Linked by Thom Holwerda on Fri 28th May 2010 18:40 UTC
Internet & Networking If there's one thing several people are really, really good at, it's ruining the web. The latest attempt is something quite insipid, something that had me scratching my head a few times before I realised what was going on. When copying and pasting text from certain websites, content would be added to your clipboard without you knowing about it - something like "Read more at". John Gruber finds this just as insipid as I do, and investigated a little further - while also coming up with a way to block this nonsense. Seriously - this is right up there with those in-text underline ad things.
Order by: Score:
Undo
by vivainio on Fri 28th May 2010 19:16 UTC
vivainio
Member since:
2008-12-26

You know what else is annoying?

Ctrl+z not working in text edit boxes.

Reply Score: 3

RE: Undo
by jgagnon on Fri 28th May 2010 19:28 UTC in reply to "Undo"
jgagnon Member since:
2008-06-24

Also annoying is when cut & paste functionality is disabled on a site. Grrr!

Reply Score: 2

RE[2]: Undo
by vivainio on Fri 28th May 2010 20:14 UTC in reply to "RE: Undo"
vivainio Member since:
2008-12-26

Also annoying is when cut & paste functionality is disabled on a site. Grrr!


That, at least, seems to work for me here..

Reply Score: 2

RE[3]: Undo
by righard on Fri 28th May 2010 23:55 UTC in reply to "RE[2]: Undo"
righard Member since:
2007-12-26

You mean ctrl+z does not work within the textboxes on Osnews?

Works fine here, Firefox 3.6.3 / Fedora 13

Reply Score: 2

RE[4]: Undo
by vivainio on Fri 28th May 2010 23:58 UTC in reply to "RE[3]: Undo"
vivainio Member since:
2008-12-26

You mean ctrl+z does not work within the textboxes on Osnews?


Fails here on Chrome. Tried on Linux and Windows.

Reply Score: 2

RE[5]: Undo
by reez on Sat 29th May 2010 00:30 UTC in reply to "RE[4]: Undo"
reez Member since:
2006-06-28

Then get rid of your browser...
...or write a feature request ;)

Reply Score: 1

RE[6]: Undo
by vivainio on Sat 29th May 2010 07:54 UTC in reply to "RE[5]: Undo"
vivainio Member since:
2008-12-26

Then get rid of your browser...
...or write a feature request ;)


If your text counter breaks with the best browser out there (if you go by quantifiable figures like benchmark results), you fix the text counter.

Insert something about Mohammed & mountain here.

Reply Score: 3

RE[7]: Undo
by Neolander on Sat 29th May 2010 10:23 UTC in reply to "RE[6]: Undo"
Neolander Member since:
2010-03-08

Insert something about Mohammed & mountain here.

Could you please explain what's this mountain story ? ^^'

Reply Score: 1

RE[7]: Undo
by rdean400 on Sat 29th May 2010 14:55 UTC in reply to "RE[6]: Undo"
rdean400 Member since:
2006-10-18

"Then get rid of your browser...
...or write a feature request ;)


If your text counter breaks with the best browser out there (if you go by quantifiable figures like benchmark results), you fix the text counter.

Insert something about Mohammed & mountain here.
"

No. If the text counter is compliant code, then you ask the browser vendor to fix the browser.

Your thinking is the same sort of idiocy that got us a web full of sites "'optimized' for Internet Explorer."

Edited 2010-05-29 14:57 UTC

Reply Score: 4

RE[7]: Undo
by l3v1 on Sat 29th May 2010 18:09 UTC in reply to "RE[6]: Undo"
l3v1 Member since:
2005-07-06

you fix the text counter.


I won't mention Mohammed but I will say this is the same attitude that made IE6 the less standards-compliant browser on this planet.

Edited 2010-05-29 18:10 UTC

Reply Score: 2

RE[5]: Undo
by darknexus on Sat 29th May 2010 00:46 UTC in reply to "RE[4]: Undo"
darknexus Member since:
2008-07-15

"You mean ctrl+z does not work within the textboxes on Osnews?


