Warrior Tang (tangaroa) wrote,
Warrior Tang
tangaroa

A potential method of blocking popover ads

The problem:

CSS/JS popover ads are almost as bad as popup ads used to be.

Popovers can be blocked by turning off Javascript, but users might not want to do that.

Diagnosis:

Popover ads have three geographic attributes:

  • Location - The X/Y location of the top-left corner.
  • Size - The screen area that the ad covers.
  • Z-Index - The third dimension of the ad. What makes it pop over

Popover ads also have these attributes:

  • Content - Popover ads are likely to have less material inside them (smaller paragraphs and less text) than the content which they are popping over.
  • Generation - Popover ads are more likely to be generated by javascript than to be part of the static content.
  • Destruction - There is code somewhere to remove or hide a popover ad. The obvious methods are destroying the node, undisplaying it, or removing its z-index.

Identifying potential popovers:

When a browser comes across material with a non-default Z-index, it can ask the questions:

  • Does this material have a higher Z-index than other material?
  • Is there other material with a higher Z-index than this material?

If so, score it based on these factors:

  • Is it covering a significant area of another node?
  • Is it covering a significant area of static content?
  • Is it covering something with more text than it contains?
  • Is it created by a script, or have its borders or z-index been changed by a script?
  • Is there javascript code to destroy, undisplay, or change the z-index of the popped-over node or any of its parents? (requires lookahead, will be difficult)

Handling potential popovers and false positives

Quick thoughts:

  • The browser can place a warning icon on the status bar. Clicking the icon will list popovers and allow the user to accept them.
  • Caught popovers should stop running and any javascript dealing with them should be paused.
  • Popovers can be permanently blocked based on the URL of the script that creates them. Wildcards should be acceptable. Node IDs, line numbers, and even script hashes are too easily changed; I can easily see an ad company fluxing its scripts by changing the variable names every load.
  • Potential popovers originating from certain URLs can be whitelisted.
  • If a popover is blocked by a blacklist, it should be removed from the DOM tree.
  • To block popovers opens the issue that companies seeking ad revenue might change their content to match the heuristics of a popover while making the popover part of the main HTML page.

Additional idea: Browsers should have whitelist and blacklist tables for which URLs are allowed to use Javascript.

Subscribe

  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments