Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

The pop-up porn pest

When Brendan Eich invented Javascript, he unwittingly opened a computerised Pandora's box that allows sites to control your desktop. Charles Arthur reports

Monday 01 April 2002 00:00 BST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

If you've done any web surfing lately, you'll have come across the now-infamous "pop-ups" – adverts that appear in their own little window separate from the one you're viewing stuff in. Added to their ranks are "pop-unders" (which appear under the window you're looking at) and "pop-afters" (which appear when you close the window you were looking at).

Some people, though, have found that mistyping a web page address has resulted in them ending up at porn sites – and that, mysteriously, the site becomes (very much against their will) their homepage, no matter how much they change the browser settings.

The culprit in all these cases is a language called "Javascript", which, in theory, extends web browsing to make it possible to do much more with a web page than HTML ever could. It was invented in of 1995 by Brendan Eich, a newly arrived employee at Netscape – which, of course, had the commercial monopoly on browsers at that stage of the internet revolution.

Its first appearance was in December 1995, on Netscape Navigator 2, where it was called Javascript 1.0; although during its development it was called LiveScript. But then Sun Microsystems began to preach the virtues of its Java language, a write-once, run-anywhere method of coding, and Netscape saw that there were benefits in having people think that the two were connected. (They aren't, in fact.)

If you want to see some Javascript, go to almost any page, bring up the "source" (the raw HTML) and look for content between the characters "þ" and "ý". Early browsers treated anything there as a comment, to be ignored; later ones look for Javascript in there, too. If you're not into programming, it'll just look like random letters and numbers. But to your browser, it's meaningful.

Predictably enough, when Microsoft entered the browser wars in 1996, it brought along its own version of Javascript, which it called Jscript. But there is a standardisation body: Javascript comes under the wing of the European Computer Manufacturers' Association (ECMA), and versions that match its agreed standard are also called ECMAscript.

So what can Javascript do? The list has expanded with every release (it's just about to reach version 1.4). At first it was simple things like changing the appearance of something on the page when you put your mouse over it (a "mouseover" event). Later versions enabled it to resize browser windows, open new windows and write cookies (the little text files that tell sites if you've visited them). Ingenious Javascript writers could even add their site as a bookmark to your browser, or make it your homepage.

And then some web designers realised they could go a lot further: that they could alter the registry on Microsoft's Windows operating system. The registry holds all sorts of details about the configuration of your machine, and gets accessed every time you start it up; any programs in there get run.

So who uses Javascript to alter the registry? Porn sites. People who had planned to visit a site called "mypcworld.com" and mistyped it as "mycpworld.com" found themselves at a porn site intentionally set up to catch just such misspelling. Worse, it hijacked their homepage. Resetting their homepage in the browser didn't help – every time they restarted the machine it would go back to that porn page.

In the end, the unfortunate users had to manually edit their registries to delete any reference to the cuckoo program that was altering their browser's homepage each time they restarted.

The simple way to stop it is to disable Javascript in your browser's settings. This will stop all sorts of hassle, including pop-up, -under and -after windows. But it also stops many web pages displaying properly. The ideal is a browser that lets you decide what Javascript attributes to allow. Netscape's new Mozilla browser does allow some of that filtering. On the Macintosh, the iCab browser (www.icab.de) lets you decide exactly what you will allow globally, and to filter sites by their behaviour. Even so, it's certain that Brendan Eich never imagined that his invention would be used to create persistent porn sites.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in