But more importantly, Gatekeeper tracked origin history . If evil.com tried to open a pop-up, then that pop-up tried to open another pop-up, the token chain fractured. The second pop-up required a new user gesture.
Her manager, Derek, pinged her.
Window after window spawned. Nested iframes. Redirect chains. Fake system dialogs. A casino ad that sang opera. A "Your Mac has 3 viruses" alert that pulsated like a heartbeat. Safari was drowning. pop up blocker apple mac
By 4:00 AM, she had the prototype. She called it . But more importantly, Gatekeeper tracked origin history
Instead of a simple on/off flag for user interaction, Gatekeeper used a decaying token system . Every click, tap, or keypress granted a token. That token had a half-life of 500 milliseconds. To open a pop-up, a script needed a token freshness above 90%. Her manager, Derek, pinged her
She spent the next two hours building an exception—a trusted origin list for authentication providers. It felt like a treaty. A necessary compromise. By 9:00 AM, the build was green. She wrote the commit message: Gatekeeper v2: Implements time-decaying user activation tokens. Blocks synthetic gesture chains. Preserves OAuth flow via trusted origin allowlist. Closes #9074 (the pop-under casino apocalypse). She closed her laptop.