Opened 2 years ago

Last modified 13 days ago

#2095 new change

Prevent background redirects

Reported by: Lain_13 Assignee:
Priority: Unknown Milestone:
Module: Unknown Keywords:
Cc: mapx, greiner, barbaz, fanboy, trev, sebastian, kzar, oleksandr, SMed79 Blocked By:
Blocking: Platform: Unknown
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description

Background

Example: http://tod-news.com/903-nbu_pokazav_novu_stogrivnevu_kupyuru_foto.html
Try to click on the image or article header at the right side.

You may notice that URL will be opened in a new tab and then content of the old background tab will be replaced with advertisement page (http://baila.kralia.com/?source=tod-back).

There should be a way to prevent such redirects. I've seen this trick on some sites and I've seen at least one ads network which used this trick.

Another example: http://www.pics-money.ru/6/65478/1/
This one even more annoying since redirects you _without_ any clicks. Just wait for a few seconds and it will try to open ads page.

What to change

Implement $redir flag which will prevent redirection to the target page if it matches. Similar to $popup one. If a page were redirected in the background tab - close that tab.

Alternative: make $popup handle both popups and redirects since it already monitors chains of redirections in the newly opened tabs.

Change History (40)

comment:1 Changed 2 years ago by Lain_13

Forgot to mention but second link is NSFW.

comment:2 Changed 2 years ago by mapx

  • Cc mapx added

comment:3 Changed 2 years ago by mapx

they are using inline script ...

<script language="javascript" type="text/javascript">parent.window.opener.location="http://baila.kralia.com/?source=tod-back"; </script>

comment:4 Changed 2 years ago by mapx

It could be interesting to have a filtering system for inline stuff but only for a specific domain and eventually restricted to the custom filters

Last edited 2 years ago by mapx (previous) (diff)

comment:5 Changed 2 years ago by Lain_13

Second one perform redirection through meta tag:
<meta http-equiv="refresh" content="13; url=http://tinyurl.com/pdl28z3">

So, filtering inline scripts won't prevent all possible redirects. It may help to block some anti-adblock scripts, though.

comment:7 Changed 2 years ago by greiner

  • Cc greiner added

comment:8 follow-up: Changed 2 years ago by Lain_13

Seems like module should be "Core".

comment:9 in reply to: ↑ 8 Changed 2 years ago by greiner

Replying to Lain_13:

Seems like module should be "Core".

At this point that's still unclear. Popup blocking is platform-specific so extending the $popup behavior, for instance, wouldn't necessarily affect Core.

comment:10 Changed 2 years ago by Lain_13

Hi,

I just got an idea how to solve this issue in a different, or rather opposite way. Instead of closing background tab I propose to enforce opening URL of a new tab in the current tab. So, it won't be able to perform redirection script at all. In such case it will even fix tab history which this method of opening ads breaks!

BTW, yet another example of this issue: http://www.youporn.com/ (NSFW)
Try to navigate pages at the bottom.

Last edited 2 years ago by Lain_13 (previous) (diff)

comment:11 Changed 2 years ago by barbaz

(Please add me to CC list for this issue, thanks)

+1 to this suggestion.
However there are so many different ways to do an automatic redirect that it's hard to imagine it's practical to take all of them into account.
I think the "force to open in the same tab" method will result in websites finding other ways to get the ad page displayed...

So here's another idea how to deal with this: what about implementing this suggestion as a filter option which makes the filter stop any webpage from navigating to webpages matching the filter?
Pro: Easier to implement. Don't have to try to determine whether anything is a redirect or not, only have to know whether the navigation was started by the user/browser (i.e. something from chrome context wants to do the navigation).
Con: Filters using that option would block links to matching addresses, but not sure that matters here. That could be worked around in filter subscriptions by $domain or $~domain, or whitelist filters using this option (as such whitelists wouldn't whitelist anything currently blockable with ABP, right?).

comment:12 follow-up: Changed 2 years ago by Lain_13

Actually my initial request is to create a way to block redirect to another page (or navigation, in this case, meaning is the same). The thing is it could be rather problematic to implement such feature and that is exactly due to so many ways to redirect a page. I've tested a couple of redirect blockers for Chrome and I haven't found even one which did his job in all cases. It's very likely that such solution will be limited to Firefox only.

My new solution is less complex. We usually know the source page and we get URL of a new page from a newly opened tab. Instead of preventing redirect we just need to close that newly opened tab and redirect current tab to the URL of that new tab and that's all we need to know and do.

comment:13 Changed 2 years ago by mapx

  • Cc barbaz added
  • Verified working unset

comment:14 in reply to: ↑ 12 Changed 2 years ago by barbaz

Replying to Lain_13:

Actually my initial request is to create a way to block redirect to another page (or navigation, in this case, meaning is the same). The thing is it could be rather problematic to implement such feature and that is exactly due to so many ways to redirect a page. I've tested a couple of redirect blockers for Chrome and I haven't found even one which did his job in all cases. It's very likely that such solution will be limited to Firefox only.

