Slashdot Mirror
Tynt Insight Is Watching You Cut and Paste
jerryasher writes "In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."
Only run the javascript you want.
I thought that to allow JavaScript to access the clipboard, you had to opt in, and even then, you can't really do it the right way under FireFox or Chrome. Like, JavaScript clipboard access is an IE only thing.
Are we sure this isn't a Java application or something?
This is my sig.
NoScript will also block it, and if you configure it to block by default, Tynt's code will never execute unless you specifically permit it.
Epic Win for Irony.
Currently on the front page of Wired.Com
"WebMonkey:
Warning: This site may be sharing your data"
If its just J/S it must be useing the browser to get or post the information back to their web server. Figure out what there net block is and black configure your firewall to send you a nice reset packet anytime your box tries to hit it.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Probably uses the script onmousedown or onselect events for the page. So don't allow scripting for that site, and you should be fine.
Karma: Can only be portioned out by the Cosmos.
I agree that the talk-back makes me a bit uncomfortable, but ultimately anything that makes it to my browser window is under my control.
Personally I have stopped browsing without NoScript enabled. I sincerely hope that the functionality it provides is adapted as a base feature in future browsers. Javascript is simply too dangerous to be trusted by default. Sites need to earn that trust, IMHO.
STFU about slashdot bias.
In that case I hope they have enough server space.
Snopes was (is?) using java to prevent site viewers from right-clicking and selecting text at all (not to mention using java to present copious pop-up and pop-under ads). I had no idea until I was watching a friend go to Snopes in a browser without NoScript running. Showed him how to user get NoScript and now he is free to copy/paste text with impunity!
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
I have a habit of repeatedly selecting and deselecting text as I read it. I probably selected the story blurb here 10 times while reading it. It would be hard for them to mine that data for anything useful. Not that I run strange javascript anyway.
Give me Classic Slashdot or give me death!
DemoCamp in Edmonton got a demo of this backbreakingly suit-oriented piece of software. It's a sign of how all DemoCamps slowly become lame as shit that all of the Q & A was spent with the suits asking about how they make money or providing advice on that point rather than commenting or asking about the technology.
So let me get this straight. Because there are websites that are doing shady stuff with the text I select and such, you want me to install a Firefox Extension that theoretically won't do anything shady with my stuff, even though its license consists of
Source code license for Ghostery 2.0.2
Copyright Ghostery, Inc. All Rights Reserved.
And there's no source available.
Why should we trust the people behind Ghostery any more than a random website out there? If you're writing software to protect privacy and prevent data snooping, why make people trust more closed-source software?
coding is life
Same thing works to get rid of that stupid answers.com script that makes an ajax call whenever you select any text on a page.
Just add a filter to to Adblock Plus in Firefox. Go to Adblock Plus's preferences page, click Add Filter and enter:
http://tcr.tynt.com/*
Then just click OK or Apply.
Portable versions of Firefox, GIMP, LibreOffice, etc
The URL appending when cutting and pasting is easily defeated by pasting using the middle mouse button. That script still sends selection information, though. Can anybody tell me what this data is collected for? I don't see any value in it.
http://www.moonlight3d.eu/
It's based on selecting text, not copying and pasting it. So when you select the text in your browser, as soon as you finish making the selection, it sends the info on what you selected back to Tynt. It also adds in the attribution link to the selected text (although you won't see it in the web page). Then when you CTRL-C or right-click and copy as usual after making the selection, you get your selected text and the attribution link.
That's how it avoids needing to use Javascript to do anything to directly touch the clipboard (which is disabled by default in your browser for security reasons).
Portable versions of Firefox, GIMP, LibreOffice, etc
This isn't the first instance of Javascript messing with the clipboard. One of my former co-workers encountered a real estate search site that repeatedly overwrote his clipboard. He had the page open while he was working and discovered the issue while trying to copy-paste some database queries from one file to another or something.
My first thought was that the browser shouldn't even allow that. But since each of the individual components (looking at the selection, capturing keystrokes, writing the clipboard) can be used in JS for useful things it's hard for browser makers to do much about it. Of course, we should all be surfing with JS under tight control...
