Google will take action against website history manipulation - gHacks Tech News

Google will take action against website history manipulation

Chromium developers plan to integrate functionality in Chromium that protects against history manipulation by websites.

History manipulation refers to sites adding pages to the browsing history, e.g. in the form of a number of redirects, when a user accesses a page on a site to make it more difficult to go back to the previous page or forward to the next.

Usually, what happens is that activating back once appears to do nothing or redirects the user to another page on the site.

Hitting back multiple times may appear to do nothing as well, may load another page on the domain, may load the previous page opened by the user, or may overshot and load a page further down the browsing history.

good browsing history

Chromium developers opened an issue for the misuse of the browsing history in 2016:

Annoying user experience on back navigation due to dummy fast-forwarding history entries

We've observed websites abusing (or misusing) History.

Typically, the History get stuffed with multiple dummy entries that fast-forward the user back to the page they wanted to leave.

Getting back to the desired history entry is extremely hard:

  • Because of the instant fast-fowarding nature of the dummy history entries, the user can't wait for a visual confirmation to know when to stop hitting the back button.
  • As a result, the user either overshoot or undershoot its destination resulting in guaranteed frustration.

Engineers added in September 29 that sites abused the history by inserting ads into it. Other sites would redirect users to their homepage using the functionality.

Google plans to implement redirection skipping functionality in the Chrome browser. The company plans to flag sites that exhibit the behavior and skip dummy entries entirely eventually in Chrome.

9to5Google reports that Google plans to hide the functionality behind the chrome://flags/#enable-skip-redirecting-entries-on-back-forward-ui flag initially before enabling it for all users in Chrome.

The flag is not yet integrated in Chrome, not even in Chrome Canary. Once integrated and enabled, Chrome will skip pages injected into the browsing history when users activate back or forward buttons in the browser.

Other Chromium-based browsers, Brave, Vivaldi, Opera and soon Microsoft Edge, may get the feature as well at one point in time.

Many users who open sites that manipulate the browsing history by stuffing dummy entries into it close the tab entirely to get rid of the issue.

Handling the issue is a bit easier on the desktop as long-pressing the back button will display previous history entries to jump to these right away. Another option that users have at their disposal is to open the browsing history in the browser to load a page manually using it.

Now You: did you encounter sites in the past that manipulated the history?

Summary
Google will take action against website history manipulation
Article Name
Google will take action against website history manipulation
Description
Chromium developers plan to integrate functionality in Chromium that protects against history manipulation by websites.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Yuliya said on December 18, 2018 at 3:50 pm
    Reply

    You can also right click on the back button on desktop to get a list of tab’s history. On Android if you hold the back button you get the same list. On Android with Chromium 73 that is the case, idk about Chrome stable.
    Lastly, opening stuff in new tabs renders this nasty practice useless.

    1. John Fenderson said on December 20, 2018 at 12:00 am
      Reply

      @Yuliya: “You can also right click on the back button on desktop to get a list of tab’s history.”

      I never knew you could do it that way. My habit is to click-and-hold on the back button, which does the same thing. Thanks for teaching me something new!

    2. TelV said on December 22, 2018 at 3:46 pm
      Reply

      @Yuliya,

      I use that method as well, but it’s limited as to how many pages are displayed. Maximum is 10 I believe.

      An alternative is to hit CTRL+SHIFT+H and then use the library to return to where you want to be.

    3. Randy said on July 9, 2019 at 6:13 pm
      Reply

      Website history manipulation appears to be a usual part of landing page in typosquatting type attacks. So first you type a wrong address (say, e.g., take breitbart and drop the i in it). The address takes you to a site which tells you have won in a lottery or something, and starts phishing infomation, collects money with ads and possibly contains some active attack code.

      I’m sorry for slightly o/t, but at least in Firefox, it is common that the back button – right click on Android does not work. The history totally filled with dummy pages and the real history is not accessible from the menu. The menu might also appear empty; the history has been deleted.

      Very recently we have noticed (safari/iphone, ff/android) that many sites end up at attack pages a bit randomly. If you reload from a desktop, the site will be ok. Or, if you reload from android, the site will be OK. So basically your user experience is: google term, follow link, end up at attack page. Close browser, open new private tab, do the same, end up in the real site with real stuff.

      What this is? Could be somebody has poisoned by dns, who knows. It is scaringly difficult to know where the attack comes from.

  2. Julius said on December 18, 2018 at 4:46 pm
    Reply

    One of the things I hate most on the Internet! And sadly it is quite a common occurrence even on so-called “quality” websites.

