Copy & paste some text from this article. Notice anything funny? (opens in new tab)

(techvibes.com)

76 pointsnickmolnar216y ago53 comments

53 comments

48 comments · 30 top-level

roc16y ago· 6 in thread

Nope. Thanks NoScript!

coderdude16y ago

How quaint.

jrockway16y ago

NoScript is a whitelisting system, not a "I never use JavaScript" system. You load a page and if it doesn't work, then you enable its JavaScript content through a convenient menu. (It even bolds the scripts that are likely to cause problems when not enabled.)

In this case, the site works fine without the clipboard-hacking JavaScript running, so it just stays disabled and the OP doesn't get random data from a website written to his clipboard. If he wants that functionality, though, it's one click away.

What's quaint is trusting websites to run arbitrary code on your machine, as your regular user.

coderdude16y ago

You often can't tell when you're missing out on a feature due to JS being disabled. It isn't always visually obvious. Am I missing something or is there a trust system to this whole VM thing?

Edit: To put it better perhaps, are you worried that they can execute arbitrary code on your CPU as your user on your OS? Or are you just worried that they might paste a link into your clipboard?

1 more reply

tyrelb16y ago

Using NoScript, do you block ALL .js files, or just selected ones?

Doesn't NoScript / using no .js break many web 2.0 ajax sites?

Seiwynn16y ago

It initially blocks all, and you can choose to allow js from domains on a case by case basis.

For example, on the Hacker News main page, i allow js from ycombinator.com and forbid js from co2stats.com

mikeryan16y ago

Because you're against HN offsetting it's carbon footprint?

2 more replies

tyntguy16y ago· 5 in thread

Yes, that is us, Tynt (www.tynt.com) on all the sites mentioned. Our analytics are tracking hundreds of thousands of sites worldwide. The attribution link feature is something that individual site owners can turn on and off. Also note that we don't track any personally identifiable information. We track content and help publishers learn what content of theirs people are finding most engaging.

What if I don’t want this behavior? We are currently working on a global opt out for users who would rather not have Tynt monitor their actions when they visit a site. In the interim you can opt out on a site by site basis (i.e. the opt out for the SF Gate is here: http://www.sfgate.com/chronicle/faq.shtml#faq1.5#ixzz0bxLIAb...

More info on Tynt is available in our FAQs here: http://www1.tynt.com/faq-technical-topics#ixzz0bxGzIgPZ

ryanwaggoner16y ago

Just curious...how did you find this story on HN so quickly?

mahmud16y ago

Google Alerts, my man. Excellent for putting out fires, btw.

tdmackey16y ago

I imagine a surge of users from news.yc set off a few flags considering their product is intended to monitor this sort of thing.

sucuri216y ago

He replied 2 hours after... Not so quickly.

ryanwaggoner16y ago

Pretty fast if you're being mentioned all over the web and you're not already a HN user (he just signed up for that comment), AND neither the story linked to or the title on HN said anything about Tynt or what they do.

1 more reply

bmelton16y ago· 2 in thread

In case anybody else doesn't see it immediately (it took me a couple of tries) -- the 'funny' bit is that it automagically appends "Read More: <link>" to your selection.

I haven't pored through their code, but I already know that my initial suspicion (binding CTRL+C with JS) isn't accurate, as right-clicking -> copy also appends it.

It's interesting at the very least, and I don't know how they're doing it. Anybody have an idea?

sounddust16y ago

In fact, your initial suspicion seems to be correct after a (very quick) glance at the code. They are handling both of those cases separately.

http://tcr.tynt.com/javascripts/Tracer.js

steveklabnik16y ago

I didn't notice because I highlighted + middle clicked.

aphyr16y ago· 2 in thread

Nope. I use select/middle-click to copy/paste. :)

twopoint71816y ago

Yeah I didn't notice what people were talking about for a bit. I almost always use highlight + middle-click. This:

http://www.jwz.org/doc/x-cut-and-paste.html

is an interesting article about the different avenues that text can take under X.

est16y ago

I am drag & drop

andre16y ago· 1 in thread

If you're interested, here's how to do it: http://brooknovak.wordpress.com/2009/07/28/accessing-the-sys...

cduruk16y ago

I think they do it by adding a div right under the selected text.

Goladus16y ago· 1 in thread

This is actually pretty handy. On the one hand, javascript that messes with the user like this strikes me as unethical (it really angers me when basic functionality is usurped like this), this one would actually save me time in the long run. Usually when I copy/paste text from an article on one tab to a form on another, I also copy and paste the link as well. Usually that involves two trips to the article's tab. I wouldn't have to do that with this article.

