I wish the browsers had a function of disabling all keyboard shortcuts of a website. I binded Ctrl+E to opening a new tab just beside the current tab (built-in hotkey in Brave). It's frustrating to see it changed to something like opening the emoji menu on Discord.
show comments
merelysounds
Looks like there is also a client side solution for that, at least in Firefox; it's possible to prevent a page from modifying browser history:
I don't understand how Google's indexing work anymore. I've had some website very well indexed for years and years which suddenly disappeared from the index with no explanation, even on the Search Console ("visited, not indexed"). Simple blog entries, lightweight pages, no JavaScript, no ads, no bad practices, https enabled, informative content that is linked from elsewhere including well indexed websites (some entries even performed well on Reddit).
At the same time, for the past few years I've found Google search to be a less and less reliable tool because the results are less often what I need.
Anyway, let's hope this new policy can improve things a little.
show comments
vashchylau
I initially thought this is for Android.
Which has a long overdue problem of "Tap Back again to exit" type hijacks.
Or feed-based apps (hi Reddit, TikTok, Instagram) refreshing your timeline in hopes you reconsider exiting and keep doomscrolling.
One can only hope…
show comments
firefoxd
Ok, you can start with LinkedIn, I'll wait...
If you are wondering how it works. You get a link from LinkedIn, it's from an email or just a post someone shared. You click on it, the URL loads, and you read the post. When you click the back button, you aren't taken back to wherever you came from. Instead, your LinkedIn feed loads.
How did it happen? When you landed on the first link, the URL is replaced with the homepage first (location.replace(...) doesn't change the browser history). Then the browser history state is pushed to the original link. So it seems like you landed on the home page first then you clicked on a link. When you click the back button, you are taken back to the homepage where your feed entices you to stay longer on LinkedIn.
show comments
al_borland
Some Microsoft sites have been very guilty of this. They are the ones that stick in my head in recent memory.
show comments
bityard
As usual, it's a good first step but doesn't go far enough. I don't want my back-button hijacked by _anything_.
My issue with back-button hijacking isn't even spam/ads (I use an ad-blocker so I don't see those), but sites that do a "are you sure you want to leave? You haven't even subscribed to our newsletter yet?!"
show comments
jbonatakis
> We believe that the user experience comes first
Bold coming from the company who gives me the most confusing “Open in app” prompts that are designed to confuse you and get you to use their app rather than the web
Not strictly about hijacking back navigation but it can make experience less bumpy if you've got form submissions in the middle of the path.
show comments
mixedbit
An interesting variant of a web phishing attack is to combine the back button hijacking with information that comes from the HTTP referer header. HTTP referer discloses from which website the user is coming from, when the user click the back button, the malicious site can take the user to the site that looks identical (except for the URL), but is attacker controlled.
SCdF
Ironically the only place I encounter this is using google news, where news sites seem to detect you're in google news (I don't think these same sites do it when I'm just browing normally?), and try to upsell you their other stories before you go back to the main page.
andreareina
> Notably, some instances of back button hijacking may originate from the site's ... advertising platform
I feel like anything loaded from a third party domain shouldn't be allowed to fiddle with the history stack.
show comments
sam1r
Finally! (For this feature to be shipped).
Almost unrelated, but.. I wonder ..if there was an APM intern[1] behind this, or maybe this was this project. Because, this, would have been an excellent one!
[1] I had the fortune to be one myself in June 2012 for the Chrome Team.
mlmonkey
But the question is: why are sites allowed to hijack the Back Button?!?
show comments
ffsm8
I would like to mention that Google own SPA framework, angular, has redirect routes which effectively do back button hijacking if used, because they add the url you're redirecting from to the history.
Porno sites do this thing where every click is a new tab and when you refocus the previous tab, it reloads to an ad.
Or so I have been told.
CableNinja
Frustrating it took this long for something to be done about this, but glad its now got something being done.
show comments
Havoc
Great. Can we do ctrl-f search hijacking next.
So jarring when websites replace core functionality with their own broken crap because they think they’re special.
