily
programmed around, if, as I assume you mean, you let the rest of javascript
run as normal. If you're trying to run code in response to someone clicking on
link A but the browser had disabled onclick for link A, you could still
register an onclick for the entire page and in that listener examine the
coordinates of the mouse to see if it's over link A and then run code "in
response" to the click. This is just one of countless ways you could get
around the rule I'm sure.

~~~
visarga
Maybe the browser itself should have more efficient anti-clickjacking tech,
such as blacklists and spam classifiers. Users should be able to block all
popups from a specific site when protection doesn't work well automatically.

------
dalbasal
For Google to do this, there is a competition aspect to it. Pop-unders compete
with Google.

That said, something needs to give. Particularly disturbing is news sites.
Otherwise reputable news sites are willing to put up the sleaziest
"monetization" on their sites. Pop unders, pop overs and extremely dishonest
advertising, especially under the "native ads" umbrella. Many of these are
advertising fake news, fake products, fake customer stories.

There is such a thing as advertising standards, where advertising standards.
It works differently in every country, but the mechanism is generally 2-fold.
(1)Some sort of advertising authority regulates the media side: they can
complain/accuse TV stations or print papers. (2)Regulated industries (drugs,
financial services) have a regulator that holds them to advertising standards.
This part still works, but no one seems to have the ability/jurisdiction to
complain about online advertising.

At the very least, I'd like to see national advertising standards authorities
ban the use of certain ad aggregotors on local news sites, if they violate
advertising standards. Many of these ads are ilegal anyway, I think.

------
paulpauper
wouldn't it be better to just find a way to prevent pop-unders in the first
place. Why is it so hard to thwart them? All these sites use the same script
that evades the popup blocker built into chrome yet none of google's 1000's of
engineers can do anything about it apparently.

~~~
gruez
>All these sites use the same script that evades the popup blocker built into
chrome yet none of google's 1000's of engineers can do anything about it
apparently.

Because it's really hard to differentiate between legit popups (that the user
wants) and popups that are unwanted.

[https://en.wikipedia.org/wiki/Pop-up_ad#Pop-
under_ads](https://en.wikipedia.org/wiki/Pop-up_ad#Pop-under_ads)

~~~
Athas
Why would anyone ever want a pop-under for any reason? I would be satisfied
with a solution that turned any pop-under into a pop-up.

~~~
duskwuff
That's actually an interesting point. I wonder how many sites would be broken
by disabling methods that shift window focus, like Window.focus() and
Window.blur()? Probably not many...

~~~
sk0g
Every bank website I've used so far does forced pop ups, as well as websites
that want you to authenticate yourself using some other service (such as
Google, or Facebook.)

~~~
bsder
> Every bank website I've used so far does forced pop ups

But why do they do this? I have yet to have someone give me a good
explanation.

~~~
janekm
It's done to escape from iFrame jail attempts. Rogue site loads bank site in
iFrame, end user types in their password...

~~~
ams6110
Browsers are not supposed to let javascript access the DOM or events in a
cross-domain iframe, is that not correct?

~~~
cpdt
Correct, but it's still possible for the parent page to overlay invisible
textboxes and buttons in order to capture input.

~~~
chongli
Wow, what a tire fire the web has turned out to be.

Can we just throw the whole thing out and start over? I miss the 90s...

------
paulpauper
Pop-unders are extremely annoying, not only do they slow the browser but they
are always filled with malware. Good move by google.

------
Sir_Substance
I didn't know these had become a thing, due to my use of ad blocking.

Thanks, ad blocking.

------
grillvogel
this is not because google is your friend, this is because they want you to
have less reason to use adblock.

~~~
frenchie4111
But in this case I align with their decision. I don't mind websites that have
advertisements as long as they aren't intrusive, and my privacy is maintained.
If those demands were met on all of the sites I frequent I would uninstall my
ad-blocker

~~~
gruez
>I don't mind websites that have advertisements as long as they aren't
intrusive, and my privacy is maintained

It would be a cold day in hell if google stopped tracking people.

~~~
jm_l
Agreed, Google is unlikely to stop trying to track it's users; it's too
profitable.

On the other hand, privacy is more about choosing what you share than not
sharing things, and imo Google does an okay job at letting users control what
they share; better than most companies operating at that scale. And while
their privacy controls are not very fine grained, there seems to be an
emphasis on making sure even non-technical users understand what is being
shared and why.

~~~
yogenpro
FWIW,
[https://myaccount.google.com/activitycontrols](https://myaccount.google.com/activitycontrols)
to control what data they'd use and how it's used, and
[http://history.google.com](http://history.google.com) lists the data they've
collected. You can delete some or all from there.

~~~
throwaway2048
I highly doubt it and derived data are actually deleted, it merely stops you
from being able to view it.

~~~
inlined
That's a pretty serious claim. Do you have anything other than scepticism
behind it?

[Disclaimer: I work at Google. Every team I've interacted with takes this very
seriously]

------
CM30
I'm surprised they didn't ban them already. I mean, Google Adsense already had
rules about not being able to use too many ads on one page, or about
displaying them next to ads from other providers.

Honestly though, I'm quite happy they're doing this. Yeah some people may say
its anti competitive or what not, but the type of ads many sites run are
ridiculous. Sometimes even your basic news site or forum is literally packed
with ads from top to bottom, with everything from overlays to transitions and
pop ups/pop unders and auto playing video going on at once.

If this sort of thing discourages that, it'll make the internet a hundred
times more tolerable for everyone (especially those unfortunate souls who
can't use Adblock for whatever reason).

------
natch
That's a great step. I can think of a few more steps they could take, such as
removing ads from fake news sites.

Of course that gets into difficult judgement calls, whereas this pop-under
case is pretty clear cut.

It makes sense if they want to move slowly and deliberately, but I hope they
won't stop here.

~~~
oh_sigh
Any particular fake news sites you had in mind?

~~~
natch
Stuff like outbrain.com, scribol.com, travelwhip.com, and their ilk. Obviously
these are not strictly "news" but you get the idea. I think of them as sites
that will do almost anything to increase clicks, ad impressions, and affiliate
revenues, including presenting severely compromised content.

------
PhasmaFelis
My father encountered a clickbait site a few weeks ago that would spawn pop-
unders playing continuous video ads, muted, which closed as soon as they were
focused.

It was bizarre. My only guess was that the site was trying to scam advertisers
by "showing" lots of ads to users, without the users actually seeing/hearing
them and getting annoyed.

------
tyingq
Are these honestly more annoying than YouTube ads?

------
smegel
Or fix Chrome that allows this kind of abuse? Google doesn't give a shit about
protecting users.

~~~
Sargos
> Google doesn't give a shit about protecting users.

> Article about Google protecting users.

------
cronjobber
Antitrust regulators should look into this one.

EDIT: ...because the policy punishes advertisers use of _other_ advertising
providers.

~~~
AznHisoka
I developed malware that injects spammy ads into people's browsers.

Google banned my site from their index! Antitrust regulators need to look into
this because it costed me my business and my employees! </sarcasm>

~~~
greglindahl
This is why US antitrust law focuses on harm to consumers, not companies. I
don't see much harm to consumers if Google refuses to do business with
websites that annoy consumers. Google already has a lot of rules that websites
have to follow in order to be eligible for AdSense.

