Only Thieves Block Pop-Ups

aurelian writes "It's official: using browsing the web while blocking pop-up ads and other such exciting website enhancements is theft. Anti-leech.com are offering to protect your site from browsers blocking pop-ups (or 'theft tools' as they call them) - just try stealing from them with your favourite pop-up free browser. (I picked this up on the phoenix discussion forum...)"

Opera and ZoneAlarm

[Lemmeoutada Collecti]

Looks like Opera+ZoneAlarm blocked their site just fine... unless I needed to click the button to view the site LOL

Re:Hey! I got that label on Slashdot

[Anonymous Coward]

I went to anti-leech.com's theft example page (link is above) using Lynx and it let me through (it didn't display that stupid "access denied" message).

Completed ages back, actually

[Anonymous Coward]

The Proxomitron already has anti-anti-leech filters, which work perfectly.

Forum

[vicviper]

The test URL refrenced is here. [mozillazine.org]

BTW the site works with no blockage in lynx :)

There's a simple way around this

[autopr0n]

If you're writing a browser, just change the behavior of the popup-blocker from actually stopping popups, to having the window open without displaying it, IE it doesn't show up on the taskbar and can't be seen. It's the same effect as not opening, really.

Of course, this probably wont work with an add-on popup blocker to IE. It's to bad M$ doesn't have the guts to put a popup blocker in IE.

I've found a simple way to prevent popups is to put frequently-visited sites (salon, the onion) that do have popup's in the restricted sites list.

Also these people are crazy. The kinds of people who would actually put this software on their pages probably aren't making pages worth visiting anyway.

Re:so...

[Smidge204]

What can I do on the internet that isn't illegal these days? ...log off?

Seriously, though. There are a bijillion little ways to get around crap like this. I disabled javascript and Netscape 7 went right in with no problem (and no popup). IE 5 didn't, though... Oh well! One more reason to swap from IE to Moz!

=Smidge=

I like their anti-image leech method

[MiTEG]

By using the Anti-Image service, you can protect all your images and make it impossible for people to download them from your site. You will also stop other webmaster trying to leech them directly of your server.

Try out their example. [anti-leech.com]

Okay, obfuscating the URL of the GIF with some screwy PHP probably isn't the best way to "secure" your images. To bypass their method, just view the source to find the scripted redirect [anti-leech.com] that points to the actual image [anti-leech.com]

You'll probably have to copy and paste those URL's because they seem to block off-site deep linking.

alias to 127.0.0.1 and then nothing loads at all

[corrosiv]

http://smartin-designs.com/

This guy is maintaining an /etc/hosts file specifically tailored to blocking ads. Alias everything to 127.0.0.1 and voila - banners are now broken images. I haven't installed it yet - I've been getting by with this list which I started before I discovered that guy (sorry Slashdot):

# hosts
127.0.0.1 ad.doubleclick.net ad.ca.doubleclick.net
doubleclick.net a.tribalfusion.com doubleclick.com ssads.osdn.com
ads.x10.com us.a1.yimg.com ar.atwola.com ads3.zdnet.com ads2.zdnet.com
ads1.zdnet.com ads.zdnet.com www.burstnet.com adfarm.mediaplex.com
altfarm.mediaplex.com s0b.bluestreak.com images2.slashdot.org
images.slashdot.org a.r.tv.com popup.msn.com sportsmed.starwave.com
advertising.com servedby.advertising.com ad.trafficmp.com fmads.osdn.com
media.fastclick.net popuptraffic.com www.popuptraffic.com log.go.com
games.espn.go.com sportsmed.starwave.com ehg-espn.hitbox.com
amch.questionmarket.com ads.forbes.com ads.enliven.com adj9.thruport.com
oas-central.realmedia.com ad.trafficmp.com click.atdmt.com
view.atdmt.com a1356.g.akamai.net

Interesting background

[FeatureBug]

There is interesting background material on the Swedish company Intercosmos Media Group, Inc which owns the domain anti-leech.com:

Google cache of Yahoo news on "Intercosmos Media Group sues Verisign" [216.239.39.100]

"Intercosmos Media Group, Inc., which has registered nearly 1.3 million domain names and is one of the fastest growing registrars of Internet domain names, today announced that it filed suit against Internet giant and competitor VeriSign, Inc. The suit alleges unfair trade practices and violations of the computer fraud and abuse act were engaged in over recent months by publicly held VeriSign.