I don't get it - why does the JavaScript even need to send the text to a server? I mean, the browser knows what page you are on. Why not just have the JS snag the URL from the browser and append it to the text, so the selected text never leaves your computer? This whole setup just sounds like an excuse to send something back to the server, when it's technically completely unnecessary.
... closed-source software?
1. rename extension.xpi to extension.zip
2. open extension.zip with unzipper of your choice
3. read all source-code
4. ???
5. profit!
I can't get it to work when I copy paste from Wired (must be something with my setup and javascript) but I will make the unpopular statement of saying that 1) you are copying and pasting Wired's content and 2) as early as high school I was taught that if I was copying information verbatim, I had better have some sort of reference (MLA preferred).
Now, on Slashdot I drop in a link on some text like just did up there. But if I'm quoting it, I'll throw in a quote block and lead up to who said it and call it a day. Now, let's imagine a world where all that was automated when you copied something and the text you copied came with XML metadata saying all the things like where you got it, when you got it, who wrote it, etc. That could potentially be pretty useful. If you think of the web as actual works belonging to people then you can start to see how legitimately referencing other works could be made a lot easier with stuff like this. And maybe text editors could have plugins to digest it?
Unfortunately the submitter and editor of this site seem to cry privacy violation at any attempt to move past the wild wild west anything goes attitude of the world wide web. That's fine as this has an element of privacy concerns what with the phoning home. But please consider the issue from Wired's side, from the side of the author and content creators. They might just trying to help us with what we were taught in school.
Lastly, I would like to point out that another solution aside from Ghostery or Noscript is just to not use Wired's site at all. Vote with your feet and bring your eyeballs elsewhere for pageviews and adclicks. I'm sure Wired's not losing a whole lot of adclicks if you do.
My work here is dung.
seems like a CTRL+A, CTRL+C by a few thousand slashdotters might cause some issues.
Noscript FTW.
Selection to alternate clipboard (or whatever it's called) doesn't suffer from this nonsense :D
I am d3matt
This from their FAQ - Technical Topics (http://www1.tynt.com/faq-technical-topics):
Q. How can I block Tynt Insight from monitoring my actions?
A. Tynt understands that some people are uncomfortable having events from their web browsing recorded in a database. We take your privacy concerns seriously and we are therefore investing considerable effort into developing a feature that will allow users to block Tynt software across all the sites that are using it, from within their own browser. Until we have this blocking feature ready, it is possible to achieve a similar effect by using one of the many ad blocking components available on the net. For Firefox users, we have found Adblock plus to work well, and Super Ad Blocker is effective for IE users.
I can't wait to download and install software they've written to help me block them from tracking me with their software. Good thing I'm using Ad Block Plus and NoScript while I wait, or they'd know I cut-n-pasted that...
Does Tynt have multiple /. accounts or something? I've never seen so many posts marked Troll
"Not cookie based, not IP based, but stop it you creeps angry phone call based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away and have had the decency to never start up in the first place."
Please tell me that the writer is either a non-native English speaker, or they didn't read that twice?
Tibbon
tibbon.com
They give me content, I give them data so they can make their website and their ads better suit my needs, personally I don't type out my secrets on random websites then copy and paste them else where, I love the cock, If this technology means that a website author can analyse their site and see that most people selected TLAs (probably to google them) and as a result next time they use a TLA they expand it the first time then i can only see that as a win, if they see that I selected "hustler for young gay men" (probably to buy it) then they can replace the text with an affiliate link to amazon and make some money, while saving me a copy/paste, then i see that as a good thing too. In fact i wish wikipedia would do this so that they linkify the words when people actually look them up not just the where the editor decided to put the link or every single time (that would make it a mess)
Fiddler (HTTP Debugging Proxy) is a pretty cool tool for checking on what a site is doing -- and much easier and more useful than looking at the TCP stack). Fiddler works with any browser and acts as a proxy between the browser and the web. It's also scriptable.
Highly recommend Fiddler for keeping tabs on who your browser is talking to. (Also, indespensible for debugging ajax.)
I seem to have stopped this by adding the following to my hosts file:
127.0.0.1 www1.tynt.com
127.0.0.1 tynt.com
127.0.0.1 www.tynt.com
127.0.0.1 w1.tcr112.tynt.com
I stole this sig from a more creative user.