Some also seem to hijack right click menu now
show comments
_ink_
A browser feature I wasn't aware of for too long: long press the back button, to get a list of recent URLs, allowing you to skip anything trying to hijack the back button.
show comments
mancerayder
Do we include reddit.com here, or too big to influence?
parasti
I understand this is vague on purpose but wish there was more detail. E.g., if I am running a game in a webgl canvas and "back button" has meaning within the game UI which I implement via history states, is my page now going to be demoted? This article doesn't answer that at all.
show comments
KevinMS
what about back buttons reloading the page so to have any continuity you have to open everything in a separate tab? youtube for example
radium3d
What about map applications which manipulate the history to store the position of the map as users drag and release to make back and forward work to the users expectation in a single page app? It’s not malicious, but will Google flag it?
hysan
Took long enough. Maybe I missed it, but I didn’t see them say how invested they are in tackling this. Promoting a rule is one thing, but everything SEO related becomes a cat and mouse game. I don’t have high confidence that this will work.
show comments
kristopolous
Almost 30 years ago I wrote an article advocating for domain level back button with a quasi mode like ctrl to traverse domains.
Would have fixed this. Too late now
Nuzzerino
Since this is Google we’re talking about, I’m fully expecting them to penalize benign uses of the back button override.
cachvico
I use Chrome on my Android and Mac. For a while I've appreciated the seemingly built-in anti-hijacking measure that always does what I expect on the second Back press. (The first Back may pop up a subscription box for example, but the second will always return me to where I came from).
I actually felt that this was a solved problem, so I'm surprised to see so many people still suffer getting stuck in redirect loops.
oliwarner
Now do the Amazon app.
Number of times I've looked for something on my phone, gone through to a product page on Amazon but then have had to back out multiple times to get back to the search listing. Sometimes it's previously viewed products, sometimes it's "just" the Amazon home page. It should be one-and-done.
eBay too. I'm sure there are others.
snowwrestler
Wait, how does one website (google.com) know what happens inside my browsing session on another website (bad-blog.com) after I click over? Hmmmmm
This sort of announcement just emphasizes the extent to which Google observes ALL your web browsing behavior, thanks primarily to their eyes inside Chrome browser.
You know those warnings when you install a browser extension, about all the things that extension will be able to see and do? Well so can Chrome itself…
show comments
musicale
The iron law of web encrapification: every web feature will (if possible) be employed to abuse the user, usually to push advertising.
show comments
davidczech
There should be some browser-level enforcement of this. For example, it would seem possible to detect a user frustratingly mashing the back button, and offer a remediation dialog to disable any hackery that's hijacking the back buttons.
blacksoil
Yes please! It's very annoying how clicking an FB or Insta result from a Google search result would disallow going back to the search result!
the_gipsy
> We believe that the user experience comes first.
Excuse me??
chakintosh
Google should probably talk to Microsoft about this because for me they are the biggest offenders with this back button hijacking in their support forums.
cnees
It's about time.
Google is doing so much to keep the web usable. They're the only ones with the teeth to back up standards for mobile web load time, max sender spam rates, leaving browser history alone, etc.
show comments
XCSme
Thank you!
One of the worst is TikTok, even as a developer, when someone sends me a TikTok link and I have to visit it, I get stuck in the browser (same with the app but I uninstalled it), and it feels almost device-breaking the way they trap you in.
show comments
gadders
I hope this applies to Android as well. Reddit is a particularly egregious offender.
cientifico
Click on any Youtube video from any web in android. If you press anything that is not the back button immediately, you will loose the option to go back.
So this coming from google... it's funny. Welcome, but funny.
wbshaw
Is there any click-bait news site that DOESN'T do this? You hit back and land on a list of their click-bait articles and add links instead of the page you expect.
vsgherzi
Amazing change, fighting with the back button is my least favorite part of the ad web and a blindspot for ublock. I wonder how Google is going to track this and if SPA style react router sites would be downranked because of the custom back button behavior. I doubt it due to their popularity but I'm curious how they're going to determine what qualifies as spam
eviks
> Why are we taking action? We believe that the user experience comes first.
What's the real reason?
show comments
Aardwolf
Why not fix this at the browser level? E.g. long or double click on back button = go to previous non-javascript-affected page (I mean by that: last page navigated to in the classical sense, ignoring dynamic histories altered by js and dynamic content)
show comments
TehCorwiz
I want my browser history to be immutable and operate like a tree and not like a stack.
show comments
halfmatthalfcat
I remember when I worked at HuffPo and they started doing this. I called out the org and they all just shrugged.
psidium
Ironically, we have an infringing website right now on the front-page of HN (nypost).
monegator
Phew. for a moment there i thought they would start blocking alternate uses of the back button in apps (for like when it means "go back" and when it means "close everything")
That would have severely rustled my jimmies
transcriptase
>We believe that the user experience comes first
I’ll believe that when YouTube gives me the ability to block certain channels versus “not interested” and “don’t recommend channel” buttons that do absolutely nothing close to what I want.
