
Copy & paste some text from this article. Notice anything funny? - nickmolnar2
http://www.techvibes.com/blog/just-the-bill-turns-receipt-photos-into-expenses
======
tyntguy
Yes, that is us, Tynt (www.tynt.com) on all the sites mentioned. Our analytics
are tracking hundreds of thousands of sites worldwide. The attribution link
feature is something that individual site owners can turn on and off. Also
note that we don't track any personally identifiable information. We track
content and help publishers learn what content of theirs people are finding
most engaging.

What if I don’t want this behavior? We are currently working on a global opt
out for users who would rather not have Tynt monitor their actions when they
visit a site. In the interim you can opt out on a site by site basis (i.e. the
opt out for the SF Gate is here:
[http://www.sfgate.com/chronicle/faq.shtml#faq1.5#ixzz0bxLIAb...](http://www.sfgate.com/chronicle/faq.shtml#faq1.5#ixzz0bxLIAbL7)

More info on Tynt is available in our FAQs here: <http://www1.tynt.com/faq-
technical-topics#ixzz0bxGzIgPZ>

~~~
ryanwaggoner
Just curious...how did you find this story on HN so quickly?

~~~
sucuri2
He replied 2 hours after... Not so quickly.

~~~
ryanwaggoner
Pretty fast if you're being mentioned all over the web and you're not already
a HN user (he just signed up for that comment), AND neither the story linked
to or the title on HN said anything about Tynt or what they do.

~~~
emilam
Someone mentioned tynt in an earlier comment

------
vColin
37Signals covered this or something similar:
[http://37signals.com/svn/posts/2087-smart-pasting-at-the-
new...](http://37signals.com/svn/posts/2087-smart-pasting-at-the-new-yorker-
site).

Tynt (<http://www.tynt.com/>) was the "culprit" in that case and looks so
here.

------
bmelton
In case anybody else doesn't see it immediately (it took me a couple of tries)
-- the 'funny' bit is that it automagically appends "Read More: <link>" to
your selection.

I haven't pored through their code, but I already know that my initial
suspicion (binding CTRL+C with JS) isn't accurate, as right-clicking -> copy
also appends it.

It's interesting at the very least, and I don't know how they're doing it.
Anybody have an idea?

~~~
sounddust
In fact, your initial suspicion seems to be correct after a (very quick)
glance at the code. They are handling both of those cases separately.

<http://tcr.tynt.com/javascripts/Tracer.js>

------
roc
Nope. Thanks NoScript!

~~~
coderdude
How quaint.

~~~
jrockway
NoScript is a whitelisting system, not a "I never use JavaScript" system. You
load a page and if it doesn't work, _then_ you enable its JavaScript content
through a convenient menu. (It even bolds the scripts that are likely to cause
problems when not enabled.)

In this case, the site works fine without the clipboard-hacking JavaScript
running, so it just stays disabled and the OP doesn't get random data from a
website written to his clipboard. If he wants that functionality, though, it's
one click away.

What's quaint is trusting websites to run arbitrary code on your machine, as
your regular user.

~~~
coderdude
You often can't tell when you're missing out on a feature due to JS being
disabled. It isn't always visually obvious. Am I missing something or is there
a trust system to this whole VM thing?

Edit: To put it better perhaps, are you worried that they can execute
arbitrary code on your CPU as your user on your OS? Or are you just worried
that they might paste a link into your clipboard?

~~~
jerf
Are you running NoScript? May I assume not? If so, then may I point out that
you are hypothesizing what using NoScript is like to a user of NoScript while
you have no direct experience? This is a structurally-unsound argumentative
position for you to be in.

(No, any experience you may have shutting it off entirely does _not_ count.
NoScript is smarter than that and does not work that way.)

I do use it. It is two to three times less common for me to be surprised by
secret JavaScript functionality on a site than for me to be surprised going
into the comment sections of HN or reddit and seeing people complain about
some bad thing that I didn't experience. That is a serious estimate. And the
thing I missed out on is rarely important. (The most common exception to that
is when you _need_ JS to go to the next page. Frequently I decide I don't care
enough anyhow.)

Malicious Javascript can do some weird and nasty things, but mostly I run it
because it makes the web less annoying. That it tends to prevent exploits from
working is just gravy. (Exploits often fail against a 64 bit gentoo-based
Firefox anyhow, but still, careful is good.)

------
decklin
Nope; I'm using
[https://chrome.google.com/extensions/detail/epieehnpcepgfiil...](https://chrome.google.com/extensions/detail/epieehnpcepgfiildhdklacomihpoldk).

------
aphyr
Nope. I use select/middle-click to copy/paste. :)

~~~
twopoint718
Yeah I didn't notice what people were talking about for a bit. I almost always
use highlight + middle-click. This:

<http://www.jwz.org/doc/x-cut-and-paste.html>

is an interesting article about the different avenues that text can take under
X.