Groxx16y ago

I agree, I typically despise this sort of thing, though not as much as right-click hijacking (with a few exceptions). This one is useful, though, and it makes a LOT of sense to have on a news-like website (lots of people don't include attribution, this makes including it the easiest option, thus more will include it).

headShrinker16y ago· 1 in thread

I noticed that the article tried to make a call to ads.techvibes.com:80, but Little Snitch reported it and I denied it.

adamse16y ago

Well, it is probably for ads and doesn't have anything to do with this item.

vColin16y ago

37Signals covered this or something similar: http://37signals.com/svn/posts/2087-smart-pasting-at-the-new....

Tynt (http://www.tynt.com/) was the "culprit" in that case and looks so here.

decklin16y ago

Nope; I'm using https://chrome.google.com/extensions/detail/epieehnpcepgfiil....

sliverstorm16y ago

Am I the only one who isn't scared of all files ending in .js? I think it's kind of cool.

Possibilities are already popping into my head. This could in the future make citations and references really easy, for starters! Tick an option, or copy with a certain key set, and bam you have the quote and an IEEE-style citations entry in the paste buffer.

mtarnovan16y ago

I was expecting to see an attribution link, but it didn't work. I don't block JS or anything; turns out this doesn't work if you copy-paste via drag-drop.

jayair16y ago

I've noticed this behavior on quite a few sites recently. It was annoying since I was trying to quote a bunch of sites and I had to remove the links at the end every time.

Now it makes me double check every time I copy and paste. At first thought this might not seem too bad but modifying basic user behavior should be frowned upon.

ronnier16y ago

Politico.com does the same thing: http://www.politico.com/news/stories/0110/32217.html

Volscio16y ago

Here's my Google doc on how to disable clipboard hijacking on certain sites: https://docs.google.com/Doc?docid=0ASuZYyoQwvDoZGdqYnY5cndfM... Accepting tips, suggestions, additions of other offending sites...

jrockway16y ago

Doesn't seem to work in w3m-el.

bryanalves16y ago

I didn't notice anything either. I had to go and read the rest of the comments here to see what was actually supposed to happen.

Although, these comments did serve as a remindeer for me to give NoScript a chance again.

_delirium16y ago

Hmm, doesn't seem to be able to insert anything into the typical X11 middle-click-paste mechanism. It does insert the URL if I use Gnome's ctrl+c/ctrl+v, but I never use that.

blhack16y ago

Huffington post does the same thing with their article headlines. Users are always copy/pasting them into the story submission fields on a website I run.

It's very very annoying.

gnoupi16y ago

Nope, I use Opera ;)

jodrellblank16y ago

Copy & paste some text from this article. Notice anything funny?

No?

(Thanks, http://www.ghostery.com/ !)

callmeed16y ago

The Chronicle does this too. Copy from any article inside www.sfgate.com and it does the same.

FYI, works in Chrome/Mac for me.

vais16y ago

Does not do anything funny on the iPhone (tried both the mobile and regular version of the site).

JshWright16y ago

View Source -> Copy at will

Luyt16y ago

Nothing unusual observed. I browse with Javascript off, btw.

barrkel16y ago

I didn't notice anything. Then again, I have tynt adblocked.

ComputerGuru16y ago

Nothing happening here with select + ctrl+C on Chrome/Mac.

dminio16y ago

Didn't notice anything. NoScript is my friend, I guess.

seejay16y ago

Nope! :P what does it do?

chrischen16y ago

Nothing on the iPhone!

keefe16y ago

nothing special happened for me

j / k navigate · click thread line to collapse

53 comments

48 comments · 30 top-level

roc16y ago· 6 in thread

Nope. Thanks NoScript!

coderdude16y ago

How quaint.

jrockway16y ago

What's quaint is trusting websites to run arbitrary code on your machine, as your regular user.

coderdude16y ago

You often can't tell when you're missing out on a feature due to JS being disabled. It isn't always visually obvious. Am I missing something or is there a trust system to this whole VM thing?

Edit: To put it better perhaps, are you worried that they can execute arbitrary code on your CPU as your user on your OS? Or are you just worried that they might paste a link into your clipboard?

1 more reply

tyrelb16y ago

Using NoScript, do you block ALL .js files, or just selected ones?

Doesn't NoScript / using no .js break many web 2.0 ajax sites?