"At first, Intercosmos management thought perhaps the tactics were the marketing ploy of a novice team or employee at VeriSign," Sigmund Solares, CEO and co-owner of Intercosmos, said. "Our company waited to see if actions would be taken to correct the matter by higher-ups at VeriSign. Instead, the deceitful marketing efforts only mounted to an egregious level."

Re:Completed ages back, actually

[Anonymous Coward]

and in case anyone isn't familiar with it:

http://www.proxomitron.org [proxomitron.org]

Workaround

[ErfC]

The test site does nothing interesting if you turn off Javascript. I've blocked their cookies and everything, but without Javascript their code never gets the chance to check anything, apparently.

Aren't there browsers that can block Javascript on a site-by-site basis? That would be nice...

I love privoxy...

[johnraphone]

Privoxy is a great tool to block ads. I never have to see ads anymore its great and nearly flawless. Its even open source. :) SF project page: Privoxy [sourceforge.net]

Re:Workaround

[ErfC]

Ah, now I understand. They "protect" stuff by doing their little javascript check, then replacing all the actual stuff on your website by javascript calls to their site. The calls check if you've got an 'approved' setup, then returns the actual HTML and stuff if it likes you enough.

So I guess turning off javascript wasn't a workaround to everything. :(

Yay Privoxy

[Anonymous Coward]

In just a few short minutes I now have a new filter rule for Privoxy [privoxy.org]:

s|<script.*src=.*anti-leech.*</noscript>||is gU

Imagine that this company probably spent tens-of-thousands of dollars to develop this software and it we defeated with a simple regexp.

Gee... great software he's got there *gag*

[mhore]

Funny... I'm using the free Popup Stopper (www.panicware.com) for Windows, which is quite a few months old, and it blocked all of his crap.

Glad to hear of successes with other programs as well.

Mike.

Omniweb seems immune

[Huge Pi Removal]

I waited, and waited, and waited. No button appeared. I think that Omniweb's slightly flawed Javascript implementation confounds it. Fine by me, most sites that have Javascript I need to use work just fine with it.

Re:Hey! I got that label on Slashdot

[0x0d0a]

Huh? Access Denied?

I'm using dillo, and nothing comes up.

If they're checking stuff with JS, it's easy to make JS lie about what's happening, and if they're looking to see if image requests come through...well, it's easy to request but not display a pop-up.

This is why I love Opera.

[Belisarivs]

Just tell Opera to kill pop-ups AND identify itself as IE, and the site is viewable WITHOUT pop-ups. And it's not like this is a new thing with Opera, they were able to get around MSN blocking non-IE browsers as well. Their "technology" was obsolete the minute they launched it.

anti-leech.com LAFF

[Superfarstucker]

anti-leech is most commonly used on WareZ sites, you know the old ones, where they actually hosted the files and all you had to do is be bombarded by ads to download them? obviously this hurts these people getting something for nothing's cash flow, so its no wonder why they are now offering another service to counteract that... hah

Re:Just fine by me

[MattCohn.com]

So true. And they arn't even good at what they do! It's really pathetic. I go through fine with Opera 6.05 set to block pop-ups. And the Anti-HTML source protector? My god, it's the most simplistic thing ever.

Page 1:
<script LANGUAGE=JavaScript SRC=antihtml.php?id=demo_pop&html=test>

Alright... so lets enter antihtml.php?id=demo_pop&html=test into our browsers, shall we children?