Please, we need to know ALL of the hosts that they use so we can add them to our hosts file.
1) Copy desired formatted/linked/etc text to clipboard.
2) Windows key-R (opens Run box)
3) Ctrl-V (paste the text into the Run box)
4) Shift-Home (select the now-plaintext)
5) Ctrl-C (copy the now-plaintext)
6) Esc (close Run box)
I use this all the time when copying and pasting in Windows, and it works great for me.
Slashdot? Oh, I just read it for the articles.
We seem to be moving into a "corporate" model where everyone can use anyone's material without worry about plagiarism because - after all - it belongs to the company. The difference is, when I write a good piece of something for the company and it is re-used - I get paid. Not always so outside of corporate.
Concerning The Software and People Using It:
I don't think the software is evil. I think it helps those who do honest hard work. And if someone happens to choose this software and you don't like it, don't use their stuff. And if you do use their stuff, give them the goddamn credit.
Concerning These Types of Software:
And we should continue keeping companies like this in check by discussing them just like this. For now, we can still vote with our feet and wallets.
Concerning Hobbits: ...
Well, you know that story
L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
Just make sure that the option "Allow scripts to detect context menu events" is left unchecked (this is the default). Then you can select text/graphics/whatever, and copy operations via right mouse click are not observable by javascript.
In fact, javascript can't detect any right click actions in Opera unless you explicitly allow it. So copy, paste, translate, search, dictionary, encyclopedia, etc. actions can't be monitored by javascript in a web page.
This feature was in earlier versions of Opera as well, but the checkbox was named differently.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
I work for Tynt. I appreciate the discussion here and want to make sure that everyone knows we want to be respectful of the opinions here. Not sure i I will get flamed just for wading in, but I hope not. To clarify on a few points 1. Tracking and Attribution – the attribution feature is separate from the tracking features. The tracking features work very much like any other analytics tool. We do not store any personally identifiable information, but we do want to help publishers learn what content people are choosing to preserve and promote. In addition, publishers can turn the attribution feature on or off on their sites. If you want to see what is actually collected - sign up for an account and look at the dashboard, you will see that we are tracking the content, not the user. 3. What if I don’t want this behavior? We are currently working on a global opt out for users who would rather not have Tynt monitor them. In the interim you can opt out on a site by site basis (i.e. the opt out for the SF Gate is here: http://www.sfgate.com/chronicle/faq.shtml#faq1.5%23ixzz0bxLIAbL7). More info on how to not have Tynt monitor you is available in our FAQs here: http://www1.tynt.com/faq-technical-topics#ixzz0bxGzIgPZ but as pointed out in the comments here, NoScript is a very effective tool for this. Derek
Not cookie based, not IP based, but stop it you creeps angry phone call based. It ain't a pure useful service, and it ain't a pure privacy invasion.
This is barely English and is a grammatical cluster-fuck. Come on editors, read past the first two lines please.
Dewey, you fool! Your decimal system has played right into my hands!
Sites already track which page you're looking at, so we're quibbling about which bits of content are more meaningful to you. If it bothers you that sites are tracking which fragment of a page you're copying, either disable scripts or save the source and muck with it offline. If the part that offends you is the added hyperlink, just delete that after you've pasted. It's a convenience for webmasters and for bloggers who want to quote bits of a site with automatic attribution. You do want to credit your sources, right?
A website can monitor practically anything it wants. One idea is to record the user's mouse movements and report the areas he mouses-over the most (presumably for site optimization).
Incidentally, this is one reason Flash is evil: Flash provides 1) hidden cookies, and 2) clipboard access. It's evil.
This must have been placed on a bunch of websites recently. I'm a habitual "highlight as I read" person. I noticed a couple months back that quite a few websites started the FireFox activity indicator spinning when I highlighted (New York Times included).
I wonder how much useful information this "service" is actually providing to content hosters. I must send dozens of small chuncks of text every time I read an article.
Can I disable this through AdBlock?
I don't understand what the big deal is. I'm stealing someone's content to quote verbatim in an email, or something like that, they have the right to know they're being quoted. Maybe not the "right", but they should have the ability.
