Google has announced on its blog, Google Search Central, that it will clamp down on back-button hijacking. The move is seen as a welcome relief for the online community.

If you’re partial to the odd occasion of sports streaming, or have (accidentally) come across clickbait articles (“Top 10 coffee beans that will end you,” anyone?), then you might have hit the back button several times to try to exit the page early.

It so often happens that you tap the back key several times, only to be drowned in a swamp of ads, with the website interfering with your browsing navigation.

Getting looped into a maze of spam in this context, totally unsolicited, actually has a term: “back-button hijacking.”

What is back-button hijacking?

It’s a bit of a Wild West out there when browsing the web these days, and the “hijack” is performed on the browser's history, with the website itself as the instigator. Think of it like messing with your orientation, throwing you off track in the process.

Google, as per its blog, captures how this process “interferes with the browser's functionality, breaks the expected user journey, and results in user frustration.”

You might get trapped in a vicious cycle of ads, even with what seemed like a reputable lasagna recipe, resulting in an essentially dysfunctional back button that leads you down an unwanted browsing path.

Why Google is taking action now

Stretching back to 2013, Google has stated that it had “seen some user complaints about a deceptive technique which inserts new pages into users' browsing histories,” while reminding readers of the original guidelines from 2003, which promoted transparent digital etiquette.

That’s all fair and well, but it can still be confusing to understand how it affects our browsing, and actually, if it amounts to a security threat.

An insightful exchange took place a few years ago on the Reddit layman forum r/explainlikeimfive. Two posters summed it up nicely:

By playing down the need to protect anything, the post suggests that back-button hijacking is more of a spam issue than a security issue. And offering a solution of holding down the back key to manually check the pages you’ve browsed in that tab sounds like a good one.

The follow-up goes deeper by showing the trade-off between a browser (like Google Chrome) being rich with add-ons and the entanglement with JavaScript that traps the end-user in a myriad of intrusive content

On the Hacker News forum, following Google's announcement, there were numerous examples of how the hijacking can frustrate daily routines, with LinkedIn and even Reddit listed as two of the culprits.

Even with online shopping, Amazon and eBay have been found to be at fault, with follow-up replies putting the onus on the end-user:

What are the implications?

The deadline is bolted down. By June 15th, site owners will have to remove any malicious script, no matter if they’re a small blog or a major retail outlet. Otherwise, they’ll be effectively demoted in the search rankings, and that would be bad for business.

Google stated: “We encourage site owners to thoroughly review their technical implementation and remove or disable any code, imports, or any configurations that are responsible for back button hijacking, to ensure a helpful and non-deceptive experience for users.”

With this move, the back button will hopefully be reinstated to its original purpose, and we can easily just click back to that lasagna recipe after getting sidetracked looking for the ingredients.

---