Fails here on Chrome. Tried on Linux and Windows.
"

Works on Firefox for me here too, both Linux and Windows. Also works on IE8, and Safari in OS X (though in OS X all text fields support undo regardless of app, the os handles that, so that might not count). Sounds like a bug in Chrome to me.

Reply Score: 2

RE[2]: Undo - view source
by jabbotts on Sun 30th May 2010 21:58 UTC in reply to "RE: Undo"
jabbotts Member since:
2007-09-06

Ran into a site with copy blocking the other day. Try "view source" through your applicable browser.

Reply Score: 2

RE[2]: Undo
by HappyGod on Mon 31st May 2010 03:40 UTC in reply to "RE: Undo"
HappyGod Member since:
2005-10-19

Also annoying is when cut & paste functionality is disabled on a site. Grrr!


One handy workaround for this crap, is to use the lesser known antiquated versions of cut + paste:

CTRL + Insert (copy)
SHIFT + Delete (cut)
SHIFT + Insert (paste)

Most web dev's forget to disable these old shortcuts so you can use them in most HTML forms that have the usual cut/paste shortcuts disabled.

Edited 2010-05-31 03:43 UTC

Reply Score: 2

Just noticed this beahvior
by BigDaddy on Fri 28th May 2010 19:39 UTC
BigDaddy
Member since:
2006-08-10

I just had this happen the other day. I copied and pasted like 3 times trying to figure out what the heck was going on. I just turned NoScipt back on for that website and the behavior is gone again.

Reply Score: 3

RE: Just noticed this beahvior
by RavinRay on Sat 29th May 2010 13:38 UTC in reply to "Just noticed this beahvior"
RavinRay Member since:
2005-11-26

I only noticed it too a few days ago because it never happened to me. But I also have the habit of pasting text first to Notepad then copying then and pasting it to its final destination so reduce everything to plain ASCII.

Reply Score: 1

Creepy
by saidge@yahoo.com on Fri 28th May 2010 19:40 UTC
saidge@yahoo.com
Member since:
2007-11-06

Whoa, creepy. I have to wonder if a technique like this could be used to create a buffer overflow and execute malicious code. If so, that makes it even more disturbing...

Reply Score: 1

Insipid
by bralkein on Fri 28th May 2010 19:48 UTC
bralkein
Member since:
2006-12-20

Unless I'm mistaken, the word insipid means bland and doesn't really have anything to do with what you're describing, at least as far as I can see. Do you mean insidious?

Also, I was pleased to notice that tcr.tynt.com is already blocked by the useful hosts file provided at http://someonewhocares.org/hosts/ by an awesome guy called Dan Pollock. Use a cron job to keep it updated and you'll avoid all kinds of nasty crap, no matter which browser or other software you're using.

Reply Score: 3

RE: Insipid
by broken_symlink on Fri 28th May 2010 20:59 UTC in reply to "Insipid"
broken_symlink Member since:
2005-07-06

i think he is implying more like its done in poor taste.

Reply Score: 2

RE[2]: Insipid
by bralkein on Fri 28th May 2010 21:17 UTC in reply to "RE: Insipid"
bralkein Member since:
2006-12-20

Insipid means flavourless, not tasteless. I thought it was a pretty stand out error but if I'm being finicky I guess I'll shut up.

Reply Score: 2

RE[3]: Insipid
by Ventajou on Fri 28th May 2010 23:26 UTC in reply to "RE[2]: Insipid"
Ventajou Member since:
2006-10-31

Don't be so insipid...

Reply Score: 2

RE[3]: Insipid
by cerbie on Sat 29th May 2010 00:55 UTC in reply to "RE[2]: Insipid"
cerbie Member since:
2006-01-02

Not to be a vocabulary nazi, but...

http://www.merriam-webster.com/dictionary/insipid
"1 : lacking taste or savor : tasteless <insipid food>"

http://www.merriam-webster.com/dictionary/tasteless
"2 : not having or exhibiting good taste <a tasteless joke>" (em added)

It fits quite well.

