Tynt Insight Is Watching You Cut and Paste

jerryasher writes "In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."

If its just JS break it.

[DarkOx]

If its just J/S it must be useing the browser to get or post the information back to their web server. Figure out what there net block is and black configure your firewall to send you a nice reset packet anytime your box tries to hit it.

Re:Thought JavaScript clipboard was opt in?

[tjstork]

This can be done by overloading the Ctrl+c keypress event, etc.

Then from there, you can get the selection...

I got you.

Habits

[Hatta]

I have a habit of repeatedly selecting and deselecting text as I read it. I probably selected the story blurb here 10 times while reading it. It would be hard for them to mine that data for anything useful. Not that I run strange javascript anyway.

Re:Habits

[LMacG]

I'm a "highlight while reading" guy too. That's what first made me notice Tynt, and that's what made me swich back to Firefox (w/ NoScript) from Chrome.

Re:Thought JavaScript clipboard was opt in?

[rhsanborn]

Is anyone else half-tempted to write a script to post back random text from Pride and Prejudice, or something to that effect?

Kind of One Sided Review of the Service

[eldavojohn]

I can't get it to work when I copy paste from Wired (must be something with my setup and javascript) but I will make the unpopular statement of saying that 1) you are copying and pasting Wired's content and 2) as early as high school I was taught that if I was copying information verbatim, I had better have some sort of reference (MLA preferred).

Now, on Slashdot I drop in a link on some text like just did up there. But if I'm quoting it, I'll throw in a quote block and lead up to who said it and call it a day. Now, let's imagine a world where all that was automated when you copied something and the text you copied came with XML metadata saying all the things like where you got it, when you got it, who wrote it, etc. That could potentially be pretty useful. If you think of the web as actual works belonging to people then you can start to see how legitimately referencing other works could be made a lot easier with stuff like this. And maybe text editors could have plugins to digest it?

Unfortunately the submitter and editor of this site seem to cry privacy violation at any attempt to move past the wild wild west anything goes attitude of the world wide web. That's fine as this has an element of privacy concerns what with the phoning home. But please consider the issue from Wired's side, from the side of the author and content creators. They might just trying to help us with what we were taught in school.

Lastly, I would like to point out that another solution aside from Ghostery or Noscript is just to not use Wired's site at all. Vote with your feet and bring your eyeballs elsewhere for pageviews and adclicks. I'm sure Wired's not losing a whole lot of adclicks if you do.

Trolls?

[jgtg32a]

Does Tynt have multiple /. accounts or something? I've never seen so many posts marked Troll

Re:Trolls?

[TyntGuy]

We're not a big company, and I can tell you I'm the only Tynt guy commenting here. Derek

Re:Why collect that data?

[Nerdfest]

Many password storage utilities use the paste buffer to keep you from needing to type the password, although the good ones will blank it out after a short period of time. This has the potential for some fairly serious abuse.

Re:Thought JavaScript clipboard was opt in?

[vnaughtdeltat]

I have this terrible habit of double-clicking on text when I'm reading it, which selects it every couple of seconds. If more people did this maybe we could overload their servers.

Re:use noscript!

[izomiac]

As a poster above mentioned, allowing 2nd level domains is a good trade off between security and convenience. Before I used NoScript I blocked external scripts using a proxy filter for years, and it's only been in the past couple that I've bothered whitelisting anything. Basically, a few APIs (e.g. Google's) and some oddly configured sites that use multiple 1st level domains are about it. Other than those, it is quite rare for a script from an external host to be something that is beneficial for the user. Usually they're ads, stat counters, or something flashy and annoying. This will get you into trouble with some shopping sites though, like Pizza Hut's where I wasn't sure if my order was placed or not, and didn't want to refresh and possible order another pizza. So I whitelisted "https://*", and that seems to work well.

Obfuscation on one of the big lyric sites

[tepples]

The simple fix I use is to Ctrl-U/View source and copy from that window.

I've seen one lyric site that thwarts this by encoding every character of each song's lyrics as a numeric character reference (for example, hello for hello). It expands the size of the markup, but for one thing, that's what mod_gzip is for, and for another thing, obfuscation of View Source makes it that much easier for sites to keep their licenses from the music publishers.