(ALMOST) FINAL EDIT
OK, I've read all the comments and this is what I think is the best solution but I've also thought of an ALL-LOCAL ALTERNATIVE. I'm open to further improvement/discussion
var panic= function(){
document.body.innerHTML = '';
//this clears the current html in the body
//making it look like the page is loading
if(...){ //check if replaceState is supported so no error is thrown
var title="Decoy Article Title",
url="/decoypage"; //another endpoint on your server that gives the decoy website
window.history.replaceState("", title , url); //replace current history entry
}
//should be pretty fast up to this point
window.location.replace("http://www.google.com"); //load the google page or my alternative.
}
I put an example on my AWS instance at 54.186.79.95 Go to that page, click the button, visit another page, then hit back, you're now on 54.186.79.95/decoywebsite and there's no record of you being on 54.186.79.95/, if cache is disabled, your server will see the "../decoywebsite" request and send a decoy page. Unfortunately, you can't modify the entire domain so you would need the domain to be not suspicious.
If you want to get rid of the page content, I believe the best way is to use document.body.innerHTML='';. You are still technically on the page but all the content is gone.
Next step is to modify your browser history. window.history.replaceState (link to docs) is an HTML5 feature that can modify your history without doing a page reload or a request to your server. It's pretty fast but only works on modern browsers. When the user clicks the panic button, we will replace the current page in his history with a fake url.
If the abusive user clicks back, your server (Php, python, whatever) will receive a request with your fake url. So you need to have another endpoint in your server (Let me know if you don't understand endpoints). Make a benign article, recipe, or weather report with a similar look and feel to your original website in order to avoid suspicion if the abuser got a quick glance at the website. Also make sure the browser's doesn't cache by using the
Additional Remarks
- Ideally your entire website (except your decoy article of course) should be an SPA (Single Page Application) so that it only ever produces one browser history record and you only have to modify that one.
- At the end of the day, I don't think you can't make a panic button that's 100% foolproof, there's gonna be ways around it. You just have to find one with an acceptable level of security and convenience.
ANOTHER ALTERNATIVE: LOCALLY CHANGE THE INCRIMINATING INFO AND MODIFY BROWSER HISTORY
I was also thinking if instead of loading google, if it's not best to actually transform your site locally with innocent info. This looks less suspicious than loading google (everyone does that) and you can do it all locally without reloading the page.
When they click the panic button, you do some fast (and cross-browser compliant) DOM manipulation to change the incriminating info on your website and make it look innocent (maybe just change the text, it has to be fast). This way, it's all done locally which in the vast majority of browsers today is almost instant. You don't have to worry about reload/servers because the scripts should already be loaded and ready to go. If you keep the same look and feel it looks like the user was just navigating to a different page of the website. Don't make it too obvious from the look of your website that it's a crisis website. Of course, you make it impossible to navigate back to the original content. I would also make it clear on the panic button what the strategy is so that the user doesn't freak out.
I would still try to change the browser history and buy another domain that hosts a copy of the decoy page, as in the previous example. Not only if the domain name is suspicious, but in case the abusive user hits refresh or goes back in his history. You should make your entire website an SPA because you can only modify your current entry, not your past history. Of course, this would still only work in HTML5 browsers, just make sure no error is thrown and the other part of the scripts still runs in old browsers.
What do people think? any weaknesses to this? What would be good content to replace with?
