My experience was probably exactly as intended. Click on the "What is a dickover?" link trying to come up with things that it might be. And a brief moment after the page loaded (this little pause is crucial) I am hit in the face with a big annoying popup saying "This is a Dickover" followed by immediate understanding.
Now at least I know what to call it the next time I visit Substack.
I have a theory that about 97% of developers and managers completed the cookie consent (or whatever) on their own product 5 years ago and hence never see it again, and they have no idea how bad the experience for new customers actually is.
So the developers and bosses all think they're doing a great job and they've got a carefully curated homepage, even though the regular users get a cloudflare captcha, then a cookie modal, then a newsletter modal, then an install-our-app modal, all blocking their access to the 'buy product' button.
I really don’t understand why the desired cookie behavior could not be set globally for all websites in the browser. Why do I have the accept / reject them on every website and trust the website will actually do what I ask.
It can be, see Global Privacy Control [1]. As an example, the Complianz consent plugin for WordPress can detect and respect the user's GPC setting, but that feature can be toggled. So even though this exists, many sites will still ignore it.
Oh we care, but when it comes to cookie dickovers, we care more about making the corporate lawyers happy.
I’ll admit that I definitely like collecting my paycheck much more than I worry about customer annoyance at acknowledging a cookie policy. Some hills ain't worth dying on.
No, it’s a legal CYA that provides safe harbor in case you are accused of the behavior. If a law says you need to inform, your lawyers will demand you inform even if zero cookies are used on the site.
> your lawyers will demand you inform even if zero cookies are used on the site.
How is not bothering to understand your business, using it as an excuse to hassle your customers in the worst way they have so far conceived and blaming a law that doesn't talk about cookie banners NOT spite?
So make it illegal to spy on users…not this “wishy-washy ask for their permission” first. If spying is the crux of the problem why not just solve it?
Instead we are presented with some lukewarm have it both ways BS where the only solution to truly give you safe harbor is present the cookie acknowledgment. Good corporate lawyers will demand the dickover even if you do not use cookies at all just to cover the company’s ass.
Protecting forms with reCAPTCHA uses cookies that fall under "marketing" and gathering site stats using Google Analytics uses cookies that fall under "marketing" and "statistics," making a consent banner or dickover pretty much required.
Are these services necessary for a page to work? Not at all, but many businesses consider them crucial. Unprotected public forms almost immediately start getting spammed by bots, burying real, important communications from potential clients. GA offers insight into what visitors to your site are looking for, which has real business value.
I don't like it any more than you do, but I get why businesses would choose to use these. On their end, at least with reCAPTCHA, they're just trying to protect themselves from the complete shitshow that the modern web has become.
The vast majority of users don’t know or care. The ones who do are blocking the cookies anyways. No one wins with these popups (except trial lawyers and sellers of cookie consent SaaS, of course).
This sounds like it would be a better implementation than 99.9% of the dickovers I encounter. Almost always, I dismiss them, then see them again in future. Sometimes with what feels like every site visit.
You see them again in the future because you dismissed them, if you do what they want you to do they will never bother you again in case you changed your mind.
Developers just aren’t good at determining what works best for the user experience. How would designers and PMs justify the hundreds of thousands of hours of combined industry research poured into that beautiful, performant front page design and following modal auto-load?
We use a third party cookie consent service. It shows different things depending on your location (and allows disabling different types of cookies depending on your local laws). Lawyers mandate it. It's easier than having to figure out the laws everywhere on our own. To me it shows a banner that stays out of the way. But I couldn't tell you for sure it doesn't cover the whole page to other people.
Unfortunately you need cookies for any good user analytics; and no, I don’t mean the invasive kind that Marketing put in - I mean the kind which allows you to figure out why your site is broken.
Which ironically are the same tools you’d need to find out if your users are experiencing unintentional dickovers.
one of the more memorable stories from the daily wtf was from a dev at a banner ad company who got called into a VP's office and yelled at at great length because some pop-up banner was broken. after investigation it turned out the VP had installed an ad blocker and forgotten about it.
Very accurate terminology for things that are equally as welcome as the developer sending each user a surprise popup pic of their dickover and over again.
Could you or someone working on this make it easier to share the original link for a small web post? It’s difficult to the point of making me think you’re trying to force me to share the Kagi version of the url.
Flag it please, want to think you were unlocky/page added it after inclusion. It is still a manual effort to verify them, mistakes happen. Definetely not intended.
i just joined this recently, cute community. I started browsing it right after and if you skip the AI slop, it's crazy how many people are good writers
I endorse this name because, once it's the standard name for this technique, people will have to use it in meetings when seriously proposing them, which makes it harder to seriously propose.
"And this is our design for the Dickover."
"Guys, I'm not sure we should Dickover the customers."
"You know, when you say it that way...."
Epilogue: six months later, the site is dead because they converted nobody to their newsletter.
Who are those people? Those perpetually amused folk who feel not a bit of rage when a dickover is slapped in their face, and for whom entering their e-mail address in the dickover is actually a thing they would seriously consider?
And a lot of the time pressing back will take you to some other article on the website instead of where you came from. Because the site used history.pushState in JavaScript to manipulate your history.
I explicitly disable these on Substack but it adds them to my posts anyway. I'm not sure if that's a bug or the thing working as intended, but it was enough to make me stop using it. I don't want to do that to my readers.
It's kinda hilarious that on an article about said "dickovers", the page has one of these consuming 80% of the screen real estate: https://files.catbox.moe/ztjg15.png
I wish they'd all host on substack.com and not their own domains. It's always uncomfortable to go to a site from HN and see that nazi-enabling substack banner.
They sent push notifications to their users promoting Nazi content, to users that did not sign up to receive Nazi content. And rather than fixing the problem -- that they host and embrace Nazi content -- they said they fixed the notification issue so "problem solved".
Oh yay, the nazi content again. Don't let the Feb 2026 article date fool you, this has been talked about for years and they don't lift a finger. It's like how Meta isn't incentivized to block scams because they profit off of them to the tune of a billion dollars a year.