I also like that it recently added the trackback URL below the text I was copying. This is something I usually do when I send a quote to someone, and this saved me step. Pretty cool feature, if you ask me. I could see how it would be annoying, but it can also be handy.
Disagreeing with me does not mean you get to mod me troll.
Taint: not quite assholes, but pretty close.
OK, I'll probably be in a small percentage of /.'rs here; but I don't see how this a privacy issue. According to Tynt Insight's page, no individually identifiable info is provided. It seems reasonable, to me, for a website to want to know what information is actually of interest to viewers; this provides a tool get that information. I realize some people want to be absolutely untrackable and anonymous when surfing; but I happen to think site owners have a right to implement tracking tools as they see fit, and users can chose wether or not to visit a site or to use blocking tools. Ghostery blocks doubleclick on /.; should we be offended that /. tries to make money off their site?
I'm a consultant - I convert gibberish into cash-flow.
To me, this would just prompt me to write a small script that randomly selected text on a page, copy, repeat... and let it spam their servers all night. Eventually, one would hope, with enough people sending in trash data, they would get the idea to KNOCK IT THE FUCK OFF.
Just my 2 cents.
As someone who compulsively selects articles as i read them (repeatedly and randomly) let me just say I'm glad to see that my compulsive behavior is corrupting their 'service'.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
--- request url ---
http://w1.tcr112.tynt.com/a/t/2?guid=0ccFYZWUT&total=1&_charset_=UTF-8&site_guid=ac4i_23GOr3QjHab7jrHcU&name=Google%20Fights%20China%3B%20Will%20Yahoo%20and%20Microsoft%20Follow%3F%20%7C%20Epicenter%20%7C%20Wired.com&word_count=2310&first_type=1
--- request headers ---
Host: w1.tcr112.tynt.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Pragma: no-cache, no-cache
Referer: http://www.wired.com/epicenter/2010/01/yahoo-microsoft-china/
Cache-Control: no-cache
--- response headers ---
Date: Thu, 14 Jan 2010 19:18:17 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 19 Nov 2009 22:52:50 GMT
Accept-Ranges: bytes
Content-Length: 42
Connection: close
Content-Type: image/gif
Taken from Wired.com's page on the Google/China story, ironically enough... as for me, I think I'll keep tynt.com OFF the list of sites that NoScript allows.
Incidentally, it's obvious in Firefox that something weird is going on, as you can see the data transfer happen in the status line.
Everyone knows that if you save text from a web page to your machine to read it later (or have text-to-speech read it to you) that is blatant STEALING! I mean come on, you're accessing the content without being exposed to the ads on the page! :)
On a serious note, thanks for giving me another reason to disallow javascript.
I've seen instances where right-clicking was not allowed on a given page. Too bad for the Nazi that implemented that, because we can just use ctrl+c.
...watching ur copies
You post a hosts-based solution, then it stops working. Combined with this post linked below, I'd say Tynt is trying to supress data. Or that someone is trying to make it look like they are.
Chances are if you add another round of entries, they will mysteriously stop working again. It's like Tynt knows when someone copies info from their FAQ page, or something. Eerie.
http://yro.slashdot.org/comments.pl?sid=1510934&cid=30768510
Hah. If it's just based on selection then they are going to get some really shoddy results from me. I appear to have selectitis... while reading text on a page I randomly select and deselect parts of the page. I'm not sure why, it's just like a nervous tick in my hand and I can't help it. It's not related to the part I'm reading.. normally the selection is above or below where I'm reading.
I've long wished the browsers would offer an option to stop pages (including plugins) from intercepting important keyboard shortcuts. Every now and then I run across a site that intercepts Alt-D or Ctrl-E (and/or ctrl-k and ctrl-l), and they're annoying as hell. Having to put my hand back on the mouse to click the address bar when I'm already ready to type the new address I want feels like the site is trying to stop me from leaving, one step short of a "Are you sure you want to navigate away from this page!?" popup. And in almost every case it's either a gimmick by someone who apparently didn't know those shortcuts existed, or it's done in the name of 'accessibility', which I am all for right up to the point that the page is less accessible for me.
