Tynt Insight Is Watching You Cut and Paste

jerryasher writes "In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."

use noscript!

Only run the javascript you want.

Re:use noscript!

[melikamp]

I have to second this. NoScript is now my favorite extension, with ABP being a close second.

Re:use noscript!

[Montezumaa]

I read their website, and it looks like they offer a program for users to install. Is this what the article is referring to, or are webmaster running a script to allow Tynt Insight to track what I copy and paste, irrespective of whether or not I install Tynt's program? If it is the former, then do not install the damned program. This is just like the whole social-networking sites and people bitching about privacy.

If it is the latter, then install No-Script(which everyone should have) and block the shit out of Tyrant....err, Tynt. I have No-Script running because I was tired of Google tracking my every move, along with the other tracking site.

Re:use noscript!

NoScript users are going to be a minority of internet users, but you have to be INSANE to browse without it.
I whitelist base 2nd level domains, but noscript really highlights the amount of CRAP that many sites use, like fuck-up-you-shit-apis.com

A page rarely appears, or functions differently with all 3rd party scripts blocked. It also might be blocking some advertising, but I can't tell if Adblock got there first.

Re:use noscript!

[c0d3g33k]

I actually have both installed, and haven't noticed any adverse effects or conflicts. NoScript handles the "selectively allow this", while Ghostery tells me about web bugs and such, and lets me identify the JS and urls, as you point out. Ghostery seems to stay out of the way quite nicely, while NoScript does the heavy lifting.

Re:use noscript!

[Hurricane78]

There’s a giant problem with this:
- You are not going to inspect every JavaScript you want to allow.
- Which means that you only might know what it does, when you enabled it.
Which makes the whole exercise kind of pointless.

An example is a MySpace or YouTube XSS script. Those sites are not usable without JS. So you enable it. But they are also the sites that are targeted the most. And that’s the problem.

Does NoScript have a automatically updated white-list? And if yes, who decides what gets in there?

All in all, it sounds very much like a half-assed illusion of a solution. Unfortunately. :/

Re:use noscript!

[izomiac]

As a poster above mentioned, allowing 2nd level domains is a good trade off between security and convenience. Before I used NoScript I blocked external scripts using a proxy filter for years, and it's only been in the past couple that I've bothered whitelisting anything. Basically, a few APIs (e.g. Google's) and some oddly configured sites that use multiple 1st level domains are about it. Other than those, it is quite rare for a script from an external host to be something that is beneficial for the user. Usually they're ads, stat counters, or something flashy and annoying. This will get you into trouble with some shopping sites though, like Pizza Hut's where I wasn't sure if my order was placed or not, and didn't want to refresh and possible order another pizza. So I whitelisted "https://*", and that seems to work well.

Re:use noscript!

[paiute]

"Stop it, you creeps," angry phone call-based.

But yeah, the editors and most of the submitters not knowed the English.

"Stop it you!" creeps angry phone. (call-based)

Re:use noscript!

[virtualXTC]

Comparing the false positive rate of ABP to noScipt is about as useful as comparing apples and oranges. ABP is a blacklist based service, Noscript is a whitelist. Therfore ABP only has false negatives (including all of the things you need noscript for). No-script therefore has only false positives. Unfortunately, un-like ABP, a user curated list isn't practical; as soon as you do and whitelist a paticular script, someone will change it to do something malicious.

....the fact that some users are too dumb to figure out how to use no-script makes me like it that much more.

Re:use noscript!

[ahabswhale]

NoScript is whitelist oriented. You have to explicitly tell it what sites are ok to run javascript. If you don't do that, you're opening yourself up to a world of hurt (especially if you ever browse porn). Once a site is whitelisted, you shouldn't have any problems with it at all.

Re:use noscript!

comparing apples and oranges.

You said the magic words!

Gentlemen, I repost Apples and Oranges: A Comparison

Re:use noscript!

[melikamp]

but noscript really highlights the amount of CRAP that many sites use

OMG, yes. I have temp allow button on my toolbar and I click it for fun sometimes. On wired.com, 29 scripts are blocked, and the site seems to work fine. Inside an article, 47 scripts are blocked, but I can still read the article, probably because the bulk of Wired content is plain text with pictures, which is being handled (very well) by a super-tech known as plain HTML.

Seriously? They want my poor rig to plow through 47 scripts, while all I get, as a Web reader, are 6 paragraphs of text and a stupid photo?

