Hi Tim,
I want to give you the most direct answer possible, but it is a bit more nuanced than "yes" or "no" so bear with me.
SNBforums currently runs "adhesion" or "anchor" units, which some people think are popups. Adhesion/Anchor units stick to the bottom of the page as users scroll. They are also known as "sticky" ads. Here's some random demo page unrelated to us, look at "sticky" ads. (
https://clickio.com/ad_formats/)
Some users who see adhesion/sticky/anchor ads will call them "popups", but officially they are not popups. It's not just semantics, popups are an entirely different category of ad, but adhesions/sticky ads do "look" like popups to some users.
Real "popups" are not being run on snbforums, but bad actors might try to have popups inserted into legitimate ads. We call this malvertising. It is not intended, and we do not want it at all. Users are right to point it out when they see it.
I think its best if the user can give a bigger screenshot showing more of the screen so I can determine if its an ad unit that should be showing up.
from the sound of it though this is malvertising.
About anti-malvertising efforts:
We pay for real time ad monitoring of malvertising and bad actor ads. This works by scanning every single ad as it is deployed, and blocking any that have malvertising signatures. It's like a realtime virus scanner. No work is required on yours, mine, or the visitors' part for it to work and it blocks almost all malvertising.
Sometimes, malvertising breaks through the scanner. The scanner service has tools that automatically detect this and mitigates those after the fact. So what happens is there are some popups that might show up for a few minutes and then suddenly disappear when the scanner figures out it is malvertising.
A third layer of protection is that the malvertising scanner is aggregating data across its entire client base. So if another site is experiencing malvertising and that gets mitigated on that site, then if the malvertising tries to roam to your site it is already blocked right away because the signature is already known
A fourth layer of protection is that the service has engineers that manually identitfy and block signatures. This is a bit of a whackamole.
Finally, the last layer, if malvertising gets through, is to ask the person who sees it all the questions I gave in the last email, and then we forward that to the engineers, and the will try to reproduce and block that bad actor.
Once we get that information we'll ask their team to do a deep dive, and after that we'll also see whether any additional steps are needed.