The browsers do (at least in current versions of FF and IE) ignore 'accesskey' attributes that conflict with their shortcuts, and NoScript helps with Javascript captures, but I still haven't found a way to get important browser shortcuts to be passed through Flash (ie, youtube).
The simple fix I use is to Ctrl-U/View source and copy from that window.
I've seen one lyric site that thwarts this by encoding every character of each song's lyrics as a numeric character reference (for example, hello for hello). It expands the size of the markup, but for one thing, that's what mod_gzip is for, and for another thing, obfuscation of View Source makes it that much easier for sites to keep their licenses from the music publishers.
All the posts here are focusing on defeating the script with technological measures. But basically:
1. You get to read wired for free
2. You get to copy sections of their articles and post them to your own blogs
3. All wired gets is increased chance of attribution (you could still delete the link after pasting) and anonymous statistics on which portions of their stuff people found interesting.
This is much less invasive than paywalls, disabled mouse right clicks or excessive popup/over/under ads. In fact, if you are cool with google analyzing your goat pr0n queries, you should be cool with that because only someone else's thoughts are captured rather than yours. If we want to enjoy good quality free stuff on the web, we should learn to live at least with moderate wishes of its creators.
Oh god yes, and it shouldn't be possible for javascript to intercept things like right click at all.
Another site I read mentioned that it's blocked in the AdBlock Plus EasyPrivacy subscription. https://adblockplus.org/en/subscriptions
I added that subscription and it worked like a charm
so after reading a mess of comments here I wonder if they are storing the content with an ip or just processing it and pushing it back? Yes, this is a privacy concern, but so is copying copyright protected works. A random web surfer should be covered by Fair Use... but what if the entire document is copyied. (I do this when I know the source takes it off the web at a later date - mostly for discussing politics. I hate it when my sources disappear.)
We are never truly anonymous. Web server logs store every item we view and our ip address. I am not sure how this is a greater intrusion.
I've been using Noscript since forever dude. Sure it broke lots of things to start with but that's finally settled down as I've built up my whitelist of allowed websites. The important thing is to block all by default then whitelist as needed and that prevents crap like this from happening in the first place.
Mod me up/Mod me down: I wont frown as I've no crown
The firefox extension DomainCage looks promising, unfortunately, it doesn't seem to work for me? Anybody else have it working?
Check out Tynt's privacy policy. The "Information obtained by virtue of your visiting TYNT web sites" section is particularly interesting. http://www1.tynt.com/privacy-policy
Turn off Java, Javascript, plugins. The web is so much nicer without those. Turn them on for sites you want them on. Machete them. Use something like Pithhelmet for Safari to hack the web back to your specs. Works for me.
Even with ABP disabled for wired.com NoScript doesn't report a tynt.com script.
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
Why bother to rename it?
7zip / Winzip open up the .xpi just fine. .xpi (e.g. .jar).
7zip will even open nested archive files inside of the
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
I tried this on their home webpage -- apparently you have to use the explicit "copy" buffer in order for the website to be tagged.
Using the highlight buffer (emacs-style) with the center-click paste doesn't append the website to whatever it is you are looking at.
YMMV
I popped up ABP on a wired story page and it was trivial to block tynt's scripts. Stop whining and do it.
Giant problem? Perhaps in the context of perfect security. But there is no such thing.
I use YouTube without JavaScript (I also use a video downloader add-on).
Anyway, if I want to view a particular YouTube page, I press the NoScript "temporarily allow" button. Am I then subject to every possible XSS that could be happening at YouTube across the entire site or every time I visit the site? No. Am I subject to as much vulnerability as if I always visited YouTube with JavaScript enabled? Not nearly.
There is substantial security gain.
Saying there's a "giant problem" with NoScript is like saying there's a "giant problem" in being given $200 when you're wanting $20,000. Fine, give me that $200, then.
View Source? NoScript Plug-in?
I used to have NoScript with default to not run scripts, but I have given up. It is doable as long as you just browse the web, though you will have to whitelist a lot of sites to get them to work and embedded video will often just not play. The real problems come when you want to use travel booking sites, corporate career sites, banking and many online shopping sites. Those require a lot of JavaScript and will send you around between different domains and servers in ways that appear to be indistinguishable from XSS attacks. You cannot know before you start either, there will just be a blank page in the middle.
