Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tynt Insight Is Watching You Cut and Paste

Posted by timothy on from the peeking-at-your-poke dept.

jerryasher writes "In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."

20 of 495 comments (clear)

  1. use noscript! by Anonymous Coward · · Score: 5, Informative

    Only run the javascript you want.

    1. Re:use noscript! by izomiac · · Score: 5, Interesting

      As a poster above mentioned, allowing 2nd level domains is a good trade off between security and convenience. Before I used NoScript I blocked external scripts using a proxy filter for years, and it's only been in the past couple that I've bothered whitelisting anything. Basically, a few APIs (e.g. Google's) and some oddly configured sites that use multiple 1st level domains are about it. Other than those, it is quite rare for a script from an external host to be something that is beneficial for the user. Usually they're ads, stat counters, or something flashy and annoying. This will get you into trouble with some shopping sites though, like Pizza Hut's where I wasn't sure if my order was placed or not, and didn't want to refresh and possible order another pizza. So I whitelisted "https://*", and that seems to work well.

  2. Other script blockers will work, as well by srmalloy · · Score: 5, Informative

    NoScript will also block it, and if you configure it to block by default, Tynt's code will never execute unless you specifically permit it.

    1. Re:Other script blockers will work, as well by causality · · Score: 5, Insightful

      Somebody's been insulted by the story. Half the replies to this story have been down-modded as Troll.

      Make note, meta-mods!

      Unfortunately meta-moderation is quite useless these days. It mattered when it produced a "fairness" score for moderators and whether they received points was affected accordingly. Now it just meta-moderates posts and not moderators, which completely defeats the useful original purpose. Anyone who's been on this site for a decent length of time has noticed the increase in low-quality moderation that has happened ever since this decision was made.

      --
      It is a miracle that curiosity survives formal education. - Einstein
  3. It is to laugh. by geminidomino · · Score: 5, Funny

    Epic Win for Irony.

    Currently on the front page of Wired.Com

    "WebMonkey:

    Warning: This site may be sharing your data"

  4. NoScript by leoc · · Score: 5, Insightful

    Personally I have stopped browsing without NoScript enabled. I sincerely hope that the functionality it provides is adapted as a base feature in future browsers. Javascript is simply too dangerous to be trusted by default. Sites need to earn that trust, IMHO.

    --
    STFU about slashdot bias.
  5. Re:If its just JS break it. by TheRaven64 · · Score: 5, Informative

    I often randomly click on a page while I'm reading and select bits of text. If I visit any site that uses this, then they'll get a lot of data but no useful information from me.

    --
    I am TheRaven on Soylent News
  6. Easy Adblock Plus Filter by CritterNYC · · Score: 5, Informative

    Just add a filter to to Adblock Plus in Firefox. Go to Adblock Plus's preferences page, click Add Filter and enter:

    http://tcr.tynt.com/*

    Then just click OK or Apply.

    --
    Portable versions of Firefox, GIMP, LibreOffice, etc
    1. Re:Easy Adblock Plus Filter by bheer · · Score: 5, Informative

      They also use http://wau.tynt.com/javascripts/TyntLite.js for some pages, so I'd recommend adding http://*.tynt.com/* if your blocking system supports multiple wildcards.

      --
      Go somewhere random
  7. Based on Selection by CritterNYC · · Score: 5, Informative

    It's based on selecting text, not copying and pasting it. So when you select the text in your browser, as soon as you finish making the selection, it sends the info on what you selected back to Tynt. It also adds in the attribution link to the selected text (although you won't see it in the web page). Then when you CTRL-C or right-click and copy as usual after making the selection, you get your selected text and the attribution link.

    That's how it avoids needing to use Javascript to do anything to directly touch the clipboard (which is disabled by default in your browser for security reasons).

    --
    Portable versions of Firefox, GIMP, LibreOffice, etc
  8. Re:Thought JavaScript clipboard was opt in? by Anonymous Coward · · Score: 5, Funny

    Or an ASCII art version of goatse.

  9. rename extension.xpi to extension.zip ... profit! by Anonymous Coward · · Score: 5, Informative

    ... closed-source software?

