In case anybody else doesn't see it immediately (it took me a couple of tries) -- the 'funny' bit is that it automagically appends "Read More: <link>" to your selection.
I haven't pored through their code, but I already know that my initial suspicion (binding CTRL+C with JS) isn't accurate, as right-clicking -> copy also appends it.
It's interesting at the very least, and I don't know how they're doing it. Anybody have an idea?
Doesn't loading the extra co2stats script and image from each page use more energy/carbon? What's more, it reloads itself every 5 minutes, even with no activity by the user!
Carbon preacher hypocrites! They probably heat their homes with coal-fired Franklin stoves, too.
NoScript is a whitelisting system, not a "I never use JavaScript" system. You load a page and if it doesn't work, then you enable its JavaScript content through a convenient menu. (It even bolds the scripts that are likely to cause problems when not enabled.)
In this case, the site works fine without the clipboard-hacking JavaScript running, so it just stays disabled and the OP doesn't get random data from a website written to his clipboard. If he wants that functionality, though, it's one click away.
What's quaint is trusting websites to run arbitrary code on your machine, as your regular user.
You often can't tell when you're missing out on a feature due to JS being disabled. It isn't always visually obvious. Am I missing something or is there a trust system to this whole VM thing?
Edit: To put it better perhaps, are you worried that they can execute arbitrary code on your CPU as your user on your OS? Or are you just worried that they might paste a link into your clipboard?
Are you running NoScript? May I assume not? If so, then may I point out that you are hypothesizing what using NoScript is like to a user of NoScript while you have no direct experience? This is a structurally-unsound argumentative position for you to be in.
(No, any experience you may have shutting it off entirely does not count. NoScript is smarter than that and does not work that way.)
I do use it. It is two to three times less common for me to be surprised by secret JavaScript functionality on a site than for me to be surprised going into the comment sections of HN or reddit and seeing people complain about some bad thing that I didn't experience. That is a serious estimate. And the thing I missed out on is rarely important. (The most common exception to that is when you need JS to go to the next page. Frequently I decide I don't care enough anyhow.)
Malicious Javascript can do some weird and nasty things, but mostly I run it because it makes the web less annoying. That it tends to prevent exploits from working is just gravy. (Exploits often fail against a 64
bit gentoo-based Firefox anyhow, but still, careful is good.)
This is actually pretty handy. On the one hand, javascript that messes with the user like this strikes me as unethical (it really angers me when basic functionality is usurped like this), this one would actually save me time in the long run. Usually when I copy/paste text from an article on one tab to a form on another, I also copy and paste the link as well. Usually that involves two trips to the article's tab. I wouldn't have to do that with this article.
I agree, I typically despise this sort of thing, though not as much as right-click hijacking (with a few exceptions). This one is useful, though, and it makes a LOT of sense to have on a news-like website (lots of people don't include attribution, this makes including it the easiest option, thus more will include it).
Yes, that is us, Tynt (www.tynt.com) on all the sites mentioned. Our analytics are tracking hundreds of thousands of sites worldwide. The attribution link feature is something that individual site owners can turn on and off. Also note that we don't track any personally identifiable information. We track content and help publishers learn what content of theirs people are finding most engaging.
What if I don’t want this behavior? We are currently working on a global opt out for users who would rather not have Tynt monitor their actions when they visit a site. In the interim you can opt out on a site by site basis (i.e. the opt out for the SF Gate is here: http://www.sfgate.com/chronicle/faq.shtml#faq1.5#ixzz0bxLIAb...
Pretty fast if you're being mentioned all over the web and you're not already a HN user (he just signed up for that comment), AND neither the story linked to or the title on HN said anything about Tynt or what they do.
Huffington post does the same thing with their article headlines. Users are always copy/pasting them into the story submission fields on a website I run.
I've noticed this behavior on quite a few sites recently. It was annoying since I was trying to quote a bunch of sites and I had to remove the links at the end every time.
Now it makes me double check every time I copy and paste. At first thought this might not seem too bad but modifying basic user behavior should be frowned upon.
I was expecting to see an attribution link, but it didn't work. I don't block JS or anything; turns out this doesn't work if you copy-paste via drag-drop.
56 comments
[ 3.3 ms ] story [ 132 ms ] threadTynt (http://www.tynt.com/) was the "culprit" in that case and looks so here.
I haven't pored through their code, but I already know that my initial suspicion (binding CTRL+C with JS) isn't accurate, as right-clicking -> copy also appends it.
It's interesting at the very least, and I don't know how they're doing it. Anybody have an idea?
http://tcr.tynt.com/javascripts/Tracer.js
Doesn't NoScript / using no .js break many web 2.0 ajax sites?
For example, on the Hacker News main page, i allow js from ycombinator.com and forbid js from co2stats.com
Carbon preacher hypocrites! They probably heat their homes with coal-fired Franklin stoves, too.
Personally, I block Google Analytics, because fuck Google tracking me on every site I go to.
In this case, the site works fine without the clipboard-hacking JavaScript running, so it just stays disabled and the OP doesn't get random data from a website written to his clipboard. If he wants that functionality, though, it's one click away.
What's quaint is trusting websites to run arbitrary code on your machine, as your regular user.
Edit: To put it better perhaps, are you worried that they can execute arbitrary code on your CPU as your user on your OS? Or are you just worried that they might paste a link into your clipboard?
(No, any experience you may have shutting it off entirely does not count. NoScript is smarter than that and does not work that way.)
I do use it. It is two to three times less common for me to be surprised by secret JavaScript functionality on a site than for me to be surprised going into the comment sections of HN or reddit and seeing people complain about some bad thing that I didn't experience. That is a serious estimate. And the thing I missed out on is rarely important. (The most common exception to that is when you need JS to go to the next page. Frequently I decide I don't care enough anyhow.)
Malicious Javascript can do some weird and nasty things, but mostly I run it because it makes the web less annoying. That it tends to prevent exploits from working is just gravy. (Exploits often fail against a 64 bit gentoo-based Firefox anyhow, but still, careful is good.)
http://www.jwz.org/doc/x-cut-and-paste.html
is an interesting article about the different avenues that text can take under X.
FYI, works in Chrome/Mac for me.
What if I don’t want this behavior? We are currently working on a global opt out for users who would rather not have Tynt monitor their actions when they visit a site. In the interim you can opt out on a site by site basis (i.e. the opt out for the SF Gate is here: http://www.sfgate.com/chronicle/faq.shtml#faq1.5#ixzz0bxLIAb...
More info on Tynt is available in our FAQs here: http://www1.tynt.com/faq-technical-topics#ixzz0bxGzIgPZ
It's very very annoying.
Now it makes me double check every time I copy and paste. At first thought this might not seem too bad but modifying basic user behavior should be frowned upon.