How to reliably eliminate pop-up and pop-under advertising

So, you've had it with popups and popunders, those annoying advertisements on the web that open a new web browser windows without your permission and chew up the valuable Internet bandwidth that you're paying for!

I bet you've even tried to install or turn on "popup blockers" and found that that they're not 100% reliable. That's because that class of software has to try and guess the difference between a window you asked for, and a window that probably contains an ad, and that's impossible to do with 100% accuracy.

JavaScript is the True Culprit

Well, it's really easy to permanently disable all pop-ups and pop-unders because they all depend on a technology in your web browser called JavaScript. It's a real programming language that can tell your web browser to do all kinds of things behind your back. JavaScript can come embedded in any web page that you choose to look at, and it is executed (run) immediately without you doing anything more than loading that web page in your browser.

Think that sounds dangerous, like some kind of computer virus? You're not far off the mark. The web browser companies put this technology into the web browsers over the objections of the entire computer security community, because they were listening more to the web site designers. The designers wanted more control over how the web browsers displayed web pages, and to try and prevent the users (that's you) from doing things they didn't like.

The web browser companies tried to answer the objections of the computer security experts by claiming that JavaScript was restricted enough that it couldn't do anything "dangerous" despite the difficulty of trying to imagine and prevent all the possible "dangerous" combinations. Of course, limited software liability means that even if the web browser companies goofed and allowed something bad to happen, they're still not liable for your losses!

Still, I give them a little credit: they left an "off" switch in your web browser for JavaScript (guilty consciences, perhaps?), even if it defaults to "on" - so the simple advice is: turn JavaScript off, and be free of pop-ups, pop-unders, and a whole host of other real and potential computer security problems.

The checkbox for JavaScript is somewhere in the "Preferences" or "Properties" for your web browser, depending on which one you use (yes, Virginia, Microsoft's Internet Explorer is not the only one!), and which operating system (e.g. Apple MacOS X, Microsoft Windows) you use.

A Downside to Turning It Off

Unfortunately, there is a downside to this: there are quite a few very badly designed web sites that just absolutely require JavaScript to work at all. Make no mistake: these sites are designed wrong by web designers who don't understand how the web is supposed to work.

There is a web site design discipline called "graceful degradation" in which a designer designs a web site to work with every web browser that comes along, no matter what its capabilities. Put another way, in that design discipline, JavaScript can be used to enhance a web site's form and function, but should never be required for the web site to work.

So, when you come across a site that requires JavaScript, write an E-mail to the webmaster and complain. If it's a retail outlet, complain to their customer service department as well, and take your business elsewhere until they reform. If enough people do this, it will impact the profits of those companies, and like all companies that seek profit (unlike the ones that seek bankruptcy), they will respond.

A Pragmatic Strategy

As a compromise, you might consider doing what I do: my "default" web browser (the one my system will bring up to display random URLs) has JavaScript turned off, and I browse the web that way all the time. However, every so often, I have to look at what I call an "all-singing, all-dancing" web site whose designer is so enamoured of all these fancy "web technologies" that s/he used all of them in the site's design, regardless of whether they actually enhance the site or not.

So, for those sites, I keep another web browser program around with everything enabled, but I also recognize that when I invoke that brower, I'm taking some risks with my computer's security. It's annoying, but until the chorus of complaints about JavaScript reach a point that forces the badly designed web sites to remove it, I'm stuck occasionally being pragmatic about permitting it in order to get stuff done.

My computer is my own to control and use. It offends me that any web site designer thinks s/he should be able to take it over even a little bit.


Erik Fair <fair@clock.org>
June 27, 2004

[HOME] [INDEX]