Re:use noscript!

[epine]

I'll take my solutions in half measure, thank you very much. A half-measure here, a half-measure there, pretty soon I'm better off than the chump beside me.

The absolute win with NoScript is that no scripts run on a site you didn't mean to visit. Maybe the mouse slipped, or you clicked something dubious in a late night haze, or a google search result looked good in précis but you land with a giant OMG! thump. With NoScript you can bail, and you still know where you've been.

Most sites work with just scripts from the base URL. I'm on a lot of sites with half a dozen or more scripts blocked, and it works fine.

For places that look a bit dubious, I use temporary mode.

I'm sure there's some monkey business going on with the base scripts I'm permitting on many sites, but a lot less than shacking a rugby team in a convent. I say it's a pretty good first measure if they have to sneak across the quad.

All in all, it sounds very much like a half-assed illusion of a solution.

Quoting the forefathers of gender-segregation are we?

Thought JavaScript clipboard was opt in?

[tjstork]

I thought that to allow JavaScript to access the clipboard, you had to opt in, and even then, you can't really do it the right way under FireFox or Chrome. Like, JavaScript clipboard access is an IE only thing.

  Are we sure this isn't a Java application or something?

Re:Thought JavaScript clipboard was opt in?

This can be done by overloading the Ctrl+c keypress event, etc.

Re:Thought JavaScript clipboard was opt in?

[FlyingBishop]

It's plain JS. It doesn't actually access the clipboard. It just tells what you're highlighting through mouse interaction.

In any case, I blacklist *.tynt.com in hosts.

Re:Thought JavaScript clipboard was opt in?

[tjstork]

This can be done by overloading the Ctrl+c keypress event, etc.

Then from there, you can get the selection...

I got you.

Re:Thought JavaScript clipboard was opt in?

[rhsanborn]

Is anyone else half-tempted to write a script to post back random text from Pride and Prejudice, or something to that effect?

Re:Thought JavaScript clipboard was opt in?

Or an ASCII art version of goatse.

Re:Thought JavaScript clipboard was opt in?

[lattyware]

'ASCII art version of goatse.' +4 Interesting
Only on slashdot.

Re:Thought JavaScript clipboard was opt in?

=O=

Re:Thought JavaScript clipboard was opt in?

[geminidomino]

Maybe random passages snarfed from the alt.sex.stories archives... fuck up their demographics, but at least give them something to read!

Re:Thought JavaScript clipboard was opt in?

[vnaughtdeltat]

I have this terrible habit of double-clicking on text when I'm reading it, which selects it every couple of seconds. If more people did this maybe we could overload their servers.

Re:Thought JavaScript clipboard was opt in?

[jank1887]

Pride and Prejudice? You're nice. I was thinking something along the lines of the 'first post' and CmdrTaco spam.

Re:Thought JavaScript clipboard was opt in?

[FlyingBishop]

http://man.netbsd.se/?find=hosts.deny+5+30

I think the proper way is ALL: .tynt.com

*.tynt.com shouldn't work on any platform, to my knowledge.

Re:Thought JavaScript clipboard was opt in?

[clone53421]

Blocking .tynt.com doesn’t block tynt.com itself. You have to use two entries.

Re:Thought JavaScript clipboard was opt in?

[clone53421]

Moderating funny posts interesting (or informative, or insightful) can often be quite funny. When moderating, I’ve been known to do it just for comic effect.

Re:Thought JavaScript clipboard was opt in?

[broken_chaos]

The specific URL to block, in case you don't want to block absolutely everything from a domain, is:
http://tcr.tynt.com/javascripts/Tracer.js

Re:Thought JavaScript clipboard was opt in?

[ais523]

Some moderators also do it to reward the poster (or cancel out a mod-down, as the grandparent says). Modding someone funny doesn't increase their karma; modding them interesting, informative, insightful or underrated does.

Other script blockers will work, as well

[srmalloy]

NoScript will also block it, and if you configure it to block by default, Tynt's code will never execute unless you specifically permit it.

Re:Other script blockers will work, as well

[causality]

Somebody's been insulted by the story. Half the replies to this story have been down-modded as Troll.

Make note, meta-mods!

