Prevent background redirects

[Lain_13]

Background

Example: ​http://tod-news.com/903-nbu_pokazav_novu_stogrivnevu_kupyuru_foto.html
Try to click on the image or article header at the right side.

You may notice that URL will be opened in a new tab and then content of the old background tab will be replaced with advertisement page (​http://baila.kralia.com/?source=tod-back).

There should be a way to prevent such redirects. I've seen this trick on some sites and I've seen at least one ads network which used this trick.

Another example: ​http://www.pics-money.ru/6/65478/1/
This one even more annoying since redirects you _without_ any clicks. Just wait for a few seconds and it will try to open ads page.

What to change

Implement $redir flag which will prevent redirection to the target page if it matches. Similar to $popup one. If a page were redirected in the background tab - close that tab.

Alternative: make $popup handle both popups and redirects since it already monitors chains of redirections in the newly opened tabs.

[Lain_13]

Forgot to mention but second link is NSFW.

[mapx]

they are using inline script ...

<script language="javascript" type="text/javascript">parent.window.opener.location="​http://baila.kralia.com/?source=tod-back"; </script>

[mapx]

It could be interesting to have a filtering system for inline stuff but only for a specific domain and eventually restricted to the custom filters

[Lain_13]

Second one perform redirection through meta tag:
<meta http-equiv="refresh" content="13; url=​http://tinyurl.com/pdl28z3">

So, filtering inline scripts won't prevent all possible redirects. It may help to block some anti-adblock scripts, though.

[mapx]

for meta tags
​http://stackoverflow.com/questions/7720461/is-it-possible-to-disable-meta-refresh-in-google-chrome
​http://stackoverflow.com/questions/2568760/is-it-possible-to-use-javascript-to-change-the-meta-tags-of-the-page

[Lain_13]

Seems like module should be "Core".

[greiner]

Replying to Lain_13:

Seems like module should be "Core".

At this point that's still unclear. Popup blocking is platform-specific so extending the $popup behavior, for instance, wouldn't necessarily affect Core.

[Lain_13]

Hi,

I just got an idea how to solve this issue in a different, or rather opposite way. Instead of closing background tab I propose to enforce opening URL of a new tab in the current tab. So, it won't be able to perform redirection script at all. In such case it will even fix tab history which this method of opening ads breaks!

BTW, yet another example of this issue: ​http://www.youporn.com/ (NSFW)
Try to navigate pages at the bottom.

[barbaz]

(Please add me to CC list for this issue, thanks)

+1 to this suggestion.
However there are so many different ways to do an automatic redirect that it's hard to imagine it's practical to take all of them into account.
I think the "force to open in the same tab" method will result in websites finding other ways to get the ad page displayed...

So here's another idea how to deal with this: what about implementing this suggestion as a filter option which makes the filter stop any webpage from navigating to webpages matching the filter?
Pro: Easier to implement. Don't have to try to determine whether anything is a redirect or not, only have to know whether the navigation was started by the user/browser (i.e. something from chrome context wants to do the navigation).
Con: Filters using that option would block links to matching addresses, but not sure that matters here. That could be worked around in filter subscriptions by $domain or $~domain, or whitelist filters using this option (as such whitelists wouldn't whitelist anything currently blockable with ABP, right?).

[Lain_13]

Actually my initial request is to create a way to block redirect to another page (or navigation, in this case, meaning is the same). The thing is it could be rather problematic to implement such feature and that is exactly due to so many ways to redirect a page. I've tested a couple of redirect blockers for Chrome and I haven't found even one which did his job in all cases. It's very likely that such solution will be limited to Firefox only.

My new solution is less complex. We usually know the source page and we get URL of a new page from a newly opened tab. Instead of preventing redirect we just need to close that newly opened tab and redirect current tab to the URL of that new tab and that's all we need to know and do.

[barbaz]

Replying to Lain_13:

Actually my initial request is to create a way to block redirect to another page (or navigation, in this case, meaning is the same). The thing is it could be rather problematic to implement such feature and that is exactly due to so many ways to redirect a page. I've tested a couple of redirect blockers for Chrome and I haven't found even one which did his job in all cases. It's very likely that such solution will be limited to Firefox only.