// This is the Anti-Leech HTML protection
//
// The HTML code on this site has been crypted using
// advanced Anti-Leech technology.
//
// The reason is that the webmaster of this site doesn't
// want to share this code with the public so please
// respect this.
var l = top.location;

// Visit http://www.anti-leech.com for more info

document.write("<SCR" + "IPT LANG" + "UAGE='Java" + "Script' SRC='http:/" + "/www.anti" + "-leech.com/ht" + "ml/load_cr" + "ypted.php?id=demo_pop&l=" + l + "&html=test'" + " TYPE='text/javasc" + "ript'><\/SCR" + "IPT>");

REALLY advanced there. I love how they break it up in order to avoid detection. :rolls eyes:

<SCRIPT LANGUAGE='JavaScript' SRC='http://www.anti-leech.com/html/load_crypted.p hp?id=demo_pop&l=" + top.location; + "&html=test' TYPE='text/javascript'><\/SCRIPT>

They will be gone within the year.

Re:doh!

[Pathwalker]

there's no such thing as braille computer monitors

Actually they're pretty common - here [deafblind.com] is an example of what they look like.

I also know that many visually impaired people use Emacs Speak [sourceforge.net] (which supports Aural Style Sheets [w3.org] for web browsing)

There are a lot more blind people on the internet than you think...

Re:Hey! I got that label on Slashdot

[SmallFurryCreature]

I like the fact that you draw in tv-shows. I ask you to consider the BBC. No-ads yet high quality tv. Of course they got to get the money somewhere. So people, all people who want to own a tv need a license to own one. This of course costs a certain fee and from this fee the station is paid.

In holland we had a sort of a cross of this system. Limited ads on tv, only between programs, and a license fee. Recently this licensee fee was dropped as it was realised that the collection was to expensive and it is instead collected through taxes since it is considered that everyone will watch tv or listen to radio no matter how little.

So youre point is wrong, without ads no ad sponsored tv, their are other ways. Maybe their should be other ways to run websites as well. I am not saying that these would work or that ads are all bad just that there are other choices.

Youre second point about forcing people to watch ads sounds highly dubious to me. How do you propose to do this? Chain people to their chairs during the commercial breaks? Make the page only available after answering a question about the popup ad?

In the real world advertisers have learned, had to learn to accept that people have no interst in watching their stuff. They get around it buy trying to make the ad as intresting as possible. Some companies are very good at this. On the web for some reason this has not happened. Only tv-ads I seen that equal the kind of crap that popups and banners are where parodies.

The web is no different from the real world, if people don't want to watch youre ad you got to make it attractive to watch, you can't force them.

Re:Good!

[AsparagusChallenge]

filterproxy (http://filterproxy.sourceforge.net/) can do just that.

Re:alias to 127.0.0.1 and then nothing loads at al

[LordHunter317]

Aliasing to many things to 127.0.0.1 isn't a very smart idea, it can break your resolver code.
Better thing is to place them in your firewall with a REJECT (not block) rule.

Re:Hey! I got that label on Slashdot

[Babbster]

Exactly the point. If a user doesn't see the button then he or she has disabled popups and the site will redirect her/him to the access denied area - which is what happened when I went there with Mozilla.

Of course, this doesn't help them against the pop-up stopping software I turn on when I'm "forced" (by an inconsiderate or evil website - which, oddly enough, does not include www.msn.com) to use IE - "POW" from AnalogX [analogx.com]. It's by no means perfect in that you have to see a popup at least once for it to be able to kill it, but one time is the last time until they change the title.

Defeat anti-leech.com by...

[Burning*Cent]

... disabling javascript. It's funny how impotent the anti-leech system is when something that simple nullifies it.

What the phoenix and mozilla projects should add is a javascript manager, similar to the cookie and image managers. That way you can let specific sites run javascripts and block all others or block specific sites' scripts and run ones from sites that haven't been added to "the list".