Or a thousand other things, but that one in particular has been top of mind recently.
show comments
twism
Reddit! I'm looking at you?
show comments
taco_emoji
Really wish this was applied to phone apps. In Android at least, app A linking to app B will FREQUENTLY break the "back" functionality, allowing app B to handle the "back" action instead of doing what every user would expect 100% of the time, which is to go back to app A.
seanalltogether
Does this also apply to sites like instagram that simply erase your entire back button history if you visit the site.
mikkom
Maybe we can get facebook finally drop this dark pattern
LLLDP
So someone developed a malicious plugin to achieve this? Otherwise, I can't imagine how they could bypass the browser to do this.
Yizahi
I'm at a stage when I click back button extremely rarely and is amazed when it works as I expected.
mrheosuper
Nice. This has been existed for too long.
a13o
This would have been great back when I used a search engine to visit web pages.
nottorp
So why don't google just disable the possibility of hijacking the back button in Chrome, to give an example?
show comments
vladde
i wonder if this includes sites that do auto-redirect: A -> B (auto-redirect) -> C
if i'm on page C and go back, page B will take me to page C again. i think this is more about techincal incompetence rather than malicious intent, but still annoying.
alpaca128
Great! So they'll fix the back button bugs on YouTube, and return me to the previous set of video recommendations when I use it on the homepage, right? Right? And let me return to the actual site when it detects that I lost the web connection for 0.01 seconds and hides all the content, and I then press the back button?
jonahs197
Microsoft joke support forum stil does this?
synack
Are they considering all uses of window.history.pushState to be hijacking? If so, why not remove that function from Chrome?
show comments
G_o_D
Instagram comments page requires 2 quick back press or else it won't take to previous page
benj111
Ah the irony. Wouldn't let me go back without clicking the cookie thing.
NooneAtAll3
is there a policy on "home button hijacking"?
I'm tired of apps that intercept home button to ask "are you sure?" - home button is home button, return me to the main phone screen
also, ads at the bottom of the screen, so that if you miss home button you open a website
felixding
This is great. Can Google also stop scroll hijacking?
TexanFeller
When I first heard of the APIs that allowed websites to modify browser history it sounded like a huge mistake. I still feel that way to this day.
show comments
skrebbel
How does this work? How can a site inject a totally different site into the history? I thought eg the History API only lets you add to the stack and pop, not modify history?
show comments
neeeeeeal
Is there not a plugin that helps to fix this?
hmokiguess
It's getting very tiring seeing things that could be first-class user defined controls baked in the browser so that you have true agency over the behaviour being done like this
It's like the other thread from before where LinkedIn scans for your extensions, the fact they can do that without prompting for permission from the user is baffling
bschwindHN
Cool, now maybe let's do something about all the shit I have to clear out out my face before I can read a simple web page. For example, on this very article I had to click "No thanks" for cookies and then "No thanks" for a survey or something. And then there was an ad at the top for some app that I also closed.
It's like walking into some room and having to swat away a bunch of cobwebs before doing whatever it is you want to do (read some text, basically).
show comments
gwbas1c
It seems like a lot of the APIs that make a website act like an application need to be disabled by default; and some kind of friction needs to exist to enable them.
Edit: I'm not sure what kind of friction is needed, either an expensive review process (that most application developers would complain about but everyone else would roll their eyes) or a reputation system. Maybe someone else can think of a better approach than me?
htk
Popups were dealt in a way that could be useful here, they're only permitted when the user directly generates the interaction that creates the popup (not scripted). The back button could use the same algorithm back in history, only go back to screens that the user directly navigated.
phkahler
I never understood why browsers ever allowed this in the first place. It's obviously bad. Yeah, yeah there are "reasons" but it's still obviously a bad solution to whatever "problem" they were trying to solve.
sidewndr46
too little, too late. The API for interacting with the back button in Javascript should never have existed in any capacity.
kartik_malik
that's crazy things goin on
imiric
> We believe that the user experience comes first.
If by "user" you mean advertisers, sure you do. Everyone else is an asset to extract as much value from as possible. You actively corrupt their experience.
The fact these companies control the web and its major platforms is one of the greatest tragedies of the modern era.
sublinear
> Notably, some instances of back button hijacking may originate from the site's included libraries or advertising platform. We encourage site owners to thoroughly review their technical implementation...
