Tynt Insight Is Watching You Cut and Paste

jerryasher writes "In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."

If its just JS break it.

[DarkOx]

If its just J/S it must be useing the browser to get or post the information back to their web server. Figure out what there net block is and black configure your firewall to send you a nice reset packet anytime your box tries to hit it.

Scripting?

[Nexzus]

Probably uses the script onmousedown or onselect events for the page. So don't allow scripting for that site, and you should be fine.

Re:Thought JavaScript clipboard was opt in?

[tjstork]

This can be done by overloading the Ctrl+c keypress event, etc.

Then from there, you can get the selection...

I got you.

Snopes

[Itninja]

Snopes was (is?) using java to prevent site viewers from right-clicking and selecting text at all (not to mention using java to present copious pop-up and pop-under ads). I had no idea until I was watching a friend go to Snopes in a browser without NoScript running. Showed him how to user get NoScript and now he is free to copy/paste text with impunity!

Habits

[Hatta]

I have a habit of repeatedly selecting and deselecting text as I read it. I probably selected the story blurb here 10 times while reading it. It would be hard for them to mine that data for anything useful. Not that I run strange javascript anyway.

Re:Thought JavaScript clipboard was opt in?

[rhsanborn]

Is anyone else half-tempted to write a script to post back random text from Pride and Prejudice, or something to that effect?

Re:use noscript!

[Montezumaa]

I read their website, and it looks like they offer a program for users to install. Is this what the article is referring to, or are webmaster running a script to allow Tynt Insight to track what I copy and paste, irrespective of whether or not I install Tynt's program? If it is the former, then do not install the damned program. This is just like the whole social-networking sites and people bitching about privacy.

If it is the latter, then install No-Script(which everyone should have) and block the shit out of Tyrant....err, Tynt. I have No-Script running because I was tired of Google tracking my every move, along with the other tracking site.

Why collect that data?

[gmueckl]

The URL appending when cutting and pasting is easily defeated by pasting using the middle mouse button. That script still sends selection information, though. Can anybody tell me what this data is collected for? I don't see any value in it.

Re:Habits

[LMacG]

I'm a "highlight while reading" guy too. That's what first made me notice Tynt, and that's what made me swich back to Firefox (w/ NoScript) from Chrome.

Kind of One Sided Review of the Service

[eldavojohn]

I can't get it to work when I copy paste from Wired (must be something with my setup and javascript) but I will make the unpopular statement of saying that 1) you are copying and pasting Wired's content and 2) as early as high school I was taught that if I was copying information verbatim, I had better have some sort of reference (MLA preferred [cornell.edu]).

Now, on Slashdot I drop in a link on some text like just did up there. But if I'm quoting it, I'll throw in a quote block and lead up to who said it and call it a day. Now, let's imagine a world where all that was automated when you copied something and the text you copied came with XML metadata saying all the things like where you got it, when you got it, who wrote it, etc. That could potentially be pretty useful. If you think of the web as actual works belonging to people then you can start to see how legitimately referencing other works could be made a lot easier with stuff like this. And maybe text editors could have plugins to digest it?

Unfortunately the submitter and editor of this site seem to cry privacy violation at any attempt to move past the wild wild west anything goes attitude of the world wide web. That's fine as this has an element of privacy concerns what with the phoning home. But please consider the issue from Wired's side, from the side of the author and content creators. They might just trying to help us with what we were taught in school.

Lastly, I would like to point out that another solution aside from Ghostery or Noscript is just to not use Wired's site at all. Vote with your feet and bring your eyeballs elsewhere for pageviews and adclicks. I'm sure Wired's not losing a whole lot of adclicks if you do.

Trolls?

[jgtg32a]

Does Tynt have multiple /. accounts or something? I've never seen so many posts marked Troll

Re:Why collect that data?

[Nerdfest]

Many password storage utilities use the paste buffer to keep you from needing to type the password, although the good ones will blank it out after a short period of time. This has the potential for some fairly serious abuse.

Re:Habits

[Mikkeles]

Probably Derek Ball [tynt.com]

Re:Trolls?

[TyntGuy]

We're not a big company, and I can tell you I'm the only Tynt guy commenting here. Derek

Re:use noscript!

[c0d3g33k]

I actually have both installed, and haven't noticed any adverse effects or conflicts. NoScript handles the "selectively allow this", while Ghostery tells me about web bugs and such, and lets me identify the JS and urls, as you point out. Ghostery seems to stay out of the way quite nicely, while NoScript does the heavy lifting.

