Rahul Sharma (Editor)

Pop up ad

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Pop-up ads or pop-ups are often forms of online advertising on the World Wide Web intended to attract web traffic or capture email addresses. Pop-ups are generally new web browser windows to display advertisements. The pop-up window containing an advertisement is usually generated by JavaScript using cross-site scripting (XSS), sometimes with a secondary payload using Adobe Flash, but can also be generated by other vulnerabilities/security holes in browser security.

Contents

A variation on the pop-up window is the pop-under advertisement, which opens a new browser window hidden under the active window. Pop-unders do not interrupt the user immediately and are not seen until the covering window is closed, making it more difficult to determine which web site opened them.

History

Pop-up ads originated on the Tripod.com webpage hosting site in the late 1990s. Ethan Zuckerman claims he wrote the code to launch advertisements in separate windows as a response to complaints of displaced banner ads. He didn't invent the pop-up window. Zuckerman later apologized for the unforeseen nuisance pop-up ads had evolved into.

Pop-up blocking

Opera was the first major browser to incorporate tools to block pop-up ads; the Mozilla browser later improved on this by blocking only pop-ups generated as the page loads. In the early 2000s, all major web browsers except Internet Explorer allowed the user to block unwanted pop-ups almost completely. In 2004, Microsoft released Windows XP SP2, which added pop-up blocking to Internet Explorer.

Most modern browsers come with pop-up blocking tools; third-party tools tend to include other features such as ad filtering.

"Pop-ups"

  • Certain types of downloaded content, such as images, free music, and others, can cause pop ups, and therefore should not be trusted, especially pornographic sites' pop ups (known as a "pornado" or "porn-storm", as coined by John C. Dvorak.) Also, the pop ups will sometimes look like ordinary web pages, and the name of the site will show up in a search bar. Many websites use pop-ups to display information without disrupting the page currently open. For example, if you were to fill in a form on a web page and needed extra guidance, a pop-up would give you extra information without causing loss of any information already entered into the form. Most pop-up blockers will allow this kind of pop-up. However, some will reload the page, causing loss of any information that had been entered.
  • Some web based installers, such as that used by McAfee, use a pop-up to install software.
  • On many internet browsers, holding down the ctrl key while clicking a link will allow it to bypass the popup filter.
  • Clicking (even accidentally) on one pop-up may lead to other pop-up ads opening.
  • Circumventing pop-up blocker

    A combination of a banner ad and a popup window is the "hover ad", which uses DHTML to appear in front of the browser screen. With the use of JavaScript, an advertisement can be superimposed over a webpage in a transparent layer. This advertisement can appear as almost anything the author of the advertisement wants. For example, an advertisement can contain an Adobe Flash animation linking to the advertiser's site. An advertisement can also look like a regular window. Because the advertisement is a part of the web page, it cannot be blocked with a pop-up blocker, but it can be blocked with third-party ad blockers such as AdBlock and Adblock Plus, or by using custom style sheets.

    Pop-under ads

    Pop-under ads are similar to pop-up ads, but the ad window appears hidden behind the main browser window rather than superimposed in front of it. As pop-up ads became widespread and took up whole computer screens, many users learned to immediately close the popup ads that appeared over a site without looking at them. Pop-under ads do not immediately impede a user's ability to view the site content. They usually remain unnoticed until the main browser window is closed or minimized, leaving the user's attention free for the advertisement. Research has indicated that users therefore react better to pop-under advertising than to pop-up advertising because of this different, delayed "impression".

    Pop-under ad technology

    A pop-under ad involves two very simple JavaScript functions introduced in 1997 with the Netscape 2.0B3 browser. This methodology has been used widely across the web. Modern web publishers and advertisers utilize this methodology to create a window in front of the users screen, load an advertisement, and then send it behind the screen.

    Most modern browsers allow window.open to be executed only if it was called as a result of a user interaction (e.g. mouse click) event handler. Any non-interactive calls (timer callback, load events, etc.) to window.open will result in the new window being blocked.

    To bypass this restriction, most pop-under ads are triggered by a mouse click event listener attached directly to the document or the document's body. This enables catching all mouse click events that were not consumed by other click event handlers, and calling window.open without being blocked. For example, when the user selects a text, the mouse click triggers the mouse click handler attached to the document and a pop-under opens using the above code. Notice that there are more techniques to bypass the window.open call restriction by "hijacking" mouse clicks.

    Fake close buttons

    Users of websites and web applications continuously experience unwanted pop up ads through the course of their normal interaction with a web browser. Ordinarily users respond by dismissing the pop-up through the "close" or "cancel" feature of the window hosting the pop-up. Because this is a typical response, some authors of pop-up advertising depend on this, and create on-screen buttons or controls that look similar to a "close" or "cancel" option. When the user chooses one of these "simulated cancel" options, however, the button performs an unexpected or unauthorized action (such as opening a new pop-up, or downloading an unwanted file on the user's system).

    Because the technologies for web development and design allow an author to draw any kind of "simulated" cancel option imaginable, some users refuse to click on or interact with any item inside a pop-up window whatsoever.

    URL redirection

    URLs are sometimes redirected to advertisement pages by URL redirection.

    Background URL redirection

    URLs are sometimes opened in a new tab and then content of the old background tab will be replaced with advertisement pages by URL redirection. Adblock Plus, uBlock, or NoScript, cannot block these pop-redirects.

    Patent controversy

    ExitExchange.com filed for a patent in 2000 on a subset of pop-under advertising called an exit pop. After years of controversy and numerous articles on the pop-under patent, the patent was awarded by the United States Patent and Trademark Office (USPTO) in April and June 2008. The respective patent numbers are 7,386,555 and 7,353,229. Patent 7,386,555 is related to the method of opening an exit pop from a toolbar or software application on a computing device, whereas Patent 7,353,229 covers the method used to open an exit pop from an embedded script found within a media file (e.g. JavaScript code found in a web page).

    Copyright aspects of pop-up advertising are discussed in the Wikipedia articles Derivative works and Transformativeness. Both articles contain illustrations and links to examples of pop-up advertising.

    References

    Pop-up ad Wikipedia