Tynt Insight Is Watching You Cut and Paste 495
jerryasher writes "In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."
use noscript! (Score:5, Informative)
Only run the javascript you want.
Thought JavaScript clipboard was opt in? (Score:4, Informative)
I thought that to allow JavaScript to access the clipboard, you had to opt in, and even then, you can't really do it the right way under FireFox or Chrome. Like, JavaScript clipboard access is an IE only thing.
Are we sure this isn't a Java application or something?
Other script blockers will work, as well (Score:5, Informative)
NoScript will also block it, and if you configure it to block by default, Tynt's code will never execute unless you specifically permit it.
Re:use noscript! (Score:5, Informative)
I have to second this. NoScript is now my favorite extension, with ABP being a close second.
Re:Thought JavaScript clipboard was opt in? (Score:3, Informative)
This can be done by overloading the Ctrl+c keypress event, etc.
Re:Thought JavaScript clipboard was opt in? (Score:4, Informative)
It's plain JS. It doesn't actually access the clipboard. It just tells what you're highlighting through mouse interaction.
In any case, I blacklist *.tynt.com in hosts.
Re:If its just JS break it. (Score:5, Informative)
Re:Snopes (Score:5, Informative)
I don't use noscript, but have been noticing lots of disabled copying on more and more websites.
The simple fix I use is to Ctrl-U/View source and copy from that window.
Easy Adblock Plus Filter (Score:5, Informative)
Just add a filter to to Adblock Plus in Firefox. Go to Adblock Plus's preferences page, click Add Filter and enter:
http://tcr.tynt.com/* [tynt.com]
Then just click OK or Apply.
Based on Selection (Score:5, Informative)
It's based on selecting text, not copying and pasting it. So when you select the text in your browser, as soon as you finish making the selection, it sends the info on what you selected back to Tynt. It also adds in the attribution link to the selected text (although you won't see it in the web page). Then when you CTRL-C or right-click and copy as usual after making the selection, you get your selected text and the attribution link.
That's how it avoids needing to use Javascript to do anything to directly touch the clipboard (which is disabled by default in your browser for security reasons).
rename extension.xpi to extension.zip ... profit! (Score:5, Informative)
... closed-source software?
1. rename extension.xpi to extension.zip
2. open extension.zip with unzipper of your choice
3. read all source-code
4. ???
5. profit!
Re:Why collect that data? (Score:4, Informative)
I wonder if they tracked me copying the URL for their page - Why Tynt Insight [tynt.com]?
Re:use noscript! (Score:3, Informative)
NoScript users are going to be a minority of internet users, but you have to be INSANE to browse without it.
I whitelist base 2nd level domains, but noscript really highlights the amount of CRAP that many sites use, like fuck-up-you-shit-apis.com
A page rarely appears, or functions differently with all 3rd party scripts blocked. It also might be blocking some advertising, but I can't tell if Adblock got there first.
How Tynt.com says to avoid being tracked... (Score:5, Informative)
This from their FAQ - Technical Topics (http://www1.tynt.com/faq-technical-topics):
Q. How can I block Tynt Insight from monitoring my actions?
A. Tynt understands that some people are uncomfortable having events from their web browsing recorded in a database. We take your privacy concerns seriously and we are therefore investing considerable effort into developing a feature that will allow users to block Tynt software across all the sites that are using it, from within their own browser. Until we have this blocking feature ready, it is possible to achieve a similar effect by using one of the many ad blocking components available on the net. For Firefox users, we have found Adblock plus to work well, and Super Ad Blocker is effective for IE users.
I can't wait to download and install software they've written to help me block them from tracking me with their software. Good thing I'm using Ad Block Plus and NoScript while I wait, or they'd know I cut-n-pasted that...
hosts file seems to work (Score:5, Informative)
I seem to have stopped this by adding the following to my hosts file:
127.0.0.1 www1.tynt.com
127.0.0.1 tynt.com
127.0.0.1 www.tynt.com
127.0.0.1 w1.tcr112.tynt.com
Re:Kind of One Sided Review of the Service (Score:4, Informative)
Part of the problem is that the script seems to want to communicate to the server even when you've only highlighted text. As mentioned in another post (that the mods on acid seem to have gotten to), I highlight when I read. I don't know why, but it's what I do. I'm NOT copying, but tynt is still tracking me; the "cite your references" argument doesn't apply.
As far as just not using Wired.com, that completely ignores the fact that many other sites have this POS JS running; I first noticed it at the New Yorker magazine site.
Re:hosts file seems to work (Score:3, Informative)
and... fail. For some reason it stopped and has now started again. I'll look into it further when I'm back in front of a computer.
in Opera... (Score:5, Informative)
In fact, javascript can't detect any right click actions in Opera unless you explicitly allow it. So copy, paste, translate, search, dictionary, encyclopedia, etc. actions can't be monitored by javascript in a web page.
This feature was in earlier versions of Opera as well, but the checkbox was named differently.
A comment from Tynt (Score:5, Informative)
Re:Kind of One Sided Review of the Service (Score:5, Informative)
The copy/paste/autolink behavior is not the privacy concern. I didn't read anyone here saying that it was.
The privacy concern is (from the summary): sends what you copy to Tynt's webservers...
So I, as a user of a random webpage, copy something for later pasting. That info, and my IP address, is sent to a third-party, theoretically for the purpose of appending a URL to the end of the text. Is that data also used for something else? Most likely. What company wouldn't try to make use of data it receives?
Since the same append functionality can be done trivially with some JS without contacting a home server, we immediately hop on the privacy horn.
Re:Kind of One Sided Review of the Service (Score:3, Informative)
Some folks just use the highlighting part of copy to read.