Unfortunately meta-moderation is quite useless these days. It mattered when it produced a "fairness" score for moderators and whether they received points was affected accordingly. Now it just meta-moderates posts and not moderators, which completely defeats the useful original purpose. Anyone who's been on this site for a decent length of time has noticed the increase in low-quality moderation that has happened ever since this decision was made.

Re:Other script blockers will work, as well

[maxwell+demon]

It's not in my NoScript whitelist (just checked). But anyway, even if it were, RequestPolicy would reliably block it anyways.

It is to laugh.

[geminidomino]

Epic Win for Irony.

Currently on the front page of Wired.Com

"WebMonkey:

Warning: This site may be sharing your data"

If its just JS break it.

[DarkOx]

If its just J/S it must be useing the browser to get or post the information back to their web server. Figure out what there net block is and black configure your firewall to send you a nice reset packet anytime your box tries to hit it.

Re:If its just JS break it.

[TheRaven64]

I often randomly click on a page while I'm reading and select bits of text. If I visit any site that uses this, then they'll get a lot of data but no useful information from me.

Re:If its just JS break it.

[Jah-Wren+Ryel]

Don't like it? Metamoderate.

It is impossible to metamoderate without javascript.
The irony of that requirement is particularly stark given the context of this slashdot article.

Re:If its just JS break it.

[mikael_j]

Or with Bind you could create an empty master zone conf that returns NXDOMAIN for everything and then tell Bind it's the master server for tynt.com and tell it to use the empty zone file, that's what I do with annoying junk domains and I only have to change it in one place to change it for my entire network.

/Mikael

Re:If its just JS break it.

[mister_playboy]

If you meta-moderated yourself, you'd know that it no longer has anything to do with moderation of the moderators.

Scripting?

[Nexzus]

Probably uses the script onmousedown or onselect events for the page. So don't allow scripting for that site, and you should be fine.

NoScript

[leoc]

Personally I have stopped browsing without NoScript enabled. I sincerely hope that the functionality it provides is adapted as a base feature in future browsers. Javascript is simply too dangerous to be trusted by default. Sites need to earn that trust, IMHO.

Re:NoScript

[apoc.famine]

It's interesting how transparent NoScript is on the pages I visit often, and how much it complains about sites I don't visit often. It's an extra irritation, definitely. But when you watch someone browsing without it, you get a damn good refresher on why you use it.
 
I'm blown away by the amount of abuse that most people put up with from scripts. It's mind-boggling to me. I put up with exactly one bit of abuse - sometimes I have to reload a page a time or two as I selectively enable scripts to get to the content I want. I'd rather not do that, but it sure beats the alternative.

Re:NoScript

[causality]

until i find a subscribable whitelist (ala AdblockPlus's blacklist) I won't use it.

I don't want to go through the trouble of adding every known benign site to my white list.

The number of benign sites I use is much greater than the number of benign sites that won't work without Javascript. Even if there were an exact 1:1 correspondence, I'd consider the couple of mouse clicks of effort to be more than worth my while to obtain a browsing experience that is under my control and happens the way I want it to happen. Once added to the (non-temporary) whitelist, a site stays on that list until and unless I remove it, so It's not like I have to do this more than once for any particular site. I consider it a very small price to pay, especially when you think about the potential abuses that we don't yet know about because they have not yet made headlines.

Re:NoScript

[Jah-Wren+Ryel]

until i find a subscribable whitelist (ala AdblockPlus's blacklist) I won't use it.

I don't want to go through the trouble of adding every known benign site to my white list.

I find that the web is remarkably useful without javascript. There are a handful of sites that absolutely require it, but 99% of the time, I don't need javascript to get by. For example, my white list is limited to:

my high school's alumni site
my banks' websites
bing.com - for the maps only
google.com - for maps and voice only, not search
youtube
addons.mozilla.org

Occasionally I'll make use of the "enable javascript on this site temporarily" but for the most part that's rare (like if I'm shopping at newegg)

I will admit, that on occasion I will give up on a website because it doesn't work without javascript. But there are almost always alternatives that fit the bill and do work just fine.

Re:NoScript

[inviolet]

Personally I have stopped browsing without NoScript enabled. I sincerely hope that the functionality it provides is adapted as a base feature in future browsers. Javascript is simply too dangerous to be trusted by default. Sites need to earn that trust, IMHO.

It is in Opera. Opera has built-in site prefs that include java, javascript, plugins, 1st and 3rd party cookies, send referer, right-clicks, etc. These can be configured per site, per domain, and both. Then you turn all that crap off browser-wide, so that your site prefs become a whitelist.