    1. rename extension.xpi to extension.zip
    2. open extension.zip with unzipper of your choice
    3. read all source-code
    4. ???
    5. profit!

  10. How Tynt.com says to avoid being tracked... by landrew · · Score: 5, Informative

    This from their FAQ - Technical Topics (http://www1.tynt.com/faq-technical-topics):

    Q. How can I block Tynt Insight from monitoring my actions?

    A. Tynt understands that some people are uncomfortable having events from their web browsing recorded in a database. We take your privacy concerns seriously and we are therefore investing considerable effort into developing a feature that will allow users to block Tynt software across all the sites that are using it, from within their own browser. Until we have this blocking feature ready, it is possible to achieve a similar effect by using one of the many ad blocking components available on the net. For Firefox users, we have found Adblock plus to work well, and Super Ad Blocker is effective for IE users.

    I can't wait to download and install software they've written to help me block them from tracking me with their software. Good thing I'm using Ad Block Plus and NoScript while I wait, or they'd know I cut-n-pasted that...

  11. in Opera... by AliasMarlowe · · Score: 5, Informative

    Just make sure that the option "Allow scripts to detect context menu events" is left unchecked (this is the default). Then you can select text/graphics/whatever, and copy operations via right mouse click are not observable by javascript.

    In fact, javascript can't detect any right click actions in Opera unless you explicitly allow it. So copy, paste, translate, search, dictionary, encyclopedia, etc. actions can't be monitored by javascript in a web page.

    This feature was in earlier versions of Opera as well, but the checkbox was named differently.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  12. A comment from Tynt by TyntGuy · · Score: 5, Informative

    I work for Tynt. I appreciate the discussion here and want to make sure that everyone knows we want to be respectful of the opinions here. Not sure i I will get flamed just for wading in, but I hope not. To clarify on a few points 1. Tracking and Attribution – the attribution feature is separate from the tracking features. The tracking features work very much like any other analytics tool. We do not store any personally identifiable information, but we do want to help publishers learn what content people are choosing to preserve and promote. In addition, publishers can turn the attribution feature on or off on their sites. If you want to see what is actually collected - sign up for an account and look at the dashboard, you will see that we are tracking the content, not the user. 3. What if I don’t want this behavior? We are currently working on a global opt out for users who would rather not have Tynt monitor them. In the interim you can opt out on a site by site basis (i.e. the opt out for the SF Gate is here: http://www.sfgate.com/chronicle/faq.shtml#faq1.5%23ixzz0bxLIAbL7). More info on how to not have Tynt monitor you is available in our FAQs here: http://www1.tynt.com/faq-technical-topics#ixzz0bxGzIgPZ but as pointed out in the comments here, NoScript is a very effective tool for this. Derek

    1. Re:A comment from Tynt by Hatta · · Score: 5, Insightful

      we are tracking the content, not the user.

      And when the content is personally identifiable?

      We are currently working on a global opt out

      Why not an opt in?

      --
      Give me Classic Slashdot or give me death!
  13. Re:Kind of One Sided Review of the Service by guido1 · · Score: 5, Informative

    The copy/paste/autolink behavior is not the privacy concern. I didn't read anyone here saying that it was.

    The privacy concern is (from the summary): sends what you copy to Tynt's webservers...

    So I, as a user of a random webpage, copy something for later pasting. That info, and my IP address, is sent to a third-party, theoretically for the purpose of appending a URL to the end of the text. Is that data also used for something else? Most likely. What company wouldn't try to make use of data it receives?

    Since the same append functionality can be done trivially with some JS without contacting a home server, we immediately hop on the privacy horn.

  14. Re:Thought JavaScript clipboard was opt in? by lattyware · · Score: 5, Funny

    'ASCII art version of goatse.' +4 Interesting
    Only on slashdot.

    --
    -- Lattyware (www.lattyware.co.uk)
  15. Re:Trolls? by TyntGuy · · Score: 5, Interesting

    We're not a big company, and I can tell you I'm the only Tynt guy commenting here. Derek

  16. Re:Snopes by Lord+Ender · · Score: 5, Funny

    Hey boys! This feller here is calling himself "IT Ninja" but he doesn't know the difference between java and javascript! I say we run him outa slashdot!

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.