no_lj_ads: Popups on LiveJournal? Say it ain't so.

Ciaran (

ciaran_h) wrote in

no_lj_ads,
@ 2006-06-23 20:37:00

Entry tags:

inappropriate ads, issues with ads

Popups on LiveJournal? Say it ain't so.
Hi there,

New member of this community checking in. Hi! :)

I wanted to crosspost an entry here which I wrote in my personal journal today. It doesn't deal directly with the issue of not wanting LJ ads, but it deals with an issue some people have been having with popups on LiveJournal.

Popups on LiveJournal? Say it ain't so.
23rd June 2006, 11:58 (BST)

Okay, I will. It ain't so. There's been no LiveJournal policy change. Popups are not, as far as I know, ever going to appear on LJ.

So why are some S+ users getting them now?

To cut a long story short, this is because of a certain advertiser - kpremium.com (not linked; don't go there, I don't believe they deserve it) - being sneaky and underhanded. It's not LJ's fault, and I have no doubt that the ad will be gone in a few hours.

The ad itself is for a program that lets you download stuff - you know the sort of thing. The ad is a Flash ad, and masquerades as a banner ad.

Thing is, the Flash ad contains code to open a popup that leads to a very different destination - it's what I assume is an affiliate link that attempts to download and install ErrorSafe on your computer (link is to Symantec's description of it).

This, of course, would be totally against any ad company's guidelines. Masquerading as a banner ad, but discreetly opening a popup - and not only that, but to what people consider malware - is totally against any ad company's guidelines. So how did it get through?

Simple - the ad actually contacts its website in the background, and the site returns a response code that tells it whether to display the popup or not - "popup=1". My guess is that kpremium.com returned "popup=0" while the ad company were testing the ad for conformance to guidelines, and then they turned it back on once it was out in the wild.

This, my friends, is an absolutely despicable way to do things.

So, it's not LiveJournal's fault. No LJ policy change has been made. kpremium.com are the underhanded ones, and the ad company didn't spot the request the ad made. I have every faith that LiveJournal will nuke the offending ad as soon as possible.

Grrrrr.

It's worth pointing out that I'm against all ads on LJ, not just popups. But I wanted to make sure people knew that this wasn't LJ's fault, and they didn't do this deliberately. In fact, they had no control over it. I haven't checked to see if the ad is gone yet, though.

[edit:

lj_ads has a post on the problem.]

(Post a new comment)

	burr86 2006-06-23 07:47 pm UTC (link)
	See lj_ads for an update about this. (Reply to this)

	ex_shattered767 2006-06-23 07:48 pm UTC (link)
	Has anyone reported this to LJ? It will most likely take someone pointing it out for them to remove it. (Reply to this)

foxfirefey
2006-06-23 07:51 pm UTC (link)

Hey, you're a wee bit of a slow poke! ::wink:: We could've scoped

lj_ads if you were a bit earlier, teehee.

Although I'm in agreement that this isn't directly LJ's fault, per se, I disagree that they have no control over it. They could control it by refusing to run Flash ads. People begged for no Flash ads, even users otherwise open to ads. The Flash ads are just being used for annoying animation, anyway. GIFs can animate (tho' perhaps not as gratuitously in a small space as Flash), and they never have launched popups or popunders, to my knowledge.

Now I'm going to post about FlashBlock.

(Reply to this)(Thread)

	PS foxfirefey 2006-06-23 07:52 pm UTC (link)
	If you could be a dear and ad a link to the lj_ads post, that'd be awesome! (Reply to this)(Parent)(Thread)

	Re: PS ciaran_h 2006-06-23 08:30 pm UTC (link)
	Oh, you were talking to me? My bad, I didn't see it before. I went and added a link in the post. (Reply to this)(Parent)(Thread)

	Re: PS foxfirefey 2006-06-23 08:32 pm UTC (link)
	Sweet, I figure it's good to cross reference! Thank you very much! (Reply to this)(Parent)

Re: PS

ciaran_h
2006-06-23 08:12 pm UTC (link)

I use Flashblock all the time. It's awesome, and was actually very helpful in finding out what the cause of the popup was - as the popup only appeared once the Flash ad was unblocked by clicking on it. That meant that the popup was directly related to the Flash ad and was almost certainly not an LJ customisation.

And sorry for being slow. :) I'd have posted earlier but I got sidetracked.

(Reply to this)(Parent)(Thread)

Re: PS

foxfirefey
2006-06-23 08:15 pm UTC (link)

FlashBlock is awesome, right now I'm just trying to find options for the other browsers, too. We try to be fairly browser agnostic. That reminds me, recently I gave someone instructions for user css styles in Camino, I should add that to the big instruction list...

Also note that this post is a PERFECT example of a good, informative post relating to ads on LJ. I've tried to keep this community from having nothing but "OMG WE HATE ADS AND DON'T WANT THEM" posted over and over, and tried to focus on information and in depth discussions.