------
sliverstorm
Am I the only one who isn't scared of all files ending in .js? I think it's
kind of cool.

Possibilities are already popping into my head. This could in the future make
citations and references really easy, for starters! Tick an option, or copy
with a certain key set, and bam you have the quote and an IEEE-style citations
entry in the paste buffer.

------
andre
If you're interested, here's how to do it:
[http://brooknovak.wordpress.com/2009/07/28/accessing-the-
sys...](http://brooknovak.wordpress.com/2009/07/28/accessing-the-system-
clipboard-with-javascript/)

~~~
cduruk
I think they do it by adding a div right under the selected text.

------
mtarnovan
I was expecting to see an attribution link, but it didn't work. I don't block
JS or anything; turns out this doesn't work if you copy-paste via drag-drop.

------
jayair
I've noticed this behavior on quite a few sites recently. It was annoying
since I was trying to quote a bunch of sites and I had to remove the links at
the end every time.

Now it makes me double check every time I copy and paste. At first thought
this might not seem too bad but modifying basic user behavior should be
frowned upon.

------
Goladus
This is actually pretty handy. On the one hand, javascript that messes with
the user like this strikes me as unethical (it really angers me when basic
functionality is usurped like this), this one would actually save me time in
the long run. Usually when I copy/paste text from an article on one tab to a
form on another, I also copy and paste the link as well. Usually that involves
two trips to the article's tab. I wouldn't have to do that with this article.

~~~
Groxx
I agree, I typically despise this sort of thing, though not as much as right-
click hijacking (with a few exceptions). This one is useful, though, and it
makes a LOT of sense to have on a news-like website (lots of people don't
include attribution, this makes including it the easiest option, thus more
will include it).

------
ronnier
Politico.com does the same thing:
<http://www.politico.com/news/stories/0110/32217.html>

------
Volscio
Here's my Google doc on how to disable clipboard hijacking on certain sites:
[https://docs.google.com/Doc?docid=0ASuZYyoQwvDoZGdqYnY5cndfM...](https://docs.google.com/Doc?docid=0ASuZYyoQwvDoZGdqYnY5cndfMTNkdHNkZzUycQ&hl=en)
Accepting tips, suggestions, additions of other offending sites...

------
jrockway
Doesn't seem to work in w3m-el.

------
bryanalves
I didn't notice anything either. I had to go and read the rest of the comments
here to see what was actually supposed to happen.

Although, these comments did serve as a remindeer for me to give NoScript a
chance again.

------
_delirium
Hmm, doesn't seem to be able to insert anything into the typical X11 middle-
click-paste mechanism. It does insert the URL if I use Gnome's ctrl+c/ctrl+v,
but I never use that.

------
blhack
Huffington post does the same thing with their article headlines. Users are
always copy/pasting them into the story submission fields on a website I run.

It's very very annoying.

------
gnoupi
Nope, I use Opera ;)

------
jodrellblank
_Copy & paste some text from this article. Notice anything funny?_

No?

(Thanks, <http://www.ghostery.com/> !)

------
headShrinker
I noticed that the article tried to make a call to ads.techvibes.com:80, but
Little Snitch reported it and I denied it.

~~~
adamse
Well, it is probably for ads and doesn't have anything to do with this item.

------
callmeed
The Chronicle does this too. Copy from any article inside www.sfgate.com and
it does the same.

FYI, works in Chrome/Mac for me.

------
vais
Does not do anything funny on the iPhone (tried both the mobile and regular
version of the site).

------
JshWright
View Source -> Copy at will

------
Luyt
Nothing unusual observed. I browse with Javascript off, btw.

------
barrkel
I didn't notice anything. Then again, I have tynt adblocked.

------
ComputerGuru
Nothing happening here with select + ctrl+C on Chrome/Mac.

------
dminio
Didn't notice anything. NoScript is my friend, I guess.

------
seejay
Nope! :P what does it do?

------
chrischen
Nothing on the iPhone!

------
keefe
nothing special happened for me