Re:Thought JavaScript clipboard was opt in?

[vnaughtdeltat]

I have this terrible habit of double-clicking on text when I'm reading it, which selects it every couple of seconds. If more people did this maybe we could overload their servers.

Re:use noscript!

[izomiac]

As a poster above mentioned, allowing 2nd level domains is a good trade off between security and convenience. Before I used NoScript I blocked external scripts using a proxy filter for years, and it's only been in the past couple that I've bothered whitelisting anything. Basically, a few APIs (e.g. Google's) and some oddly configured sites that use multiple 1st level domains are about it. Other than those, it is quite rare for a script from an external host to be something that is beneficial for the user. Usually they're ads, stat counters, or something flashy and annoying. This will get you into trouble with some shopping sites though, like Pizza Hut's where I wasn't sure if my order was placed or not, and didn't want to refresh and possible order another pizza. So I whitelisted "https://*", and that seems to work well.

Obfuscation on one of the big lyric sites

[tepples]

The simple fix I use is to Ctrl-U/View source and copy from that window.

I've seen one lyric site that thwarts this by encoding every character of each song's lyrics as a numeric character reference (for example, hello for hello). It expands the size of the markup, but for one thing, that's what mod_gzip is for, and for another thing, obfuscation of View Source makes it that much easier for sites to keep their licenses from the music publishers.

Re:NoScript

[apoc.famine]

It's interesting how transparent NoScript is on the pages I visit often, and how much it complains about sites I don't visit often. It's an extra irritation, definitely. But when you watch someone browsing without it, you get a damn good refresher on why you use it.
 
I'm blown away by the amount of abuse that most people put up with from scripts. It's mind-boggling to me. I put up with exactly one bit of abuse - sometimes I have to reload a page a time or two as I selectively enable scripts to get to the content I want. I'd rather not do that, but it sure beats the alternative.

Re:NoScript

[Jah-Wren Ryel]

until i find a subscribable whitelist (ala AdblockPlus's blacklist) I won't use it.

I don't want to go through the trouble of adding every known benign site to my white list.

I find that the web is remarkably useful without javascript. There are a handful of sites that absolutely require it, but 99% of the time, I don't need javascript to get by. For example, my white list is limited to:

my high school's alumni site
my banks' websites
bing.com - for the maps only
google.com - for maps and voice only, not search
youtube
addons.mozilla.org

Occasionally I'll make use of the "enable javascript on this site temporarily" but for the most part that's rare (like if I'm shopping at newegg)

I will admit, that on occasion I will give up on a website because it doesn't work without javascript. But there are almost always alternatives that fit the bill and do work just fine.

Re:Easy Adblock Plus Filter

[Jah-Wren Ryel]

I'm totally the opposite. If I think their entire reason for existence is privacy invasion, I block the entire site e.g. "tynt.com" - because you never know when they are going to add more stuff to their arsenal, so I prefer to take them out completely by just specifying their top level domain. It has never been a problem in the ~7 years or so that I've been doing it.

Re:in Opera...

[Sparr0]

I maintain public and private maps for a number of businesses, organizations, and events. I submit map data corrections both directly to google and previously to their map data providers on a weekly basis. I regularly use their walking directions and topographic maps to plan bicycle treks. I have implemented multiple business and gaming oriented applications including or built around the maps API. I am a Google Maps power-user...

And I never knew that there was right click functionality on the main maps interface. When I right click, I get the normal right-click-on-an-image context menu (View Image, Copy Image, Copy Image Location, Save Image, etc). What does that menu do for you? In what way is the site broken without it?

Re:WHAT HOSTS DO THEY USE?

[icebike]

That is a losing battle. You can't keep up.

I use OpenDNS as my upstream DNS server. Even on a free account you can set up block lists which can kill off a LOT of those nasty word tag thingies that underline specific words and pop up things as your mouse crosses the word.

I can't be sure that it will block tynt.com (yet) but I've already added it to my block list which includes (and works perfectly for) many of the other annoyances:

chitika.net
contextweb.com
intellitxt.com
kontera.com
optmd.com
tribalfusion.com
vibrantmedia.com
tynt.com

Re:You do not own wired's website

[Ant P.]

if you don't want to view wired's website under wired's conditions, then don't visit their website.

Where in Wired's conditions [wired.com] or privacy policy [wired.com] do I agree to let them track which text I copy and paste off their site? Come on, you should have this answer since you're the one bringing it up.