Reply Score: 3

RE[4]: Insipid
by bralkein on Sat 29th May 2010 01:44 UTC in reply to "RE[3]: Insipid"
bralkein Member since:
2006-12-20

Pfft, well if you'll take an American's word for it...

Reply Score: 2

RE[3]: Insipid
by anevilyak on Sat 29th May 2010 01:07 UTC in reply to "RE[2]: Insipid"
anevilyak Member since:
2005-09-14

I'd guess he actually meant "Insidious".

Reply Score: 2

RE: Insipid
by Thom_Holwerda on Sat 29th May 2010 11:14 UTC in reply to "Insipid"
Thom_Holwerda Member since:
2005-06-29

How would you go about setting up such a cron job? I've never done that before, and while there are enough explanations out there on cron in general, I'm wondering what the most optimal solution would be in this specific case. I'd imagine you run a wget command, followed by a cp? Or just wget it straight to /etc/hosts?

Can anyone help out on that one? I'll put it up as a separate article for other users to reference when Googling this stuff.

While we're at it, we may want to gather solutions for other operating systems as well, like Windows and Mac OS X.

Edited 2010-05-29 11:18 UTC

Reply Score: 2

RE[2]: Insipid
by sorpigal on Sat 29th May 2010 17:44 UTC in reply to "RE: Insipid"
sorpigal Member since:
2005-11-02

http://fraglimit.net/st/update-hosts-blocklist

A tiny shell script, using wget as you suggested. Backs up your existing hosts file to hosts.local so nothing will be lost and reverting is easy.

You can drop it in /etc/cron.daily/ and chmod a+x it, or you can put it anywhere and add a crontab line like:

0 0 * * * root /path/to/update-hosts-blocklist

Reply Score: 2

RE[2]: Insipid
by Stratoukos on Sat 29th May 2010 18:13 UTC in reply to "RE: Insipid"
Stratoukos Member since:
2009-02-11

You first have to edit the crontab file, using 'crontab -e'

Each job's format is 'Minute Hour DayOfMonth Month DayOfWeek Command', where each field can be either a value, a * meaning everything or a comma separated list of values. There is also a shorthand where */2 means every two minutes/hours/etc, */10 every ten, etc.

A job that runs everyday would be '0 0 * * * /path/to/script'.
A job that runs twice a year would be '0 0 1 */6 * /path/to/script'
A job that runs every Sunday and Friday would be '0 0 * * 0,5 /path/to/script'.
etc.

The script could be

wget --output-document=$HOME/temp http://someonewhocares.org/hosts/
mv $HOME/temp /path/to/hosts


Of course this isn't as simple as it sounds, since it would overwrite your hosts file and you would lose anything that it contains and isn't already on that list. Perhaps you could write a more complete program that would compare the downloaded list with the existing hosts file and update the file accordignly.

OS X comes already with cron installed, but without wget. You can download it and install it manually or, if you have macports intalled, use 'sudo port install wget'. For Windows I don't know a way to do the same thing, but I imagine it would also involve a scheduler and a script to download and replace the hosts file.

Reply Score: 1

Ouch
by darknexus on Fri 28th May 2010 20:05 UTC
darknexus
Member since:
2008-07-15

I haven't actually encountered this in a while, but the first time I saw it I seriously thought I'd gone nuts... well, more nuts than I already am anyway. Given that this is javascript though, I suspect the reason I haven't seen it in a while is Noscript (mandatory add-on whenever I browse the web) and I don't enable javascript on any web page unless I either use the site frequently or a feature requires it (then the temporary permissions in Noscript come in handy).
I, like the poster above, am also concerned about what this could do if someone manages to exploit it. The clipboard is something common to all GUI oses and all browsers are able to utilize it, and Javascript is the same for this across all platforms. If someone finds a browser-specific exploit with this stuff, it could be very nasty indeed. This is why I use Noscript in the first place, I'm all too aware of what rogue js can do (and not using a certain os is no guarantee of protection), but I understand that a casual user might get annoyed with Noscript.
As for the /etc/hosts bit, I wonder how long that'll be effective? If enough people start doing it, they'll just move the domain name and force everyone to edit /etc/hosts again. If it gets bad enough, they'll probably implement a round-robin approach and keep adding more domains into the list. Best to block this at the browser level, if possible.
And one last centiment: To hell with all these tracking cookies and js tracking, and I hope the companies that implement this die a firey death! Had to get that out of my system. ;)