Yeah, I was taking "redirect" and "navigation" to mean two different things: redirect is always automatic (JS methods, meta refresh, etc.), but navigation could be manual (i.e. all redirect methods plus things like user clicks link, user submits form, user uses browser back button, user types new address in address bar, etc.).

My point is if you don't bother to distinguish redirect and navigation (in the way I mean the terms), you don't have to take every single method of redirection into account, all you need to know is the origin of the navigation - which I know is reliably possible in Firefox at least (haven't made such code myself though). I would suspect that the Chrome redirect blockers you tested were, for usability reasons, trying to make the distinction and thus failing some of the time.

My new solution is less complex. We usually know the source page and we get URL of a new page from a newly opened tab. Instead of preventing redirect we just need to close that newly opened tab and redirect current tab to the URL of that new tab and that's all we need to know and do.

Sure but will that stay effective? Won't these pages just be able to find other ways around it, like making the redirect page set cookie and forcing the desired destination URL to just redirect to the redirect page in the same tab if the cookie isn't set?

comment:15 Changed 2 years ago by Lain_13

Well, it's possible to use a cookie and force redirect anyway but in such case you will be throwing users away from your site and that is something most of a site owners don't really want to do. They want to show you an ad but they don't want you to start looking for the alternative. I've seen only once a site which happily thrown away his visitors to ads page and that was an image hosting.

That would be really nice to have an ability to block actual redirect but seems like it's possible to implement properly only in the Firefox.

Regarding redirects and navigation - it's problematic to distinguish one from another. For example background redirect initiated by a user's click on the link which end up opened in the new tab. In such case script on the page may remain in the scope of that click and when redirect will happen browser will still think that it was initiated by a user. Or it may loose that scope and browser will think it's something initiated by the script only even though script were started by a user's click.

comment:16 in reply to: ↑ description Changed 2 years ago by dr_boo

"ebocornac.com is the JavaScript-based popup opened in MinGeek's Pornhub NETWORK sites that is used to perform URL redirection to ads via doublepimp.com. Affiliates includes casino.com, 888casino.com, and more. The Alexa page ebocornac.com lists Pornhub NETWORK sites under "Upstream Sites" which gives the idea that this domain is dedicated to online advertisement. These pop-ups are sophisticated as neither Adblock Plus or uBlock can block these pop-ups." - https://en.wikipedia.org/wiki/MindGeek#Online_advertisment

http://ebocornac.com/fp.engine?id=7129f320-ce21-4b40-9d7e-37b1df8cf8f0&rand=56229&ver=asynch&time=-120&referrerUrl=&subId=&abr=true&hosted=true
redirect to
http://ebocornac.com/Redirect.eng?MediaSegmentId=161&rvid=0b3aec77-4ca8-4d44-ba53-573f6762a2e5&vmId=335e1ef6-f358-4d0f-9407-135b0be7061f&abr=true
redirect to
http://engine.phn.doublepimp.com/

||ebocornac.com^$popup,third-party is currently in EasyList but it didn't block the pop-ups. Neither did ||ebocornac.com^ and ||doublepimp.com^. doublepimp redirect to the ad URLs like:

Last edited 2 years ago by dr_boo (previous) (diff)

comment:17 Changed 2 years ago by mapx

  • Cc fanboy added

comment:18 Changed 2 years ago by greiner

See also #2657

comment:19 Changed 2 years ago by kuda

Last edited 2 years ago by mapx (previous) (diff)

comment:20 Changed 2 years ago by kuda

Last edited 2 years ago by mapx (previous) (diff)

comment:21 Changed 2 years ago by kuda

Last edited 2 years ago by mapx (previous) (diff)

comment:22 Changed 2 years ago by kuda

Last edited 2 years ago by mapx (previous) (diff)

comment:23 Changed 18 months ago by Compuitguy

+1

comment:24 Changed 16 months ago by mapx

  • Tester set to Unknown

another case:
http://streamin.to/embed-d6d1u1x4ade8-640x360.html

a lot of sites implemented this sort of popunder / redirect which ABP can't manage.

comment:25 Changed 16 months ago by mapx

  • Cc trev sebastian added

comment:26 Changed 16 months ago by kzar

  • Cc kzar added

comment:27 Changed 16 months ago by mapx

other case:

go to http://www.jemontremesseins.com/
click a pic

a filter like this (sure, with the new implemented logic) should fix the popunder (as in ubo, this way new filters could be added to easylist)

||exoclick.com^$popunder

or, much better, all these popunders could be blocked by default without any special keyword (I can't see a false positive case). Eventually - for these hypothetical rare cases - a keyword could be use only to create exceptions (like elemhide / generichide / genericblock)

Last edited 16 months ago by mapx (previous) (diff)

comment:28 Changed 16 months ago by Compuitguy

BTW

Pop-under is the wrong name for this issue

https://en.wikipedia.org/wiki/Pop-up_ad#Pop-under_ads

Background URL redirection is the right one

https://en.wikipedia.org/wiki/Pop-up_ad#Background_URL_redirection

comment:29 Changed 16 months ago by trev

As far as user experience goes, this is the most disruptive thing a website can do - sending the user to a different tab while also removing the history. So this approach is only used by websites that don't care about user retention (relying on incoming SEO traffic exclusively). If we do something about this issue we'll allow these websites to retain some users - arguably not a positive outcome. That's at least one way to look at this.

