Slashdot Mirror

← Back to Stories (view on slashdot.org)

JavaScript User Prohibitions Are Like Content DRM, But Even Less Effective (teleread.com)

Posted by samzenpus on from the no-cut-and-paste dept.

Robotech_Master writes: It always puzzles me whenever I run across a post somewhere that uses JavaScript to try to prevent me from copying and pasting text, or even viewing the source. These measures are simple enough to bypass just by disabling JavaScript in my browser. It seems like these measures are very similar to the DRM publishers insist on slapping onto e-books and movie discs—easy to defeat, but they just keep throwing them on anyway because they might inconvenience a few people.

34 of 188 comments (clear)

  1. Ah, but it's the effort to deter that counts. by Anonymous Coward · · Score: 4, Insightful

    Nobody expects a "No Trespassing" sign to stop anybody from really doing anything they shouldn't, heck, you shouldn't expect your home locks to stop a burglar, and no, nobody thinks a "No Guns allowed" sign stops anybody with firearms.

    But once you say "Stop, don't do it" then anybody making the effort to continue, no matter how trivial, has made an intentional action on their part.

    1. Re:Ah, but it's the effort to deter that counts. by Alwin+Henseler · · Score: 5, Insightful

      You might have been right if the DRM applied aligns 100% with legal boundaries. That is, allow what's legal and prevent illegal uses. And keeps doing so as circumstances / place / time changes.

      But in practice, it never does. DRM on an e-book that prevents copying period, also prevents copying small snippets to use as quote. Which is perfectly legal - see "fair use".

      Unlike author claims, the DRM on Blu-rays is far from broken. If it were, playing them on open source operating systems like Linux would be as easy as playing DVD's on there. But that's not the case. There's databases of per-disk decoding keys floating around. There's libraries that emulate some sort of virtual machine that's built into 'authorised' playback devices. There's other libraries that cut through parts of the DRM bullshit, or attempt to streamline the process.
      But all of these are kludges, there's no 100% guarantee that a random Blu-ray will play (using open source, at the moment), and it's a lot of hassle for users who are just trying to play discs they legally purchased. I'm sure it's only a matter of time before the DRM on Blu-rays will be as irrelevant as that on DVD's, but we're not there yet and in any case it doesn't change the annoyance factor one bit.
      What's more: these issues mostly bother legal users, those who download movies illegally couldn't care less. But the DRM will still be in place as long as the discs itself. Regardless of legalities.

      There's countless examples like that. The technical measures are practically never capable of following legal developments, nor do they adapt to local jurisdiction. Or have a built-in kill switch that 'frees' a product when legal restrictions end. In my personal opinion: DRM simply lowers the value of products that it's applied to, PERIOD. Sometimes to the point of making those products worthless. Some DRM is just more annoying or difficult to circumvent than others.

    2. Re:Ah, but it's the effort to deter that counts. by StormReaver · · Score: 2

      In my personal opinion: DRM simply lowers the value of products that it's applied to, PERIOD. Sometimes to the point of making those products worthless.

      This is the reason I don't buy Blu Ray disks, ever, but continue to buy DVD's. The first thing I do with DVD's I buy is to extract them to my home media server, to keep the original disk safe and to be able to watch the movie from any computer in my house. Blu Ray makes this so painful that I just won't buy any. That type of access restriction lowers the value of Blu Ray to zero.

      I totally get why illegal movie downloaders claim that the movie studios are the biggest cause of illegal movie downloading.

  2. Trivial to bypass by PhantomHarlock · · Score: 4, Interesting

    I am a photographer, and I have no problem sharing this:

    If you want to get around the image obfuscation used by most photo sharing sites and more and more news sites, open up firefox, and go to view -> page style -> no style. That usually gives you the actual image displayed somewhere in the resulting page. No plugins needed.

    If you want to better ensure your name stays with an image, watermark it, and add meta-data. Depending on how annoying the watermark is, someone could take the time to paint it out, and meta data is trivial to strip. As the saying goes, if you can see it, you can take it. If you're that worried about it, don't show it to anyone.

    1. Re:Trivial to bypass by Anonymous Coward · · Score: 3, Interesting

      I've used DigiMarc for years as a way to invisibly watermark images. The only time I've had to use this was someone linking to images on my website, using my bandwidth. I changed the pics the links he pointed to, to random 4chan memes. He then threatened to sue, and claimed ownership of my images. Well, a DMCA takedown notice sent to his ISP and the ISP above him did the job. I then change my web code to only let people with a Referer header from my site view the pictures (primitive, but deters stuff), and moved on.

    2. Re:Trivial to bypass by thegarbz · · Score: 3, Interesting

      I like Flickr's attempt at blocking the image. If I want to download an image in Chrome I normally right click the image and hit S on the keyboard. Then save it somewhere. If a Flickr image is marked as download disabled and I right click an image in Chrome and click S I still get given a familiar save as dialogue. Except this time since Chrome doesn't think I clicked on an image it downloads the page. .... with the image at every available resolution. Just sorting the resulting folder by size gives the image.