Reply Score: 3

RE: Ouch
by HackDefendr on Fri 28th May 2010 20:17 UTC in reply to "Ouch"
HackDefendr Member since:
2010-05-21

Try out Ghostery .. extension for IE, FF, and Chrome -- though Chrome does not have the blocking feature yet.

I've killed 5 trackers since being on OSNews to read this story ;)

Reply Score: 2

RE[2]: Ouch
by sbenitezb on Fri 28th May 2010 20:41 UTC in reply to "RE: Ouch"
sbenitezb Member since:
2005-07-22

Thanks for the tip on Ghostery.

Reply Score: 3

RE[2]: Ouch
by darknexus on Fri 28th May 2010 20:43 UTC in reply to "RE: Ouch"
darknexus Member since:
2008-07-15

Try out Ghostery .. extension for IE, FF, and Chrome -- though Chrome does not have the blocking feature yet.

I've killed 5 trackers since being on OSNews to read this story ;)

Ah, nice. Added it to my ff installations, thanks. Seems to be doing its job.

Reply Score: 3

RE: Ouch
by Peter Besenbruch on Sat 29th May 2010 18:04 UTC in reply to "Ouch"
Peter Besenbruch Member since:
2006-03-13

This is why I use Noscript in the first place, I'm all too aware of what rogue js can do (and not using a certain os is no guarantee of protection), but I understand that a casual user might get annoyed with Noscript.


Noscript certainly works in stopping this stuff. Marking "tynt" as "untrusted" basically gets rid of the problem.

As for the /etc/hosts bit, I wonder how long that'll be effective? If enough people start doing it, they'll just move the domain name and force everyone to edit /etc/hosts again. If it gets bad enough, they'll probably implement a round-robin approach and keep adding more domains into the list. Best to block this at the browser level, if possible.


If you go the hosts file route, you need to update it periodically. If you do, you will likely keep blocking "tynt," even if it switches domains. I think you will find domain switching rather uncommon, however. Remember, if "tynt" changes, then the Web sites that use the service must make changes, too. I use the following hosts file: http://mvps.org/winhelp2002/hosts.txt. It blocks "tynt."

Another way to block is to use Adblock Plus. Tynt is blocked by the Easy Privacy list.

Reply Score: 1

RE[2]: Ouch
by cutterjohn on Sun 30th May 2010 15:29 UTC in reply to "RE: Ouch"
cutterjohn Member since:
2006-01-28

heh heh, I use both no script and adblock+, one of the reasons that I abandoned Chrome as it has zero capabilities to offer similar functionality at present. And the latest ff builds "feel" just as fast to me, on the sites that I normally browse, as Chrome does.

(Actually ff's even faster because I was trying the various adblockers for Chrome and found that they all first download the crap, then just hide it instead of blocking in the first place...)

Reply Score: 1

NoScript for the win
by Praxis on Fri 28th May 2010 20:37 UTC
Praxis
Member since:
2009-09-17

Even though Chrome is my preferred browser right now, crap like this always makes me glad for noscript and greesemonkey on firefox, between the two you can usually stop or fix whatever crazy shit websites try to pull on you.

Reply Score: 1

Opera disables this by default?
by Laurence on Fri 28th May 2010 20:40 UTC
Laurence
Member since:
2007-03-26

I've never seen this problem - not even on TechCrunch.
So I can only assume that Opera automatically disables this crap.

Can any other Opera users confirm the same?

