andreareina2 minutes ago
> Notably, some instances of back button hijacking may originate from the site's ... advertising platform
I feel like anything loaded from a third party domain shouldn't be allowed to fiddle with the history stack.
musicale2 hours ago
The iron law of web encrapification: every web feature will (if possible) be employed to abuse the user, usually to push advertising.
endgamean hour ago
I cannot even reliably press [Space] any more to page down through sites that are meant to be all about content!
kiddico11 minutes ago
I've always found that behavior baffling so it's interesting to hear someone using it as intended instead of being frustrated by it.
chonglian hour ago
It really comes down to JavaScript. The web was fine when sites were static HTML, images, and forms with server-side rendering (allowing for forums and blogs).
pottertheotteran hour ago
Did you use the web back in 1995? It was fun, but it also sucked compared to what we have now. Nothing is ever perfect, but I wouldn’t want to go back.
ryandrakean hour ago
I’d go back in a heartbeat. Making the web a software SDK was the worst thing to happen to it.
arjie4 minutes ago
Gemini websites are pretty much the old web: https://en.wikipedia.org/wiki/Gemini_(protocol)
Both in terms of comprehensiveness and in terms of functionality.
collabs43 minutes ago
You talk about 1995 but I wouldn't even go back to 1999. Dialup was so painful. It advertised 56 know but in practice I never even say 48...
yjftsjthsd-h34 minutes ago
That seems like a separate thing. You can send 199x-era HTML over a gigabit connection.
bonesss9 minutes ago
I published my first website in 1995 (and while it wasn’t even a little popular, eventually a spammy gay porn site popped up with the exact same joke name, leading to a pretty odd early “what if you search for your own site” experience).
If you put 2026 media players (with modern bandwidth), on the manually curated small-editorial web of ‘95 it’d be amazing.
We used to have desktop apps, these SPA JS monstrosities are the result of MS missing the web then MS missing mobile. Instead of a desktop monopoly where ActiveX could pop up (providing better app experiences in many cases than one would think), we have cross-platform electron monstrosities and fat react apps that suck, are slow, and omfgbbq do they break. And suck. And eat up resources. Copy and paste breaks, scrolling breaks, nav gets hijacked, dark mode overridden.
Netflix, Spotify, MS have apps I see breaking on the regular on prime mainstream hardware. My modern gaming windows laptop, extra juicy GPU for all the LLM and local kubernetes admin, chokes on windows rendering. Windows isn’t just regressing, their entire stack is actively rotting, and all behind fancy web buttons.
Old man yelling at cloud, but: geeeez boys, I want to go back.
themafia6 minutes ago
> Did you use the web back in 1995?
I'm still not over the loss of Gopher.
wmf19 minutes ago
You're not wrong but we've never really tried the combination of modern CSS with no JS. It could produce elegant designs that load really fast... or ad-filled slop but declarative.
AuthAuthan hour ago
It wasnt "fine".
atoav31 minutes ago
Oh, the social media was much, much better. People much more open, tracking didn't exist. All the idiots still thought computers were only a thing for nerds and kids.
al_borland2 hours ago
Some Microsoft sites have been very guilty of this. They are the ones that stick in my head in recent memory.
lamaseryan hour ago
IIRC the Azure “portal” does this. Also likes to not record things as navigation events that really feel like they should be. Hitting back on that thing is like hitting the back button on Android, it’s the “I feel lucky” button. Anything could happen.
542458an hour ago
Are they? This seems about deceptive or malicious content (i.e., redirecting to ads) rather than “something in my history triggers a JS redirect”. I’ve definitely experienced the latter with MS, but never the former.
surroundan hour ago
It seems like Google's policy is unconcerned with the intent of the practice. If a website JS redirect ruins the user experience by breaking the back button, it will be demoted in search results. It doesn't matter whether or not the redirect was meant to be deceptive or malicious, websites shouldn't be ruining the user experience.
dataflow7 minutes ago
> It seems like Google's policy is unconcerned with the intent of the practice.