I still use NoScript, but in the blacklist mode. It stops some common attacks and lets me block annoying scripts such as in the article here.
Anyone using this "tool" on their own site could have written it themselves. Instead they choose to give away their viewers activities to a third party to make money off of it. They are paying another company to encourage tool use that disables the functionality of their own web pages and ads. They are helping a third party build a massive database of viewer data.
This is a malware/spyware tool that alters their own viewers' operating system clip board through the use of a web application. If something is selected on their own machine, this tool alters it so the viewer does not know what is in the clip buffer even after they carefully chose to select a particular set of data. This is not going to go over well at all.
Not with the stealing data bit, I don't think of copying as stealing. But attempting to monitor copying doesn't seem any more criminal, it's just one more level of copying data.
The trackback URL feature is nice, I use it the same way. This article was interesting in that I didn't know how that was being done, but it really doesn't seem that intrusive.
"The ability to delude yourself may be an important survival tool" - Jane Wagner -
If you think you're getting the actual words from a page by copying and pasting... you may be surprised to find your copy taynted.
And that folks have been spying on your mouse.
...what the AJAX request was every time I selected something
I have a habit of selecting each line as I read it, and when I saw the request, I wondered what they could possible do with the knowledge that i'd selected a specific line. so I re-read(and re-selected each line as I went) just to fuck with them. My habit hopefully makes any data they collect about me worthless, but i'll still be blocking the script's domain
What is this supposed to mean?
Not cookie based, not IP based, but stop it you creeps angry phone call based
I can't figure out if there is a missing word, a mis-spelled word, or what. If anyone knows how to parse that, reply and let me know.
Don't blame Tynt. They are only providing a service that their customers desired and pay them for. Instead blam Tynt's customers. Blame Wired.com and SFGate.com and any other sites that use this crapware.
Message to Tynt: Change your business model. You are an Adblock update away form going out of business.
I like this idea. If you visit a site using tynt, then you have a browser extension that crapfloods tynt with random quotes, probably taken from the site's privacy page.
Minority vote: I scanned the responses which show an overwhelming disapproval. On the other hand it occurs to me that such a feature, which would monitor my activity on a web page would be useful as it would allow fine-tuning the web page, learning on the content creator 's part as to what people find interesting or useful. We already give away info by clicking on links and measuring how long we stay on a page. It is also a pain to see web content chopped up to small pieces just to increase hit numbers or better understand user behavior. So there is this general concept that understanding behavior is cool, and a current misunderstanding that the granularity allowed for this is one HTML page. It is OK for the privacy concerned that inter-page activity is analyzed, but intra-page is a big no-no. This is an arbitrary threshold. In fact, there is the vision that better, more complete pages are encouraged by measuring a lot of intra-page activities. Scrolling behavior, spent time on sections of the page, based on scrolling behavior or cursor behavior. In fact eye tracking would be an awesome indicator. Before any uproar let me suggest that those privacy buffs should remember that you already give this information not only at the level of HTML page visits, but also when you visit a physical shop. So I applaud this development as one more step toward providing feedback between content creator and user. I might spontaneously highlight passages that are interesting or being read. Others may paste in a copybook. No big loss of privacy.
If you look at http://crazyegg.com/ you see that they do something similar to this. It's actually looks like quite a useful tool for working out where your site gets the most attention.
Just because you can read the code doesn't mean it's not closed-source.
What is the harm in collection of analytic data? Assuming that the only thing they record is
somebody from the zip code xxxxx copied and pasted 'yyyyyy'. He was using firefox and had flash installed on his system
, then what is the harm? (As for any further accusations, I would ask for evidence)
I think I understand what you're trying to do here, and for those who want it, it sounds like a very useful service.
Frankly, I'd like the option to have my web browser to do something like this automatically when I copy and paste from any site (but not if it means sending the text to other servers, unfortunately).
However, as an end-user, if I hadn't come across this article on Slashdot, how would I know to opt out? And if I highlighted text and never copied-and-pasted it, how would I know that everything I highlighted was being sent to your servers? (Like other readers, I often highlight to make text easier to read and to keep my place within an article.)