They should also add an animation/flash manager. I really hate flash ads.

Re:Just fine by me

[fenix down]

Phoenix, probably Mozilla too. Right click on an image and you get "Save Image As..." yadda yadda "Block Images from this Server".

Re:These folks are running a spam con

[Capybara]

Yeah, I've seen other sites with the same trick. You can use this perl script [deconfusion.org] to hide your email address from the spiders instead.

Re:leech? theft? enough of the propaganda!

[DennyK]

The "Hide your HTML" stuff has me baffled. I can't get their demos to work in IE or Moz. It shows me a page and tells me the HTML is "encrypted"...but there's nothing on the page except that message. Everything I see in the browser, I can see in the source.

I'm dying of curiosity...I'd love to know how they're tricking potential customers into thinking their HTML is "secret", short of writing their own web browser to decode their "encrypted" content... ;)

Their other "protection" schemes are silly. Let's see what we got here:

The "hidden" URL of their test download file:

http://www.anti-leech.com/ddd/test.zip

The "hidden" URL of their protected image:

http://www.anti-leech.com/pics/logo.gif

Got both of these in about twenty seconds. Turns out their right-click menu doesn't work in Moz; it displays the JS message, but then the right-click menu opens anyway. Heh... Even if it doesn't, all you have to do is copy the URL of the image from the source and paste it into the browser. It will not only display just the image, but it will also redirect you to the real URL that is supposedly hidden. As for the file download, Mozilla helpfully tells you the URL you are downloading the file from, and the filename. Stick the two together, and there's the real URL. Duh... ;)

Their "anti-spam" service involves using a Javascript to print your address instead of plain HTML (wow, that's innovative... ;) ), and adding a link to one of those spambot trap pages (which generates endless random email addresses for the poor bot). Whoop-tee-do. I could do the same thing on any web site in about five minutes.

Can't see the "Source Code" protection, but I'd bet it's about as effective as the image and file "protection" schemes.

About the only thing on here that really functions is the popup detector, and that obviously doesn't work right most of the time itself, judging by the posts here... ;)

Anti-Leech.com says: "We estimate that our system can protect you in 98% of all cases and in the other 2% make it a lot harder for anyone to copy your content." Apparently, they figure 98% of the people on the web are too clueless to know what an image tag is, to know what "View Source" does, or to be able to concatenate strings in their head... Maybe they're trying to push their system on site owners whose target audience is limited to AOL users? ;-D

DennyK

Re:Just fine by me

[ultimaomega]

Pop ups do nothing more than annoy people. Don't get me wrong, I know web sites need ads to keep their site up, but they don't need to use pop up ads. All they do is slow your computer and connection down. It's also annoying to have to close all those new windows. I use the Panicware popup stopper, it stops all popups, both unwanted and wanted. Aren't banner ads located on the page enough?

Re:So??

[Anonymous Coward]

Yes they are allowed to be 30% louder than the program itself, at least in Australia. How they determine volume is another matter in itself and not straightforward, thus with a good argument the ads can be a lot louder.

It must work for some people, but it just gets me diving for the mute button on the remote control the second the ads are on. Oops, thief ;)

lynx beats their image protection

[Anonymous Coward]

lynx seems to beat their image protection example, as you can download the image(s) just fine and get the actually path to the images (i.e. http://www.anti-leech.com/pics/logo.gif ) [anti-leech.com]

Re:Good!

[d_i_r_t_y]

The easy solution is for browsers to go ahead and request those images, go ahead and request the source for the popup pages, as if the broswer was going to display everything, but just don't display it.

this is my current solution. for mozilla, stick the following into your /chrome/userContent.css file -- it makes most ads 90% transparent, and doesn't show flash ads at all.

it's everyone's right not to be subjected to advertising.

matt

/* makes ads almost invisible
* - taken from http://archivist.incutio.com/css-discuss/?id=13557
*/

[src*="ads."], [src*="ads/"],
[src*="doubleclick"],
[href*="dou bleclick."] *,
[href*="rd.yahoo.com"] [src*="yimg.com"],
[width="60"][height="468"],
[ width="468"][height="60"],
[width="120"][height=" 600"]
{
-moz-outline: medium dotted red;
-moz-opacity: 10%;
}

/* i find this a bit much, but someone might like it.