(Reply to this)(Parent)

	smashingstars 2006-06-24 01:21 am UTC (link)
	I have to agree here. When you run Flash ads you're almost begging for this sort of thing to happen. Internet advertisers are far too often creepy, underhanded weasels who take advantage. Besides, GIFs are old school! GIFs rule! Go GIFs! (Reply to this)(Parent)

jamesd
2006-06-24 06:57 am UTC (link)

It's completely routine for people to try to circumvent site ad rules to place ads on properties where they aren't allowed. Sad, but that's the way a fair part of the ad placement reselling business works and why porn ads sometimes show up on sites with strong anti-porn rules, for example. Company X might buy a spot, sell the spot to a reseller and the reseller may itself sell it on via a couple of extra levels until you end up with someone who simply doesn't care about the terms and uses the highest revenue ad it has available.

LiveJournal does have at least one internet ad pro so we pretty much have to assume LiveJournal knew of the way the business works and chose not to prohibit spot resale and third party ad serving.

(Reply to this)(Parent)(Thread)

	foxfirefey 2006-06-24 07:09 am UTC (link)
	I know we've discussed distrust of the security of ad networks before. Now we have the proof. Dubious banners were slipping in all over when Google was still serving the banners. It's been better (if exceedingly boring) since they disabled that...until now. (Reply to this)(Parent)

elfwreck
2006-06-23 08:41 pm UTC (link)

I can go with "they didn't do this deliberately." I can't agree that "they had no control."

They could:
1) Ban all flash ads, or
2) Screen *all* ads before allowing them on LJ.

I suppose they've decided the first is too restrictive and the second is too time-consuming. But both of those are economic decisions--they've decided it's not worth the money it would cost to keep LJ users safe from this kind of ad-based attack.

(Reply to this)(Thread)

	ciaran_h 2006-06-23 08:45 pm UTC (link)
	Screening with a packet sniffer would be a time-consuming thing to do. Don't forget that if the site was returning "popup=0", it would appear to be, for all intents and purposes, a perfectly normal banner ad. I agree with banning all Flash ads, for that reason. Plus, they're annoying, and I never see them anyway due to Flashblock. (Reply to this)(Parent)

	burr86 2006-06-23 08:58 pm UTC (link)
	No, we do screen all of them, at least the big graphic/Flash ads -- the problem is, it seems to be displaying different things to people from the US than people elsewhere. (Reply to this)(Parent)(Thread)

ciaran_h
2006-06-23 09:47 pm UTC (link)

If it makes a difference, in #lj_support it was noted that at some point after the discovery of what it did, the site started returning the "popup=0" code and thus stopped the ad from showing the popup. My guess is that this was done to evade detection - they probably thought they could get away with doing these things in small bursts.

[edit: Sorry for the edit a year later, I just hate typos. >_>]

Edited at 2007-12-17 03:57 pm UTC

(Reply to this)(Parent)

jamesd
2006-06-24 07:14 am UTC (link)

Someone could even specifically target anyone not in the 100 miles surrounding SF if they wanted to. Or just those in a specific market (city, country, whatever). Geographic targetting is completely routine and has been for years. Yes, it makes it tougher to check the content. That's one of the risks of third party serving of creative (anywhere but on your own servers, where you can do content and change control very effectively).

(Reply to this)(Parent)

	foxfirefey 2006-06-24 10:06 am UTC (link)
	When you screen them, do you actually do an audit of the code, or just run it to see whether it's doing anything funky? (Reply to this)(Parent)(Thread)

	burr86 2006-06-24 09:03 pm UTC (link)
	No idea -- I don't do anything with that side of things. :-/ (Reply to this)(Parent)

thoughts on flash and flash ads...

os
2006-06-24 11:44 pm UTC (link)

Java has a security model preventing contacts to hosts except the originating server.
I've always wondered, why doesn't flash have this? It would fix a TON of problems. Of course, if redirections were allowed, and someone found a XSS attack on LJ, it could be circumvented, but... I dunno.
Someone needs to make a .dll and a .so that can be installed as a plugin, and it itself would load the flash plugin... and block internet accesses that the flash plugin is trying to make with some security model, or asks you whether the flash plugin should be contacting host X on port Y.
Of course, macromedia would whip out the DMCA, so whoever codes this better not be in the US.
There's lots of flash multimedia that needs to download content, so maybe macromedia doesn't want the possibility of existing flash stuff breaking... but they could have "Allow this flash item to access this one time? this one host? anything on the internet? and, save this setting for future browser sessions?"--they'd probably win some approval from some crowds.

I know that flash ads are taking over everywhere, and maybe it's inevitable (*mutter*.. they always slow down my browser!), but maybe they should only be allowed for advertisers with a very good track record? I know that reselling can be a problem, though.. it can be tough to figure out what you're really going to get...

I saw a comment somewhere under this post about how using packet sniffers would be unreasonable--I agree with that for ads in general, but it could be done when ads try to access the Internet.

(Reply to this)(Parent)

	Users in lj_ads having trouble for reference: foxfirefey 2006-06-23 09:08 pm UTC (link)
	http://community.livejournal.com/lj_ads/1886.html?thread=470110#t470110 http://community.livejournal.com/lj_ads/1886.html?thread=471134#t471134 http://community.livejournal.com/lj_ads/1886.html?thread=472926#t472926 http://community.livejournal.com/lj_ads/1886.html?thread=474206#t474206 I'm going to go linkify them. (Reply to this)

Mini Sitemap:

Username:		Create an Account Forgot your login? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…