[edit]

Upon further investigation, it appears it's an option in Opera that's disabled by default:
"allow scripts to detect context menu events" in the 'JavaScript options' (located on the 'advanced' tab of 'preferences')

Edited 2010-05-28 20:48 UTC

Reply Score: 5

vodoomoth Member since:
2010-03-30

I haven't encountered this URL adding problem with Opera 10.53 on Vista either. On my side, the "allow scripts to detect context menu events" is ticked. So it's probably not (only?) this option that keeps us, Opera users, from that annoying thing. What OS are you using? I've been on both sites (the new yorker and techcrunch) and nothing has been added: ClipDiary shows no url and the clipboard content, when pasted, contains only what I've selected... go figure.

Reply Score: 1

Laurence Member since:
2007-03-26

Ahhh. Maybe it's not that specific option then.

I'm running ArchLinux 64bit

Reply Score: 2

greygandalf Member since:
2008-04-07

Good!
I just tried the given sites, of course I am running opera. No harmful text added to the copy&paste mechanism.

Another plus for Opera!

Chaning copy&paste is always irritating. Skype does it too, by adding tags to qutoe the text, I hate it.

Reply Score: 1

Citation
by daddio1507 on Fri 28th May 2010 20:54 UTC
daddio1507
Member since:
2010-05-28

I actually kind of like this, I cite the works of others I use in my work, this actually saves me a step.

Reply Score: 3

RE: Citation - as a user side plugin, sure
by jabbotts on Sun 30th May 2010 22:18 UTC in reply to "Citation"
jabbotts Member since:
2007-09-06

As a user side plugin it would be of use. I'm surprise there is not already plugins for citation work.

The problem here is that it's implemented on the foreign side of the connection manipulating the local machine. This is also happening without the explicit permission of the user in most cases. Technically, this is a malware attack already even if the payload is currently harmless.

Reply Score: 2

Hey, wait !
by Neolander on Fri 28th May 2010 21:12 UTC
Neolander
Member since:
2010-03-08

Since when does a browser allow a website to control something as basic as copy+paste ?
Such things should be hardwired in the operating system's GUI toolkit and not be left as the mercy of user software... Isn't it ? And even if it's made so, which is bad coding practices, it should not be made tweakable by untrusted javascript code.

Edited 2010-05-28 21:13 UTC

Reply Score: 3

RE: Hey, wait !
by vodoomoth on Fri 28th May 2010 22:40 UTC in reply to "Hey, wait !"
vodoomoth Member since:
2010-03-30

Agreed. But the problem with Javascript is that you don't say "this is trusted" or "this is not trusted".

Reply Score: 1

RE[2]: Hey, wait !
by Neolander on Sat 29th May 2010 07:16 UTC in reply to "RE: Hey, wait !"
Neolander Member since:
2010-03-08

Agreed. But the problem with Javascript is that you don't say "this is trusted" or "this is not trusted".

It's not a big problem. It just means that from a security point of view, ALL Javascript code is untrusted and should not be allowed to take over basic controls of the browser and the operating system like right click and copy n paste ^^

Reply Score: 1

v Use a real OS and Browser :-)
by ggeldenhuys on Fri 28th May 2010 21:27 UTC
RE: Use a real OS and Browser :-)
by righard on Sat 29th May 2010 01:30 UTC in reply to "Use a real OS and Browser :-)"
righard Member since:
2007-12-26

On my girlfriends computer with the same OS and Browser, the crap does get inserted into the clipboard.

Maybe you should consider sending a bug-report.

Reply Score: 2

Interesting.
by baryluk on Fri 28th May 2010 21:58 UTC
baryluk
Member since:
2010-01-02

I have not been aware of this copy/pasting tracking. it is very interesting. What is problematic is that tracking is done by single company, instead of by each website on which i'm. They have pretty good privacy police, but still I would more like if site owners will use own servers for this than some external company (with unknown reputation).

On http://www.tynt.com/support/opt-inout/ you can opt-out. It is probably based on cookies.