Opera is so far ahead of its time.

Snopes

[Itninja]

Snopes was (is?) using java to prevent site viewers from right-clicking and selecting text at all (not to mention using java to present copious pop-up and pop-under ads). I had no idea until I was watching a friend go to Snopes in a browser without NoScript running. Showed him how to user get NoScript and now he is free to copy/paste text with impunity!

Re:Snopes

[Unbeliever]

I don't use noscript, but have been noticing lots of disabled copying on more and more websites.

The simple fix I use is to Ctrl-U/View source and copy from that window.

Re:Snopes

[Lord+Ender]

Hey boys! This feller here is calling himself "IT Ninja" but he doesn't know the difference between java and javascript! I say we run him outa slashdot!

Re:Snopes

[shamborfosi]

Here's the script snopes uses:

var omitformtags=["input", "textarea", "select"]
omitformtags=omitformtags.join("|")

function disableselect(e){
if (omitformtags.indexOf(e.target.tagName.toLowerCase())==-1)
return false
}

function reEnable(){
return true
}
if (typeof document.onselectstart!="undefined")
document.onselectstart=new Function ("return false")
else{
document.onmousedown=disableselect
document.onmouseup=reEnable
}

So you can see that with the exception of select input and textareas, they disable selection when the mouse is pressed and re-enable it when the mouse is released.

Habits

[Hatta]

I have a habit of repeatedly selecting and deselecting text as I read it. I probably selected the story blurb here 10 times while reading it. It would be hard for them to mine that data for anything useful. Not that I run strange javascript anyway.

Re:Habits

[LMacG]

I'm a "highlight while reading" guy too. That's what first made me notice Tynt, and that's what made me swich back to Firefox (w/ NoScript) from Chrome.

Re:Habits

[Mikkeles]

Probably Derek Ball

More of the same?

[Qubit]

So let me get this straight. Because there are websites that are doing shady stuff with the text I select and such, you want me to install a Firefox Extension that theoretically won't do anything shady with my stuff, even though its license consists of

Source code license for Ghostery 2.0.2
Copyright Ghostery, Inc. All Rights Reserved.

And there's no source available.

Why should we trust the people behind Ghostery any more than a random website out there? If you're writing software to protect privacy and prevent data snooping, why make people trust more closed-source software?

Easy Adblock Plus Filter

[CritterNYC]

Just add a filter to to Adblock Plus in Firefox. Go to Adblock Plus's preferences page, click Add Filter and enter:

http://tcr.tynt.com/*

Then just click OK or Apply.

Re:Easy Adblock Plus Filter

[bheer]

They also use http://wau.tynt.com/javascripts/TyntLite.js for some pages, so I'd recommend adding http://*.tynt.com/* if your blocking system supports multiple wildcards.

Re:Easy Adblock Plus Filter

[InvisiBill]

Similarly, I blocked http://*.tynt.com/javascripts/* myself. I prefer to be as specific as possible for what I want to block (their scripts in this case) so as not to completely block the whole site, while still trying to block the widest swath of the unwanted stuff. Not that I ever plan to go there, but this way it won't block it if I decide to check out their ToS or something.

Re:Easy Adblock Plus Filter

[Jah-Wren+Ryel]

I'm totally the opposite. If I think their entire reason for existence is privacy invasion, I block the entire site e.g. "tynt.com" - because you never know when they are going to add more stuff to their arsenal, so I prefer to take them out completely by just specifying their top level domain. It has never been a problem in the ~7 years or so that I've been doing it.

Re:Easy Adblock Plus Filter

[clone53421]

Just subscribe to the EasyPrivacy filter list.

It includes the filter ||tynt.com^$third-party already.

Why collect that data?

[gmueckl]

The URL appending when cutting and pasting is easily defeated by pasting using the middle mouse button. That script still sends selection information, though. Can anybody tell me what this data is collected for? I don't see any value in it.

Re:Why collect that data?

[LMacG]

I wonder if they tracked me copying the URL for their page - Why Tynt Insight?

Re:Why collect that data?

[Nerdfest]

Many password storage utilities use the paste buffer to keep you from needing to type the password, although the good ones will blank it out after a short period of time. This has the potential for some fairly serious abuse.

Re:Why collect that data?