In other words, it's great that I'm a reasonably tech-savvy person who reads Slashdot, but my parents aren't necessarily, and they have many of the same privacy concerns I do. What about them?
Cool, and utterly annoying, and how do I make that stop? ... And Tynt provides no opt outs.
The opt out process is very simple -- if you don't want to view wired's website under wired's conditions, then don't visit their website. Having an internet connection does not automatically entitle you to free access to everything you want on your own terms... (Yes, doing stuff like this might turn their readers away, but that's their choice, not yours)
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
There is only one good answer to this sort of thing. Paging Mrs. Roberts to the javascript department.
The method used in js here is getSelection(). They then use DOM to append the url onto that selection through, I believe, overloading the Ctrl-C and Right-Click events.
I personally think it's a neat idea - yeah, privacy hell etc, but there's nothing stopping Google silently adding this to Analytics, and I wouldn't be surprised to see it. NoScript is all good for the tinfoil hatters. I have in fact seen a considerable number of backlinks through using this in the short time I've had it on a test site, so it's great for small original content producers to get decent attribution.
What concerns me is the potential exploit on this if, say, running an Ubuntu help site. I know I've copypasta'd with known-good code off help sites before, straight into Terminal. There's nothing stopping this type of code silently tacking a \n and a few lines of nasty code onto totally innocuous code snippets. Before I found Tynt I'd certainly have fallen for it (and I consider myself a pretty hard person to hit with a 'sploit)...I've since changed my behaviour to proxying via gEdit before pasting any code into Terminal.
I've no account (Anon everywhere), but someone with one might consider adding this advice to UbuntuForums stickies on how not to get stung.
Just because you can read the code doesn't mean it's not closed-source.
Yes it does mean its open source. It might not be Free Software, it might not even be free as in beer but it IS open source. Anyone having the ability to look at the source code via ordinary means is the only necessary condition for software being open source.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it.
In addition to being an annoyance, this is a huge security hole.
Indeed, if this malware can append an URL to the pasted text, it can append anything. Just imagine attempting to paste some bit of information into a command line (filename, URL for wget, ...), and this piece-of-shit script adds \nrm -rf $HOME\n to the selection. This nonsense is a clear sign that the javascript craze has gone way too far. Javascript should never be allowed to interfere with basic controls such as selecting and copy-pasting.
CmdrTaco is short for "command her taco", which means to pwn her vagina.
ceiling Tynt Insight is watching you mast... wait what?
Ghostery's website has 3 tracking bugs, all of which are blocked by Ghostery.
Just because you can read the code doesn't mean it's not closed-source.
Srsly?
Dude, you should be ashamed.
What you said is, once we take away the double negative (which is, of course, a no no in english. sorry for the pun!) is:
Just because you can read the code means it is open source.
Which is weird, considering your replying to someone who is saying the same thing.
I think you might of meant "just because you can read the source code doesn't make it open source." Which really isn't true in this situation.
Be seeing you...
Because I have this nasty nervous habit of randomly selecting and deselecting unrelated blocks of text as I read an article... this reminds me of the old Calvin and Hobbes article:
Calvin: "I'm filling out a reader survey for Chewing magazine. See, they asked how much money I spend on gum each week, so I wrote '$500.' For my age, I put '43' and when they asked what my favorite flavor is, I wrote 'garlic/curry.'"
Hobbes: "This magazine should have some amusing ads soon."
Calvin: "I love messing with data."
Can I use drunkenness as an excuse?
A couple things. First, you're being overly simplistic when you say double negatives are a "no no" in English. (Note that English is capitalized, by the way.) In fact, many fine examples of English prose from days of yore contain double and even triple negatives; one example would be the Declaration of Independence, and another would be the U.S. Constitution. Back in those days, it was expected that the reader would sit there and ruminate for more than half a second to divine the meaning of a sentence, and therefore was adequately equipped to discern the meaning of said double negative.
The only time in English that double negatives are a "no no" is when they are unintentional, as when some poorly educated speakers mean one thing but say the opposite. "I ain't got nothin'!" The speaker meant he has nothing, but in fact is literally saying that he has something.
Secondly, "no no" doesn't really qualify as a pun. Even if you disagree, it's pretty weak -- even for a pun.