      This isn't even a wilful bypass, it's an accidental bypass.

    3. Re:Trivial to bypass by lucm · · Score: 2, Funny

      Looks like the opposite of sprites, so it's probably called pepsi

      --
      lucm, indeed.
  3. Re:Try using Tor now with the fucking Cloudflare! by Mashiki · · Score: 2

    Lot of sites switched to cloudflare as a cheap method of DDOS protection nothing more. It also makes it a pain in the ass for those of us who are out of the country and have to use a VPN service for work.

    --
    Om, nomnomnom...
  4. Please don't jump all over Anne R Allen's blog... by Anonymous Coward · · Score: 3, Insightful

    ... telling her how dumb this is. She knows, she didn't put those wheels into motion herself, and she sounds pretty gutted and apologetic.

    Play nice.

  5. As a non anon coward by the_Bionic_lemming · · Score: 2

    Yeah. Scripting - it's shut off unless needed. For me to enable any scripting I really do have to want the cheese.

    I'd rather find another site before any scripting is enabled in my browsers - and to accentuate my level of paranoia - I stopped loading Adobe stuff 5 years ago.

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  6. Re:Please don't jump all over Anne R Allen's blog. by Robotech_Master · · Score: 2

    That's why I added the update right at the top explaining about that before the story even got picked up on Slashdot.

    --
    Editor Emeritus and Senior Writer, TeleRead.org
  7. "Few"? by Ixokai · · Score: 4, Insightful

    I think you underestimate how many people this sort of thing stops. Yeah, it won't stop most techheads, but the inconvenience is enough to stop most people. Hell, most people don't even know you can turn off javascript. Most people don't even know what javascript is.

    That's sufficient for their purposes, really. They can't stop everyone, no system is perfect, its enough for them to minimize it.

    1. Re:"Few"? by thegarbz · · Score: 2

      They can't stop everyone, no system is perfect, its enough for them to minimize it.

      Minimising only works if you can provide the same restrictions on all plays of the content. If you only minimise then the content "becomes available" by other means. Once it's available non-techheads have no problem accessing the content.

      e.g. Blu-ray. My girlfriend has no idea how to rip a blu-ray, doesn't have the hardware, the codecs, doesn't know which software she needs to decrypt it, or how the encryption scheme works. That doesn't stop her from having files like The.Avengers.x264.bluray-[guy-who-did-the-ripping].mp4 on her computer.

      She also doesn't bother stripping DRM from ebooks, but when you can download a torrent with every ebook released in a given year in one go DRM free, why would she need to?

  8. Wouldn't the point of this stuff by rsilvergun · · Score: 3, Informative

    be to trigger the DMCA. No matter how trivial it is you just violated the law by bypassing it...

    Also how slow a news day does it have to be for this to make the front page of /.? Seriously, it's not even a blog post. There's no content.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Wouldn't the point of this stuff by Blue+Stone · · Score: 2

      The DMCA's text cites "effective measures" being circumvented. Not sure this little trick qualifies. Wouldn't want to have to argue it in court, of course. ;)

      --
      Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
  9. Aggregators by Bite+The+Pillow · · Score: 3, Informative

    Years ago, fark.com went from external images to hosted images. I didn't see the endgame.

    This week, JavaScript is required to load the images. It's vendor lock in all over again. Because who uses an external host if you can just click upload?

    And then I see the same advert every 5 posts.

    Forbes is a white page to me, LATimes us just the menu with a word or two, and several other sites have absolute divs that cover most of the content.

    Your whining about idiotic DRM is just the tip of the iceberg. Bypassing by disabling is one thing. Loading a giant page that renders illegibly requires server resources that, as long as I mostly have wi fi, I'm willing to refresh repeatedly to ensure it really is a problem with the site.

  10. Re:JavaScript. by Aighearach · · Score: 3, Informative

    Sorry, false pedant, in this case "Javascript" is just a colloquialism for ECMAScript.

  11. Re:How do you stop someone from viewing the source by Alwin+Henseler · · Score: 3, Insightful

    Who says you're using a browser to view or render a web page's contents?

  12. Avoid Litigation by avandesande · · Score: 2

    Another possibility is they are trying to avoid getting sued by content providers- that they have applied best practices to protect media.

    --
    love is just extroverted narcissism
  13. Using shift key by ajyand · · Score: 3, Interesting

    Some of the UI restrictions can be evaded just by pressing a special key like "shift" or "ctrl" while using the mouse and it does not require to disable javascript. I was so frustrated once that I copied the entire text from the page and posted it as a comment to tell them look, I can copy and paste.

  14. might inconvenience a few people? by fred911 · · Score: 3, Interesting

    I would venture to say that it inconveniences more than a few, the majority of whom have no idea there is an alternative. Typically Joe Sixpack is clueless a click bait victim and the bread and butter of 90% of content sellers.

    Besides, Janice in accounting don't give a fuck!