Some folks copy and paste links to email themselves so they can find it later. Likewise some folks copy and paste articles, in part or in whole, to themselves to read later.
People do get annoyed when websites do things without saying such things are being done. Wired has every right to defend its content, however, it should do so in an open manner.
Re:use noscript! (Score:1, Informative)
Maybe I'm doin' it wrong, but NoScript broke an awful lot of the web when I was running it using default settings. AdBlockPlus, on the other hand has a 0% false positive rate for me.
If you want widespread adoption, I think the ABP route is the one to go for, even at the expense of letting some new/unknown scripts through.
Re:Easy Adblock Plus Filter (Score:5, Informative)
They also use http://wau.tynt.com/javascripts/TyntLite.js [tynt.com] for some pages, so I'd recommend adding http://*.tynt.com/* if your blocking system supports multiple wildcards.
Re:Thought JavaScript clipboard was opt in? (Score:2, Informative)
=O=
Re:in Opera... (Score:3, Informative)
having right click detection disabled breaks some very useful sites.. like Google maps
Re:Based on Selection (Score:2, Informative)
All browsers offer an API for getting at the current selection. You just hook MouseUp and read the selection. Nothing so low-level as translating mouse coordinates.
Re:in Opera... (Score:5, Informative)
Then allow it in your site preferences for maps.google.com
Re:How Tynt.com says to avoid being tracked... (Score:3, Informative)
AdBlock Plus filter:
||tynt.com
Re:use noscript! (Score:5, Informative)
Re:use noscript! (Score:3, Informative)
Re:Easy Adblock Plus Filter (Score:4, Informative)
Re:in Opera... (Score:3, Informative)
Yes and no. It took my slow brain a while, but I eventually realized that when you right click in GM, and the context menu comes up, you can hit escape and it will go away - leaving the Google menu for "directions to here", etc visible.
Broken, but with a simple workaround.
Re:Snopes (Score:2, Informative)
var omitformtags=["input", "textarea", "select"]
omitformtags=omitformtags.join("|")
function disableselect(e){
if (omitformtags.indexOf(e.target.tagName.toLowerCase())==-1)
return false
}
function reEnable(){
return true
}
if (typeof document.onselectstart!="undefined")
document.onselectstart=new Function ("return false")
else{
document.onmousedown=disableselect
document.onmouseup=reEnable
}
So you can see that with the exception of select input and textareas, they disable selection when the mouse is pressed and re-enable it when the mouse is released.
Re:All Your base are belong to us (Score:2, Informative)
It's not the most beautiful of prose, but it made sense to me. What are you missing here? Maybe I can fix it a bit...
"Not cookie-based, not IP-based, but 'Stop it, you creeps'-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away and that they'd had the decency never to start up in the first place."
Does that help? Am I misunderstanding what you're getting at?
Re:use noscript! (Score:4, Informative)
comparing apples and oranges.
You said the magic words!
Gentlemen, I repost Apples and Oranges: A Comparison [theamericanview.com]
Re:NoScript (Score:5, Informative)
It is in Opera. Opera has built-in site prefs that include java, javascript, plugins, 1st and 3rd party cookies, send referer, right-clicks, etc. These can be configured per site, per domain, and both. Then you turn all that crap off browser-wide, so that your site prefs become a whitelist.
Opera is so far ahead of its time.
Re:If its just JS break it. (Score:3, Informative)
Or with Bind you could create an empty master zone conf that returns NXDOMAIN for everything and then tell Bind it's the master server for tynt.com and tell it to use the empty zone file, that's what I do with annoying junk domains and I only have to change it in one place to change it for my entire network.
/Mikael
Re:Other script blockers will work, as well (Score:2, Informative)
It's not in my NoScript whitelist (just checked). But anyway, even if it were, RequestPolicy would reliably block it anyways.
Re:Easy Adblock Plus Filter (Score:3, Informative)
Just subscribe to the EasyPrivacy filter list [adblockplus.org].
It includes the filter ||tynt.com^$third-party already.
Re:Thought JavaScript clipboard was opt in? (Score:2, Informative)
http://man.netbsd.se/?find=hosts.deny+5+30 [netbsd.se]
I think the proper way is ALL: .tynt.com
*.tynt.com shouldn't work on any platform, to my knowledge.
Re:Thought JavaScript clipboard was opt in? (Score:3, Informative)
Blocking .tynt.com doesn’t block tynt.com itself. You have to use two entries.
Re:in Opera... (Score:1, Informative)
Then allow it in your site preferences for maps.google.com
Yes, but then you have to start a whole list of sites where you want right click detection allowed, among other rules to detect copy paste or whatever. Creating these exception lists always annoyed me and is only useful on the handful of sites you visit over and over again. Go to a new site and you are left wondering why certain features aren't working, until you remember to configure your allow lists accordingly.
Anyway, I never liked these lists as a solution.
Re:Thought JavaScript clipboard was opt in? (Score:3, Informative)
The specific URL to block, in case you don't want to block absolutely everything from a domain, is:
http://tcr.tynt.com/javascripts/Tracer.js
Re:If its just JS break it. (Score:3, Informative)
If you meta-moderated yourself, you'd know that it no longer has anything to do with moderation of the moderators.
Re:A comment from Tynt (Score:2, Informative)
Re:Kind of One Sided Review of the Service (Score:3, Informative)
That info, and my IP address, is sent to a third-party, theoretically for the purpose of appending a URL to the end of the text. Is that data also used for something else? Most likely.
There's nothing theoretic about it - they spell it out in large letters on their website [tynt.com]. It's all about data mining first and foremost; autolinking is actually an optional add-on, and even then it's advertised as "driving up more visits" - i.e. it's a feature for site owners, not for end users.
Re:Thought JavaScript clipboard was opt in? (Score:4, Informative)