The URL appending when cutting and pasting is easily defeated by pasting using the middle mouse button. That script still sends selection information, though. Can anybody tell me what this data is collected for? I don't see any value in it.

And the ability for most slashdotters to think beyond their own heads is made blindingly apparent yet again. Having some idea of what specific text people are highlighting or cutting/pasting from any given page is imminently useful. Hell, it can even be useful for a Linux HOWTO site -- the site owner could see that 10 out of every 15 people that visit the HOWTO always select the same block of text, which means that there are a shitload of people out there looking for that very specific piece of information. You could then move that block of text somewhere where it's more prominent, or add it to the FAQ, or whatever. I'm not saying they should be using this Tyntcrap to do it, but I'm merely pointing out how your failure to "see any value in it" is exactly that -- a failure of imagination on your part.

Based on Selection

[CritterNYC]

It's based on selecting text, not copying and pasting it. So when you select the text in your browser, as soon as you finish making the selection, it sends the info on what you selected back to Tynt. It also adds in the attribution link to the selected text (although you won't see it in the web page). Then when you CTRL-C or right-click and copy as usual after making the selection, you get your selected text and the attribution link.

That's how it avoids needing to use Javascript to do anything to directly touch the clipboard (which is disabled by default in your browser for security reasons).

Re:Based on Selection

[sproingie]

All browsers offer an API for getting at the current selection. You just hook MouseUp and read the selection. Nothing so low-level as translating mouse coordinates.

Re:Based on Selection

[QuoteMstr]

Yes but how does it translate from knowing that a mouse drag was performed to exactly which characters are selected?

Through the stanard API.

AFAIK, it is very hard in Javascript to tell what character corresponds to which mouse coordinates.

No, it isn't.

Whatever Tynt's solution is, it must be something pretty cool.

Not really.

A really good application of the technique would be removing text: e.g., removing footnote references from copy-and-pasted wikipedia section, and removing inline site notifications from Slashdot posts.

Re:Based on Selection

[clone53421]

A really good application of the technique would be removing text: e.g., removing footnote references from copy-and-pasted wikipedia section, and removing inline site notifications from Slashdot posts.

...and none of it should require phoning home.

rename extension.xpi to extension.zip ... profit!

... closed-source software?

1. rename extension.xpi to extension.zip
2. open extension.zip with unzipper of your choice
3. read all source-code
4. ???
5. profit!

Kind of One Sided Review of the Service

[eldavojohn]

I can't get it to work when I copy paste from Wired (must be something with my setup and javascript) but I will make the unpopular statement of saying that 1) you are copying and pasting Wired's content and 2) as early as high school I was taught that if I was copying information verbatim, I had better have some sort of reference (MLA preferred).

Now, on Slashdot I drop in a link on some text like just did up there. But if I'm quoting it, I'll throw in a quote block and lead up to who said it and call it a day. Now, let's imagine a world where all that was automated when you copied something and the text you copied came with XML metadata saying all the things like where you got it, when you got it, who wrote it, etc. That could potentially be pretty useful. If you think of the web as actual works belonging to people then you can start to see how legitimately referencing other works could be made a lot easier with stuff like this. And maybe text editors could have plugins to digest it?

Unfortunately the submitter and editor of this site seem to cry privacy violation at any attempt to move past the wild wild west anything goes attitude of the world wide web. That's fine as this has an element of privacy concerns what with the phoning home. But please consider the issue from Wired's side, from the side of the author and content creators. They might just trying to help us with what we were taught in school.

Lastly, I would like to point out that another solution aside from Ghostery or Noscript is just to not use Wired's site at all. Vote with your feet and bring your eyeballs elsewhere for pageviews and adclicks. I'm sure Wired's not losing a whole lot of adclicks if you do.

Re:Kind of One Sided Review of the Service

[LMacG]

Part of the problem is that the script seems to want to communicate to the server even when you've only highlighted text. As mentioned in another post (that the mods on acid seem to have gotten to), I highlight when I read. I don't know why, but it's what I do. I'm NOT copying, but tynt is still tracking me; the "cite your references" argument doesn't apply.

As far as just not using Wired.com, that completely ignores the fact that many other sites have this POS JS running; I first noticed it at the New Yorker magazine site.

Re:Kind of One Sided Review of the Service

[guido1]

The copy/paste/autolink behavior is not the privacy concern. I didn't read anyone here saying that it was.