Acording to FAQ and Tynt's site, not every website which uses Tynt's services adds link at the bottom of the copied text. I think adding "From TechCrunch: " prefix without new lines will be less invading.

As of tracking what is copied by user I understand it can be usefull information, but still if this is done by single external company isn't good. (OK it is good, becuase then it is easier to block all trafic to tynt.com, and they have nice dashboard and statistics panel, and they are free ;) ).

And there are much more annoying things on some pages, like this trying to disable ctrl-c at all.

BTW. I think in Opera by default JS can't detect or modify usage of contect menu after right-click. (This can be changed in settings).

Edited 2010-05-28 22:01 UTC

Reply Score: 2

No problems in Opera
by deathshadow on Sat 29th May 2010 06:35 UTC
deathshadow
Member since:
2005-07-12

Since it blocks most of that crap in the first place.

It is amazing though how badly many people want to screw their own websites in terms of desirability. Every extra bit of 'gee ain't it neat' crap - from javascript for goofy animations to flash based navigations - from auto-playing music to those annoying "site preview" popups on links... it's just unnecessary bloat that gets between the user and what they actually went to the site for - the CONTENT.

Reply Score: 4

RE: No problems in Opera
by WorknMan on Sat 29th May 2010 06:48 UTC in reply to "No problems in Opera"
WorknMan Member since:
2005-11-13

It is amazing though how badly many people want to screw their own websites in terms of desirability. Every extra bit of 'gee ain't it neat' crap - from javascript for goofy animations to flash based navigations - from auto-playing music to those annoying "site preview" popups on links... it's just unnecessary bloat that gets between the user and what they actually went to the site for - the CONTENT.


Yeah, and what's worse are those damn CSS windows that pop up right in your face - 'We are conducting a survey' or 'Join our community!' I mean, do these website operators not browse the web and understand how ANNOYING this is? The sure stupidity of these people blows my mind. It's like, "Hey, people thought popup windows were annoying and started installing popup blockers, so let's do it with CSS!!!!"

I weep for humanity.

Reply Score: 4

RE[2]: No problems in Opera
by Neolander on Sat 29th May 2010 07:20 UTC in reply to "RE: No problems in Opera"
Neolander Member since:
2010-03-08

I deeply second that. When I see those (almost) unblockable windows, it looks to me like web people will never learn unless we totally remove the ability for them to show any kind of pop-up alert, which is equally stupid because they prove to be pretty useful on e.g e-shopping sites...

Reply Score: 1

No problems here...
by leech on Sat 29th May 2010 22:45 UTC
leech
Member since:
2006-01-10

Well ok, it does indeed put that crap in the clipboard, I'm using Firefox 3.6.3 on Arch Linux.

But I almost always just highlight the text I want, and then middle mouse click to paste it. Javascript can't screw with something that has been part of X11 since as long as I can remember.

Reply Score: 3

I've never run into that issue
by tuaris on Sun 30th May 2010 21:46 UTC
tuaris
Member since:
2007-08-05

I must say, I've never run into that problem. Then again, the DNS server's I use are very good at blocking this type of "bad technology". For anyone interested:

67.21.4.100
71.249.184.157
205.232.175.67

They even block ads from Hulu (and bypass their ad block detection too!).

Reply Score: 1

Copying
by lustyd on Tue 1st Jun 2010 07:32 UTC
lustyd
Member since:
2008-06-19

I have to point out that if these sites are coming up with original content then it's fair enough for them to do this. While I don't agree with the tracking side of it, I don't see a problem limiting what you copy. If you want to link to their content then do so, but if you can't be bothered to even write your own precis then why shouldn't they block you?
I've been a reader of OSNews for many years now, and I like that the news is collected for me and presented well. Perhaps this is a good thing though, and will encourage more obvious links to the content creator's site. It may even mean that we get a synopsis of a story rather than a random snippet of the story. I must admit I always assumed this site was driven by XML feeds until now!

Reply Score: 1