Hah. In my time working with marketing teams this is highly unlikely to happen. They're allergic to code and they far outnumber everyone else in this space. Their best practices become the standard for everyone else that's uninitiated.
What they will probably do is change that vanity URL showing up on the SERP to point to a landing page that meets the requirements (only if the referer is google). This page will have the link the user wants. It will be dressed up to be as irresistible as possible. This will become the new best practice in the docs for all SEO-related tools. Hell, even google themselves might eventually put that in their docs.
In other words, the user must now click twice to find the page with the back button hijacking. Even sweeter is that the unfettered back button wouldn't have left their domain anyway.
This just sounds like another layer of yet more frustration. Contrary to popular belief, the user will put up with a lot of additional friction if they think they're going somewhere good. This is just an extra click. Most users probably won't even notice the change. If anything there will be propaganda aimed at aspiring web devs and power users telling them to get mad at google for "requiring" landing pages getting in the way of the content (like what happened to amp pages).
kstenerud
Now if only they'd do this for Android apps that hijack the back button to pop up things, or say "are you sure you want to leave?"
charcircuit
Google should actually fix this from the browser side instead of trying to seriously punish potentially buggy sites.
show comments
incognito124
Now, if they only declared scroll hijacking as spam...
globalnode
will google really punish sites for doing this? and if so how do i report a site? i guess i could email the site with the google link and suggest they fix it first
Animats
Now to prevent scroll bar hijacking.
cik
Great. Now do Android phones...
shevy-java
I don't trust Google.
We need to go back to an independent and competent
research group designing standards. Right now Google
pwns and controls the whole stack (well, not really
ALL of it 1:1, but it has a huge influence on everything
via the de-facto chrome monopoly).
Remember how Google took out ublock origin. They also lied
about this aka "not safe standards" - in reality they don't
WANT people to block ads.
show comments
tgsovlerkhgsel
Now do paywalls next.
show comments
urbandw311er
The idea of Google lecturing anybody about hijacking UI for dark patterns is absurd.
The company that hijacked an open source mobile OS and turned it into a closed source profit machine.
The company that hijacked the web so “accelerated mobile pages” could effect a walled garden.
The company that hijacked a browser and turned it into an anti-privacy tracking system.
It’s like R. Kelly giving a keynote on safeguarding minors.
EDIT: …but, yes, to be clear, I loathe the hijacking of back buttons too. Just a shame I have to read this sanctimonious shit from a company with such a terrible track record on trust.
dnnddidiej
Easy fix:
JS doesn't let you change back button behaviour.
Q. But what about SPA?
A. Draw your own app-level back button top left of page.
I wish the browsers had a function of disabling all keyboard shortcuts of a website. I binded Ctrl+E to opening a new tab just beside the current tab (built-in hotkey in Brave). It's frustrating to see it changed to something like opening the emoji menu on Discord.
Looks like there is also a client side solution for that, at least in Firefox; it's possible to prevent a page from modifying browser history:
> Open the about:config page in Firefox
> Search for "pushstate"
> Double-click "browser.history.allowPushState"
source: https://superuser.com/a/1688290
That's cool if they can make it work.
I don't understand how Google's indexing work anymore. I've had some website very well indexed for years and years which suddenly disappeared from the index with no explanation, even on the Search Console ("visited, not indexed"). Simple blog entries, lightweight pages, no JavaScript, no ads, no bad practices, https enabled, informative content that is linked from elsewhere including well indexed websites (some entries even performed well on Reddit). At the same time, for the past few years I've found Google search to be a less and less reliable tool because the results are less often what I need.
Anyway, let's hope this new policy can improve things a little.
I initially thought this is for Android.
Which has a long overdue problem of "Tap Back again to exit" type hijacks.
Or feed-based apps (hi Reddit, TikTok, Instagram) refreshing your timeline in hopes you reconsider exiting and keep doomscrolling.
One can only hope…
Ok, you can start with LinkedIn, I'll wait...
If you are wondering how it works. You get a link from LinkedIn, it's from an email or just a post someone shared. You click on it, the URL loads, and you read the post. When you click the back button, you aren't taken back to wherever you came from. Instead, your LinkedIn feed loads.
