Thursday, November 16th, 2006

Popup Nightmare 2.0?

Category: Advertising, Security

Nat Torkington on the O’Reilly Radar recently commented on the rise of “floats” (AKA “divdows”, “Ajax dialogs”).

One of the really big issues facing us, IMHO, is the new Javascript-driven ad technology called “floats”. They’re not separate windows popped up, they’re in-window divs that move up to obscure the web page and force the user to click to dismiss them. They can’t trivially be blocked because they’re generated by Javascript code within the page, and identifying such code is a similar problem to identifying viruses. They ruin the user’s experience by being unavoidable and maximally intrusive.

At the moment they’re rare (e.g., TVNZ and MSN only show them once per user per day) but if we learned anything from 2001 it’s that greed will ruin user experience if it can get an extra buck in ad revenue. We got popup blockers as a result of the 2001 popup orgy. What’s going to save us from the 2007 float invasion?

It’s really not as scary as it sounds, as these new popups can only live inside the tab/window of the app that launched them – sites that run annoying Ajax popups are only doing themselves a disservice, the web equivalent of nagware. Christian Flury has outlined the counter-arguments.

  • Javascript pop-up windows left a trace in your working environment: Even after leaving the page that had triggered them, you still had those few additional browser windows open – and those were the days before tabbed-browsing became popular, so it was already difficult enough to stay on top of your zillions of open browser windows
  • Psychologically, from a site owner’s perspective, a pop-up window is not as closely associated with your page as an ad that occupies your own real estate, so to speak.
  • More importantly, back in the olden days, it was far from obvious, especially to the not so tech-savvy, which page had actually triggered the pop-up window.

That said, there are still security implications – with richer graphics and browser scripting, it’s easier to pretend you’re a native OS dialog box.

Posted by Michael Mahemoff at 5:34 pm

3.5 rating from 78 votes


Comments feed TrackBack URI

I like the detail that the layer ads (that is the term for it for some time though now, isn’t it?) are “JavaScript generated”. How would you create a full popup window without JavaScript (target=”_blank” doesn’t count as you want to open a popup and load the other page)?

It is the same annoyance, and quite a natural progression. As most browsers offer popup blockers by default now advertisers find another way.

Comment by Chris Heilmann — November 16, 2006

NoScript and Adblock Firefox extensions are both very capable of dealing with these annoyances. They can also get rid of those annoying mouseover keyword ads sprinkled in content.

The public at large though, will probably just suffer through it, unless a savvy Firefox user helps them out.

Comment by casey — November 16, 2006

I did one for jQuery the other day (native XP aqua look). It is almost finished (only needs the iframe hack for msie) but this is a good example with this article. P.s. the code will be in jQuery SVN soon.

Comment by Gilles — November 17, 2006

The problem here is that popup blockers will have to use broader rules to get rid of these, and some users will just decide it all isn’t worth it and turn Javascript off altogether.

I’m worried that these new spawns of bad advertising will prompt more and more users into something that is already dreaded by most reading this site: “The javascript-disabled browser”. Don’t deny it, even if you’re building accessibility and scalability we’re all secretly wishing for the day when Javascript covers 100% of the user base.

An alternative that used to work was using platypus to create greasemonkey scripts to get rid of these in individual sites. Now advertisers have caught on this and randomize element names and functions so it’s harder to catch.

Comment by Eduo — November 17, 2006

Don’t get me wrong, i don’t use it for advertising nor do i encourage the use of these kind of popups. I merely use mine in a controlled environment where i am sure the user has javascript turned on (cms/intranet applications). This improves usability without having to worry about popup blockers.

Comment by Gilles — November 17, 2006

Gilles, I think you should worry about disguising your ajax dialogs as standard winxp windows.
Last night my father rushed me to his room declaring “look at this, a message box popped up saying I’m their millionth user and I’m getting rich!”.

This sort of advertisement, tricking customers into thinking it’s not one, should be regarded false in every media. Just like the little “sponsored ad” comment in newspapers.

Comment by n0nick — November 17, 2006

It is simple to create a layer ad that works if javascript is disabled:

top:20px; left:300px;
width:200px; height:200px;
border:solid 1px red;
#ad:visited { display:none; }

[a href=”randomlink.html” id=”ad” target=”closead”]
[form action=”buy.html” method=”get”][input type=”submit” value=”buy” /][/form]
[iframe name=”closead” src=”about:blank”][/iframe]

Took 2 minutes to invent/build/test.

Now you need to turn off CSS to avoid floating ads.

Comment by Lon — November 17, 2006

I have to agree with Lon, the detail that these layer ads are normally generated by JavaScript is not really important, if anything it helps to block them because often those scripts are loaded from known adertisement URLs.

Comment by Christian Decker — November 17, 2006

The web will always have some sort of annoying pop-up or ad; it’s what drives the whole thing. Blocking third-party JS might also help.

I highly recommend using the combination of DNSKong and eDexter. The former is a lightweight DNS proxy which resolves ad-serving domains (with user-editable filters, wildcards and so on) to, the latter is a very small web server which pumps out transparent 1×1-pixel GIFs. So eg., resolves to and requests go there rather than the actual host, custom JS and GIFs can be returned to prevent render errors etc.

Not only do I feel like I browse faster, it’s much more free of ads and cookies. ;)

Comment by Scott Schiller — November 17, 2006

I know – instead of trying to block them, avoid websites that use them. It’s a well proven strategy. Eventually advertisers will have no one to bother. If that doesn’t work out, I’m sure you can find your Hilary Duff images on a different non-spamming website. Cause we know what you’re doing …

Comment by Dan — November 21, 2006

These floating ads use the exact same techniques as all of the the new ‘Web 2.0’ AJAX enabled sites. Block the ads and block the added functionality. Let’s hope all of the cutting edge sites employed progressive enhancement in their design.

Comment by Mac — January 12, 2007

yeah.ajax dialogs as standard winxp windows is a important point.

Comment by IP — May 16, 2007

I think the standard nomenclature for this type of interaction is a modal window.

The term floats is a little confusing, especially when dealing with CSS because of the float property.

Comment by Cory Duncan — May 25, 2007

I think blogs are the new business cards as well.


Comment by 対策 — May 29, 2007

Blogs are the new business cards? Interesting aspect, but that’s a saubject we could talk very long about and I believe there won’t be a conclusion!

Comment by Matthew — July 8, 2007

I want popup comment/suggestion form in my home page which passes through popup blocker. Looking for the resource to implement that. Hope will find soon.

Comment by Kaps — August 10, 2007

I think you should worry about disguising your ajax dialogs as standard winxp windows.

Comment by Speed Dating — August 21, 2007

Yeah, I really hate pop-up.

Comment by FIRSTSEO対策 — November 7, 2007

these are really annoying. we never use any popups on our sites.

Comment by rent back — November 22, 2007

is right?

Comment by tcwebmaster — December 12, 2007

If I have to use this kind of ads i prefer pop-under.

Comment by Tapety — December 16, 2007

There’s a bookmarklet to kill these floats…

Comment by junkiewise — May 3, 2011

Leave a comment

You must be logged in to post a comment.