Web API Notification Abuse
Web API Notification Abuse

Web API Notification Abuse

After years of little development World Wide Web Consortium (W3C) awoke from its slumber with the first public preview release of the all new HTML5 specification. This started to allowed web developers to do much more with webpages without requiring plugins. It wasn’t until 2014 when it was finalised, and they didn’t stop there with newer versions being developed to this day. At the same time ECMAscript (Javascript) has been hugely updated and revised. Developers have the tools to make every much more powerful and interactive websites than ever before.

One of the new features is Web API Notifications. The concept is good; however, the API is being abused at high speed. Web API notifications allow the browser to prompt you whenever there is an update from a website, whether you are on the site or not. This is handy for email, IMs and news notifications. Marketers have started to take advantage of this as well, using it to push product information offers to visitors. Marketing is annoying; however, the bad guys are using it as well to lure users to clicking and downloading malware onto their computers.

Before a site can send notifications, the user will be presented with he following box asking for permission:

Web API Notification Permission Request in Google Chrome

The problem is many users don’t fully understand what it is or think it is something to do with cookies, and then click Allow. There is little if any explanation as to what it is asking. The bottom line is it needs to be implemented better, with the user’s safety and possibly sanity in mind. Over the past couple of weeks, I’ve taken a huge number of tickets related to popups of all kinds from API notifications.

In the meantime, this is how to disable them in Chrome and Firefox:

Google Chrome

  1. Go to “Settings”
  2. Under “Privacy and security” click on “Site settings”
  3. Under “Permissions” click on “Notifications”
  4. Under “Allow” you will see all the sites with permission. Click on the 3 dots next to each site you want to stop and click on “Block”
  5. To disable all notifications, switch the toggle for “Ask before sending” to put all in blocked mode.

Mozilla Firefox

  1. Go to “Options”
  2. Under “Privacy & Security” and find “Permissions”
  3. Next to “Notifications” click on “Settings”
  4. Click on “Remove All Websites”
  5. Check the box at the bottom called “Block new requests asking to allow notifications”
  6. Click “Save Changes”

Leave a Reply

Your email address will not be published.

8 + four =