- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or # to comment.
Learn.Microsoft.com is going to be pissed.
In fact, most of the time I run into this it’s big corps who should know better, but don’t.
They won’t delist LinkedIn and Microsoft and Reddit. They just paid billions for Reddit content feeds.
So is SFGate. I can’t even bother with their bullshit articles anymore. You have to click back 3 TIMES just to get out.
I’ll expand here what I mentioned in another comm.
Most back button hijacking relies on the browser history API. Further info here: “The replaceState() method of the History interface modifies the current history entry, replacing it with the state object and URL passed in the method parameters.”
So for example. You visited site A, then site B. Your browser stores this as “user went A then B”, so if you click the “back” button while navigating B, it sends you back to A. However Javascript in the site B can tell your browser “no, the user didn’t visit A then B. They visited C then B”. So as you click “back” you’re sent to a third site you never visited.
Why is this anti-feature there on first place? Why are sites even allowed to interact with your history? Because corporations really, really, really want to know your browsing history: which sites are directing traffic to it site, which pages within that site you visited (imagine those pages show you products you might potentially buy), so goes on. It has practically no reason to exist for non-commercial sites. Now remember Google is a corporation, it profits the most from advertisement, and has a role in the web standards, and you’ll notice Google was at least partially responsible for this anti-feature.
And now, the same Google is using its monopoly over search to dictate which should be the rules for the usage of the anti-feature it added. As if the internet was Google’s property: it’s who decides which features should be on the internet, and how you’re allowed to use them.
Moral of the story is: even if it looks like Google is doing something good, remember they were responsible for this mess on first place.
Why is this anti-feature there on first place?
I thought it was there because otherwise, single page applications (e.g. Angular) wouldn’t have a functioning back button? Am I misunderstanding this?
You are correct. I’m against web tracking but this isn’t the crazy feature the other poster is going on about.
Single page applications are only a necessity because pages are expected to be huge behemoths, so requesting a new page would take too long and put a burden on the server. And that is mostly the result of corporations bloating their sites with advertisement, to the point our expectations on what’s an acceptable page size became distorted.
(Note Angular was released by Google in 2016, and the anti-feature is from 2015. I don’t think this is a coincidence.)
SPAs have their place in the ecosystem and can do things that simply aren’t possible with page navigation alone. Don’t blame the technology for developers or more likely their managers being shitty.
If you develop some feature (or bug!) of course some people will find a decent way to use it. That doesn’t mean the feature should be there on first place, specially when the possibility of abuse is so obvious. Plus if the pressure behind this anti-feature was “only” single page applications, and nothing else, I bet it would be implemented in a different way.
Also, look at the big picture. In isolation, one could argue giving pages access to your browsing history was a necessary albeit poorly thought feature; but when you look at other stuff browsers nowadays are supposed to do, you notice a pattern:
- Browsers giving more info to the page about your system than just “I’m a browser, I can browse pages”: the browser software, its version, the operating system, the fonts you have installed, your screen dimensions…
- Letting pages decide the behaviour of mouse clicks. And if the window is focused or not.
- The ability to show pop-up messages.
- etc.
Are you noticing it? All those “features” are somewhat useful, but with such obvious room for abuse it would be insane to add them, in retrospect. And that abuse is usually from money hoarders, or people controlled by them.
Worse: all of them crammed into what was supposed to be a system to show you content, but eventually got bloated into a development platform, transforming browsers into those bloody abominations of nowadays, with a huge barrier of entry, dominated by a single vendor (and where the vassal of said vendor got ~3% market share). I’d say that not having a monopoly is more important than all those features together.
And odds are the ones pushing for those features (like Google) knew they were insane, and that they would raise the barrier of entry for new browsers. But that was their goal, innit? Enshittify the web while claiming control over it.
I think you are misunderstanding what is possible with the history API.
Pages can’t read your navigation history.
Pages can’t manipulate history prior to their loading.The original history API is a careless mistake. It can:
- Tell the browser to navigate forward
nentries. - Tell the browser to navigate backward
nentries. - See the length of the history stack.
Seeing the length is a privacy problem. Allowing arbitrary forward navigation is a usability problem that’s ripe for abuse. Allowing back navigation to be more than a single page is a usability problem.
The newer
pushStateandreplaceStateAPIs are fine. As their names imply, they push a new URL or replace the current URL in the navigation stack. The URLs are also subject to same-origin constraints, so you can’t just replace the current page with an entirely different domain.Using a
replaceStatefollowed bypushStateto insert a dummy marker that runshistory.go(1)when thepopStateevent is fired allows pages to prevent users from navigating away from the website. That’s shitty and abusive, yes.Do you know what else can do that, though?
if (window.location.hash != "no_redirect") setTimeout(() => { window.location.hash = "no_redirect"; }, 1000)Or
<?php if ($_GET["no_redirect"] != "1") echo '<meta http-equiv="refresh" content="1; url=?no_redirect=1 />'; ?>Back button hijacking is an infuriating problem, but it’s not a new one exclusive to SPAs. This fuckery has existed for a long time.
