All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: photography and

Links on this site earn me fees or commissions.
As an Amazon Associate I earn from qualifying purchases @AMAZON

Other World Computing...
B&H Photo...
Designed for the most demanding needs of photographers and videographers.
Connect and charge all of your devices through a single Thunderbolt or USB-C port.

Malware on iPhone? Unwanted “Congratulations Apple iPhone user” Popup Malware Erases Existing Site from Browser History + Improper Security Certificate

See below—I have gotten this unwanted apparent malware 5 or 6 times now at Dilbert cartoonist Scott Adams at

I don’t know if that site is compromised/infected or just has taken very poor stock of its advertiser network. This is nasty unwanted stuff.

Does anyone out there understand what is going on?

  • I am running iOS 13 on my iPhone.
  • I have not seen it happen on the computer, though I rarely visit the site that way.
  • It seems to occur when I refresh the site half a day or a day later.
  • Always the same bogus improbable “you are a winner” thing, using persuasion of quotes buy other “winners”.
  • It always wipes out browser history of the page I was on (iOS, Safari) so that I cannot go back; this malware is now the page and there is no prior page.
  • NOT an April Fool’s thing; it has been going on for maybe a week or so.

If not outright malware (can my phone with iOS be infected?), maybe it is a compromised advertising network. Either way, Scott Adams had better go take a close look at the ad networks he is using as well as overall site security.

Malware apparently coming from

Reader comments

Arne C writes:

Moin! (as we say here in northern Germany)

If you look here, you know that, whoever created the site for him, implemented a load of trackers and advertisers.

My solution for iOS: I use „Purify“ to filter bad stuff for Safari with Ads and Tracking + social buttons + custom fonts FILTERED. And I use iCab mobile as my main browser set to „private“ mode Mobile devices are much harder to harden against all sorts of malware and spyware than PC/Macs.

MPG: what a privacy invading mess: problems with security policy, strict transport security not implemented, content security policy has SERIOUS problems, referrers leaked, 44 cookies including 39 3rd-party co0kies, 128 requests to 46 unique hosts.

Simon N writes:

I have seen this issue before (at least on iOS 12, maybe even earlier), mostly when doing a search and then following a link to a search result.

MPG: no searching involved in my case. I’m guessing an unethical or compromised (hacked) ad network problem, since Adams' site is chock fill of ad tracking garbage.

Aln K writes:

Especially for mobile use, I recommend to use DNS based blockers like (curates its own list) or (offers a huge selection of open source tracker lists - this is what I use at the moment for all my devices, both are free and available in App Stores.) I encourage you to use such security measures and frequently look and examine their traffic. Furthermore, I recommend to switch to private mode in your browser, install an ad-blocker (I prefer 1Blocker,) use website dependent settings and setup your websites accordingly and turn of JavaScript and use JS or non-private mode only if forced to, like logins - but first try if you succeed without.

The procedure either after installing or using an app should always be:

1. to consult the traffic log either in-app (e.g. or at DNS provider's site (e.g., offers additional infos to logged domains) and examine the domains and their owners!

2. To realize that an app (or website) whose output is mostly blocked is an ill-minded app (or website) - and look for alternatives

Of course this has its own disadvantages: You always have to fix site dependent problems as they will do !everything! to f'k you for their percentage - that's the game.

But when you start to engage these measures whenever you have time and energy, there will come a day it will your second skin (and you will even start avoiding others as they will pose a threat for you now - your contacts using their technologies will become their moles.)

Take time and start by reading these (Caution: their huge, but worth reading. Take your time, one after one.)
(you will read interesting things about some so-called privacy and security minded projects)

Incompetent security too

Adams’s site also fails to use a proper site certificate—it will not work without the "www" prefix. This is basic incompetence in web site implementation (and unfortunately fairly common these days.)

It scares people with a security warning (I do not expect Scott to be an expert on web sites, but I *do* expect him to make sure the people he hires are not incompetent).

Improper security certificate fails to account for absence of "www."


View all handpicked deals...

FUJIFILM GFX 100S Medium Format Mirrorless Camera
$6000 $5200
SAVE $800 | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__