Technology - Circuits
toolbar
Click here
October 7, 1999

Trapped in the Web Without an Exit

Can't Go Back? Can't Find Home? How Webmasters Use Dirty Tricks to Ensnarl Surfers

By J. D. BIERSDORFER Bio

Page-jacked. Mouse-trapped. Innocent surfers diverted from perfectly benign sites to on-line pornography enclaves and unable to escape. Streaming Webcast at 11.


CONSUMER INFORMATION

Many of the Internet sites that use dirty tricks are the ones that would arrive in a plain brown wrapper if that were possible on line, but even some G-rated Web sites use the same schemes. Here are two techniques that are used by a software company to keep unsuspecting surfers stuck to its pages.

A banner ad that looks very much like a system alert box appears at the top of the screen. The surfer, fearing that something has gone wrong with the connection, clicks O.K.

The software company’s home page appears. The surfer, now realizing that the system alert box was really just a banner ad with an embedded link, clicks on the Back button to return to the previous page.

Instead of returning the surfer to the previous page, the Back button (with some help from a sneaky piece of code) sends the surfer to a pop-up box from the same company.

On the Web, dirty tricks are everywhere. Last month, would-be visitors to 25 million popular Web pages were intentionally rerouted to and then stuck at pornography sites. The incident brought to light one of the annoying aspects of Web surfing: You cannot always go where you want and, if you are in a place you don't want to be, you cannot always get out easily.

Some side trips are the result of mistakes by surfers, but many are the work of Webmasters who bend and twist HTML code into trapping people in one spot like overeager used-car salesmen.

Sites that specialize in pornography are the most obvious practitioners of user manipulation.

"From my experience, they were definitely the ones leading it," Daniel Glovich, the manager of Web development at the E-commerce site Cybershop, said of the use of these tricks. "But then, like a lot of things on the Web, everybody saw that it worked -- and followed."

All of these tricks are irritating. Some are downright deceptive. The Federal Trade Commission filed an injunction against the parties responsible for last month's page-jacking case. One reason the agency took such aggressive action was that "there isn't a whole lot the consumer can do," said Paul H. Luehr, assistant director of marketing practices at the Federal Trade Commission. "They were deceptively driven to these sites and then held there against their will." The F.T.C. has a form on its Web site (http://www.nytimes.com/library/tech/99/10/circuits/articles/07tric.html#1) and a toll-free number (1-877-FTC-HELP) for consumers to file complaints about misleading sites.
Net headaches: disabled browser buttons and cloned search keywords.

Of course, creative coders are constantly thinking up new ways to turn Web pages evil. Here are some of the more common and more frustrating dirty Web tricks.

Breaking Your Back Button

You're clicking your way around the Web, exploring pages and following links. On one site, you click on the Back button at the top of the browser. Nothing happens. You click again and repeat until bedtime.

Most likely, the button was intentionally disabled by the Web page itself. The button may even be "grayed out" on some sites. Why does it do this? To keep you right where you are so you'll look at the content (and the advertising). This type of rude behavior was used in last month's scheme: the user's Back and Home buttons were rigged to lead to more pornography sites.

The dastardly deed is commonly performed with Javascript, a powerful programming tool used with HTML, a common programming language used for making Web pages. Programmers can use Javascript to create a loop: Each time a window closes, a new one opens. Because the window is "new," there is no Back button because the browser thinks there is no place to go back to.

"Every time that window closes," Mr. Glovich said, "there's another Javascript that will do the same thing. You try to close it, and it opens up another one."

Is there any way out of these endless loops? "There really isn't a way to beat it," Mr. Glovich said. "You just have to shut it down."

You can disable Java: most Web browsers will let the user do this in the program's preferences. "There are some trade-offs in doing that," Mr. Luehr said. "Turning off your Javascript reduces the power and interactivity of the Internet in some respects."

A Game of Metatag: You're It

Has your favorite search engine ever brought back all sorts of results that had nothing to do with your request? Take the tale of a certain volunteer who was teaching a roomful of 10-year-old girls how to use search engines during a Take Our Daughters to Work Day event. (O.K., it was me.)