Let's approach it from a different angle, what can we do? We could stop websites from redirecting to particular URLs (look at TYPE_DOCUMENT/main_frame requests and prevent them if necessary). The collateral damage will be that we will also stop the user from navigating to these URLs (usually impossible to distinguish user action and automated redirect) but that's hopefully not going to be a huge issue.

The pop-up will be opened nevertheless however, so the end result is going to be two tabs with the same content. A rule like ||example.com^$first-party,popup will prevent the pop-up but it will also very likely prevent legitimate tabs from being opened. So altogether - not a really good solution.

Ideally, we could detect the background redirect pattern explicitly and close the background tab. That's much harder to be done reliably however.

comment:30 Changed 16 months ago by oleksandr

  • Cc oleksandr added

comment:31 Changed 16 months ago by Lain_13

comment:29

The pop-up will be opened nevertheless however, so the end result is going to be two tabs with the same content.

In cases which I've seen it will be two different tabs. One with source page and another one with the target. Normally it's a front page and some topic or video in the second tab.

Additionally this will allow to block cases when site throws users away _without_ opening a new tab after a timeout. I've encountered such pattern once on one image hosting.

Last edited 16 months ago by Lain_13 (previous) (diff)

comment:32 Changed 12 months ago by SMed79

New case on
http://akoam.com/download/ef29f1c0c6eb/Midnight-Special-2016-720p-BluRay-akoam-com-mkv

Wait the 30s countdown then click to download ... this will generated redirect popup which is not closed by ABP.

comment:33 Changed 11 months ago by Lain_13

BTW, I've "fixed" such behavior on a few sites using script in Tampermonkey. Look for function preventBackgroundRedirect here: https://greasyfork.org/en/scripts/19993-ru-adlist-js-fixes/code
ABP may handle this much better, though.

Last edited 11 months ago by Lain_13 (previous) (diff)

comment:34 Changed 11 months ago by kzar

(Another similar case was reported in #4305. http://rustorka.com/forum/index.php is opening a new window when the user clicks anywhere in the page. The new window immediately redirects to the advertising page using <META http-equiv="refresh" content="0;URL=http://utarget.ru/ranging/18a7c76811/click/">.)

The pop-up will be opened nevertheless however, so the end result is going to be two tabs with the same content.

I suppose we could have something like element collapsing but for tabs, at least for some platforms. If a tab is opened and attempts to redirect but the redirect is blocked, couldn't we then close the tab?

comment:35 Changed 11 months ago by Lain_13

That would be the best approach since simple prevention of redirect might be detected by site itself. In fact I've encountered a couple of sites which would infinitely open in a popup on each click if background tab hadn't opportunity to redirect and set cookies. Unless we can stop redirection past "unload" event and replace tab with content of a newly created tab.

Also, #4305 isn't duplicate of this one since redirect happens in a newly opened tab instead of a background one and have to be closed by $popup. And even does so in Firefox, but not in Chrome.

Last edited 11 months ago by Lain_13 (previous) (diff)

comment:36 Changed 4 months ago by mapx

Could we have this old issue fixed ? especially now when 99% of the bugs are regarding ABP for chrome (ABP for firefox is ... dead in the current implementation ==> see also what Wladimir said: "Given that the Firefox codebase is going away" https://issues.adblockplus.org/ticket/4919#comment:1 )

comment:37 Changed 3 months ago by mapx

still nothing ?

other case (ABP cannot manage it, no workaround):

http://9xbuddy.com/process?url=https://www.youtube.com/watch?v=_Rum3coXqoY

comment:38 Changed 2 months ago by alexmartin

I see a lot off background redirects in porn sites of Pornhub NETWORK with popunders. Exoclick is a expert in this theme. In the spanish community I see the same in a lot of sites like: http://www.videospornogratisx.xxx/tube8-com/ or https://www.zasporn.com/viejas.html ....

I do not quite understand why they use these advertising techniques. What do they gain from it? Nobody opens them!

comment:39 Changed 2 months ago by Lain_13

What do they gain from it? Nobody opens them!

The only logical conclusion I can make out of this is: they do have statistics and it shows someone actually opens these ads and pays money in the result. I know how absurd that is, but they would stop doing these popunders long ago if that wouldn't be profitable. So, it is and as long as it is they will keep doing them.

comment:40 Changed 13 days ago by mapx

  • Cc SMed79 added
Note: See TracTickets for help on using tickets.