Seiwynn16y ago

It initially blocks all, and you can choose to allow js from domains on a case by case basis.

For example, on the Hacker News main page, i allow js from ycombinator.com and forbid js from co2stats.com

mikeryan16y ago

Because you're against HN offsetting it's carbon footprint?

2 more replies

tyntguy16y ago· 5 in thread

More info on Tynt is available in our FAQs here: http://www1.tynt.com/faq-technical-topics#ixzz0bxGzIgPZ

ryanwaggoner16y ago

Just curious...how did you find this story on HN so quickly?

mahmud16y ago

Google Alerts, my man. Excellent for putting out fires, btw.

tdmackey16y ago

I imagine a surge of users from news.yc set off a few flags considering their product is intended to monitor this sort of thing.

sucuri216y ago

He replied 2 hours after... Not so quickly.

ryanwaggoner16y ago

1 more reply

bmelton16y ago· 2 in thread

In case anybody else doesn't see it immediately (it took me a couple of tries) -- the 'funny' bit is that it automagically appends "Read More: <link>" to your selection.

I haven't pored through their code, but I already know that my initial suspicion (binding CTRL+C with JS) isn't accurate, as right-clicking -> copy also appends it.

It's interesting at the very least, and I don't know how they're doing it. Anybody have an idea?

sounddust16y ago

In fact, your initial suspicion seems to be correct after a (very quick) glance at the code. They are handling both of those cases separately.

http://tcr.tynt.com/javascripts/Tracer.js

steveklabnik16y ago

I didn't notice because I highlighted + middle clicked.

aphyr16y ago· 2 in thread

Nope. I use select/middle-click to copy/paste. :)

twopoint71816y ago

Yeah I didn't notice what people were talking about for a bit. I almost always use highlight + middle-click. This:

http://www.jwz.org/doc/x-cut-and-paste.html

is an interesting article about the different avenues that text can take under X.

est16y ago

I am drag & drop

andre16y ago· 1 in thread

If you're interested, here's how to do it: http://brooknovak.wordpress.com/2009/07/28/accessing-the-sys...

cduruk16y ago

I think they do it by adding a div right under the selected text.

Goladus16y ago· 1 in thread

Groxx16y ago

headShrinker16y ago· 1 in thread

I noticed that the article tried to make a call to ads.techvibes.com:80, but Little Snitch reported it and I denied it.

adamse16y ago

Well, it is probably for ads and doesn't have anything to do with this item.

vColin16y ago

37Signals covered this or something similar: http://37signals.com/svn/posts/2087-smart-pasting-at-the-new....

Tynt (http://www.tynt.com/) was the "culprit" in that case and looks so here.

decklin16y ago

Nope; I'm using https://chrome.google.com/extensions/detail/epieehnpcepgfiil....

sliverstorm16y ago

Am I the only one who isn't scared of all files ending in .js? I think it's kind of cool.

mtarnovan16y ago

I was expecting to see an attribution link, but it didn't work. I don't block JS or anything; turns out this doesn't work if you copy-paste via drag-drop.

jayair16y ago

I've noticed this behavior on quite a few sites recently. It was annoying since I was trying to quote a bunch of sites and I had to remove the links at the end every time.

Now it makes me double check every time I copy and paste. At first thought this might not seem too bad but modifying basic user behavior should be frowned upon.

ronnier16y ago

Politico.com does the same thing: http://www.politico.com/news/stories/0110/32217.html

Volscio16y ago

jrockway16y ago

Doesn't seem to work in w3m-el.

bryanalves16y ago

I didn't notice anything either. I had to go and read the rest of the comments here to see what was actually supposed to happen.

Although, these comments did serve as a remindeer for me to give NoScript a chance again.

_delirium16y ago

Hmm, doesn't seem to be able to insert anything into the typical X11 middle-click-paste mechanism. It does insert the URL if I use Gnome's ctrl+c/ctrl+v, but I never use that.

blhack16y ago

Huffington post does the same thing with their article headlines. Users are always copy/pasting them into the story submission fields on a website I run.

It's very very annoying.

gnoupi16y ago

Nope, I use Opera ;)

jodrellblank16y ago

Copy & paste some text from this article. Notice anything funny?

No?

(Thanks, http://www.ghostery.com/ !)

callmeed16y ago

The Chronicle does this too. Copy from any article inside www.sfgate.com and it does the same.

FYI, works in Chrome/Mac for me.

vais16y ago

Does not do anything funny on the iPhone (tried both the mobile and regular version of the site).