However, I do appreciate white supremacist trash outing themselves in public. Get it on the record. Some of them try to hide, but: Patriot Front had a huge leak of data in 2022 (400GB).
"Patriot Front Fascist Leak Exposes Nationwide Racist Campaigns"[0]
You can download it at the following torrent address:
You're overreacting. They do coordinated petty vandalism motivated by politics. Not great but not something to be doxxing people for, especially people who didn't even do anything wrong. Your problem is that society has trained you to hate people with their kind of political beliefs and that hate lets you justify trying to harm them. Don't you remember all of history when people hated each other's political alignments? It never goes well.
I've used the politer term "pie" for these things, since they are usually thrown in the user's face like a pie, after the normal screen has been shown for a few seconds.
In the old days, JS allowed window.open() which would create a new window on the user's sceren. That naturally was abused horribly, leading to pop-up-blocker extensions and then built-in browser permissions. We need the same thing for pies/dickovers, which are at root a workaround to the presence of pop-up blocking.
My first reaction to "dickover" was that it sounded like another Marion Zimmer Bradley fantasy fiction series...
Did anyone else think this was a clever keming pun?
Fortunately, for those sites where either JS is required for the content or to remove the dickover, browsers still have an Inspect Element tool that makes deleting this and other annoyances not too difficult and rather cathartic.
I, like most people, always just click whatever option is larger and easier to click (or closest to my cursor at the time). It never seems to matter to my experience which I pick. Sometimes it’s the “all” option, sometimes it’s the “none” option, etc.
I feel bad about doing this, because surely someone somewhere is doing analytics on click data and saying: “See! There is a lot of variation in responses to this cookie choice, people are really taking them seriously, we should keep them!”
This whole cookie dickover concept is malicious compliance. The goal was: no tracking but ask consent if you must ("who would do this, that would be super annoying"). Except every website decided they'd rather annoy everyone.
Right the intention was to stop unchecked surveillance capitalism, now they use the normalcy of annoyance to wear you down such that you auto accept terms that you probably wouldn’t agree to if you read them. That’s what they want now.
This and other bad behavior will only go away when government says, “no this is predatory and you can’t do it” instead of saying “everything is OK if the user consents to it”.
Well… Europe do require the accept and deny options to both be equally visible and accessible, see for example this week-old court ruling:
> Administrative Court (BVwG), thereby upholding a decision made by the Austrian Data Protection Authority in 2024. Specifically, the ORF must ensure that the buttons to ‘accept’ or ‘reject’ tracking cookies are designed equally so that visitors are not tricked into agreeing.
GDPR doesn't mandate cookie banners, it says that you simply cannot store irrelevant PII for the sake of it. That's the point of it: to protect the privacy of the public against "data brokers" and other scum. You're welcome.
People seem to have forgotten, but cookie banners were a pest before GDPR. And newsletters and login popovers, those are GDPR?
He claims that dickovers aren't as bad as the dickbars, but I think they're equal.
The dickover is a big, immediate distraction that you can't help but deal with.
But the dickbar is insidious because you forget it's even there. You just get used to always seeing whatever banner is there and think it's just a permenant piece of the interface and you adapt to not having 25% of your viewport.
Did you know that a Substack's author can turn the annoying popup off? Go to dashboard -> settings, and then it's "Enable subscribe prompts on post page" under "Growth."
I’m just kind of surprised that it works to convert people.
Or…maybe it doesn’t?
Some of these things that we have are just common practices that owners of websites do that are seemingly done automatically without much thought to the experience.
Yeah this is really bad. Firefox + uBlock Origin + Filters cleans a lot of these dickovers. Some seem to slip through the cracks. There's a never ending fight between bad websites and the warriors trying to protect our attention.
I was thinking it would be nice if you could at least drag the popup out of the way so you could delay reading it while you first focus on what’s underneath. But then I realized, that would technically be a dick move.
As a long time DF reader I can assure you that John does not use Chrome to browse the world wide web.
You are almost certainly correct in saying he is using it to illustrate his point because Chrome is engineered to be part of the internet advertising complex that commits so many of these crimes against design.
For me the fact that dickovers are possible is a bug in all JavaScript interpreters.
In my opinion, any decent browser should make impossible both dickovers and also other related hostile actions, like the possibility for a Web page to modify the right-click menu or to prevent text selection.
Unfortunately completely disabling scripts is rarely a solution, because many sites do not work at all. But the kind of actions mentioned above never serve a useful purpose for the user, so they should be ineffective and their should be no way for the hostile site to determine whether they work or no.
Modal windows may sometimes be useful in applications that are controlled by myself, but it should always be possible to override them in externally-controlled applications, like when browsing Internet sites.
Genuine question, what is it that the JS implementation or DOM or anything the in the browser can do to permit desired modal popover content like dropdown menus and tooltips and floating nav bars while somehow preventing dickovers?
Like I have said, in a browser there should not exist truly modal windows.
The cases when modal windows are used abusively are far more numerous than the cases when they are useful.
Perhaps there should be a way to warn the user when moving the focus from a window that is supposed to be modal, but if the user insists it should be possible to disregard that a window is intended to be modal.
Also, it should be possible for the user to move any window as desired. It should not have been possible for windows to move on their own and to prevent the user from moving them. A script should also not be able to move the mouse cursor or any other kind of cursor.
A browser must always treat a script as potentially hostile, so all these facilities that can be used by a script to mess with the browser GUI should never have existed.
Talking of dark patterns I’ve noticed that many site “accidentally” have the bottom aligned cookie consent banner “break” on mobile Safari, such that the buttons are arranged such that “Accept All” is the only button you can press because the “Deny All” or “Customize” go out of viewport when you go to click on them. This might be related to how mobile Safari changes the bottom bar as you move to click the button. I often have this with the NYT Wordle game. Even though I use pi-hole to block ads, it’s still annoying.
Never thought to call them dickovers before, but it’s apt. At a certain point, I noticed my finger reflexively hitting the ESC key because that usually dismisses a lot of them.