[src*="ads."]:hover, [src*="ads/"]:hover,
[src*="doubleclick"]:hover,
[href*=".doubleclick."] *:hover,
[href*="rd.yahoo.com"] [src*="yimg.com"]:hover,
[width="60"][height="468 "]:hover,
[width="468"][height="60"]:hover,
[wid th="120"][height="600"]:hover
{
-moz-outline: medium dashed red;
-moz-opacity: 100%;
}
*/

[type="application/x-shockwave-flash"]
{
display: none !important;
}

I haven't seen web ads in years...

[Anonymous Coward]

...since I stared using AdSubtract Pro.

No unwanted cookies, popups, banner ads, referers...nadda. I can choose which sites have cookie privledges and which don't...who is allowed to use JavaScript, and who doesn't. Who is allowed popups and who isn't.

Maybe I can do this in IE 6, but I'm not that good at it. This is easy, plus it keeps track of who tried to soil my cache with what.

As a bonus...if I configure it right, when I get HTML newsletters in Outlook, it filters those too.

Re:Just fine by me

[Anonymous Coward]

(can't remember my password, damn)

JavaScript's no problem, you just have to link to an external script file. Something like this [anti-leech.com], in other words.

Re:Just fine by me

[PFAK]

They will be gone within the year.

They already have been around for more then a year 2 years if i'm not mistaken.

Re:it really is.. wow.

[Anonymous Coward]

Seriously, this system really is a method of copyright protection, isn't it? It's "a technological measure that effectively controls access to a work" the web page or whatever).

Blocking pop-ups is like ripping out and discarding the advertisements in your personal copy of a magazine. Since this does not involve re-publishing of information, I don't understand how this equates to copyright violation.

It's not like we're trying to gain access to content without permission or authority, which is what I think of first when I see the words "circumvention" or "access control".

Weeks ahead of you

[perttu]

First post regarding the subject @ http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=233

There are some big sites using anti-leech btw, for example
kazaalite [google.com]

A similar but slightly more advanced service like anti-leech is AntiAdBlocker [google.com]

Omniweb rocks

[Slur]

I like OmniWeb's solution to the popup problem. You can simply set it to never open a window via Javascript unless it's in direct response to a click. Just as it should be. I used to avoid sites that had popups. OmniWeb gives me back my freedom to surf without obtrusive "marketing" being constantly thrown at me.

Re:Good!

[No_Weak_Heart]

here's my userContent.css file:

*[href*="doubleclick.net"],
*[href*="doubleclic k.net"] *,
*[src*="doubleclick.net"],
*[src*="doubleclic k.net"] *,
*[href*="/adx/"],
*[href*="/adx/"] *,
*[src*="/adx/"],
*[src*="/adx/"] *,
*[href*="/ads/"],
*[href*="/ads/"] *,
*[src*="/ads/"],
*[src*="/ads/"] *,
*[href*="/adserver."],
*[href*="/adserver."] *,
*[src*="/adserver."],
*[src*="/adserver."] *,
*[href*="/adfarm."],
*[href*="/adfarm."] *,
*[src*="/adfarm."],
*[src*="/adfarm."] *
{
display: none !important;
} /* this hides the usual 468x60 Flash banner ads */
embed[type="application/x-shockwave-flash"][wi dth= "468"][height="60"] {
display: none !important;
visibility: hidden !important;
} /* this hides the not so usual but very annoying 728x90 Flash banner ads */
embed[type="application/x-shockwave-flash"][wi dth= "728"][height="90"] {
display: none !important;
visibility: hidden !important;
}

Re:Just fine by me

[nonweasel]

It runs a script that sets a cookie, then it looks at that cookie to see if it is set. Checking to see you are using cookes is not a feature... it is IMPARITIVE to the function of the system to be able to use cookies.