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  15. Re:How do you stop someone from viewing the source by cfalcon · · Score: 4, Informative

    Javascript is a steaming pile of shit, riddled with vulnerabilities and broken from tip to top.

    So of course they try to allow some overrides:

    http://stackoverflow.com/quest...

    Basically, you can google anything with "javascript disable" and get developers asking how to fuck their users in the pee hole. Often, there's an answer.

    It wouldn't actually prevent users from viewing source though- I'm not aware of a way to do that. However, if there is, you can find it at good old google bombing expert sex change:

    http://www.experts-exchange.co...

    Also note: the real workaround for this isn't globally disabling javascript, though if everyone did that the web would shape up immediately. The real workaround is the various -monkeys that let you redefine pieces of javascript locally. Many sites go through several hoops to prevent loading on a browser that won't run their shitscript, but redefining parts and/or loading your own CSS can get you around most of it.

  16. Re:JavaScript. by Psion · · Score: 3, Informative

    Nope, sorry. It's called Javascript, but it has nothing to do with Java. It's a totally different, interpreted language.

  17. Yep... by SharpFang · · Score: 4, Interesting

    Sometimes they don't even notice.

    There was this site with "lessons" in using some API or library. There were code examples. And if you tried to select and copy, to paste an example into a compiler, a dialog would pop up telling you that the content is copyrighted and you're not allowed to copy it.

    And at the bottom of the page was a survey, "What can I do to improve these lessons?"

    I filled it out, with my email and a sarcastic comment about the copy restriction - that maybe forcing people to retype the examples isn't the best way of teaching. The owner of the site wrote me with a solemn apology, informing me that she didn't even notice the (dis)functionality was in place, and that it just got installed with the CMS and she didn't disable it because she didn't know it was there...

    So... whoops?

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  18. Re:How do you stop someone from viewing the source by tlhIngan · · Score: 2

    But you really can intercept Ctrl-U. The thing is, most browsers simply ignore it, for obvious reasons.

    Well, in Firefox and probably others, shift-right-click bypasses all right-click javascript. So if a site disables right-clicking, you can just hold shift and still access "View Page Source" in the context menu. Or anything else - I use an addon called "Nuke Anything" that lets you remove bits of the page and right-click javascript often disables that...

  19. I hadn't noticed by evanh · · Score: 3, Informative

    With No-Script blocking all scripting by default, it hadn't dawned on me that such activities occur.

  20. Re:security by serviscope_minor · · Score: 2

    In firefox you can disable clipboard events only, which allows javascript to run but completely nerfs attempts to block copy/paste. about:config

    Note however that it will break things like google docs until you re-enable them since that requires overriding copy/paste events apparently are necessary as the browsers provide them rather than more generic operators.

    --
    SJW n. One who posts facts.
  21. The average user by Roodvlees · · Score: 3, Informative

    You overestimate the average user.
    They have no idea that that stuff can be bypassed so easily.
    If they did know, they'd think it's too much work.
    Then they'd forget about that being possible.

    --
    Thank you, Bradley Manning, Edward Snowden and so many others, for courageously defending humanity, my freedom and more!
  22. Re:security by lucm · · Score: 2

    Kill yourself

    I think people like you play an important role on internet. You're like the crazy homeless people who make the subway ride more entertaining when you've left your kindle at the office.

    If I can make a suggestion: maybe if you could sound just a little less like a petulant teenager making angry posts on Facebook, it would make you slightly more relevant. But in any event, keep up the good work!

    --
    lucm, indeed.
  23. Re:Try using Tor now with the fucking Cloudflare! by ArsenneLupin · · Score: 2

    So stop visiting those sites.

    Sure, I'll just remove Zendesk and Cisco from the list of companies I occasionally have to do work with. I'm sure that will work out well.

    Why not? Grow a pair, and the world will be a better place.

  24. Re:JavaScript. by U2xhc2hkb3QgU3Vja3M · · Score: 3, Insightful

    Some programmers weren't even born 20 years ago. New people will make old mistakes because they haven't learned about them yet.

  25. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  26. Re:How do you stop someone from viewing the source by cfalcon · · Score: 2

    That's a lie, and that's bullshit. This destroys the user interface, and should never be allowed or tolerated. If these guys weren't malicious, they'd implement a little drag-down menu that would do all their things, or have a standard way of visibly showing the difference between an in-app menu and user level application menu. Even supporting this shit in the code makes developers confused, and they think they can vector hotkeys and tie them to ground.

    Fucking idiots and assholes, enabled by a monumentally shitty language API.

    You know you can find them whining that they can't stop the user from CLOSING THE BROWSER? After all, the "webapp" shouldn't close when the user says close, and the fact that it's somehow standing on the browsers head is something that needs to be bypassed in that stupid language. The fact that things like "onclose" stopped being implemented, and the fact that they are currently finding workarounds for "stop this page from creating additional dialogs" is a big problem.

    The design is broken from head to toe.

  27. Re: JavaScript. by ChickPea · · Score: 2

    Java is to JavaScript as ham is to hamster.