IdeaWell

Project ideas from Hacker News discussions.

A new spam policy for “back button hijacking”

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Back‑button hijacking breaks user expectations

"When a user clicks the \"back\" button in the browser, they have a clear expectation: they want to return to the previous page. Back button hijacking breaks this fundamental expectation." — throwaway81523

2. History API is legitimately used by SPAs

"Any single page application, such as YouTube, Gmail, or discord. It lets persistent content (videos) or connections (chat) persist while emulating a paginated browsing experience." — venussnatch

3. Browser should curb abusive history manipulation

"If a website JS redirect ruins the user experience by breaking the back button, it will be demoted in search results. It doesn't matter whether or not the redirect was meant to be deceptive or malicious, websites shouldn't be ruining the user experience." — surround

4. Critique of Google/Chrome policy tactics

"Google should actually fix this from the browser side instead of trying to seriously punish potentially buggy sites." — SuperNinKenDo

5. Desire for a simpler, less‑scripted web

"I’m still not over the loss of Gopher." — themafia

🚀 Project Ideas

BackButton Guard

Summary

  • Real‑time detection of unauthorized history modifications that hijack the browser back button.
  • Provides a visual indicator and one‑click “reset” to restore expected back navigation.
  • Core value: Restores user trust in the back button without disabling legitimate SPA history usage.

Details| Key | Value |

|-----|-------| | Target Audience | Power users, privacy‑conscious browsers, developers who rely on clean navigation. | | Core Feature | Block or warn on history entries added without a direct user gesture, optionally auto‑rewind the stack. | | Tech Stack | Chrome Extension API (Manifest V3), JavaScript, React for UI. | | Difficulty | Medium | | Monetization | Revenue-ready: $4.99 /mo for premium detection rules and whitelist management. |

Notes

  • HN commenters repeatedly lament back‑button hijacking; they would love a built‑in safeguard.
  • Potential for discussion on how browsers should enforce the rule by default.

HistoryAuditor

Summary

  • Automated scanning service that flags websites using back‑button hijacking or manipulative history APIs.
  • Generates a compliance score and remediation suggestions for SEOs and site owners.
  • Core value: Helps sites avoid Google search demotion under the new anti‑spam policy.

Details

Key Value
Target Audience SEO professionals, webmaster tools providers, large publishers.
Core Feature Crawl URLs, inject controlled browsing sessions, report any pushState/history.replaceState that occurs without explicit user interaction.
Tech Stack Node.js + Puppeteer, GraphQL API, PostgreSQL for storing results.
Difficulty High
Monetization Revenue-ready: $49 /mo per 10 k scanned pages (tiered pricing).

Notes

  • Directly addresses the “back button hijacking” policy buzz on HN; users would value a preventative audit tool.
  • Could spark discussion on integrating the service into CI pipelines for large sites.

SafeHistory.js

Summary

  • A tiny JavaScript library that wraps the History API and enforces a “user‑gesture‑required” rule before any navigation entry is added.
  • Guarantees bookmarkable, shareable URLs while preventing accidental back‑button abuse.
  • Core value: Gives SPAs predictable navigation behavior without sacrificing UX.

Details

Key Value
Target Audience Front‑end developers building SPAs, framework maintainers.
Core Feature API that only allows pushState/replaceState after a click, keypress, or other user interaction; automatically creates clean URL fragments for state.
Tech Stack TypeScript, ES2022, lightweight (≈1 KB gz).
Difficulty Low
Monetization Hobby

Notes

  • Frequent complaints on HN about implicit history changes; developers would adopt a vetted safety net.
  • Opens conversation about standardizing “gesture‑protected” history APIs in browsers.

PerTab History Isolation

Summary

  • Browser extension that isolates each tab’s history stack, preventing one site’s pushState from contaminating another tab’s back button.
  • Users can freely navigate within a tab without fear of being pulled into another site’s history.
  • Core value: Eliminates cross‑site back‑button hijacking while preserving legitimate SPA navigation.

Details

Key Value
Target Audience General users annoyed by LinkedIn, Reddit, and other sites hijacking back navigation; power browsers.
Core Feature Per‑tab history sandbox; any history modifications are confined to that tab’s in‑memory stack; back button traverses only within the same origin.
Tech Stack Chrome Extension (MV3), WebExtensions API, optional native messaging for deeper isolation.
Difficulty High
Monetization Revenue-ready: $5 /mo for premium sandbox policies and per‑site whitelisting.

Notes

  • Directly resonates with HN threads about LinkedIn and Reddit breaking back navigation; users would celebrate a fix.
  • Could evolve into a broader “history firewall” feature for mainstream browsers.

BackReclaim Mobile Proxy

Summary

  • Mobile‑first proxy browser that sanitizes navigation before it reaches the device, ensuring the back button always returns to the previous page the user genuinely visited.
  • Offers a toggle to view the effective history stack and revert unwanted hijacks with one tap.
  • Core value: Restores expected back‑button behavior on Android/iOS browsers without needing to change site code.

Details

Key Value
Target Audience Mobile users frustrated by endless back‑button loops on news, e‑commerce, and social sites.
Core Feature Proxy that intercepts History API calls, discards non‑user‑gesture pushes, and rewrites URLs to a safe state before rendering.
Tech Stack React Native (frontend), Node.js + Express (backend), DynamoDB for session state.
Difficulty Medium
Monetization

Read Later