The privacy concern is (from the summary): sends what you copy to Tynt's webservers...

So I, as a user of a random webpage, copy something for later pasting. That info, and my IP address, is sent to a third-party, theoretically for the purpose of appending a URL to the end of the text. Is that data also used for something else? Most likely. What company wouldn't try to make use of data it receives?

Since the same append functionality can be done trivially with some JS without contacting a home server, we immediately hop on the privacy horn.

Re:Kind of One Sided Review of the Service

[pdboddy]

Yes, it is Wired's content, but there are rules for fair use.

Some folks just use the highlighting part of copy to read.

Some folks copy and paste links to email themselves so they can find it later. Likewise some folks copy and paste articles, in part or in whole, to themselves to read later.

People do get annoyed when websites do things without saying such things are being done. Wired has every right to defend its content, however, it should do so in an open manner.

Re:Kind of One Sided Review of the Service

[shutdown+-p+now]

That info, and my IP address, is sent to a third-party, theoretically for the purpose of appending a URL to the end of the text. Is that data also used for something else? Most likely.

There's nothing theoretic about it - they spell it out in large letters on their website. It's all about data mining first and foremost; autolinking is actually an optional add-on, and even then it's advertised as "driving up more visits" - i.e. it's a feature for site owners, not for end users.

It's insane, that guy's Tynt

[0xdeadbeef]

Noscript FTW.

How Tynt.com says to avoid being tracked...

[landrew]

This from their FAQ - Technical Topics (http://www1.tynt.com/faq-technical-topics):

Q. How can I block Tynt Insight from monitoring my actions?

A. Tynt understands that some people are uncomfortable having events from their web browsing recorded in a database. We take your privacy concerns seriously and we are therefore investing considerable effort into developing a feature that will allow users to block Tynt software across all the sites that are using it, from within their own browser. Until we have this blocking feature ready, it is possible to achieve a similar effect by using one of the many ad blocking components available on the net. For Firefox users, we have found Adblock plus to work well, and Super Ad Blocker is effective for IE users.

I can't wait to download and install software they've written to help me block them from tracking me with their software. Good thing I'm using Ad Block Plus and NoScript while I wait, or they'd know I cut-n-pasted that...

Re:How Tynt.com says to avoid being tracked...

[clone53421]

AdBlock Plus filter:

||tynt.com

Re:How Tynt.com says to avoid being tracked...

[Boogaroo]

You do realize the reason he said "he can't wait" is because he's referring to whatever software that Tynt is going to release to block Tynt, and not referring to ABP or NoScript.

The GP makes the assumption that the option Tynt will provide is software. It might be another way that doesn't involve software. Tynt wasn't clear on what method they were use for the opt-out.

Trolls?

[jgtg32a]

Does Tynt have multiple /. accounts or something? I've never seen so many posts marked Troll

Re:Trolls?

[TyntGuy]

We're not a big company, and I can tell you I'm the only Tynt guy commenting here. Derek

Re:Trolls?

[mhelander]

Yes, but how about moderating?

All Your base are belong to us

[TibbonZero]

"Not cookie based, not IP based, but stop it you creeps angry phone call based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away and have had the decency to never start up in the first place."

Please tell me that the writer is either a non-native English speaker, or they didn't read that twice?

Re:All Your base are belong to us

[elysiana]

It's not the most beautiful of prose, but it made sense to me. What are you missing here? Maybe I can fix it a bit...

"Not cookie-based, not IP-based, but 'Stop it, you creeps'-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away and that they'd had the decency never to start up in the first place."

Does that help? Am I misunderstanding what you're getting at?

hosts file seems to work

[jtroutman]

I seem to have stopped this by adding the following to my hosts file:
127.0.0.1 www1.tynt.com
127.0.0.1 tynt.com
127.0.0.1 www.tynt.com
127.0.0.1 w1.tcr112.tynt.com

Re:hosts file seems to work

[jtroutman]

and... fail. For some reason it stopped and has now started again. I'll look into it further when I'm back in front of a computer.

WHAT HOSTS DO THEY USE?

Please, we need to know ALL of the hosts that they use so we can add them to our hosts file.

Re:WHAT HOSTS DO THEY USE?

[icebike]

That is a losing battle. You can't keep up.