Re:Just fine by me

[sheriff_p]

I think you want the XUL Preference Toolbar [xulplanet.com]... You can turn off popups, javascript, images, all sorts of nastiness as well as change your UA from a small toolbar that sits under the address bar

Re:Just fine by me

[Gibbys Box of Trix]

Yeah, and last time I checked (on Opera 6.05 with Pop-ups rejected) www.kazaalite.com was also using the very technology this article is talking about.

So where are you going to get your 'comprehensive host file' now?

Luckily the back button (sometimes followed by a quick 'stop') seems to get round the redirection with no problem.

Re:Just fine by me

[RalphSlate]

...then the sites that refuse to switch to other forms of advertising
will be locking themselves out of that much traffic and ad revenue.

You're ignoring the reality of the situation. I run a medium-size, ad-supported website. Last month, I made about $350 from popunder advertising, $70 from 468x60 banners.

I can't run the site on $70. I barely break even with the $420 total (hosting costs of $250, syndicated data costs of $200).

It seems like there is a mafia out there that is trying to stamp out every possible way that a site can support itself. Ad blockers also block affiliate links, so it isn't even possible for me to make money on sales commissions. What's left?

If there was enough money to be made from the non-pop ads, I'd definitely go that route. But if I can't make enough money to cover costs then my site goes away, and 200,000 monthly uniques won't be too happy about it. Plus, my material is not duplicated elsewhere, so they'll have to go without.

You may say "get another business model". Well, first off, I say "stop destroying the business model that I already have", and next, I ask you to show me a business model that allows end-users access to free content, and also compensates the websites, but with no advertising.

Isn't it possible no other model exists?

Picture this in 20 years:

"Daddy, is it true that there used to be this incredible source of information and entertainment that was completely free to use?"

"Yes son, it was called the Internet."

"Why doesn't it exist anymore"?

"Because the people who used it were spoiled. They wanted everything for free. They wouldn't even accept the placement of advertising on the internet, and actively worked to stop advertising from being used. They even prevented people from making sales commissions by referring customers to products."

"Why did they do that daddy?"

"I don't know son, I don't know."

Re:Just fine by me

[Wavicle]

if stock market lost 3 trillions - that means at least that much money changed hands.

No, it doesn't mean that at all. You never studied economics, did you? You could not convert the value of the stock market into liquidity. There simply isn't that much money.

Re:Just fine by me

[Quarrell]

Hi,
UK Calling
Definition of theft in UK law is
The appropriation of property belonging to antother with the intention to permanently deprive, with a dishonest intention. Theft Act 1968,
whether under US law they can prosecute for preventing dissemination of information, refusing to look at advertisements will not come under the statutory definition of theft (well at least on this side of the pond!.) This is becuase, although an ad is property that belongs to the producers, you have also appopriated the opportunity for them to disseminate the ad and you are permanently depriving them of this opportuinity, it is very arguable whether a person is acting dishonestly by refusing to look at Ads. What is so dishonest about throwing away fliers before you read them or bypassing the window so that you do not see it?
What I am trying to say is that under UK law it is only possible to prosecute someone for theft f all the elements of the crime have been fulfilled. I think, I have just shown that the dishonesty requirement has not been fulfilled.

I am not a techno whizz ( in fact it took me about 4 attempts to actually get signed up to this site, such is my ineptitude with all things computer) but is it not possible to write some sort of code that forces the pop ups to open behind the window you are actually looking at, so that it does not annoy you and have the opportnity to look at it when you have closed the window you are looking at?

Anywway thats me for now

Quarrell