A combination of User stylesheet (stylus) or User scripts (greasemonkey) -- superpowered by AI models that can let users target screen elements and shape webpage display and behavior without having to manually deal with precise DOM elements or CSS JS syntax
Best useful tweaks could become part of a curated list like uOrigin ad block lists
You can prevent the loading of most pop ups and many nag screens and cookie demands by simply having a browser configured with an "add-on" that allows you to toggle of and toggle on javascript. There are several add-ons available.
Alternatively, you have another browser with javascript permanently disabled and keep it minimized in the tray, or in the background.
A lot of websites that demand subscriptions, post nagscreens or use other blocks whereby the website can be read by simply toggling off javascript.
Javascript in websites has become what corporations use to manipulate & control us and do things like post nag screens & demand subscriptions.
When I run across websites that demand javascript before they will load I just shitcan them and eliminate them from viewing forever.
Dickovers are annoying -- tell me, what's your solution? For me, a combination of a) not patronizing these sites, but when I have to b) some ad blockers help. Nothing seems to work well though.
Auto reader mode in mobile safari for any site I recognise having read previously that has dickovers, cookie bars, poor typography or any other design issue that distracts me from the content.
e.g. science.org - linked frequently from HN and now every time I click a link to it, I’m dropped into a perfectly readable, distraction free view of the content.
In a similar vein, If I had to explain what javascript was to someone non-technical I would say "you know all that crap that covers up a web site you are trying to look at? That's javascript."
dickover n. : a modal panel, popover, or curtain presented by a website or app, deliberately obscuring its own content to frustrate the user with an unwanted, unnecessary, mandatory interaction
> asking the user to accept “cookies” [...] or anything else that the user couldn’t give two shits about.
Oh, I absolutely care about cookies and whenever I have the option I do not allow the website to place them. That said, I would much prefer an architecture where I express that once in a browser setting and the browser relays that information on to any website somewhere in the background.
> But some sneaky, cowardly bastards sucker-punch you with their dickbars only after you have started reading, and begin to scroll down the page.
Yeah, about that, news websites who want to sell me a subscription. I appreciate what you are trying to do, but can you please wait until I've read at least one or two sentences (let alone the short preview of your paywalled articles) BEFORE you dickoverslap me to consider subscribing?
By the time the thing comes up, I haven't even been able to tell whether your writer can form a coherent sentence. "Subscribe PLZ" at that point will make sure I barely even consider staying for the rest of it.
This is pure cinema. I'm glad he's using his platform to call this out, it's rampant!
I usually just toggle Firefox's reading mode whenever a dickover like this pops up and they magically go away, allowing me to continue reading in peace.
I agree, but being mildly offensive is kind of the point: makes it more memorable, and clearly differentiated from “popup” which is too broad and has many valid uses in an interface. Dickovers never have a valid reason to exist.
> makes it more memorable, and clearly differentiated from “popup” which is too broad and has many valid uses in an interface. Dickovers never have a valid reason to exist.
This is hardly convincing. The author even describes it as a "popup" or a "popover" which is already descriptive enough without further explanation. It is just an "unwanted popup" or "unwanted popover".
The fact he brought up a definition of that word after mentioning "popover", just made the need for "d*ckover" uneccessarily redundant.
It may work with 30 people in tech, but will not work on TV. "unwanted popup" or "unwanted popover" is better to say on TV than "d*ckover".
The problem with that is it cannot be used towards people outside of this tech bubble and would just confuse them. It would even fail many profanity filters in chats and forums.
> The derogatory term is for practices that rightfully deserve contempt.
But it doesn't mean that you should expect the layman to use it in common parlance.
Either "Unwanted popup / popover" and even "popup" / "popover" is a far sensible descriptive alternative for the layman than whatever the author is proposing.
> Doubtful ... where did that odd notion spring from?
Searching "Dickover" all over the internet and other than Mastodon (which is heavily used by techies), and the author's blog, it is only being mentioned by techies here.
So of course, you can't ever admit you are in a tech bubble.
> Perhaps in LDS or uber Christian pearl clutching circles, it's absolutely milquetoast in UK / AU Commonwealth English cultures.
Nope. Any platform that has basic censorship tools in chats. Just search "Twitch, YouTube" profanity filter(s).
Even basic filters flags it as profanity here: [0] [1].
I agree, it’s dumb. I never call those things popovers (is that a regional term?) so the whole time the word was a bit jarring. Also, at first I thought this was a riff on combovers, and imagined some weird male Medusa creature with a thinning head of dicks, and it was so disappointing when that turned out to be wrong.
Gruber's usually too much of a walking Apple ad for my taste, but I love this.
We need to define the things we hate. Give them words. Use the words as weapons.
I've been thinking about this a lot recently with "watermarks" of the statistical and non-visible kind used to track image creators. (Google embedding "this image is AI but also here's the user ID".)
I've been thinking that practice needs a new word too. It's not watermarking, it's signals-math based tracking, so maybe sigtracked.
I find the characterisation of his Apple praise fascinating. It's really not that zealous, unless you hate Apple (which is fine). I think this image of him speaks more of the prominence of the Apple superfan image in popular culture than the actual reality of his position.
It isn't anymore, but if you go back a decade or two, it really was that zealous. He really did used to blindly defend Apple (e.g. things like this: https://daringfireball.net/2006/09/open_challenge), but I think he's grown more skeptical of Apple lately.
I don't want to split hairs over what constitutes as overzealous, but I will say that Apple ~20 years ago earned more praise than Apple does today. This is probably reflected in the writing.
Thank you, I got a good laugh out of that.
My experience was probably exactly as intended. Click on the "What is a dickover?" link trying to come up with things that it might be. And a brief moment after the page loaded (this little pause is crucial) I am hit in the face with a big annoying popup saying "This is a Dickover" followed by immediate understanding.
Now at least I know what to call it the next time I visit Substack.
I was afraid it would be a new kind of henway.