I use OpenDNS as my upstream DNS server. Even on a free account you can set up block lists which can kill off a LOT of those nasty word tag thingies that underline specific words and pop up things as your mouse crosses the word.

I can't be sure that it will block tynt.com (yet) but I've already added it to my block list which includes (and works perfectly for) many of the other annoyances:

chitika.net
contextweb.com
intellitxt.com
kontera.com
optmd.com
tribalfusion.com
vibrantmedia.com
tynt.com

Re:WHAT HOSTS DO THEY USE?

[icebike]

But you have to run admuncher on each machine.

One fix in opendns and the entire company lan is protected from this nonsense. Why sandbag each house when you can just plug the leak in the Dam?

Re:WHAT HOSTS DO THEY USE?

[Reaperducer]

And if you are trying to access any site I block we will hold the meeting to discuss this in the HR department where you will need explain why you need to access sites blocked by company approved blocking policy. After which, we will do an analysis of your hard drive.

Wow, you're a real arrogant dickbag, aren't you? The next time you see an article on the internet about crappy egotistical IT folk, take a minute to walk down to the bathroom and look at yourself in the mirror.

Re:WHAT HOSTS DO THEY USE?

[k1t10]

I have to say i agree. I just work here, i don't make the policies. It's easier to let HR deal with people that think they should be exempt.

in Opera...

[AliasMarlowe]

Just make sure that the option "Allow scripts to detect context menu events" is left unchecked (this is the default). Then you can select text/graphics/whatever, and copy operations via right mouse click are not observable by javascript.

In fact, javascript can't detect any right click actions in Opera unless you explicitly allow it. So copy, paste, translate, search, dictionary, encyclopedia, etc. actions can't be monitored by javascript in a web page.

This feature was in earlier versions of Opera as well, but the checkbox was named differently.

Re:in Opera...

[LordKazan]

having right click detection disabled breaks some very useful sites.. like Google maps

Re:in Opera...

[sconeu]

Then allow it in your site preferences for maps.google.com

Re:in Opera...

[freeweed]

Yes and no. It took my slow brain a while, but I eventually realized that when you right click in GM, and the context menu comes up, you can hit escape and it will go away - leaving the Google menu for "directions to here", etc visible.

Broken, but with a simple workaround.

Re:in Opera...

[Sparr0]

I maintain public and private maps for a number of businesses, organizations, and events. I submit map data corrections both directly to google and previously to their map data providers on a weekly basis. I regularly use their walking directions and topographic maps to plan bicycle treks. I have implemented multiple business and gaming oriented applications including or built around the maps API. I am a Google Maps power-user...

And I never knew that there was right click functionality on the main maps interface. When I right click, I get the normal right-click-on-an-image context menu (View Image, Copy Image, Copy Image Location, Save Image, etc). What does that menu do for you? In what way is the site broken without it?

Re:in Opera...

[zlexiss]

I just go to Block Content and put in an entry for *tynt.com*

Re:in Opera...

[JohnQPublic]

Yeah, this is why I love Opera. Firefox may have lots of add-ons, but Opera always does everything I need it to, right out of the box, and its defaults are extremely sensible.

A comment from Tynt

[TyntGuy]

I work for Tynt. I appreciate the discussion here and want to make sure that everyone knows we want to be respectful of the opinions here. Not sure i I will get flamed just for wading in, but I hope not. To clarify on a few points 1. Tracking and Attribution – the attribution feature is separate from the tracking features. The tracking features work very much like any other analytics tool. We do not store any personally identifiable information, but we do want to help publishers learn what content people are choosing to preserve and promote. In addition, publishers can turn the attribution feature on or off on their sites. If you want to see what is actually collected - sign up for an account and look at the dashboard, you will see that we are tracking the content, not the user. 3. What if I don’t want this behavior? We are currently working on a global opt out for users who would rather not have Tynt monitor them. In the interim you can opt out on a site by site basis (i.e. the opt out for the SF Gate is here: http://www.sfgate.com/chronicle/faq.shtml#faq1.5%23ixzz0bxLIAbL7). More info on how to not have Tynt monitor you is available in our FAQs here: http://www1.tynt.com/faq-technical-topics#ixzz0bxGzIgPZ but as pointed out in the comments here, NoScript is a very effective tool for this. Derek

Re:A comment from Tynt

[Hatta]

we are tracking the content, not the user.

And when the content is personally identifiable?

We are currently working on a global opt out

Why not an opt in?