Yeah, I was taking "redirect" and "navigation" to mean two different things: redirect is always automatic (JS methods, meta refresh, etc.), but navigation could be manual (i.e. all redirect methods plus things like user clicks link, user submits form, user uses browser back button, user types new address in address bar, etc.).

My point is if you don't bother to distinguish redirect and navigation (in the way I mean the terms), you don't have to take every single method of redirection into account, all you need to know is the origin of the navigation - which I know is reliably possible in Firefox at least (haven't made such code myself though). I would suspect that the Chrome redirect blockers you tested were, for usability reasons, trying to make the distinction and thus failing some of the time.

My new solution is less complex. We usually know the source page and we get URL of a new page from a newly opened tab. Instead of preventing redirect we just need to close that newly opened tab and redirect current tab to the URL of that new tab and that's all we need to know and do.

Sure but will that stay effective? Won't these pages just be able to find other ways around it, like making the redirect page set cookie and forcing the desired destination URL to just redirect to the redirect page in the same tab if the cookie isn't set?

[Lain_13]

Well, it's possible to use a cookie and force redirect anyway but in such case you will be throwing users away from your site and that is something most of a site owners don't really want to do. They want to show you an ad but they don't want you to start looking for the alternative. I've seen only once a site which happily thrown away his visitors to ads page and that was an image hosting.

That would be really nice to have an ability to block actual redirect but seems like it's possible to implement properly only in the Firefox.

Regarding redirects and navigation - it's problematic to distinguish one from another. For example background redirect initiated by a user's click on the link which end up opened in the new tab. In such case script on the page may remain in the scope of that click and when redirect will happen browser will still think that it was initiated by a user. Or it may loose that scope and browser will think it's something initiated by the script only even though script were started by a user's click.

[dr_boo]

"ebocornac.com is the JavaScript-based popup opened in MinGeek's Pornhub NETWORK sites that is used to perform URL redirection to ads via doublepimp.com. Affiliates includes casino.com, 888casino.com, and more. The Alexa page ebocornac.com lists Pornhub NETWORK sites under "Upstream Sites" which gives the idea that this domain is dedicated to online advertisement. These pop-ups are sophisticated as neither Adblock Plus or uBlock can block these pop-ups." - ​https://en.wikipedia.org/wiki/MindGeek#Online_advertisment

• Pornhub NETWORK site popups appears when you click on their logos (eg the Porhhub logo in ​http://www.pornhub.com/, or the Tube8 logo in ​http://www.tube8.es/)

​http://ebocornac.com/fp.engine?id=7129f320-ce21-4b40-9d7e-37b1df8cf8f0&rand=56229&ver=asynch&time=-120&referrerUrl=&subId=&abr=true&hosted=true
redirect to
​http://ebocornac.com/Redirect.eng?MediaSegmentId=161&rvid=0b3aec77-4ca8-4d44-ba53-573f6762a2e5&vmId=335e1ef6-f358-4d0f-9407-135b0be7061f&abr=true
redirect to
​http://engine.phn.doublepimp.com/

||ebocornac.com^$popup,third-party is currently in EasyList but it didn't block the pop-ups. Neither did ||ebocornac.com^ and ||doublepimp.com^. doublepimp redirect to the ad URLs like:

• ​https://casinosaga.host.bannerflow.com/2878_86353.html?btag=654895_007E80775FE84E9AB7DB93AA88E3FC19&affid=p_se_t8
• ​http://www.slotsheaven.se/?b=football_girls&SID=210169&p=1
• ​http://www.club777.com/media/wide/slots/aztecax/?SID=210168&p=1
• ​http://www.casino.com/sv/?b=double_p&SID=190986&p=1
• ​http://www.casino.com/sv/media/wide/slots_3200/football_girls/?b=double_p&SID=209333&p=1
• ​http://www.casino.com/sv/media/wide_200p/slots/bonus_bears/?b=med_200p&SID=209518&p=1
• ​http://sv.888casino.com/media/gonzo-video.htm?utm_medium=mb&utm_source=2930&utm_campaign=28290
• ​http://sv.888casino.com/?utm_medium=mb&utm_source=2930
• ​http://sv.888casino.com/media/freeplay-edge-slots.htm?utm_medium=mb&utm_source=2930&utm_campaign=28290
• ​http://cherry-love.com/10/campaign8055?utm_source=dda&utm_medium=web&utm_campaign=thunt_wp&utm_term=4616_redtube.com_Redtube_Popunder&utm_content=pop_ypswe&ts=d8ebba17-3077-4bb7-a09e-e3df3828694e
• ​http://s.vgsgaming-ads.com/adiframe|3.0|1460|5043316|0|16|ADTECH;target=_blank;sub1=;sub2=;sub3=;sub4=;misc=1998

[greiner]

See also #2657

[Compuitguy]

+1

[mapx]

another case:
​http://streamin.to/embed-d6d1u1x4ade8-640x360.html

a lot of sites implemented this sort of popunder / redirect which ABP can't manage.

[mapx]

other case:

go to ​http://www.jemontremesseins.com/
click a pic

a filter like this (sure, with the new implemented logic) should fix the popunder (as in ubo, this way new filters could be added to easylist)

||exoclick.com^$popunder

or, much better, all these popunders could be blocked by default without any special keyword (I can't see a false positive case). Eventually - for these hypothetical rare cases - a keyword could be use only to create exceptions (like elemhide / generichide / genericblock)

[Compuitguy]

BTW

Pop-under is the wrong name for this issue

​https://en.wikipedia.org/wiki/Pop-up_ad#Pop-under_ads

Background URL redirection is the right one

​https://en.wikipedia.org/wiki/Pop-up_ad#Background_URL_redirection

[trev]

As far as user experience goes, this is the most disruptive thing a website can do - sending the user to a different tab while also removing the history. So this approach is only used by websites that don't care about user retention (relying on incoming SEO traffic exclusively). If we do something about this issue we'll allow these websites to retain some users - arguably not a positive outcome. That's at least one way to look at this.

Let's approach it from a different angle, what can we do? We could stop websites from redirecting to particular URLs (look at TYPE_DOCUMENT/main_frame requests and prevent them if necessary). The collateral damage will be that we will also stop the user from navigating to these URLs (usually impossible to distinguish user action and automated redirect) but that's hopefully not going to be a huge issue.

The pop-up will be opened nevertheless however, so the end result is going to be two tabs with the same content. A rule like ||example.com^$first-party,popup will prevent the pop-up but it will also very likely prevent legitimate tabs from being opened. So altogether - not a really good solution.

Ideally, we could detect the background redirect pattern explicitly and close the background tab. That's much harder to be done reliably however.

[Lain_13]

comment:29

The pop-up will be opened nevertheless however, so the end result is going to be two tabs with the same content.

In cases which I've seen it will be two different tabs. One with source page and another one with the target. Normally it's a front page and some topic or video in the second tab.

Additionally this will allow to block cases when site throws users away _without_ opening a new tab after a timeout. I've encountered such pattern once on one image hosting.

[SMed79]

New case on
http://akoam.com/download/ef29f1c0c6eb/Midnight-Special-2016-720p-BluRay-akoam-com-mkv

Wait the 30s countdown then click to download ... this will generated redirect popup which is not closed by ABP.

[Lain_13]

BTW, I've "fixed" such behavior on a few sites using script in Tampermonkey. Look for function preventBackgroundRedirect here: ​https://greasyfork.org/en/scripts/19993-ru-adlist-js-fixes/code
ABP may handle this much better, though.

[kzar]

(Another similar case was reported in #4305. ​http://rustorka.com/forum/index.php is opening a new window when the user clicks anywhere in the page. The new window immediately redirects to the advertising page using <META http-equiv="refresh" content="0;URL=http://utarget.ru/ranging/18a7c76811/click/">.)