I actually had a similar thought - something along the lines of this gag from Spies Like Us
https://www.youtube.com/watch?v=35quNI5ed_k
At least you didn't get misgendered like Zack Mama (aka Monica).
https://www.youtube.com/shorts/tH0DWrD0_hE
https://www.youtube.com/watch?v=SlLxZr5g5is
Woooah “henway” gives me flashbacks to the Castle of Dr Brain in the early 90s
...You thought a dickover would be about three pounds?
You didn't immediately realize it was someone making up nonsense for clicks?
I have a theory that about 97% of developers and managers completed the cookie consent (or whatever) on their own product 5 years ago and hence never see it again, and they have no idea how bad the experience for new customers actually is.
So the developers and bosses all think they're doing a great job and they've got a carefully curated homepage, even though the regular users get a cloudflare captcha, then a cookie modal, then a newsletter modal, then an install-our-app modal, all blocking their access to the 'buy product' button.
Best ones, when refusing, ask again on the next page.
Perhaps they don't know what a functional cookie is? Maybe the marketing vocabulary only has YES?
I really don’t understand why the desired cookie behavior could not be set globally for all websites in the browser. Why do I have the accept / reject them on every website and trust the website will actually do what I ask.
It can be, see Global Privacy Control [1]. As an example, the Complianz consent plugin for WordPress can detect and respect the user's GPC setting, but that feature can be toggled. So even though this exists, many sites will still ignore it.
1. https://globalprivacycontrol.org/
REI threw a dickover on top of my checkout page just before I could pay. Dismissing the dickover cleared the checkout page.
I've not bought multiple products for that.
Checkout is sacred. Have they not learned from their A/B testing?
They do. Those are designed to make you click 'Oh for fuck's sake. Just set the fucking cookies.'
> Maybe the marketing vocabulary only has YES?
Almost! Your options are "yes" and "maybe later"...
(... and "add yet another custom filter to Ublock Origin".)
I have a theory that they don't care what customers think.
Oh we care, but when it comes to cookie dickovers, we care more about making the corporate lawyers happy.
I’ll admit that I definitely like collecting my paycheck much more than I worry about customer annoyance at acknowledging a cookie policy. Some hills ain't worth dying on.
Or your company could respect its users and only use cookies for essential site functions. Then you don't need a dickover.
I like the make the cookie for hiding the dickover be 30-60 minutes in duration for anyone in a company IP address. Own medicine is the best dog food.
We wouldn't need a dickover at all if governments didn’t regulate it either.
Even with the regulations, we don't need a dickover.
The dickover is purely spite from the websites.
> The dickover is purely spite from the websites.
No, it’s a legal CYA that provides safe harbor in case you are accused of the behavior. If a law says you need to inform, your lawyers will demand you inform even if zero cookies are used on the site.
> your lawyers will demand you inform even if zero cookies are used on the site.
How is not bothering to understand your business, using it as an excuse to hassle your customers in the worst way they have so far conceived and blaming a law that doesn't talk about cookie banners NOT spite?
But then sites could spy fn users without consent.
So make it illegal to spy on users…not this “wishy-washy ask for their permission” first. If spying is the crux of the problem why not just solve it?
Instead we are presented with some lukewarm have it both ways BS where the only solution to truly give you safe harbor is present the cookie acknowledgment. Good corporate lawyers will demand the dickover even if you do not use cookies at all just to cover the company’s ass.
Protecting forms with reCAPTCHA uses cookies that fall under "marketing" and gathering site stats using Google Analytics uses cookies that fall under "marketing" and "statistics," making a consent banner or dickover pretty much required.
Are these services necessary for a page to work? Not at all, but many businesses consider them crucial. Unprotected public forms almost immediately start getting spammed by bots, burying real, important communications from potential clients. GA offers insight into what visitors to your site are looking for, which has real business value.
I don't like it any more than you do, but I get why businesses would choose to use these. On their end, at least with reCAPTCHA, they're just trying to protect themselves from the complete shitshow that the modern web has become.
The vast majority of users don’t know or care. The ones who do are blocking the cookies anyways. No one wins with these popups (except trial lawyers and sellers of cookie consent SaaS, of course).
> and hence never see it again
This sounds like it would be a better implementation than 99.9% of the dickovers I encounter. Almost always, I dismiss them, then see them again in future. Sometimes with what feels like every site visit.
You see them again in the future because you dismissed them, if you do what they want you to do they will never bother you again in case you changed your mind.
Developers just aren’t good at determining what works best for the user experience. How would designers and PMs justify the hundreds of thousands of hours of combined industry research poured into that beautiful, performant front page design and following modal auto-load?
Please, leave this to the professionals.
Always test your website in a private window.
I suspect many developers know the truth, at least to some degree. Their boss said "it's only one [more] popup, add it anyway."
Repeat ad infinitum
uBlock Origin. Right-click, Block Element, click "Create", done.
I find the scrolling hijack can kick in and I have an unresponsive page unless I disable uBlock, reject cookies, enable to remove all other crap.
No, not done. You then have to do it over and over and over and over on every new website you visit.
Enable this instead: https://github.com/uBlockOrigin/uAssets/blob/master/filters/...
What web developer doesn't regularly test their site in a clean browser session?
We use a third party cookie consent service. It shows different things depending on your location (and allows disabling different types of cookies depending on your local laws). Lawyers mandate it. It's easier than having to figure out the laws everywhere on our own. To me it shows a banner that stays out of the way. But I couldn't tell you for sure it doesn't cover the whole page to other people.
Have you considered just not violating anyone's privacy?
Cookie banners aren't a force of nature. They are required solely because you want to track people. Not tracking people? No need for a cookie banner!
Unfortunately you need cookies for any good user analytics; and no, I don’t mean the invasive kind that Marketing put in - I mean the kind which allows you to figure out why your site is broken.
Which ironically are the same tools you’d need to find out if your users are experiencing unintentional dickovers.
You don't need tracking cookies to log RED metrics.