At any rate, the person to whom you are responding clearly falls into the "unintentionally self-sabotaging" category. :-)
My only observation is that there's some validity to his viewpoint, even if he did mangle the expression of it. If the source code for a plugin is readable only by disassembling the plugin, I'm not sure if that plugin really qualifies as Open Source (as defined by the industry). It seems to me that to meet the definition of Open Source, the author or publisher of the browser plugin ought to explicitly publish the source for the plugin.
Yes, I know my use of "disassemble" might seem strained to some folks, but the steps you have to take to get at the source for the plugin are not that far removed from decompiling a Java class you extract from a JAR file, for example, or running a binary through a disassembler. I'm sure others will grouse over what "explicitly publish" means -- frankly, I'd be satisfied with distributing commented source along with the plugin as a separate, human-readable file, or exposing it on a web site.
It's still based on selection. When you select the text (which occurs when you finish the click, drag to highlight, release operation)... and Tynt modifies the selection to add their bit and sends back to the server what you selected. Then, when you hit CMD-C, your browser sticks the selected bit in your clipboard and *unselects* the text. Since the selection changed, Tynt gets another ping.
It's not the clipboard, it's what you selected (and then unselected) that's the trigger. Javascript can't get at the clipboard by default.
Portable versions of Firefox, GIMP, LibreOffice, etc
That's an interesting hypothesis, but this is not the way it apparently works according to my tests (see below). As other commenters have pointed out it does not access the clipboard but "capture" the Cmd-C keystrokes to trigger the code.
I have tried to replicate your hypothesis with Safari and LittleSnitch, both on Mac. First,I have to say thaton Safari, the selection does not disappear after you press Cmd-C.
1- I accessed this Wired article.
2- Upon selection of any text, it tries to open a connection to w1.tcr112.tynt.com, port 80. I "Deny Once" on LittleSnitch.
3- Re-selecting any other portion of text causes the same behavior of point 2, but deselecting text does not generate a connection request.
4- When pressing Cmd-C on the keyboard I get another connection request to w1.tcr112.tynt.com, followed by another one to wau.tynt.com, both on port 80.
5- Either by allowing these connections or not, the Javascript code detects this text has been already selected and copied and ignores subsequent Cmd-C sequences over the same selection. You need to deselect and select again to create another connection request
One really interesting finding is that the JS code does retain in memory what text you have selected previously on thet page and compares your new selections to the previous ones, only generating new connection requests when new text. It ignores the position of the text (so a single word selected in different parts of a page is only sent once when selected), and it is case sensitive so it you select "The" and "the", you get two connection requests (but only the first time). I suppose this is a way for them to clean requests.
Open Notepad, paste, select-all, cut. Now you have regular text.
The parent was a little rude, but thanks for the helpful reply, Anon. If I was of the parent's opinion your reply would be exactly the kind I'd want to get.
From the looks of most of these posts about folks surreptitiously observing and acting upon what you do on your computer, we all have the same idea about it, except maybe the tynt-guy. I don't like the idea of BB watching everything I do either, but maybe, to shine a different light on the subject, we need to do a 'declaration of independence' for the web. It ought to say in general terms, what we, the web-users of the world expect from our encounter with the world. This would include words like 'no spying on me by anyone, including the govt', or, 'what I do is my own damn business, not yours!'. But ya know this will never happen. Soooo, the bottom line is, we keep on fightin' 'em tooth and nail, exposing them as best we can (and 'thank-yous' to those who brought this to our attention) but ALWAYS remember, when you pick up a cell phone, open your browser, do email or read an article from whoever, or take an ad out in the local Gazette, even drive your car down the street or take a walk along the avenue, whatever you do is open for the rest of the world to see. Your govt has given itself the right to watch-and-report, and so has big business. Our only recourse, since this type of activity is not illegal, is to stay aware, and be careful with everything we do. Helluva way to live, but in case ya din't notice, there's a war going on. The game is different now, altho freedom and liberty are still the targets. The rules have changed, the attacks are different, and our responses ought to keep up with the times. TELL EVERYONE YOU KNOW what is going on, even in bits and pieces, and maybe someday, we'll all get the big picture and do something about it! Thanks fer lis'nin! seekertom