Re:A comment from Tynt

[Hatta]

What incentive do they have to make it an opt in?

None whatsoever, which is the point. If they actually believed that this service was something people actually wanted, they'd lose nothing by going opt-in. But, as few people would actually choose to have their clipboard tracked, there's a massive disincentive to going opt-in. I'd just like to hear an employee spin that in a way that doesn't sound unethical.

Re:A comment from Tynt

[Jeng]

If I was posting for the company I work for I would create a new account specific for the company I work for to post with. I would not use my everyday account.

I find his post rather credible and I don't see how old his login has bearing on the issue. I find his answer credible because of the argument made.

So, what is the reason that you are posting as AC? Just trolling are you?

Re:A comment from Tynt

[ibpooks]

If you want to see what is actually collected - sign up for an account and look at the dashboard, you will see that we are tracking the content, not the user.

Doesn't signing up for an account with you kinda defeat the purpose of not giving you any of my information? Even signing up for your vaporware opt out gives you information about me that you will no doubt exploit in some way. In order to opt me out you need to be able to uniquely identify me.

Re:A comment from Tynt

[Dolohov]

I can't speak for anyone else, but I find a couple things wrong with this:
1) Like a number of people, I tend to highlight text as I read -- it's a good way to mark my place, and it helps overcome some of the stupid font and coloring decisions that sites make. That means you're not just telling publishers what I want to preserve and promote, but snippets of what I'm reading. That bugs me, and I can't imagine that it's useful.
2) Maybe you're not storing or tracking personally identifiable information, maybe you are -- I have no way of knowing. (I appreciate the offer of the dashboard access, but that's just what you choose to share) I have to trust you not to, and you are not behaving in a manner that makes me want to trust you: silently sending data? Asking me to opt-out rather than opt-in? Sorry, no. I've been to a couple of the sites mentioned here and had no idea that my reading habits were being monitored in this way -- that makes me feel like I'm being spied on, and I have to wonder what else you're doing that you just haven't been caught at yet. You guys launched without an opt-out, that tells me that you consider privacy concerns an afterthought.
3) Even if I trust you not to mistreat my data, how do I know that you're sending this in an intelligent fashion? I haven't done a TCPdump yet, but when I do, am I going to discover that you're sending what I highlight plain-text? Can someone who isn't you track me personally based on what you're collecting and sending? Is there any effort to make sure that the sites who use this are not being stupid and applying your tool to text on secure pages? How can I know without stopping and peering at the source for every page I visit?
4) If my choices are individual opt-out on your customers who are polite enough to offer it versus either blanket blocking or global opt-out, I'm going to have to pick global opt-out even if I don't mind the polite folks using it. Otherwise I have no control over how the less-trustworthy people use it -- as an opt-out service, your whole service is only as trustworthy as your least honest customers. And I cannot imagine that your customers who rely on ad revenue are happy to have you recommending that people who don't want to be spied on use an ad blocker.

I actually don't mind the attribution tool, I think it's clever and potentially useful -- but also something that could have been accomplished without tracking my reading habits.

If you want to be trusted and not "flamed", it's simple: make it opt-in, and give me a good reason to opt in. You make money off monitoring my browsing habits, maybe I ought to get a cut.

Re:A comment from Tynt

[thesolo]

Why not an opt in?

Do you really need to ask? Because no one would opt-in for it! But just do it without telling anyone, and most people outside of tech groups don't even know what it is or that it's operating in the background.

Quoth Grace Hopper, "It's easier to ask forgiveness than it is to get permission."

Re:A comment from Tynt

[whois_drek]

You're not the customer, the websites are. They have no reason to ask the visitors to the websites to opt in or out.

Obfuscation on one of the big lyric sites

[tepples]

The simple fix I use is to Ctrl-U/View source and copy from that window.

I've seen one lyric site that thwarts this by encoding every character of each song's lyrics as a numeric character reference (for example, hello for hello). It expands the size of the markup, but for one thing, that's what mod_gzip is for, and for another thing, obfuscation of View Source makes it that much easier for sites to keep their licenses from the music publishers.

Re:You do not own wired's website

[Ant+P.]

if you don't want to view wired's website under wired's conditions, then don't visit their website.

Where in Wired's conditions or privacy policy do I agree to let them track which text I copy and paste off their site? Come on, you should have this answer since you're the one bringing it up.