I wonder if cloudflare is wise enough to always skip captchas from IP addresses it detects are associated with that website's owners.
one of the more memorable stories from the daily wtf was from a dev at a banner ad company who got called into a VP's office and yelled at at great length because some pop-up banner was broken. after investigation it turned out the VP had installed an ad blocker and forgotten about it.
>modal
I think you mean dickover,sir.
Very accurate terminology for things that are equally as welcome as the developer sending each user a surprise popup pic of their dickover and over again.
Each time they visit the website.
Ad infinitum.
I'd prefer that over cookie/app/newsletter popovers
One of criteria for inclusion into Kagi Small Web [1] is no dickovers. Thanks for naming it properly John.
[1] https://kagi.com/smallweb
Oh, Vlad is here. Thanks for Kagi, and spread these thanks to all Kagi employees too! Please adopt dickover.
I hope you make an exception for this specific page.
Could you or someone working on this make it easier to share the original link for a small web post? It’s difficult to the point of making me think you’re trying to force me to share the Kagi version of the url.
Left of the "Share" button there's a little arrow (pointing to the upper right) which opens to the original url... Right click it to share / copy.
FYI it took me 3 clicks of “next” to hit a page with a cookie dickover. Might need to tweak the filter.
Flag it please, want to think you were unlocky/page added it after inclusion. It is still a manual effort to verify them, mistakes happen. Definetely not intended.
i just joined this recently, cute community. I started browsing it right after and if you skip the AI slop, it's crazy how many people are good writers
I endorse this name because, once it's the standard name for this technique, people will have to use it in meetings when seriously proposing them, which makes it harder to seriously propose.
"And this is our design for the Dickover."
"Guys, I'm not sure we should Dickover the customers."
"You know, when you say it that way...."
Epilogue: six months later, the site is dead because they converted nobody to their newsletter.
Who are those people? Those perpetually amused folk who feel not a bit of rage when a dickover is slapped in their face, and for whom entering their e-mail address in the dickover is actually a thing they would seriously consider?
Seriously. These days if there isn't a huge "close" button, I'll just press "Back" and find a different website.
And a lot of the time pressing back will take you to some other article on the website instead of where you came from. Because the site used history.pushState in JavaScript to manipulate your history.
Unless I have no choice, I just close the tab when a dickover asks for my PII.
I explicitly disable these on Substack but it adds them to my posts anyway. I'm not sure if that's a bug or the thing working as intended, but it was enough to make me stop using it. I don't want to do that to my readers.
Substack’s dubious practices aren’t as bad as their dubious politics.
https://www.theguardian.com/media/2026/feb/07/revealed-how-s...
Thanks for linking to a cookie banner
>> Thanks for linking to a cookie banner
Dickover. It is called a Dickover.
You don’t see the article?
It's kinda hilarious that on an article about said "dickovers", the page has one of these consuming 80% of the screen real estate: https://files.catbox.moe/ztjg15.png
I don’t get one. Not sure if that’s a mobile safari or a blocker or what.
This is on Firefox/Linux, but I’ve also seen it on Chrome/Windows, and Safari/Mac.
Consent-O-Matic works even better.
uBlock Origin and others remove the banner / consent screens fine, but it breaks functionality sometimes...
https://news.ycombinator.com/item?id=46666283
At this point, one has to assume anyone still using substack has no problem with Nazis.
I wish they'd all host on substack.com and not their own domains. It's always uncomfortable to go to a site from HN and see that nazi-enabling substack banner.
I'm out of the loop, what's going on with Substack and nazis?
They sent push notifications to their users promoting Nazi content, to users that did not sign up to receive Nazi content. And rather than fixing the problem -- that they host and embrace Nazi content -- they said they fixed the notification issue so "problem solved".
Oh yay, the nazi content again. Don't let the Feb 2026 article date fool you, this has been talked about for years and they don't lift a finger. It's like how Meta isn't incentivized to block scams because they profit off of them to the tune of a billion dollars a year.
However, I do appreciate white supremacist trash outing themselves in public. Get it on the record. Some of them try to hide, but: Patriot Front had a huge leak of data in 2022 (400GB).
"Patriot Front Fascist Leak Exposes Nationwide Racist Campaigns"[0]
You can download it at the following torrent address:
magnet:?xt=urn:btih:2c87816e4c81990fb25bbca43dd8d578eaa55886&dn=patriotfront&tr=udp%3A%2F%2F9.rarbg.to%3A2920&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=udp%3A%2F%2Fexodus.desync.com%3A6969
I'm seeding this on a permanent basis. I have gigabit uplink. Please leach and share.
0. https://unicornriot.ninja/2022/patriot-front-fascist-leak-ex...
You're overreacting. They do coordinated petty vandalism motivated by politics. Not great but not something to be doxxing people for, especially people who didn't even do anything wrong. Your problem is that society has trained you to hate people with their kind of political beliefs and that hate lets you justify trying to harm them. Don't you remember all of history when people hated each other's political alignments? It never goes well.
I've used the politer term "pie" for these things, since they are usually thrown in the user's face like a pie, after the normal screen has been shown for a few seconds.
In the old days, JS allowed window.open() which would create a new window on the user's sceren. That naturally was abused horribly, leading to pop-up-blocker extensions and then built-in browser permissions. We need the same thing for pies/dickovers, which are at root a workaround to the presence of pop-up blocking.
My first reaction to "dickover" was that it sounded like another Marion Zimmer Bradley fantasy fiction series...
> My first reaction to "dickover" was that it sounded like another Marion Zimmer Bradley fantasy fiction series...
That hits way more darkly given what has come out about Marion Zimmer Bradley and her husband...
Yep. Or maybe it could be a renaming of the existing series.
If you zoom websites to be able to read them, like I do.
Then these are especially frustrating because I have to zoom out to find the close button. Its a chase every time, and sometimes I give up.
How are these allowed to exist when there are the EU Web Accessibility Directive ?
HN itself is terrible with UI scale >1.0
I keep scrolling horizontally just to read the text.
On Android, opera browser has text-wrap which fits text into screen on any zooom level. Dunno how people live without this feature
Did anyone else think this was a clever keming pun?