Edit: I don’t like the state of the modern web either, but as you also noted, the problem with it is by and large Google’s monopolistic dominance over web browsers and their incentive to not take privacy seriously. The only non-Blink browser engine with any notable market share is WebKit2, and that’s only because Apple is abusing their own position.
- Tell the browser to navigate forward
Google actually doing something good for once?
Oh, right. Not being able to press back prevents you going back to google.
I wish that the back button would send me back to the page + page position that I was on when I (the user) clicked a link or entered a form. I’ve never had a desire to revisit automatic redirect pages, so imo default behaviour should be to send the user back to the point of the previous user action. To me this seems easy and logical to implement, but I’ve never seen it, so maybe I’m missing something and it’s not that easy.
That sounds like default behaviour, at least in Firefox, if a websites loaded as a static page and doesn’t dynamically load its content after page load.
Since they mentioned redirect, I think they take an issue with the scenario of ‘click → more pages load and redirect you after each load → back’ that will repeatedly land you on just the last redirect page and then promptly redirect you forward to the newest page you tried to go back from
If it’s default behaviour for static pages, but not for dynamic pages, then it’s not much of a default. As a user I want ui actions to be consistent, the unknown stuff that happens in the background shouldn’t change the behaviour of the ui. Firefox now mostly gets around this issue by opening search engine links in new tabs (I can’t recall if that’s standard for Firefox or if I had to change settings, but I’ve been using it for years like that), but this wouldn’t have been needed if using the back button was reliable.
I found this 2022-2024 discussion with a few examples of the back button not working as expected: https://connect.mozilla.org/t5/discussions/firefox-needs-to-do-something-about-back-button-history-loading/td-p/4678
I found no announcements of a fix. I also haven’t had much occasion of noticing a fix, since new pages open in a separate tab for me.
If only they would obliterate Facebook then! Facebook is notorious for doing this when getting to forum posts from google and I’m trying to go back to google, and it it pisses me off.
Why would a browser give a site the ability to do this in the first place?There’s quite a few reasons why having the ability to change the history of a particular browser session can be helpful. The major one is handling user flow in single page applications where the browser doesn’t see page changes but the application does so you add history despite a new page not being completely rendered. Thus it gives the illusion of moving pages and changing URLs without burdening the browser with the action. It’s a pretty integral feature and there are plenty of sites that make it malicious.
That’s asinine. The outcome of browsers giving incompetent web designers enough access to muddy the function of users’ back buttons was predictable from the start.
So is google banning single page applications or just the malicious behavior described? Hate when their announcements are so cryptic
Single page application should be blocked. Give me real links.
As long as it pretends that it has multiple pages, I don’t see the harm. Not re-fetching and re-rendering navigation elements is a good thing, and you don’t have to break the back button, address bar, and so on to do it.
Honestly, there should probably be a standard HTML attribute that tells the browser that internal links will always send this element in the same way and it should not be re-rendered.
It’s called “frames” and we’ve had them for years. I feel like there’s a meme template that would fit this…
Frames absolutely obliterate the back button and address bar, though.
lol, I’ll believe it when I see it. Something tells me that there’s gonna be a list of “approved” websites, that also just so happen to increase their adsense buys around the same time…
Except Facebook right?
Tldr?
Pressing the back button must take you back to the previous page you were on or else google will lower your page rating.
It’s a rather short article…
(N)TL;DR: back should mean back. Sites that continue to make back do something else will get lower rankings in search results, which means reduced traffic and revenue.
Google has users still? Less tech savvy people have been hijacked by Bing, more techavvy people have bailed years ago. Right?
The least tech-savvy people don’t use Windows, but Android or iOS, where Bing isn’t the default search engine. (Slightly more tech-savvy ones may also use Chrome on Windows.)
As a tech-savvy person I still use Google a lot because DDG just doesn’t give equally good results much of the time. There are many web pages that are indexed by Google, but not DDG.
I highly recommend kagi if you can justify the cost. It is genuinely how Google used to be in terms of search quality.
Thanks for the tip, currently I usually get what I want from DDG and Google (almost never use any others), but if I ever become dissatisfied I might try it.
Google has 89% of the web search marketshare according to statcounter
Why am I suddenly seeing hexbear here
Wdym “suddenly”? Checking my user profile on hexbear it appears that my posts to lemmy.zip communities have been federating there for a long time. Your instance doesn’t seem to defederate them, don’t know if it ever did; mine certainly doesn’t and I don’t remember a time when it ever did.
