A new spam policy for “back button hijacking”

Reddit! I'm looking at you?

I remember when I worked at HuffPo and they started doing this. I called out the org and they all just shrugged.

Maybe we can get facebook finally drop this dark pattern

So someone developed a malicious plugin to achieve this? Otherwise, I can't imagine how they could bypass the browser to do this.

Does this also apply to sites like instagram that simply erase your entire back button history if you visit the site.

I want my browser history to be immutable and operate like a tree and not like a stack.

I'm at a stage when I click back button extremely rarely and is amazed when it works as I expected.

So why don't google just disable the possibility of hijacking the back button in Chrome, to give an example?

Are they considering all uses of window.history.pushState to be hijacking? If so, why not remove that function from Chrome?

i wonder if this includes sites that do auto-redirect: A -> B (auto-redirect) -> C

if i'm on page C and go back, page B will take me to page C again. i think this is more about techincal incompetence rather than malicious intent, but still annoying.

This would have been great back when I used a search engine to visit web pages.

Great! So they'll fix the back button bugs on YouTube, and return me to the previous set of video recommendations when I use it on the homepage, right? Right? And let me return to the actual site when it detects that I lost the web connection for 0.01 seconds and hides all the content, and I then press the back button?

Instagram comments page requires 2 quick back press or else it won't take to previous page

is there a policy on "home button hijacking"?

I'm tired of apps that intercept home button to ask "are you sure?" - home button is home button, return me to the main phone screen

also, ads at the bottom of the screen, so that if you miss home button you open a website

Really wish this was applied to phone apps. In Android at least, app A linking to app B will FREQUENTLY break the "back" functionality, allowing app B to handle the "back" action instead of doing what every user would expect 100% of the time, which is to go back to app A.

20 years too late SEO fix.

Cool, now maybe let's do something about all the shit I have to clear out out my face before I can read a simple web page. For example, on this very article I had to click "No thanks" for cookies and then "No thanks" for a survey or something. And then there was an ad at the top for some app that I also closed.

It's like walking into some room and having to swat away a bunch of cobwebs before doing whatever it is you want to do (read some text, basically).

This is great. Can Google also stop scroll hijacking?

Nice. This has been existed for too long.

Microsoft joke support forum stil does this?

How does this work? How can a site inject a totally different site into the history? I thought eg the History API only lets you add to the stack and pop, not modify history?

Is there not a plugin that helps to fix this?

When I first heard of the APIs that allowed websites to modify browser history it sounded like a huge mistake. I still feel that way to this day.

It seems like a lot of the APIs that make a website act like an application need to be disabled by default; and some kind of friction needs to exist to enable them.

Edit: I'm not sure what kind of friction is needed, either an expensive review process (that most application developers would complain about but everyone else would roll their eyes) or a reputation system. Maybe someone else can think of a better approach than me?

It's getting very tiring seeing things that could be first-class user defined controls baked in the browser so that you have true agency over the behaviour being done like this

It's like the other thread from before where LinkedIn scans for your extensions, the fact they can do that without prompting for permission from the user is baffling

That's a great step in the right direction since that happens to me all the time. But the penalty of "Manual spam action or automated demotion in Google Search results (as a 'malicious practices' spam violation)" seems a bit lenient.

Popups were dealt in a way that could be useful here, they're only permitted when the user directly generates the interaction that creates the popup (not scripted). The back button could use the same algorithm back in history, only go back to screens that the user directly navigated.

I never understood why browsers ever allowed this in the first place. It's obviously bad. Yeah, yeah there are "reasons" but it's still obviously a bad solution to whatever "problem" they were trying to solve.

Ah the irony. Wouldn't let me go back without clicking the cookie thing.

too little, too late. The API for interacting with the back button in Javascript should never have existed in any capacity.

that's crazy things goin on

> We believe that the user experience comes first.

If by "user" you mean advertisers, sure you do. Everyone else is an asset to extract as much value from as possible. You actively corrupt their experience.

The fact these companies control the web and its major platforms is one of the greatest tragedies of the modern era.

> Notably, some instances of back button hijacking may originate from the site's included libraries or advertising platform. We encourage site owners to thoroughly review their technical implementation...

Hah. In my time working with marketing teams this is highly unlikely to happen. They're allergic to code and they far outnumber everyone else in this space. Their best practices become the standard for everyone else that's uninitiated.

What they will probably do is change that vanity URL showing up on the SERP to point to a landing page that meets the requirements (only if the referer is google). This page will have the link the user wants. It will be dressed up to be as irresistible as possible. This will become the new best practice in the docs for all SEO-related tools. Hell, even google themselves might eventually put that in their docs.

In other words, the user must now click twice to find the page with the back button hijacking. Even sweeter is that the unfettered back button wouldn't have left their domain anyway.

This just sounds like another layer of yet more frustration. Contrary to popular belief, the user will put up with a lot of additional friction if they think they're going somewhere good. This is just an extra click. Most users probably won't even notice the change. If anything there will be propaganda aimed at aspiring web devs and power users telling them to get mad at google for "requiring" landing pages getting in the way of the content (like what happened to amp pages).

Google should actually fix this from the browser side instead of trying to seriously punish potentially buggy sites.

Now if only they'd do this for Android apps that hijack the back button to pop up things, or say "are you sure you want to leave?"

Now, if they only declared scroll hijacking as spam...

will google really punish sites for doing this? and if so how do i report a site? i guess i could email the site with the google link and suggest they fix it first

Now to prevent scroll bar hijacking.

Great. Now do Android phones...

Maybe there should be a policy against links that display one destination but actually go somewhere else by changing the target with an onclick event.

oh wait.. that won't happen: google is the biggest offender, using that technique to surveil browsing activity.

I don't trust Google.

We need to go back to an independent and competent research group designing standards. Right now Google pwns and controls the whole stack (well, not really ALL of it 1:1, but it has a huge influence on everything via the de-facto chrome monopoly).

Remember how Google took out ublock origin. They also lied about this aka "not safe standards" - in reality they don't WANT people to block ads.

Now do paywalls next.

[dead]

[dead]

[dead]

[dead]

The idea of Google lecturing anybody about hijacking UI for dark patterns is absurd.

The company that hijacked an open source mobile OS and turned it into a closed source profit machine.

The company that hijacked the web so “accelerated mobile pages” could effect a walled garden.

The company that hijacked a browser and turned it into an anti-privacy tracking system.

It’s like R. Kelly giving a keynote on safeguarding minors.

EDIT: …but, yes, to be clear, I loathe the hijacking of back buttons too. Just a shame I have to read this sanctimonious shit from a company with such a terrible track record on trust.

Easy fix:

JS doesn't let you change back button behaviour.

Q. But what about SPA?

A. Draw your own app-level back button top left of page.

Another solution: make it a permisson.