Fortunately, for those sites where either JS is required for the content or to remove the dickover, browsers still have an Inspect Element tool that makes deleting this and other annoyances not too difficult and rather cathartic.
Safari’s “Hide Distracting Items” feature is one big reason I never use Chrome.
Don't tell anybody, but Chrome engineers managed to sneak in reader mode via Gemini.
First time I saw the lesser case version of dickover I thought it said clickover.
DO YOU CONSENT WITH OUR TRACKING COOKIES POLICY?
[YES, I DO, THE IMPORTANT TRACKING ONES] [YES, I DO, ALL OF THEM] ⁿᵒ ᵃⁿᵈ ᶜˡᵒˢᵉ ᵈᶦᶜᵏᵒᵛᵉʳ
I, like most people, always just click whatever option is larger and easier to click (or closest to my cursor at the time). It never seems to matter to my experience which I pick. Sometimes it’s the “all” option, sometimes it’s the “none” option, etc.
I feel bad about doing this, because surely someone somewhere is doing analytics on click data and saying: “See! There is a lot of variation in responses to this cookie choice, people are really taking them seriously, we should keep them!”
I’ve observed a few sites that now display two options, ‘Yes’ and ‘Reject and pay’
NOYB is working on it. I think for derstandard.at it was already declared illegally with the prices they have, but it’s still ongoing.
I like to call that a mafia tactic as the framing is normally „it would be a shame if we have to sell your personal data“.
Thanks, Europe!
This whole cookie dickover concept is malicious compliance. The goal was: no tracking but ask consent if you must ("who would do this, that would be super annoying"). Except every website decided they'd rather annoy everyone.
A properly informed person would've understood that's what they'd do. They'd also probably realize cookies are not a big deal.
Tracking people around the web (especially without asking) is a big deal though.
Right the intention was to stop unchecked surveillance capitalism, now they use the normalcy of annoyance to wear you down such that you auto accept terms that you probably wouldn’t agree to if you read them. That’s what they want now.
This and other bad behavior will only go away when government says, “no this is predatory and you can’t do it” instead of saying “everything is OK if the user consents to it”.
Clicking a button could also not be a big deal, but yet here we are.
Well… Europe do require the accept and deny options to both be equally visible and accessible, see for example this week-old court ruling:
> Administrative Court (BVwG), thereby upholding a decision made by the Austrian Data Protection Authority in 2024. Specifically, the ORF must ensure that the buttons to ‘accept’ or ‘reject’ tracking cookies are designed equally so that visitors are not tricked into agreeing.
https://noyb.eu/en/noyb-success-orfat-must-correct-misleadin...
Yep. Without Europe, we'd have no idea which websites were trying to sell us out to the highest bidder.
Surprise, they all are!
GDPR doesn't mandate cookie banners, it says that you simply cannot store irrelevant PII for the sake of it. That's the point of it: to protect the privacy of the public against "data brokers" and other scum. You're welcome.
People seem to have forgotten, but cookie banners were a pest before GDPR. And newsletters and login popovers, those are GDPR?
Europe is why you have CCPA
He claims that dickovers aren't as bad as the dickbars, but I think they're equal.
The dickover is a big, immediate distraction that you can't help but deal with.
But the dickbar is insidious because you forget it's even there. You just get used to always seeing whatever banner is there and think it's just a permenant piece of the interface and you adapt to not having 25% of your viewport.
> He claims that dickovers aren't as bad as the dickbars, but I think they're equal.
Just for the record, the author says the exact opposite. Doesn't change your point though.
Did you know that a Substack's author can turn the annoying popup off? Go to dashboard -> settings, and then it's "Enable subscribe prompts on post page" under "Growth."
It's the first thing I did. Recommended.
Still not enough to convince me to read Substack blogs with anything other than my RSS reader.
We all know why they keep it on.
I’m just kind of surprised that it works to convert people.
Or…maybe it doesn’t?
Some of these things that we have are just common practices that owners of websites do that are seemingly done automatically without much thought to the experience.
I sort of make an exception for that popup. I.e. I don't mind seeing it. It's the tax to get good free content.
Medium forcing you to log in is too much tho.
I don't at all mind a link on the page that directs me to a subscription or notification signup.
If I get a popup, I'm pretty likely to just close the page, especially if I'm on mobile where closing them is more trouble.
Yeah this is really bad. Firefox + uBlock Origin + Filters cleans a lot of these dickovers. Some seem to slip through the cracks. There's a never ending fight between bad websites and the warriors trying to protect our attention.
This is an excellent bookmarklet to have:
``` javascript:(function()%7B let i%2C elements %3D document.querySelectorAll('body *')%3B for (i %3D 0%3B i < elements.length%3B i%2B%2B) %7B if(getComputedStyle(elements%5Bi%5D).position %3D%3D%3D 'fixed' %7C%7C getComputedStyle(elements%5Bi%5D).position %3D%3D%3D 'sticky')%7B elements%5Bi%5D.parentNode.removeChild(elements%5Bi%5D)%3B %7D %7D %7D)() ```
Sometimes, this one is needed to fix scrolling after using the previous one:
``` javascript:var r="html,body{overflow:auto !important;}"; var s=document.createElement("style"); s.type="text/css"; s.appendChild(document.createTextNode(r)); document.body.appendChild(s); void 0; ```
I was thinking it would be nice if you could at least drag the popup out of the way so you could delay reading it while you first focus on what’s underneath. But then I realized, that would technically be a dick move.
The only surprising thing about the Tom’s Hardware example was that John Gruber evidently does not use an adblocker
Look closer. I doubt he uses Chrome regularly, I think he's using it to write this article precisely because he has no extensions installed in it.
As a long time DF reader I can assure you that John does not use Chrome to browse the world wide web.
You are almost certainly correct in saying he is using it to illustrate his point because Chrome is engineered to be part of the internet advertising complex that commits so many of these crimes against design.
Does big tech understand consent?
[ ] Yes
[ ] Maybe later
Do you LOVE this app?
