a little while ago @neuro-typical sent me this post by @bye2k of a popup that appeared when trying to right-click images on a shadow the hedgehog fan forum, known as Wishes are Eternal (after the SA2 line). this version of the site appears to be an archived snapshot on the wayback machine, and I'm happy to confirm that it is indeed real. though i couldn't get the popup to work in my own browser, the javascript does exist in the source code of the site, so it's very real and very cool.
i had a lot of things to say about this, but i didn't want to blast the notes of the OG post into oblivion with my big funny wall of text, so I've made my own post. below the readmore I'll explain javascript popups on the internet, some malware that has utilized this, and some very interesting sonic fan community history.
first of all: what is this? how did the webmaster manage to create a popup window in your computer to stop you from downloading images?
well, that would be javascript. because JS is just a normal script language that can do whatever you want, creating a popup is no exception. now, whoever ran the site did not write this script themself, this much is evident by the credit you can see in the source code for the site.
this script is offered by a site called dynamicdrive.com, specifically for disabling right-clicks. you see how simple this is? javascript makes it possible to bother users in all sorts of creative ways. plenty of malware on the web utilizes javascript, and you're probably already aware of most good examples.
you're most likely familiar with offiz, better known by the colloquial name "You Are An Idiot". though its status as malware is somewhat debated, most people can agree that the sites it was on abused a javascript function that allowed it to create hundreds upon hundreds of bouncing windows, slowing the user computer to a crawl and forcing the user to restart their machine, meaning any unsaved work they had open was now lost. in that way it was destructive, though indirectly.
offiz is an example of javascript malware that is harmless on its own, but not all JS malware is that friendly. javascript can be used to force your machine to download software, steal user data, serve you all manner of popups, employ many kinds of malicious code through xss, and more. although these cases are rarer than they were, say, a decade ago, that doesn't mean they don't still happen. here is a fascinating little instance of javascript being used maliciously very recently. it's hard to suggest ways to avoid these without just telling you to use common sense, but there's no other way to put it. as is the case with all malware, your best bet when it comes to not getting it is thinking before you click.
browser malware is extremely common. you may have encountered it going to a suspicious website. there is certainly a necessary aspect of social engineering to this type of malware, you have to be paying less attention to where you're going and what you're doing to stumble upon a site so unsecured that it could infect you. users who get themselves into these situations are typically looking for either p_rn or pirated stuff, so they're more likely to act in irrational or desperate ways to get to their content. don't be a fool online and you won't get played for one.
so, why? why does this old, obscure sonic fan forum have javascript that prevents you from right clicking images? prevents you from downloading images?
this forum is very, very old. the last posts on the entire site were about 10 years ago, even to this day. it's no surprise to me that a lot of this site is a relic of its time. the photobucket watermark on the header image, the collecton of midis of shadow themes playable on the site, the use of the term "ripped off" (as opposed to ripped) to describe the action of taking sprites from a game. it's all there on the very first page, the only one in this archive. despite what youtube video slideshows with a single text scroll that says "no copyright intended, pictures found on google" may imply, reposting images was indeed taken seriously at this time. this was a time when it wasn't too uncommon to see a credit to the person who made an anime girl image transparent (a render, for those unaware) in a forum signature. this was a time when someone got caught tracing every 5 days.
that's not to say there were no issues, but people were still very defensive over what they deemed to be theirs. this was especially prevalent in fanart. fan works are hard and are always a labor of love, so it's no surprise nobody wanted their work reposted, especially not without credit. this was especially clear when looking into some parts of the sprite ripping community. making spritesheets was much harder then than it is now, and it was especially impressive if sprites were hand-edited or even made from scratch. this incredibly painstaking work combined with sonic fans reputation for... unwavering passion... could often culminate in a very serious attitude towards doing something as simple as saving an image. in fact, for some people, this mindset has never truly left.
in 2014, fangame creator Leemena Dan published Sonic Gather Battle on SAGE (the Sonic Amateur Games Expo) to mostly positive reception but ultimately little attention outside of sonic fans online. that is, until 2017, when after a seemingly inconspicuous update, players discovered what appeared to be an audaciously malicious form of DRM present in the game.
this malware had everything. all the bells and whistles. when a player would do any number of things from opening software made to decompile games to simply typing "sonic gather battle cheat" into their internet browser search bar, the payload would activate. (which, of course, means it tracks your keystrokes!)
it's difficult to find good footage of both layers of this DRM (or, rather, both payloads of this malware) that doesn't include a facecam of some gamer dude gawking and screaming at his computer screen. even so, I've found two decent ones. layer 1, and layer 2. this DRM also sends your IP address to a privately owned server, presumably so that the DRM would activate even when the game is uninstalled, and when trying to play it, a splash screen would show telling you to abide by the rules.
unsurprisingly, people did not consider this a proportionate way to respond to the threat of people ripping the sprites from a fangame, and the creator has since been banned from SAGE. to this very day, some people are simply so protective of their work that they'd be willing to go to any length to prevent you from saving it. as obnoxious as that can sometimes seem, it does make for some very interesting history.
28 notes
·
View notes