I'm reading the opposite: "If you're currently using any script or technique that inserts or replaces deceptive or manipulative pages into a user's browser history that [...]"
sixothreean hour ago
Epic store makes it impossible to navigate backwards from the checkout on mobile at least. Not sure if it's design or just poor design.
SuperNinKenDo42 minutes ago
Happened to me yesterday through a link off here. I was already expecting it given the domain, but usually mashing back fast enough does the trick eventually. Not this time. Had to kill the tab.
Tepix12 minutes ago
In most browsers you can hold the back button for a second and it will let you skip back more than one step.
Kab1r6 minutes ago
And some websites consume the entire history that a browser displays in that menu
mlmonkey41 minutes ago
But the question is: why are sites allowed to hijack the Back Button?!?
josephcsible38 minutes ago
So that in single-page applications, it can work intuitively instead of always taking you all the way out of the app.
not2b13 minutes ago
If the navigation simulates what would happen if we follow links to SPA#pos1, SPA#pos2, etc so that if I do two clicks within the SPA, and then hit Back three times I'm back to whatever link I followed to get to the SPA, I guess it's OK and follows user expectations. But if it is used as an excuse to trap the user in the SPA unless they kill the tab, not OK.
mock-possum8 minutes ago
Of course, but programmatically, how do you enforce that?
filcuk39 minutes ago
Because it has a legitimate use. As anything, the tools will be abused by malicious actors
transcriptase17 minutes ago
>We believe that the user experience comes first
I’ll believe that when YouTube gives me the ability to block certain channels versus “not interested” and “don’t recommend channel” buttons that do absolutely nothing close to what I want.
Or a thousand other things, but that one in particular has been top of mind recently.
CableNinja2 hours ago
Frustrating it took this long for something to be done about this, but glad its now got something being done.
throwaway81523an hour ago
> When a user clicks the "back" button in the browser, they have a clear expectation: they want to return to the previous page. Back button hijacking breaks this fundamental expectation.
It seems pretty stupid. Instead of expanding the SEO policy bureaucracy to address a situation where a spammer hijacks the back button, the browser should have been designed in the first place to never allow that hijacking to happen. Second best approach is modify it now. While they're at it, they should also make it impossible to hijack the mode one.... oh yes, Google itself does that.
spankalee27 minutes ago
What about all the very legitimate uses of programmatically adding history entries?
jack1243star4 minutes ago
Please explain the legitimate uses. Not once I have ever encountered a website that does something useful by modifying the behavior of my browsing history.
incognito1244 minutes ago
Now, if they only declared scroll hijacking as spam...
bschwindHNan hour ago
Cool, now maybe let's do something about all the shit I have to clear out out my face before I can read a simple web page. For example, on this very article I had to click "No thanks" for cookies and then "No thanks" for a survey or something. And then there was an ad at the top for some app that I also closed.
It's like walking into some room and having to swat away a bunch of cobwebs before doing whatever it is you want to do (read some text, basically).
not_your_vasean hour ago
Haha, we had a solution for that, called pop-up blockers. Then when they became very usable, everyone switched to overlays injected with javascript, so they became unblockable.
But thinking of this at this moment, this could be a good use for a locally ran LLM, to get rid of all this crap dynamically. I wonder why Firefox didn't use this as a usecase when they bolted AI on top of Firefox. Maybe it is time for me to check what api FF has for this
Terr_39 minutes ago
I'm waiting for someone to develop an augmented-reality system that detects branded ads or products, compares them against a corporate-ownership database, applies policies chosen by the user, and then adds warning-stripes or censor-bars over things the user has selected against.
It would finally put some teeth behind the myth of the informed consumer, and there would be gloriously absurd court-battles from corporations. ("If they don't like what we're doing they can vote with their wallets... NOT LIKE THAT!")
internet101010an hour ago
Don't forget the useless "Got it!" popups, especially when the site blurs the screen to guide you to it.
pwgan hour ago
With uBlockOrigin set to default deny all the javascript on the page there are:
zero cookie banners
zero surveys popping up
zero ads to be closed
Just the text of the page with no other distractions in the way.
carlosjobim29 minutes ago
Your problems have been solved for more than a decade. Set your browser to open pages in reader view by default and you don't have these issues.