[ ] Yes, and obviously I want to leave this app I like to write a review RIGHT NOW
[ ] I'm a mean bad person.
They understand.
They do not care.
For me the fact that dickovers are possible is a bug in all JavaScript interpreters.
In my opinion, any decent browser should make impossible both dickovers and also other related hostile actions, like the possibility for a Web page to modify the right-click menu or to prevent text selection.
Unfortunately completely disabling scripts is rarely a solution, because many sites do not work at all. But the kind of actions mentioned above never serve a useful purpose for the user, so they should be ineffective and their should be no way for the hostile site to determine whether they work or no.
Modal windows may sometimes be useful in applications that are controlled by myself, but it should always be possible to override them in externally-controlled applications, like when browsing Internet sites.
CSS is what allows dickovers to work, not JS, and pure-CSS dickovers are possible [0] :P
[0]: https://hunzaboy.github.io/Light-Modal
Genuine question, what is it that the JS implementation or DOM or anything the in the browser can do to permit desired modal popover content like dropdown menus and tooltips and floating nav bars while somehow preventing dickovers?
Like I have said, in a browser there should not exist truly modal windows.
The cases when modal windows are used abusively are far more numerous than the cases when they are useful.
Perhaps there should be a way to warn the user when moving the focus from a window that is supposed to be modal, but if the user insists it should be possible to disregard that a window is intended to be modal.
Also, it should be possible for the user to move any window as desired. It should not have been possible for windows to move on their own and to prevent the user from moving them. A script should also not be able to move the mouse cursor or any other kind of cursor.
A browser must always treat a script as potentially hostile, so all these facilities that can be used by a script to mess with the browser GUI should never have existed.
Any site I visit regularly gets a user stylesheet via Stylus that I use to hide anything like this.
Thanks for the tip! I've never heard of Stylus, but am checking it out.
I can't imagine browsing the web without user stylesheets. (I guess I can, but I don't want to.)
Talking of dark patterns I’ve noticed that many site “accidentally” have the bottom aligned cookie consent banner “break” on mobile Safari, such that the buttons are arranged such that “Accept All” is the only button you can press because the “Deny All” or “Customize” go out of viewport when you go to click on them. This might be related to how mobile Safari changes the bottom bar as you move to click the button. I often have this with the NYT Wordle game. Even though I use pi-hole to block ads, it’s still annoying.
Never thought to call them dickovers before, but it’s apt. At a certain point, I noticed my finger reflexively hitting the ESC key because that usually dismisses a lot of them.
The Escape key's effect in the linked article was a delightful detail.
"Login with your Google or some other globalist public-private tyrannical spyware trash" is the most common "dickover" around.
Need of the hour :
Browser personalization tools or extensions ...
A combination of User stylesheet (stylus) or User scripts (greasemonkey) -- superpowered by AI models that can let users target screen elements and shape webpage display and behavior without having to manually deal with precise DOM elements or CSS JS syntax
Best useful tweaks could become part of a curated list like uOrigin ad block lists
You can prevent the loading of most pop ups and many nag screens and cookie demands by simply having a browser configured with an "add-on" that allows you to toggle of and toggle on javascript. There are several add-ons available.
Alternatively, you have another browser with javascript permanently disabled and keep it minimized in the tray, or in the background.
A lot of websites that demand subscriptions, post nagscreens or use other blocks whereby the website can be read by simply toggling off javascript.
Javascript in websites has become what corporations use to manipulate & control us and do things like post nag screens & demand subscriptions.
When I run across websites that demand javascript before they will load I just shitcan them and eliminate them from viewing forever.
Dickovers are annoying -- tell me, what's your solution? For me, a combination of a) not patronizing these sites, but when I have to b) some ad blockers help. Nothing seems to work well though.
I have a firm rule of leaving any website where I run into this behavior. No exceptions.
Auto reader mode in mobile safari for any site I recognise having read previously that has dickovers, cookie bars, poor typography or any other design issue that distracts me from the content.
e.g. science.org - linked frequently from HN and now every time I click a link to it, I’m dropped into a perfectly readable, distraction free view of the content.
My personnal solution to this is CTRL+W.
I don’t know if there’s a personal solution to this but the societal solution is to penalize dickovers at the SEO level.
In a similar vein, If I had to explain what javascript was to someone non-technical I would say "you know all that crap that covers up a web site you are trying to look at? That's javascript."
dickover n. : a modal panel, popover, or curtain presented by a website or app, deliberately obscuring its own content to frustrate the user with an unwanted, unnecessary, mandatory interaction
If you show me a modal dialogue, there better be a literal fire.
Aren't cookie dickovers mandatory in the EU?
> asking the user to accept “cookies” [...] or anything else that the user couldn’t give two shits about.
Oh, I absolutely care about cookies and whenever I have the option I do not allow the website to place them. That said, I would much prefer an architecture where I express that once in a browser setting and the browser relays that information on to any website somewhere in the background.
> But some sneaky, cowardly bastards sucker-punch you with their dickbars only after you have started reading, and begin to scroll down the page.
Yeah, about that, news websites who want to sell me a subscription. I appreciate what you are trying to do, but can you please wait until I've read at least one or two sentences (let alone the short preview of your paywalled articles) BEFORE you dickoverslap me to consider subscribing?
By the time the thing comes up, I haven't even been able to tell whether your writer can form a coherent sentence. "Subscribe PLZ" at that point will make sure I barely even consider staying for the rest of it.
> They’re popovers, but dickheaded.
So they're popovers.
Seriously. I've never seen a popover used for any legitimate purpose. If it was the content the user wanted, you can put it in the page where it goes.
Only time… I added a popover [1] in order to get a user click so I could enable sound.
I know, I know, but it's a game site. It needs sound! [2]
[1] https://mooncraft2000.com
[2] Damn, I just tried my site again and a recent Safari has blocked my weak attempt to force sound.
The web needs more 'Get Bent' buttons.
for the first 2m, I read that as "dick-lover", and I was like "why would you call it that..."