How did it happen? When you landed on the first link, the URL is replaced with the homepage first (location.replace(...) doesn't change the browser history). Then the browser history state is pushed to the original link. So it seems like you landed on the home page first then you clicked on a link. When you click the back button, you are taken back to the homepage where your feed entices you to stay longer on LinkedIn.
Some Microsoft sites have been very guilty of this. They are the ones that stick in my head in recent memory.
As usual, it's a good first step but doesn't go far enough. I don't want my back-button hijacked by _anything_.
My issue with back-button hijacking isn't even spam/ads (I use an ad-blocker so I don't see those), but sites that do a "are you sure you want to leave? You haven't even subscribed to our newsletter yet?!"
> We believe that the user experience comes first
Bold coming from the company who gives me the most confusing “Open in app” prompts that are designed to confuse you and get you to use their app rather than the web
https://mjtsai.com/blog/2024/03/29/those-obnoxious-sign-in-w...
This seems like a good time to advertise the post/redirect/get pattern.
https://en.wikipedia.org/wiki/Post/Redirect/Get
Not strictly about hijacking back navigation but it can make experience less bumpy if you've got form submissions in the middle of the path.
An interesting variant of a web phishing attack is to combine the back button hijacking with information that comes from the HTTP referer header. HTTP referer discloses from which website the user is coming from, when the user click the back button, the malicious site can take the user to the site that looks identical (except for the URL), but is attacker controlled.
Ironically the only place I encounter this is using google news, where news sites seem to detect you're in google news (I don't think these same sites do it when I'm just browing normally?), and try to upsell you their other stories before you go back to the main page.
> Notably, some instances of back button hijacking may originate from the site's ... advertising platform
I feel like anything loaded from a third party domain shouldn't be allowed to fiddle with the history stack.
Finally! (For this feature to be shipped).
Almost unrelated, but.. I wonder ..if there was an APM intern[1] behind this, or maybe this was this project. Because, this, would have been an excellent one!
[1] I had the fortune to be one myself in June 2012 for the Chrome Team.
But the question is: why are sites allowed to hijack the Back Button?!?
I would like to mention that Google own SPA framework, angular, has redirect routes which effectively do back button hijacking if used, because they add the url you're redirecting from to the history.
https://angular.dev/guide/routing/redirecting-routes
Porno sites do this thing where every click is a new tab and when you refocus the previous tab, it reloads to an ad.
Or so I have been told.
Frustrating it took this long for something to be done about this, but glad its now got something being done.
Great. Can we do ctrl-f search hijacking next.
So jarring when websites replace core functionality with their own broken crap because they think they’re special.
Some also seem to hijack right click menu now
A browser feature I wasn't aware of for too long: long press the back button, to get a list of recent URLs, allowing you to skip anything trying to hijack the back button.
Do we include reddit.com here, or too big to influence?
I understand this is vague on purpose but wish there was more detail. E.g., if I am running a game in a webgl canvas and "back button" has meaning within the game UI which I implement via history states, is my page now going to be demoted? This article doesn't answer that at all.
what about back buttons reloading the page so to have any continuity you have to open everything in a separate tab? youtube for example
What about map applications which manipulate the history to store the position of the map as users drag and release to make back and forward work to the users expectation in a single page app? It’s not malicious, but will Google flag it?
Took long enough. Maybe I missed it, but I didn’t see them say how invested they are in tackling this. Promoting a rule is one thing, but everything SEO related becomes a cat and mouse game. I don’t have high confidence that this will work.
Almost 30 years ago I wrote an article advocating for domain level back button with a quasi mode like ctrl to traverse domains.
Would have fixed this. Too late now
Since this is Google we’re talking about, I’m fully expecting them to penalize benign uses of the back button override.
I use Chrome on my Android and Mac. For a while I've appreciated the seemingly built-in anti-hijacking measure that always does what I expect on the second Back press. (The first Back may pop up a subscription box for example, but the second will always return me to where I came from).
I actually felt that this was a solved problem, so I'm surprised to see so many people still suffer getting stuck in redirect loops.
Now do the Amazon app.
Number of times I've looked for something on my phone, gone through to a product page on Amazon but then have had to back out multiple times to get back to the search listing. Sometimes it's previously viewed products, sometimes it's "just" the Amazon home page. It should be one-and-done.
eBay too. I'm sure there are others.
Wait, how does one website (google.com) know what happens inside my browsing session on another website (bad-blog.com) after I click over? Hmmmmm
This sort of announcement just emphasizes the extent to which Google observes ALL your web browsing behavior, thanks primarily to their eyes inside Chrome browser.
