Tynt Insight Is Watching You Cut and Paste 495
jerryasher writes "In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."
NoScript (Score:5, Insightful)
Personally I have stopped browsing without NoScript enabled. I sincerely hope that the functionality it provides is adapted as a base feature in future browsers. Javascript is simply too dangerous to be trusted by default. Sites need to earn that trust, IMHO.
More of the same? (Score:3, Insightful)
So let me get this straight. Because there are websites that are doing shady stuff with the text I select and such, you want me to install a Firefox Extension [mozilla.org] that theoretically won't do anything shady with my stuff, even though its license [mozilla.org] consists of
Source code license for Ghostery 2.0.2
Copyright Ghostery, Inc. All Rights Reserved.
And there's no source available.
Why should we trust the people behind Ghostery any more than a random website out there? If you're writing software to protect privacy and prevent data snooping, why make people trust more closed-source software?
All Your base are belong to us (Score:4, Insightful)
Please tell me that the writer is either a non-native English speaker, or they didn't read that twice?
WHAT HOSTS DO THEY USE? (Score:2, Insightful)
Please, we need to know ALL of the hosts that they use so we can add them to our hosts file.
Re:Why collect that data? (Score:2, Insightful)
And the ability for most slashdotters to think beyond their own heads is made blindingly apparent yet again. Having some idea of what specific text people are highlighting or cutting/pasting from any given page is imminently useful. Hell, it can even be useful for a Linux HOWTO site -- the site owner could see that 10 out of every 15 people that visit the HOWTO always select the same block of text, which means that there are a shitload of people out there looking for that very specific piece of information. You could then move that block of text somewhere where it's more prominent, or add it to the FAQ, or whatever. I'm not saying they should be using this Tyntcrap to do it, but I'm merely pointing out how your failure to "see any value in it" is exactly that -- a failure of imagination on your part.
Re:A comment from Tynt (Score:5, Insightful)
we are tracking the content, not the user.
And when the content is personally identifiable?
We are currently working on a global opt out
Why not an opt in?
Re:use noscript! (Score:3, Insightful)
There’s a giant problem with this:
- You are not going to inspect every JavaScript you want to allow.
- Which means that you only might know what it does, when you enabled it.
Which makes the whole exercise kind of pointless.
An example is a MySpace or YouTube XSS script. Those sites are not usable without JS. So you enable it. But they are also the sites that are targeted the most. And that’s the problem.
Does NoScript have a automatically updated white-list? And if yes, who decides what gets in there?
All in all, it sounds very much like a half-assed illusion of a solution. Unfortunately. :/
Re:Based on Selection (Score:3, Insightful)
Through the stanard API [mozilla.org].
No, it isn't [mozilla.org].
Not really.
A really good application of the technique would be removing text: e.g., removing footnote references from copy-and-pasted wikipedia section, and removing inline site notifications from Slashdot posts.
Re:use noscript! (Score:1, Insightful)
These two extensions should be added to a default install. Or maybe there is a way to install these extensions to all users. (Both in Linux and in Windows)
Re:A comment from Tynt (Score:4, Insightful)
What incentive do they have to make it an opt in?
None whatsoever, which is the point. If they actually believed that this service was something people actually wanted, they'd lose nothing by going opt-in. But, as few people would actually choose to have their clipboard tracked, there's a massive disincentive to going opt-in. I'd just like to hear an employee spin that in a way that doesn't sound unethical.
Re:A comment from Tynt (Score:5, Insightful)
If I was posting for the company I work for I would create a new account specific for the company I work for to post with. I would not use my everyday account.
I find his post rather credible and I don't see how old his login has bearing on the issue. I find his answer credible because of the argument made.
So, what is the reason that you are posting as AC? Just trolling are you?
Re:A comment from Tynt (Score:5, Insightful)
If you want to see what is actually collected - sign up for an account and look at the dashboard, you will see that we are tracking the content, not the user.
Doesn't signing up for an account with you kinda defeat the purpose of not giving you any of my information? Even signing up for your vaporware opt out gives you information about me that you will no doubt exploit in some way. In order to opt me out you need to be able to uniquely identify me.
Re:Other script blockers will work, as well (Score:5, Insightful)
Somebody's been insulted by the story. Half the replies to this story have been down-modded as Troll.
Make note, meta-mods!
Unfortunately meta-moderation is quite useless these days. It mattered when it produced a "fairness" score for moderators and whether they received points was affected accordingly. Now it just meta-moderates posts and not moderators, which completely defeats the useful original purpose. Anyone who's been on this site for a decent length of time has noticed the increase in low-quality moderation that has happened ever since this decision was made.
Re:A comment from Tynt (Score:5, Insightful)
I can't speak for anyone else, but I find a couple things wrong with this:
1) Like a number of people, I tend to highlight text as I read -- it's a good way to mark my place, and it helps overcome some of the stupid font and coloring decisions that sites make. That means you're not just telling publishers what I want to preserve and promote, but snippets of what I'm reading. That bugs me, and I can't imagine that it's useful.
2) Maybe you're not storing or tracking personally identifiable information, maybe you are -- I have no way of knowing. (I appreciate the offer of the dashboard access, but that's just what you choose to share) I have to trust you not to, and you are not behaving in a manner that makes me want to trust you: silently sending data? Asking me to opt-out rather than opt-in? Sorry, no. I've been to a couple of the sites mentioned here and had no idea that my reading habits were being monitored in this way -- that makes me feel like I'm being spied on, and I have to wonder what else you're doing that you just haven't been caught at yet. You guys launched without an opt-out, that tells me that you consider privacy concerns an afterthought.
