From: technews <technews@ou.edu>
To: "'it-fyi@listserv.ou.edu'" <it-fyi@lists.ou.edu>
Subject: it-fyi: Dirty Tricks Ensnarl Surfers (NY Times on the Web, Oct 7)
Date: Thu, 7 Oct 1999 08:42:38 -0500
October 7, 1999
Trapped in the Web Without an Exit
Can't Go Back? Can't Find Home? How Webmasters Use Dirty Tricks to Ensnarl
Surfers
By J. D. BIERSDORFER
Page-jacked. Mouse-trapped. Innocent surfers diverted from perfectly benign
sites to on-line pornography enclaves and unable to escape. Streaming
Webcast at 11.
On the Web, dirty tricks are everywhere. Last month, would-be visitors to 25
million popular Web pages were intentionally rerouted to and then stuck at
pornography sites. The incident brought to light one of the annoying aspects
of Web surfing: You cannot always go where you want and, if you are in a
place you don't want to be, you cannot always get out easily.
Some side trips are the result of mistakes by surfers, but many are the work
of Webmasters who bend and twist HTML code into trapping people in one spot
like overeager used-car salesmen.
Sites that specialize in pornography are the most obvious practitioners of
user manipulation.
"From my experience, they were definitely the ones leading it," Daniel
Glovich, the manager of Web development at the E-commerce site Cybershop,
said of the use of these tricks. "But then, like a lot of things on the Web,
everybody saw that it worked -- and followed."
All of these tricks are irritating. Some are downright deceptive. The
Federal Trade Commission filed an injunction against the parties responsible
for last month's page-jacking case. One reason the agency took such
aggressive action was that "there isn't a whole lot the consumer can do,"
said Paul H. Luehr, assistant director of marketing practices at the Federal
Trade Commission. "They were deceptively driven to these sites and then held
there against their will." The F.T.C. has a form on its Web site
(www.ftc.gov) and a toll-free number (1-877-FTC-HELP) for consumers to file
complaints about misleading sites.
Of course, creative coders are constantly thinking up new ways to turn Web
pages evil. Here are some of the more common and more frustrating dirty Web
tricks.
Breaking Your Back Button
You're clicking your way around the Web, exploring pages and following
links. On one site, you click on the Back button at the top of the browser.
Nothing happens. You click again and repeat until bedtime.
Most likely, the button was intentionally disabled by the Web page itself.
The button may even be "grayed out" on some sites. Why does it do this? To
keep you right where you are so you'll look at the content (and the
advertising). This type of rude behavior was used in last month's scheme:
the user's Back and Home buttons were rigged to lead to more pornography
sites.
The dastardly deed is commonly performed with Javascript, a powerful
programming tool used with HTML, a common programming language used for
making Web pages. Programmers can use Javascript to create a loop: Each time
a window closes, a new one opens. Because the window is "new," there is no
Back button because the browser thinks there is no place to go back to.
"Every time that window closes," Mr. Glovich said, "there's another
Javascript that will do the same thing. You try to close it, and it opens up
another one."
Is there any way out of these endless loops? "There really isn't a way to
beat it," Mr. Glovich said. "You just have to shut it down."
You can disable Java: most Web browsers will let the user do this in the
program's preferences. "There are some trade-offs in doing that," Mr. Luehr
said. "Turning off your Javascript reduces the power and interactivity of
the Internet in some respects."
A Game of Metatag: You're It
Has your favorite search engine ever brought back all sorts of results that
had nothing to do with your request? Take the tale of a certain volunteer
who was teaching a roomful of 10-year-old girls how to use search engines
during a Take Our Daughters to Work Day event. (O.K., it was me.)
The class, being of That Age, wanted information on the pop star Britney
Spears. Back came the results, most from pornography sites that had cleverly
embedded variations on the Britney Spears name -- which the girls had
misspelled -- in a special area of their pages that search engines use for
indexing.
A metatag is a place in the HTML code where information about the page can
be listed -- like who made it and how often they update it -- as well as
keywords that indicate what the page is about. HTML coders can put whatever
they want in the metatags, including things that have nothing to do with it.
According to a recent list in a site that tracks search terms, "MP3," "sex"
and "Hotmail" were the most popular search words. Imbedding popular terms in
the metatags of a site on, say, lobster traps in Nova Scotia will draw many
more surfers, not just the ones that searched
for "traps AND lobsters."
Some companies will even imbed the name of business rivals into the metatags
on their own home page. "That way, if someone searches for them, they'll
find you," said Danny Sullivan, editor of the Search Engine Watch site.
"It's kind of part art, part science, but they really know how to work the
search engines using metatags," Mr. Glovich said. "But metatags are only a
part of it. It's keyword density, how many times that word appears in the
document, in what locations in appears, in what format does it appear in --
a bunch of things like that contribute to the placement in the results. They
totally know how to work it, and it's not all that difficult to do."
The solution lies with the search engines, not the surfers. "Search engines
are moving away from crawling and just indexing anything automatically," Mr.
Sullivan said. "Now, what the search engines are doing is relying on humans
to categorize Web sites." Lycos and the search engines on AOL and the
Microsoft Network are adopting this tactic, he said. "It's harder to spam,
if you will, a human being," he added. "You can't just flip it past them,
because they're smarter than a machine."
The law has already caught up with a few companies using trademarked terms
just to get search hits. Playboy has sued a number of sites for embedding
its name in their code.
Windows Begetting Windows
Have you ever called it quits after hours of surfing, closed your browser
window and discovered several other open browser windows still on your
screen, all neatly piled one on top of another?
That trick is also used to keep users connected to one site, even if they
are looking at another. The HTML code writer can tell the browser to treat
the desired link as a new window, which opens on top of the first one.