    Invariably, either I try and get back to the page I wanted by using the address bar or I leave the site never to return.

    It is a cheap gimmick and I, for one, will be more than happy to see Google do something about it.

  3. John Fenderson said on December 18, 2018 at 4:57 pm
    Reply

    “did you encounter sites in the past that manipulated the history?”

    Frequently enough that it’s become my normal workflow to hold down the back button until the history pops up, then select the exact page I want to return to.

    Until this article, though, I didn’t realize that this was intentional. I thought it was just broken websites.

    1. Bruno said on December 20, 2018 at 6:18 pm
      Reply

      Sometimes it IS broken websites, stupidly designed lightboxes etc.

  4. vux777 said on December 18, 2018 at 7:43 pm
    Reply

    there is already a flag in chromium (for long time now) that prevents sites to manipulate history (pushing dummies). Flag is:
    “New history entries require a user gesture.”

  5. Don said on December 18, 2018 at 10:44 pm
    Reply

    I’m occasionally annoyed by this practice. I didn’t realize phone users can’t easily jump over page in the history like I can do on my desktop.

    But aren’t there valid reasons for web developers to do this, like redirect from an obsolete page to it’s replacement, or redirect to another page based on the device capabilities?

    1. gwacks said on December 19, 2018 at 6:10 am
      Reply

      Yeah or redirect to an AMP version of a page served by Goolag ^^

    2. John Fenderson said on December 19, 2018 at 4:53 pm
      Reply

      @Don: “like redirect from an obsolete page to it’s replacement, or redirect to another page based on the device capabilities?”

      Honestly, even in those sorts of situations, I’d prefer they didn’t.

  6. Bob said on December 18, 2018 at 11:20 pm
    Reply

    Clicking and holding (or right-clicking) the back button allows one to navigate to any page on the current tab history in Firefox, good for avoiding the dummy page that does the fast redirects.

  7. Thorky said on December 19, 2018 at 12:36 am
    Reply

    Google should probably sweep at their own door first (german language only, sorry): https://www.pcwelt.de/a/vorwurf-google-soll-edge-browser-sabotiert-haben,3463398

  8. ams said on December 19, 2018 at 1:17 am
    Reply

    Martin, the sites where I most often experience “broken back button” are legit sites, e.g. github. The brokenness is not consistent; I haven’t been able to identify a pattern. Because I’ve disabled quite a few things via browser preferences, I had attributed the problems to disallowing service workers ( dom.serviceWorkers.enabled = false ) or somesuch.

  9. ULBoom said on December 19, 2018 at 4:15 am
    Reply

    I have this “remove google redirection” add on in Firefox and Chromium. Is this some sort of weird irony or what?

    As far as sites beside google that redirect with history manipulation, it’s been going on for at least two decades. Johnny on the spot there, google developers!

    Close the page, sites that do that deserve to be left; they’re hijacking.

  10. supergirl said on December 19, 2018 at 10:00 am
    Reply

    WoW …..Yes I have had that happen…

    I had no idea that was deliberate or done by the webpage!!!

    I just thought it wasnt a bug it was a “Feature” LoL

  11. ShintoPlasm said on December 19, 2018 at 10:39 am
    Reply

    @Martinn: Is there any way you could please remove/disable those annoying autoplaying videos currently polluting every page on gHacks? I am happy to unblock all ads here as I find your site extremely useful, but these videos are driving me (and my CPU) crazy… Thanks!

    1. Rush said on December 19, 2018 at 6:08 pm
      Reply

      IN Firefox

      about:config

      media.autoplay.enabled;True?…..Toggle to false

      MartinB provides a tremendous service for users on this site…

      I can understand the ads and auto-play vids.

      1. gwacks said on December 20, 2018 at 7:32 am
        Reply

        @Rush

        That doesn’t work from FF63+ which replace it with “media.autoplay.default”. Set 0=allowed by default; 1=block (Yeah that logic is like an out of season April Fools’ joke. Don’t ask me why…;)

    2. Martin Brinkmann said on December 19, 2018 at 7:52 pm
      Reply

      Sorry for that, it is going away.

  12. Rush said on December 19, 2018 at 6:09 pm
    Reply

    In Firefox:
    about:config

    media.autoplay.enabled;true? Toggle to: false

  13. noname said on December 19, 2018 at 7:48 pm
    Reply

    they should fix the UI first.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.

Be polite: we do not allow comments that threaten or harass, or are personal attacks. Please leave politics and religion out of discussions!