You are a decade behind in your life. Why didn't you look for a solution to your problems, does it feel better to complain?
93po43 minutes ago
ublock origin with annoyance filters on solves 95% of this
twisman hour ago
Reddit! I'm looking at you?
itopaloglu8317 minutes ago
Scroll on Reddit on mobile and click on a link. The comments open in a new tab. Close the tab and the previous tab is also at the link you’ve just closed.
Makes it impossible to browse around and long click to open on a new tab doesn’t solve the issue either.
rc_kas14 minutes ago
I feel like facebook is the worst culprit with this
synackan hour ago
Are they considering all uses of window.history.pushState to be hijacking? If so, why not remove that function from Chrome?
kro21 minutes ago
It's a valid question how they detect it. As there are valid usages, just checking for the existence of the function call would not be correct.
These sites likely pushState on consent actions so it appears like any user interaction.
tgsovlerkhgselan hour ago
Because clicking on a navigation button in a web app is a good reason to window.history.pushState a state that will return the user to the place where they were when they clicked the button.
Clicking the dismiss button on the cookie banner is not a reason to push a state that will show the user a screen full of ads when they try to leave. (Mentioning the cookie banner because AFAIK Chrome requires a "user gesture" before pushState works normally, https://groups.google.com/a/chromium.org/g/blink-dev/c/T8d4_...)
omcnoean hour ago
No, only if your website abuses window.history.pushState to redirect the user to spam/ad content is it considered abuse.
charcircuitan hour ago
Google should actually fix this from the browser side instead of trying to seriously punish potentially buggy sites.
domenicd35 minutes ago
We tried a few times. We got as far as gating the ability to push into the "real history stack" [1] behind a user activation (e.g. click). But, it's easy to get the user to click somewhere: just throw up a cookie banner or an "expand to see full article" or similar.
We weren't really able to figure out any technical solution beyond this. It would rely on some sort of classification of clicks as leading to "real" same-document navigations or not.
This can be done reasonably well as long as you're in a cooperative relationship with the website. For example, if you're trying to classify whether a click should emit single-page navigation performance entries for web performance measurement. (See [2].) In such a case, if the browser can get to (say) 99% accuracy by default with good heuristics and provide site owners with guidance on how to annotate or tweak their code for the remaining 1%, you're in good shape.
But if you're in an adversarial relationship with the website, i.e. it's some malicious spammer trying to hijack the back button, then the malicious site will just always go down the 1% path that slips through the browser's heuristics. And you can try playing whack-a-mole with certain code patterns, but it just never ends, and isn't a great use of engineering resources, and is likely to start degrading the experience of well-behaved sites by accident.
So, policy-based solutions make sense to me here.
[1]: "real history stack": by this I mean the user-visible one that is traversed by the browser's back button UI. This is distinct from the programmer-visible one in `navigation.entries()`, traversed by `navigation.back()` or `history.back()`. The browser's back button is explicitly allowed to skip over programmer-visible entries. https://html.spec.whatwg.org/multipage/speculative-loading.h...
[2]: https://developer.chrome.com/docs/web-platform/soft-navigati...
josephcsible37 minutes ago
What does this have to do with sites being buggy? This change is about obvious intentional abuse.
SuperNinKenDo40 minutes ago
Honestly if your site is buggy in a way that effectively breaks the browser, maybe you should be punished.
andrewmcwattersan hour ago
[dead]
tgsovlerkhgselan hour ago
Now do paywalls next.
ladberg6 minutes ago
How would you recommend that creators of valuable content get paid?
renewiltorda minute ago
Ideally, when I create valuable content I am paid and when I consume valuable content I don't pay. Advertising does this but I hate it so I don't want that. So ideally, there is no way to extract value from me but I am able to extract value from others. I think I would support someone who finds a way to enforce this.