I block a lot of these with ublock.
He nailed it.
But please increase the font size.
In case you actually mean you want DF website font-size increased, Gruber actually has a page for that as a site-wide setting ...
https://daringfireball.net/preferences/
No need - it's already at dicksize.
That's what she asked.
Solution: reader mode.
Maybe if people don't like dickovers, paywalls, and all the other bad patterns , they should stop submitting and voting them up.
Strava recently introduced this, if you screenshot an activity page it generates a popup that prevents you from screengrab scrolling.
They've made it useless for quick manual sharing with llm.
Sometimes I read something and think “wow a lot of problems in the world would be fixed if people would take just a moment to not be assholes”
This is pure cinema. I'm glad he's using his platform to call this out, it's rampant!
I usually just toggle Firefox's reading mode whenever a dickover like this pops up and they magically go away, allowing me to continue reading in peace.
I hate this new web behavior and leave sites immediately whenever I run into it.
Fanboys Annoyances List for Ublock. Install it on your family's computers when they aren't looking. It aims to filter ALL this crap.
This is now the word
I'm sorry but this is such a stupid name. Where did the author get this name from?
Why would I say that in front of any female colleage or any non-technical layman? We already have a name for this and it is a "popup".
Which sounds better?
"Remove this popup" or "Remove this dickover"
Be honest.
I agree, but being mildly offensive is kind of the point: makes it more memorable, and clearly differentiated from “popup” which is too broad and has many valid uses in an interface. Dickovers never have a valid reason to exist.
> makes it more memorable, and clearly differentiated from “popup” which is too broad and has many valid uses in an interface. Dickovers never have a valid reason to exist.
This is hardly convincing. The author even describes it as a "popup" or a "popover" which is already descriptive enough without further explanation. It is just an "unwanted popup" or "unwanted popover".
The fact he brought up a definition of that word after mentioning "popover", just made the need for "d*ckover" uneccessarily redundant.
It may work with 30 people in tech, but will not work on TV. "unwanted popup" or "unwanted popover" is better to say on TV than "d*ckover".
Unless it’s on cable.
see also: enshitification
https://feld.com/archives/2025/11/enshitification/
> "Remove this popup" or "Remove this dickover"
> Be honest.
The latter definitely is the more honest answer.
Thank you for "definitely" not being honest.
You could call them "clickovers".
"popups" or "popovers" is just fine.
Both of them are shorter than the "dickovers" or "clickovers" nonsense.
dickovers are a subset of popups, they are not interchangeable terms.
The derogatory term is for practices that rightfully deserve contempt.
The problem with that is it cannot be used towards people outside of this tech bubble and would just confuse them. It would even fail many profanity filters in chats and forums.
> The derogatory term is for practices that rightfully deserve contempt.
But it doesn't mean that you should expect the layman to use it in common parlance.
Either "Unwanted popup / popover" and even "popup" / "popover" is a far sensible descriptive alternative for the layman than whatever the author is proposing.
> The problem with that is it cannot be used towards people outside of this tech bubble and would just confuse them.
Doubtful ... where did that odd notion spring from?
> It would even fail many profanity filters in chats and forums.
Perhaps in LDS or uber Christian pearl clutching circles, it's absolutely milquetoast in UK / AU Commonwealth English cultures.
eg: UK public broadcast TV: https://www.youtube.com/watch?v=vbSqdSKaXTw
> But it doesn't mean that you should expect the layman to use it in common parlance.
I'm pretty sure that horse bolted long ago.
> Doubtful ... where did that odd notion spring from?
Searching "Dickover" all over the internet and other than Mastodon (which is heavily used by techies), and the author's blog, it is only being mentioned by techies here.
So of course, you can't ever admit you are in a tech bubble.
> Perhaps in LDS or uber Christian pearl clutching circles, it's absolutely milquetoast in UK / AU Commonwealth English cultures.
Nope. Any platform that has basic censorship tools in chats. Just search "Twitch, YouTube" profanity filter(s).
Even basic filters flags it as profanity here: [0] [1].
> I'm pretty sure that horse bolted long ago.
I'm pretty sure you clearly do not know that.
[0] https://app.readable.com/text/profanity/
[1] https://sapling.ai/utilities/profanity
I agree, it’s dumb. I never call those things popovers (is that a regional term?) so the whole time the word was a bit jarring. Also, at first I thought this was a riff on combovers, and imagined some weird male Medusa creature with a thinning head of dicks, and it was so disappointing when that turned out to be wrong.
Gruber's usually too much of a walking Apple ad for my taste, but I love this.
We need to define the things we hate. Give them words. Use the words as weapons.
I've been thinking about this a lot recently with "watermarks" of the statistical and non-visible kind used to track image creators. (Google embedding "this image is AI but also here's the user ID".)
I've been thinking that practice needs a new word too. It's not watermarking, it's signals-math based tracking, so maybe sigtracked.
That might not sound gross enough though.
I find the characterisation of his Apple praise fascinating. It's really not that zealous, unless you hate Apple (which is fine). I think this image of him speaks more of the prominence of the Apple superfan image in popular culture than the actual reality of his position.
It isn't anymore, but if you go back a decade or two, it really was that zealous. He really did used to blindly defend Apple (e.g. things like this: https://daringfireball.net/2006/09/open_challenge), but I think he's grown more skeptical of Apple lately.
I don't want to split hairs over what constitutes as overzealous, but I will say that Apple ~20 years ago earned more praise than Apple does today. This is probably reflected in the writing.
It's more than just defining things. It's ridiculing them.
> Cookie permissions are unnecessary. Signing up for an email newsletter is unnecessary.
They are necessary, as in: without them the creator perhaps wouldn’t be able to justify running the website.
As long as users visit websites with poor ux and show no preference versus websites with good ux, there will reliably be websites with poor ux.
Running the website isn’t necessary. These people should try not running any websites for a bit.
It was just fine when most websites were academic or hobby content, not businesses.
Hobby and academic sites without popups are still there. By quantity there’s likely more of them than ever.