3) Even if I trust you not to mistreat my data, how do I know that you're sending this in an intelligent fashion? I haven't done a TCPdump yet, but when I do, am I going to discover that you're sending what I highlight plain-text? Can someone who isn't you track me personally based on what you're collecting and sending? Is there any effort to make sure that the sites who use this are not being stupid and applying your tool to text on secure pages? How can I know without stopping and peering at the source for every page I visit?
4) If my choices are individual opt-out on your customers who are polite enough to offer it versus either blanket blocking or global opt-out, I'm going to have to pick global opt-out even if I don't mind the polite folks using it. Otherwise I have no control over how the less-trustworthy people use it -- as an opt-out service, your whole service is only as trustworthy as your least honest customers. And I cannot imagine that your customers who rely on ad revenue are happy to have you recommending that people who don't want to be spied on use an ad blocker.
I actually don't mind the attribution tool, I think it's clever and potentially useful -- but also something that could have been accomplished without tracking my reading habits.
If you want to be trusted and not "flamed", it's simple: make it opt-in, and give me a good reason to opt in. You make money off monitoring my browsing habits, maybe I ought to get a cut.
Re:NoScript (Score:4, Insightful)
until i find a subscribable whitelist (ala AdblockPlus's blacklist) I won't use it.
I don't want to go through the trouble of adding every known benign site to my white list.
The number of benign sites I use is much greater than the number of benign sites that won't work without Javascript. Even if there were an exact 1:1 correspondence, I'd consider the couple of mouse clicks of effort to be more than worth my while to obtain a browsing experience that is under my control and happens the way I want it to happen. Once added to the (non-temporary) whitelist, a site stays on that list until and unless I remove it, so It's not like I have to do this more than once for any particular site. I consider it a very small price to pay, especially when you think about the potential abuses that we don't yet know about because they have not yet made headlines.
Re:Based on Selection (Score:3, Insightful)
A really good application of the technique would be removing text: e.g., removing footnote references from copy-and-pasted wikipedia section, and removing inline site notifications from Slashdot posts.
...and none of it should require phoning home.
Re:use noscript! (Score:4, Insightful)
but noscript really highlights the amount of CRAP that many sites use
OMG, yes. I have temp allow button on my toolbar and I click it for fun sometimes. On wired.com, 29 scripts are blocked, and the site seems to work fine. Inside an article, 47 scripts are blocked, but I can still read the article, probably because the bulk of Wired content is plain text with pictures, which is being handled (very well) by a super-tech known as plain HTML.
Seriously? They want my poor rig to plow through 47 scripts, while all I get, as a Web reader, are 6 paragraphs of text and a stupid photo?
Re:Trolls? (Score:3, Insightful)
Yes, but how about moderating?
Re:A comment from Tynt (Score:4, Insightful)
Do you really need to ask? Because no one would opt-in for it! But just do it without telling anyone, and most people outside of tech groups don't even know what it is or that it's operating in the background.
Quoth Grace Hopper, "It's easier to ask forgiveness than it is to get permission."
Re:use noscript! (Score:4, Insightful)
I'll take my solutions in half measure, thank you very much. A half-measure here, a half-measure there, pretty soon I'm better off than the chump beside me.
The absolute win with NoScript is that no scripts run on a site you didn't mean to visit. Maybe the mouse slipped, or you clicked something dubious in a late night haze, or a google search result looked good in précis but you land with a giant OMG! thump. With NoScript you can bail, and you still know where you've been.
Most sites work with just scripts from the base URL. I'm on a lot of sites with half a dozen or more scripts blocked, and it works fine.
For places that look a bit dubious, I use temporary mode.
I'm sure there's some monkey business going on with the base scripts I'm permitting on many sites, but a lot less than shacking a rugby team in a convent. I say it's a pretty good first measure if they have to sneak across the quad.
Quoting the forefathers of gender-segregation are we?
Re:WHAT HOSTS DO THEY USE? (Score:3, Insightful)
But you have to run admuncher on each machine.
One fix in opendns and the entire company lan is protected from this nonsense. Why sandbag each house when you can just plug the leak in the Dam?
Re:Trolls? (Score:1, Insightful)
Why are you doing this, Derek? Did you actually not stop to think that creating malware that captures activity that people consider to be private and the domain of inside-their-home is going to make a lot of people angry, and rightfully so? What else would you justify capturing if you could? The site that the surfer was at previously? I think that you and your ilk are a cancer on the Internet, and the sooner you and your company fail and go away the better.
Re:in Opera... (Score:3, Insightful)
I just go to Block Content and put in an entry for *tynt.com*
Re:WHAT HOSTS DO THEY USE? (Score:2, Insightful)
If you go to Wired and your browser tries to access tynt only the access to tynt will be blocked. Wired will show fine.
You DO have a basic understanding of how browsers work don't you?
If my company starts doing business with tynt I will get a memo from powers higher than you to that effect.
Re:in Opera... (Score:3, Insightful)
Yeah, this is why I love Opera. Firefox may have lots of add-ons, but Opera always does everything I need it to, right out of the box, and its defaults are extremely sensible.
Re:WHAT HOSTS DO THEY USE? (Score:2, Insightful)
Re:How Tynt.com says to avoid being tracked... (Score:3, Insightful)
You do realize the reason he said "he can't wait" is because he's referring to whatever software that Tynt is going to release to block Tynt, and not referring to ABP or NoScript.
The GP makes the assumption that the option Tynt will provide is software. It might be another way that doesn't involve software. Tynt wasn't clear on what method they were use for the opt-out.