You know those warnings when you install a browser extension, about all the things that extension will be able to see and do? Well so can Chrome itself…
The iron law of web encrapification: every web feature will (if possible) be employed to abuse the user, usually to push advertising.
There should be some browser-level enforcement of this. For example, it would seem possible to detect a user frustratingly mashing the back button, and offer a remediation dialog to disable any hackery that's hijacking the back buttons.
Yes please! It's very annoying how clicking an FB or Insta result from a Google search result would disallow going back to the search result!
> We believe that the user experience comes first.
Excuse me??
Google should probably talk to Microsoft about this because for me they are the biggest offenders with this back button hijacking in their support forums.
It's about time. Google is doing so much to keep the web usable. They're the only ones with the teeth to back up standards for mobile web load time, max sender spam rates, leaving browser history alone, etc.
Thank you!
One of the worst is TikTok, even as a developer, when someone sends me a TikTok link and I have to visit it, I get stuck in the browser (same with the app but I uninstalled it), and it feels almost device-breaking the way they trap you in.
I hope this applies to Android as well. Reddit is a particularly egregious offender.
Click on any Youtube video from any web in android. If you press anything that is not the back button immediately, you will loose the option to go back.
So this coming from google... it's funny. Welcome, but funny.
Is there any click-bait news site that DOESN'T do this? You hit back and land on a list of their click-bait articles and add links instead of the page you expect.
Amazing change, fighting with the back button is my least favorite part of the ad web and a blindspot for ublock. I wonder how Google is going to track this and if SPA style react router sites would be downranked because of the custom back button behavior. I doubt it due to their popularity but I'm curious how they're going to determine what qualifies as spam
> Why are we taking action? We believe that the user experience comes first.
What's the real reason?
Why not fix this at the browser level? E.g. long or double click on back button = go to previous non-javascript-affected page (I mean by that: last page navigated to in the classical sense, ignoring dynamic histories altered by js and dynamic content)
I want my browser history to be immutable and operate like a tree and not like a stack.
I remember when I worked at HuffPo and they started doing this. I called out the org and they all just shrugged.
Ironically, we have an infringing website right now on the front-page of HN (nypost).
Phew. for a moment there i thought they would start blocking alternate uses of the back button in apps (for like when it means "go back" and when it means "close everything")
That would have severely rustled my jimmies
>We believe that the user experience comes first
I’ll believe that when YouTube gives me the ability to block certain channels versus “not interested” and “don’t recommend channel” buttons that do absolutely nothing close to what I want.
Or a thousand other things, but that one in particular has been top of mind recently.
Reddit! I'm looking at you?
Really wish this was applied to phone apps. In Android at least, app A linking to app B will FREQUENTLY break the "back" functionality, allowing app B to handle the "back" action instead of doing what every user would expect 100% of the time, which is to go back to app A.
Does this also apply to sites like instagram that simply erase your entire back button history if you visit the site.
Maybe we can get facebook finally drop this dark pattern
So someone developed a malicious plugin to achieve this? Otherwise, I can't imagine how they could bypass the browser to do this.
I'm at a stage when I click back button extremely rarely and is amazed when it works as I expected.
Nice. This has been existed for too long.
This would have been great back when I used a search engine to visit web pages.
So why don't google just disable the possibility of hijacking the back button in Chrome, to give an example?
i wonder if this includes sites that do auto-redirect: A -> B (auto-redirect) -> C
if i'm on page C and go back, page B will take me to page C again. i think this is more about techincal incompetence rather than malicious intent, but still annoying.
Great! So they'll fix the back button bugs on YouTube, and return me to the previous set of video recommendations when I use it on the homepage, right? Right? And let me return to the actual site when it detects that I lost the web connection for 0.01 seconds and hides all the content, and I then press the back button?
Microsoft joke support forum stil does this?
Are they considering all uses of window.history.pushState to be hijacking? If so, why not remove that function from Chrome?
Instagram comments page requires 2 quick back press or else it won't take to previous page
Ah the irony. Wouldn't let me go back without clicking the cookie thing.
is there a policy on "home button hijacking"?
I'm tired of apps that intercept home button to ask "are you sure?" - home button is home button, return me to the main phone screen
also, ads at the bottom of the screen, so that if you miss home button you open a website
This is great. Can Google also stop scroll hijacking?
