Richard Forno
Sun, 19 Jul 2009 18:43:19 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1FYI here is an exchange I had with some securitygeek friends about an interesting web script I came across over the weekend. Subtle yet scary!
From Rick:Go to Politico.Com and pick an article. Highlight a word, a paragraph, or paragraphs, cut and paste into another document or email message, and you see a built-in "Read More" link at the bottom of the selection you cut. Kind of a convenient way of 'marking' one's content in the age of cut-and-paste.....not exactly DRM or airtight security, but it seems to be a fair, though easily-circumvented (if you want) way of trying to make sure you get credit for your work.
For example, visit this story's page @ http://www.politico.com/news/stories/0709/25083.html.... I highlight the second paragraph, cut and paste into the message below:
"The number of people searching for the term “economic depression� on Google is down to normal levels, Summers said.
Read more: http://www.politico.com/news/stories/0709/25083.html#ixzz0LcaU3Omx "
(Note the "Read More..." is appended to my paste into this message. Sure not there in the article.)
.... same paragraph, by word count. 7 words is the non-URL threshold, as it seems 8 words gets you the URL.
The number of people searching for the (no URL in the cut)The number of people searching for the term (you get the URL when you cut)
....same article, further down: "We pledged at the time the Recovery" (no URL in the cut) "We pledged at the time the Recovery Act" (you get the URL when you cut)Interesting. I gather it's some embedded script, but haven't the time to go check it out. Still, I commend Politico for what seems to be a convenient and unobtrusive way of trying to mark one's content in the age of blogs and Twitter. Can it be cirvumvented? Sure. But IMHO perhaps the intent is to shame folks who go the extra step to remove the URL from said extracts of Politico articles in reposting that content around the web. Then again maybe the script does some spying on what's being done @ the site and with the content for enforcement or tracking purposes??
(That was my original message to some securitygeek friends who cmmented below. Turns out it is not only a handy URL inclusion to extracts of Politico's content, but also a potentially serious and sneaky privacy threat as well. If you're not using a good browser script blocker such as NoScript or YesScript already, you might want to!! My thanks to those who commented and allowed their thoughts put forward here. - rick)
=== begin securitygeek comments === (securitygeek comments anonymized per their request.) ===== Securitygeek #1:: !-- Tynt Tracer-- script type="text/javascript"src="http://tcr.tynt.com/javascripts/Tracer.js?user=bKDyiUp9mr3OhNab7jrHcU&s=22 "
/script !-- //Tynt Tracer-- see www.tynt.comI noticed every time I highlighted something that it was being sent to them.
It's a free service right now, capturing people's highlights and copies. http://tracer.tynt.com/faq-general-product-info ===== Securitygeek #2: All the more reason to be using NoScript. This seems worse than all the uproar over DoubleClick tracking in the past. Now they are tracking the specific words you are interested in in addition to the URLs. I can see the future. You cut a paragraph about the accuracy of a search engine and when you paste you get an ad banner and link to Bing. Unless you turn off JavaScript you are potentially sending everything you do in the browser to 3rd parties and they can also control your experience beyond the browser as in this clipboard usage. Quite ingenious. =======Securitygeek #3: So I went to Tynt's site. The first thing that is interesting is to see the flash description of what Tynt is on the front page you need to enable JavaScript from tynt.com. Nice trick guys. How many people will then disable it later? Then from the FAQ: Q. What about user privacy? A. None of the data that Tynt Tracer tracks can be used to uniquely identify an individual user. Then from the Privacy Policy TYNT may use information you have provided in registering for, or use in, TYNT Products without directly or indirectly identifying you, to third parties. This may be done, for example, in order to identify the number of people visiting a specific web site, or commenting on a certain product, person, or idea. This may be used to provide advertisements to you on products or services that will potentially be more interesting or relevant to you. Under no circumstances will we provide information identifying you to a third party, rather we will pass on an advertising announcement to you, but we will not tell the third party who you are. The interesting thing is people are using Tynt products without even really knowing it. If a blog is using Tynt and you interact with that blog then you are using Tynt. How many people are going to know to read this privacy policy? -----BEGIN PGP SIGNATURE----- Version: 9.8.3.4028 Comment: Rick's Current Public Key @ http://infowarrior.org/pgpkey.txt wj8DBQFKY8uWKWZyO29ebPYRAmbBAJwK9HDt6zZl1+lJivZ93/KGlWuOtACeK00Z 6/xfHg2BOP1rX/+M14GpOlU= =NLtV -----END PGP SIGNATURE-----
_______________________________________________ Infowarrior mailing list Infowarrior@attrition.org https://attrition.org/mailman/listinfo/infowarrior