The pop-up will be opened nevertheless however, so the end result is going to be two tabs with the same content.

I suppose we could have something like element collapsing but for tabs, at least for some platforms. If a tab is opened and attempts to redirect but the redirect is blocked, couldn't we then close the tab?

[Lain_13]

That would be the best approach since simple prevention of redirect might be detected by site itself. In fact I've encountered a couple of sites which would infinitely open in a popup on each click if background tab hadn't opportunity to redirect and set cookies. Unless we can stop redirection past "unload" event and replace tab with content of a newly created tab.

Also, #4305 isn't duplicate of this one since redirect happens in a newly opened tab instead of a background one and have to be closed by $popup. And even does so in Firefox, but not in Chrome.

[mapx]

Could we have this old issue fixed ? especially now when 99% of the bugs are regarding ABP for chrome (ABP for firefox is ... dead in the current implementation ==> see also what Wladimir said: "Given that the Firefox codebase is going away" https://issues.adblockplus.org/ticket/4919#comment:1 )

[mapx]

still nothing ?

other case (ABP cannot manage it, no workaround):

http://9xbuddy.com/process?url=https://www.youtube.com/watch?v=_Rum3coXqoY

[alexmartin]

I see a lot off background redirects in porn sites of Pornhub NETWORK with popunders. Exoclick is a expert in this theme. In the spanish community I see the same in a lot of sites like: http://www.videospornogratisx.xxx/tube8-com/ or https://www.zasporn.com/viejas.html ....

I do not quite understand why they use these advertising techniques. What do they gain from it? Nobody opens them!

[Lain_13]

What do they gain from it? Nobody opens them!

The only logical conclusion I can make out of this is: they do have statistics and it shows someone actually opens these ads and pays money in the result. I know how absurd that is, but they would stop doing these popunders long ago if that wouldn't be profitable. So, it is and as long as it is they will keep doing them.

[mapx]

another case
​https://adblockplus.org/forum/viewtopic.php?f=10&t=53351

2 years, still nothing, in uBo there is $popunder, ABP ?

[SMed79]

Hi guys,
why do you think that fixing #2095 #4724 #4800 is not a priority?

another case [...] 2 years, still nothing

we can provide 1000 case if needed...

http://filmstreamvk.ws/
http://www.seriestreaming.net/
http://cpabien.xyz/
https://www.dpstream.net/
http://streamzzz.online/
http://www.k-streaming.com/
http://www27.zippyshare.com/v/echSEvrc/file.html
http://mystream.la/external/5HNEL63O7QZO
http://www.youtube-mp3.org/
http://uptobox.com/o94v634z9hss
http://watchers.to/embed-zrydf6dwtfxp.html
http://egybest.site/
http://1337x.to/
https://smutty.com/ (nsfw)
https://notsmutty.com/ (nsfw)

Please fix !!!

[mapx]

well, I can understand #4724 #4800 are not an emergency (even if ... the users are still using ABP in firefox and not webext ABP in FF) because will be replace by ABP in chrome (which is working fine for those popups), but #2095 is really incomprehensible why this complete immobility.

[sebastian]

It seems this kind of behavior might be ​blocked by default in Chrome soon.

[andresjose]

I have a similar problem, I am developing a page of xxx videos similar to youporn and I am having errors with this function.

Can somebody help me?

The website is

http://www.webcampornotube.com/xxx

[SMed79]

Millions users are ​redirected daily from ViaMichelin sites :

https://www.viamichelin.com/
https://www.viamichelin.at/
https://www.viamichelin.be/
https://www.viamichelin.ch/
https://www.viamichelin.co.uk/
https://www.viamichelin.de/
https://www.viamichelin.es/
https://www.viamichelin.fr/
https://www.viamichelin.ie/
https://www.viamichelin.it/
https://www.viamichelin.nl/
https://www.viamichelin.pl/
https://www.viamichelin.pt/

Is anything foreseen to fix this issue?

[sebastian]

Sorry, but we switched to GitLab. If this issue is still relevant, please file it again in the ​new issue tracker.