Many sites use this tactic to smack you in the eyes with advertisements, but
also to display supplementary information or to lead you to a different
section of the site. Sites that specialize in MP3 downloads are often guilty
of this "window farming."
Some sites will open even more windows that contain paid advertisements.
"They get paid per view in general for these cases," Mr. Glovich said. "So
the more they pop, the more they make."
One way to put a stop to this sort of thing is to visit your favorite
shareware archive for inexpensive little programs that keep browser windows
from breeding like bunnies. Intermute (http://www.intermute.com) sells such
a program for $20.
Spellcheck Won't Save You Now
Everyone makes a typo now and then. Some of the craftier Web entreprenuers
rely on these slip-ups to send you to sites that you were completely
unprepared for.
Yahoo had the foresight to pay for an extra "O" and claim www.yahooo.com as
its own, which properly leads to www.yahoo.com. If you don't know how it is
spelled, though, and try www.yawhoo.com by mistake, you go to The Net One, a
different search site. In another case of competitors trumping their rivals,
www.microsoft.com leads to the home page of Linux, the operating system that
is challenging Windows.
Sometimes, a transposed keystroke can be more problematic, especially if you
are teaching a child how to search the Web. Mistyping www.excite.com can
whisk you to a porn site. Missed punctuation, like the period after the
"www," may also result in unplanned visits.
Some sites will gamble on your guessing wrong when you don't know the exact
address of a site. Many browser versions will let you type just the middle
part of the domain name, adding the "h ttp://www." and the ".com"
automatically. A classic example of a sex site preying upon unsuspecting
users is a variation of the White House site address, www.whitehouse.gov. If
you want to drop Mr. Clinton a note, take special note of the .gov suffix.
Two years ago, the Federal Trade Commission was involved in a case in which
an Australian company was selling domain names through a Web site called
www.internic.com (as opposed to internic.net, the real site, run by Network
Solutions). The company was charging $250 for domain-name registration,
sending the regular fee to Network Solutions and pocketing the rest. As many
as 13,000 people in nine countries were duped.
Look, Don't Touch
Have you ever noticed two Web sites that look exactly like each other except
for the domain names and contact information? One may just be a clever copy,
made to steal the economic or creative thunder of the original. And you may
have no other clues that you are not looking at the original site.
In last month's Internet case, as many as 25 million popular Web pages were
copied onto Web servers and code was added to reroute viewers to pornography
sites. When search engines displayed the fake pages as search results and
the users clicked on the links, they were taken on a triple-X ride. Some
people are slicker than others about doing this type of thing.
"This is the equivalent of somebody taking a shotgun, pointing it at the sky
and hitting a whole bunch of ducks," Mr. Sullivan said. "It wasn't subtle at
all. In contrast, people who are really sophisticated don't throw up 25
million pages and hope to pick up traffic."
The copied-pages syndrome often happens to sites celebrating pop-culture
icons like Xena the Warrior Princess, but corporate theft, like stealing a
business competitor's pages and changing the contact information, also
abounds. A successful digital communications company had its Web site stolen
by someone in Russia who presented it as his own. (Fearing further security
breaches, the company refused to comment on the matter.) For the common
user, though, paying close attention to what is on the screen -- look out
particularly for Web addresses that bear little resemblance to the site name
-- might be the best defense.
What You See Isn't What You Get
A few years ago, when Netscape's Navigator was slugging it out with
Microsoft's Internet Explorer to be king of the browser hill, some sites
would optimize their pages for their browser of choice, intentionally make
their content look bad for the competition and even block access to the
site. Although these browser wars have pretty much ended, a few stalwarts
are probably still clinging to old grudges.
Another reason a page may look bad is that it was never intended to be
looked at in the first place. Some companies slap together Web "landing
pages," -- also called "bridge" and "spam" pages -- that are meant to be
seen, not by people but by search engines.
By playing these pages into a search engine's algorithm, businesses that
specialize in Web placement can boost a client's ranking on the search
results page.
"There are actually companies out there that their whole purpose is just to
create and maintain landing pages like that and redirect the traffic," Mr.
Glovich said. Although driving up search-engine results is a lot harder now,
he said, it was not that way a few years ago. "It got to the point where,
literally, inside of 10 minutes, you could manipulate Infoseek and take over
the top five positions for any given query."
"It's definitely not that easy anymore," said Bill Rose, vice president of
search and content at Infoseek. "We have a lot of technology that's
analyzing the U.R.L's that people are submitting to be sure they're not
trying to spam or create bad search results."
Mr. Sullivan said that some major search engines were starting to use
different criteria to rank a page, like how many other pages are linking to
it. "If lots of links are pointing at it, then maybe it will rank higher,"
he said. "It's a harder thing for somebody to go through and try to
manipulate for spam."
Advertisements in Disguise
Some Web links are intentionally misleading, or they will display an
advertisement before you can continue to your desired destination, or they
will camouflage themselves. One box on Alta Vista's Computers and Internet
page looks like a site-search line for hardware and software, but clicking
on it takes you to an on-line computer store.
Another increasingly popular trick is a banner ad -- the horizontal strip of
commercialism found at the top and bottom of Web pages -- disguised as
something else, like a form to fill out or a trivia question to answer. Yet
another popular facade trick involves a system-alert box.
Duplicitous banner advertisements can be designed by graphics professionals
to resemble ominous computer messages, and new users may be nervous enough
to click on anything that says "O.K." to make them go away. Only after you
end up in an unexpected sales environment with a perfectly functioning
computer does the ruse become apparent.
Next time you are on the Web and think your computer is complaining about
something with an alert box, look closely. Real system alert boxes pop up in
the middle of the screen and float above the active window. Fakes are
usually nestled right in there with the Web page content.
Of course, Macintosh users will probably spot them right away -- most of the
ads resemble Windows messages.