Pop-up ads or pop-ups are often forms of online advertising on the World Wide Web intended to attract web traffic or capture email addresses. Pop-ups are generally new web browser windows to display advertisements. The pop-up window containing an advertisement is usually generated by JavaScript using cross-site scripting (XSS), sometimes with a secondary payload using Adobe Flash, but can also be generated by other vulnerabilities/security holes in browser security.
A variation on the pop-up window is the pop-under advertisement, which opens a new browser window hidden under the active window. Pop-unders do not interrupt the user immediately and are not seen until the covering window is closed, making it more difficult to determine which web site opened them.
Pop-up blocking
Opera was the first major browser to incorporate tools to block pop-up ads; the Mozilla browser later improved on this by blocking only pop-ups generated as the page loads. In the early 2000s (decade), all major web browsers except Internet Explorer allowed the user to block unwanted pop-ups almost completely. In 2004, Microsoft released Windows XP SP2, which added pop-up blocking to Internet Explorer.
Most modern browsers come with pop-up blocking tools; third-party tools tend to include other features such as ad filtering.
"Pop-ups"
- Certain types of downloaded content, such as images, free music, and others, can cause pop ups, and therefore should not be trusted. Especially pornographic sites' pop ups (known as a "pornado" or "porn-storm", as coined by John C. Dvorak.) Also, the pop ups will sometimes look like ordinary web pages, and the name of the site will show up in a search bar. Many websites use pop-ups to display information without disrupting the page currently open. For example, if you were to fill in a form on a web page and needed extra guidance, a pop-up would give you extra information without causing loss of any information already entered into the form. Most pop-up blockers will allow this kind of pop-up. However, some will reload the page, causing loss of any information that had been entered.
- Some web based installers, such as that used by McAfee, use a pop-up to install software.
- On many internet browsers, holding down the ctrl key while clicking a link will allow it to bypass the popup filter.
- Clicking (even accidentally) on one pop-up may lead to other pop-up ads opening.
Circumventing pop-up blocker
A combination of a banner ad and a popup window is the "hover ad", which uses DHTML to appear in front of the browser screen. With the use of JavaScript, an advertisement can be superimposed over a webpage in a transparent layer. This advertisement can appear as almost anything the author of the advertisement wants. For example, an advertisement can contain an Adobe Flash animation linking to the advertiser's site. An advertisement can also look like a regular window. Because the advertisement is a part of the web page, it cannot be blocked with a pop-up blocker, but it can be blocked with third-party ad blockers such as Adblock or by using custom style sheets. DHTML ads can be very CPU intensive, sometimes bogging down older computers to the point of unusability.
Pop-under ads
Pop-under ads are similar to pop-up ads, but the ad window appears hidden behind the main browser window rather than superimposed in front of it. As pop-up ads became widespread and took up whole computer screens, many users learned to immediately close the popup ads that appeared over a site without looking at them. Pop-under ads do not immediately impede a user's ability to view the site content, and thus usually remain unnoticed until the main browser window is closed or minimized, leaving the user's attention free for the advertisement. Therefore, research has indicated that users react better to pop-under advertising rather than pop-up advertising due to this.
Pop-under ad technology
A pop-under ad involves two very simple JavaScript technologies introduced in 1997 with the Netscape 2.0B3 browser. This methodology has been used widely across the web. Modern web publishers and advertisers utilize this methodology to create a window in front of the users screen, load an advertisement, and then send it behind the screen.
// create a new window in front of the current site window.open( URL, windowName[, windowFeatures] ); // push the loaded advertisement back behind the browser window.focus();
Most modern browsers allow window.open to be executed only if it was called as a result of a user interaction (e.g. mouse click) event handler. Any non-interactive calls (timer callback, load events, etc.) to window.open will result the new window being blocked. To bypass this restriction, most pop-under ads are triggered by a mouse click event listener attached directly to the document or the document's body. This enables catching all mouse clicks events that were not consumed by other click event handlers, and calling window.open without being blocked. For example, when the user selects a text, the mouse click triggers the mouse click handler attached to the document and a pop-under pops using the above code. Notice that there are more techniques to bypass the window.open call restriction by "hijacking" mouse clicks.
Circumventing pop-under blocker
"Poper Blocker" is a Chrome extension dedicated to block pop-unders that use various techniques to bypass the window.open call restriction as described above.
Pop-up dismissal
Users of websites and web applications continuously experience unwanted pop up ads through the course of their normal interaction with a web browser. Ordinarily users respond by dismissing the pop-up through the "close" or "cancel" feature of the window hosting the pop-up. Because this is a typical response, some authors of pop-up advertising depend on this, and create on-screen buttons or controls that look similar to a "close" or "cancel" option. When the user chooses one of these "simulated cancel" options, however, the button performs an unexpected or unauthorized action (such as opening a new pop-up, or running unauthorized commands on the user's system).
Because the technologies for web development and design allow an author to draw any kind of "simulated" cancel option imaginable, some users refuse to click on or interact with any item inside a pop-up window whatsoever.
Patent controversy
ExitExchange.com filed for a patent in 2000 on a subset of pop-under advertising called an exit pop. After years of controversy and numerous articles on the pop-under patent, the patent was awarded by the United States Patent and Trademark Office (USPTO) in April and June 2008. The respective patent numbers are 7,386,555 and 7,353,229. Patent 7,386,555 is related to the method of opening an exit pop from a toolbar or software application on a computing device, whereas Patent 7,353,229 covers the method used to open an exit pop from an embedded script found within a media file (e.g. JavaScript code found in a web page).