The class, being of That Age, wanted information on the pop star Britney Spears. Back came the results, most from pornography sites that had cleverly embedded variations on the Britney Spears name -- which the girls had misspelled -- in a special area of their pages that search engines use for indexing.

A metatag is a place in the HTML code where information about the page can be listed -- like who made it and how often they update it -- as well as keywords that indicate what the page is about. HTML coders can put whatever they want in the metatags, including things that have nothing to do with it. According to a recent list in a site that tracks search terms, "MP3," "sex" and "Hotmail" were the most popular search words. Imbedding popular terms in the metatags of a site on, say, lobster traps in Nova Scotia will draw many more surfers, not just the ones that searched for "traps AND lobsters."
You can avoid some tricks by turning off Java, but that makes Web surfing less interactive.

Some companies will even imbed the name of business rivals into the metatags on their own home page. "That way, if someone searches for them, they'll find you," said Danny Sullivan, editor of the Search Engine Watch site.

"It's kind of part art, part science, but they really know how to work the search engines using metatags," Mr. Glovich said. "But metatags are only a part of it. It's keyword density, how many times that word appears in the document, in what locations in appears, in what format does it appear in -- a bunch of things like that contribute to the placement in the results. They totally know how to work it, and it's not all that difficult to do."

The solution lies with the search engines, not the surfers. "Search engines are moving away from crawling and just indexing anything automatically," Mr. Sullivan said. "Now, what the search engines are doing is relying on humans to categorize Web sites." Lycos and the search engines on AOL and the Microsoft Network are adopting this tactic, he said. "It's harder to spam, if you will, a human being," he added. "You can't just flip it past them, because they're smarter than a machine."

The law has already caught up with a few companies using trademarked terms just to get search hits. Playboy has sued a number of sites for embedding its name in their code.

Windows Begetting Windows

Have you ever called it quits after hours of surfing, closed your browser window and discovered several other open browser windows still on your screen, all neatly piled one on top of another?

That trick is also used to keep users connected to one site, even if they are looking at another. The HTML code writer can tell the browser to treat the desired link as a new window, which opens on top of the first one.

Many sites use this tactic to smack you in the eyes with advertisements, but also to display supplementary information or to lead you to a different section of the site. Sites that specialize in MP3 downloads are often guilty of this "window farming."

Some sites will open even more windows that contain paid advertisements. "They get paid per view in general for these cases," Mr. Glovich said. "So the more they pop, the more they make."
Webmasters use dubious tactics to catch and keep unwitting surfers.

One way to put a stop to this sort of thing is to visit your favorite shareware archive for inexpensive little programs that keep browser windows from breeding like bunnies. Intermute (http://www.nytimes.com/library/tech/99/10/circuits/articles/07tric.html#1) sells such a program for $20.

Spellcheck Won't Save You Now

Everyone makes a typo now and then. Some of the craftier Web entreprenuers rely on these slip-ups to send you to sites that you were completely unprepared for.

Yahoo had the foresight to pay for an extra "O" and claim www.yahooo.com as its own, which properly leads to www.yahoo.com. If you don't know how it is spelled, though, and try www.yawhoo.com by mistake, you go to The Net One, a different search site. In another case of competitors trumping their rivals, www.microsoft.com leads to the home page of Linux, the operating system that is challenging Windows.

Sometimes, a transposed keystroke can be more problematic, especially if you are teaching a child how to search the Web. Mistyping www.excite.com can whisk you to a porn site. Missed punctuation, like the period after the "www," may also result in unplanned visits.

Some sites will gamble on your guessing wrong when you don't know the exact address of a site. Many browser versions will let you type just the middle part of the domain name, adding the "http://www." and the ".com" automatically. A classic example of a sex site preying upon unsuspecting users is a variation of the White House site address, www.whitehouse.gov. If you want to drop Mr. Clinton a note, take special note of the .gov suffix.

Two years ago, the Federal Trade Commission was involved in a case in which an Australian company was selling domain names through a Web site called http://www.nytimes.com/library/tech/99/10/circuits/articles/07tric.html#1 (as opposed to internic.net, the real site, run by Network Solutions). The company was charging $250 for domain-name registration, sending the regular fee to Network Solutions and pocketing the rest. As many as 13,000 people in nine countries were duped.