When I first heard of the APIs that allowed websites to modify browser history it sounded like a huge mistake. I still feel that way to this day.
How does this work? How can a site inject a totally different site into the history? I thought eg the History API only lets you add to the stack and pop, not modify history?
Is there not a plugin that helps to fix this?
It's getting very tiring seeing things that could be first-class user defined controls baked in the browser so that you have true agency over the behaviour being done like this
It's like the other thread from before where LinkedIn scans for your extensions, the fact they can do that without prompting for permission from the user is baffling
Cool, now maybe let's do something about all the shit I have to clear out out my face before I can read a simple web page. For example, on this very article I had to click "No thanks" for cookies and then "No thanks" for a survey or something. And then there was an ad at the top for some app that I also closed.
It's like walking into some room and having to swat away a bunch of cobwebs before doing whatever it is you want to do (read some text, basically).
It seems like a lot of the APIs that make a website act like an application need to be disabled by default; and some kind of friction needs to exist to enable them.
Edit: I'm not sure what kind of friction is needed, either an expensive review process (that most application developers would complain about but everyone else would roll their eyes) or a reputation system. Maybe someone else can think of a better approach than me?
Popups were dealt in a way that could be useful here, they're only permitted when the user directly generates the interaction that creates the popup (not scripted). The back button could use the same algorithm back in history, only go back to screens that the user directly navigated.
I never understood why browsers ever allowed this in the first place. It's obviously bad. Yeah, yeah there are "reasons" but it's still obviously a bad solution to whatever "problem" they were trying to solve.
too little, too late. The API for interacting with the back button in Javascript should never have existed in any capacity.
that's crazy things goin on
> We believe that the user experience comes first.
If by "user" you mean advertisers, sure you do. Everyone else is an asset to extract as much value from as possible. You actively corrupt their experience.
The fact these companies control the web and its major platforms is one of the greatest tragedies of the modern era.
> Notably, some instances of back button hijacking may originate from the site's included libraries or advertising platform. We encourage site owners to thoroughly review their technical implementation...
Hah. In my time working with marketing teams this is highly unlikely to happen. They're allergic to code and they far outnumber everyone else in this space. Their best practices become the standard for everyone else that's uninitiated.
What they will probably do is change that vanity URL showing up on the SERP to point to a landing page that meets the requirements (only if the referer is google). This page will have the link the user wants. It will be dressed up to be as irresistible as possible. This will become the new best practice in the docs for all SEO-related tools. Hell, even google themselves might eventually put that in their docs.
In other words, the user must now click twice to find the page with the back button hijacking. Even sweeter is that the unfettered back button wouldn't have left their domain anyway.
This just sounds like another layer of yet more frustration. Contrary to popular belief, the user will put up with a lot of additional friction if they think they're going somewhere good. This is just an extra click. Most users probably won't even notice the change. If anything there will be propaganda aimed at aspiring web devs and power users telling them to get mad at google for "requiring" landing pages getting in the way of the content (like what happened to amp pages).
Now if only they'd do this for Android apps that hijack the back button to pop up things, or say "are you sure you want to leave?"
Google should actually fix this from the browser side instead of trying to seriously punish potentially buggy sites.
Now, if they only declared scroll hijacking as spam...
will google really punish sites for doing this? and if so how do i report a site? i guess i could email the site with the google link and suggest they fix it first
Now to prevent scroll bar hijacking.
Great. Now do Android phones...
I don't trust Google.
We need to go back to an independent and competent research group designing standards. Right now Google pwns and controls the whole stack (well, not really ALL of it 1:1, but it has a huge influence on everything via the de-facto chrome monopoly).
Remember how Google took out ublock origin. They also lied about this aka "not safe standards" - in reality they don't WANT people to block ads.
Now do paywalls next.
The idea of Google lecturing anybody about hijacking UI for dark patterns is absurd.
The company that hijacked an open source mobile OS and turned it into a closed source profit machine.
The company that hijacked the web so “accelerated mobile pages” could effect a walled garden.
The company that hijacked a browser and turned it into an anti-privacy tracking system.
It’s like R. Kelly giving a keynote on safeguarding minors.
EDIT: …but, yes, to be clear, I loathe the hijacking of back buttons too. Just a shame I have to read this sanctimonious shit from a company with such a terrible track record on trust.
Easy fix:
JS doesn't let you change back button behaviour.
Q. But what about SPA?
A. Draw your own app-level back button top left of page.
Another solution: make it a permisson.