Clickjack:
Clickjacking (classified as a User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages.[1][2][3][4]
In web browsers, clickjacking is a browser security issue that is a vulnerability across a variety of browsers and platforms. Clickjacking can also take place outside of web browsers, including applications.[5]
A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a buttonthat appears to perform another function.[6]
Clickjacking is an instance of the confused deputy problem, wherein a computer is innocently fooled into misusing its authority. [Wikipedia]
Noted in “How hackers use tricks to make money from your clicks,” Donna Lu, NewScientist (20 April 2019, paywall):
So certain websites contain tricks to get people to click. For example, an apparent link to a news story may actually take users to an advertising site earning the owner ad money, invisible objects that cover parts of a page could register as ad clicks when clicked, and hyperlinks that open an ad first before redirecting to the intended website also result in stolen clicks without the clicker realising.
The team scoured the internet’s top 250,000 most popular websites and found 613 sites with so-called clickjacking code. Though this totalled less than 1 per cent of the websites they looked at, it amounted to a total daily traffic of 43 million visits. On these pages, more than 3000 hyperlinks had been secretly inserted.
Just a random thought: Is this going to be like cancer? The Web so thoroughly ruined by the unprincipled that, one day, the whole thing just collapses as people stop using it?