Look, Don't Touch

Have you ever noticed two Web sites that look exactly like each other except for the domain names and contact information? One may just be a clever copy, made to steal the economic or creative thunder of the original. And you may have no other clues that you are not looking at the original site.

In last month's Internet case, as many as 25 million popular Web pages were copied onto Web servers and code was added to reroute viewers to pornography sites. When search engines displayed the fake pages as search results and the users clicked on the links, they were taken on a triple-X ride. Some people are slicker than others about doing this type of thing.

"This is the equivalent of somebody taking a shotgun, pointing it at the sky and hitting a whole bunch of ducks," Mr. Sullivan said. "It wasn't subtle at all. In contrast, people who are really sophisticated don't throw up 25 million pages and hope to pick up traffic."

The copied-pages syndrome often happens to sites celebrating pop-culture icons like Xena the Warrior Princess, but corporate theft, like stealing a business competitor's pages and changing the contact information, also abounds. A successful digital communications company had its Web site stolen by someone in Russia who presented it as his own. (Fearing further security breaches, the company refused to comment on the matter.) For the common user, though, paying close attention to what is on the screen -- look out particularly for Web addresses that bear little resemblance to the site name -- might be the best defense.

What You See Isn't What You Get

A few years ago, when Netscape's Navigator was slugging it out with Microsoft's Internet Explorer to be king of the browser hill, some sites would optimize their pages for their browser of choice, intentionally make their content look bad for the competition and even block access to the site. Although these browser wars have pretty much ended, a few stalwarts are probably still clinging to old grudges.

Another reason a page may look bad is that it was never intended to be looked at in the first place. Some companies slap together Web "landing pages," -- also called "bridge" and "spam" pages -- that are meant to be seen, not by people but by search engines.

By playing these pages into a search engine's algorithm, businesses that specialize in Web placement can boost a client's ranking on the search results page.

"There are actually companies out there that their whole purpose is just to create and maintain landing pages like that and redirect the traffic," Mr. Glovich said. Although driving up search-engine results is a lot harder now, he said, it was not that way a few years ago. "It got to the point where, literally, inside of 10 minutes, you could manipulate Infoseek and take over the top five positions for any given query."

"It's definitely not that easy anymore," said Bill Rose, vice president of search and content at Infoseek. "We have a lot of technology that's analyzing the U.R.L's that people are submitting to be sure they're not trying to spam or create bad search results."

Mr. Sullivan said that some major search engines were starting to use different criteria to rank a page, like how many other pages are linking to it. "If lots of links are pointing at it, then maybe it will rank higher," he said. "It's a harder thing for somebody to go through and try to manipulate for spam."

Advertisements in Disguise

Some Web links are intentionally misleading, or they will display an advertisement before you can continue to your desired destination, or they will camouflage themselves. One box on Alta Vista's Computers and Internet page looks like a site-search line for hardware and software, but clicking on it takes you to an on-line computer store.

Another increasingly popular trick is a banner ad -- the horizontal strip of commercialism found at the top and bottom of Web pages -- disguised as something else, like a form to fill out or a trivia question to answer. Yet another popular facade trick involves a system-alert box.

Duplicitous banner advertisements can be designed by graphics professionals to resemble ominous computer messages, and new users may be nervous enough to click on anything that says "O.K." to make them go away. Only after you end up in an unexpected sales environment with a perfectly functioning computer does the ruse become apparent.

Next time you are on the Web and think your computer is complaining about something with an alert box, look closely. Real system alert boxes pop up in the middle of the screen and float above the active window. Fakes are usually nestled right in there with the Web page content.

Of course, Macintosh users will probably spot them right away -- most of the ads resemble Windows messages.

Related Sites
These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability.



Click here

Home | Site Index | Site Search | Forums | Archives | Marketplace

Quick News | Page One Plus | International | National/N.Y. | Business | Technology | Science | Sports | Weather | Editorial | Op-Ed | Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel

Help/Feedback | Classifieds | Services | New York Today

Copyright 1999 The New York Times Company

Advertisement