Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
DRM Security

JavaScript User Prohibitions Are Like Content DRM, But Even Less Effective (teleread.com) 188

Robotech_Master writes: It always puzzles me whenever I run across a post somewhere that uses JavaScript to try to prevent me from copying and pasting text, or even viewing the source. These measures are simple enough to bypass just by disabling JavaScript in my browser. It seems like these measures are very similar to the DRM publishers insist on slapping onto e-books and movie discs—easy to defeat, but they just keep throwing them on anyway because they might inconvenience a few people.
This discussion has been archived. No new comments can be posted.

JavaScript User Prohibitions Are Like Content DRM, But Even Less Effective

Comments Filter:
  • by Anonymous Coward on Monday December 21, 2015 @11:54PM (#51163435)

    Nobody expects a "No Trespassing" sign to stop anybody from really doing anything they shouldn't, heck, you shouldn't expect your home locks to stop a burglar, and no, nobody thinks a "No Guns allowed" sign stops anybody with firearms.

    But once you say "Stop, don't do it" then anybody making the effort to continue, no matter how trivial, has made an intentional action on their part.

    • by Alwin Henseler ( 640539 ) on Tuesday December 22, 2015 @12:37AM (#51163591)

      You might have been right if the DRM applied aligns 100% with legal boundaries. That is, allow what's legal and prevent illegal uses. And keeps doing so as circumstances / place / time changes.

      But in practice, it never does. DRM on an e-book that prevents copying period, also prevents copying small snippets to use as quote. Which is perfectly legal - see "fair use".

      Unlike author claims, the DRM on Blu-rays is far from broken. If it were, playing them on open source operating systems like Linux would be as easy as playing DVD's on there. But that's not the case. There's databases of per-disk decoding keys floating around. There's libraries that emulate some sort of virtual machine that's built into 'authorised' playback devices. There's other libraries that cut through parts of the DRM bullshit, or attempt to streamline the process.
      But all of these are kludges, there's no 100% guarantee that a random Blu-ray will play (using open source, at the moment), and it's a lot of hassle for users who are just trying to play discs they legally purchased. I'm sure it's only a matter of time before the DRM on Blu-rays will be as irrelevant as that on DVD's, but we're not there yet and in any case it doesn't change the annoyance factor one bit.
      What's more: these issues mostly bother legal users, those who download movies illegally couldn't care less. But the DRM will still be in place as long as the discs itself. Regardless of legalities.

      There's countless examples like that. The technical measures are practically never capable of following legal developments, nor do they adapt to local jurisdiction. Or have a built-in kill switch that 'frees' a product when legal restrictions end. In my personal opinion: DRM simply lowers the value of products that it's applied to, PERIOD. Sometimes to the point of making those products worthless. Some DRM is just more annoying or difficult to circumvent than others.

      • In my personal opinion: DRM simply lowers the value of products that it's applied to, PERIOD. Sometimes to the point of making those products worthless.

        This is the reason I don't buy Blu Ray disks, ever, but continue to buy DVD's. The first thing I do with DVD's I buy is to extract them to my home media server, to keep the original disk safe and to be able to watch the movie from any computer in my house. Blu Ray makes this so painful that I just won't buy any. That type of access restriction lowers the value of Blu Ray to zero.

        I totally get why illegal movie downloaders claim that the movie studios are the biggest cause of illegal movie downloading.

      • But in practice, it never does. DRM on an e-book that prevents copying period, also prevents copying small snippets to use as quote. Which is perfectly legal - see "fair use".

        I'm sorry to hear that your fingers are broken and you can't type up your paper / article / whatever. By the way, how did you manage to write the rest of the words, including the proper citations of the text you wanted to copy? And hoooo boy, what if you wanted something from a physical book? Scan and OCR or just get lazy and take a photo of the page?

      • DRM doesn't plug the analog hole. If you wan't to copy small snippets from a book, type them in by hand like I do. The trivial cut-and-paste blocks aren't intended to prevent copying, only to make it more inconvenient. Agreed, it would be nice to have technological countermeasures better aligned with the legal restrictions, but the technology changes a lot faster than the legal framework for dealing with technology, and lawyers don't make any effort to align the law with the technology, do they?
    • by gl4ss ( 559668 )

      just because something blocks you from accessing a context menu doesn't mean that you're not allowed to press save as.

      besides, for all your examples you would notice if someone did that.

      furthermore, are you really so stupid that you think people don't generally leave their guns at home when boarding a flight because there's signs(rules) saying so? wtf man, wtf. how would you know if a bar banned open carry if they did not post a sign. those signs, they stop a plenty of people from doing things other people

      • by Bert64 ( 520050 )

        A sign is a notification...
        A notification on a website could be placed within the text of the site itself, using javascript is a very poor attempt to do more than just post a sign...
        It's more akin to an extremely low fence.

        The worst part is that whoever requests stuff like this be added generally believe it's actually effective, but all it does is serve to irritate users.

    • by Z00L00K ( 682162 )

      But this also prevents those that may just want to make a quote and then link to the full story at the site.

      The practice to think that all such actions are evil intended is sick.

    • Comment removed based on user account deletion
    • by harl ( 84412 )
      Except that keeping people out isn't the point of "No Trespassing" signs. A legal requirement of trespassing is that you have to be told that you are not allowed there. Thus if there are no signs then you cannot be prosecuted unless an authorized agent finds you in the act and requests your departure.
  • Trivial to bypass (Score:5, Interesting)

    by PhantomHarlock ( 189617 ) on Tuesday December 22, 2015 @12:00AM (#51163455)

    I am a photographer, and I have no problem sharing this:

    If you want to get around the image obfuscation used by most photo sharing sites and more and more news sites, open up firefox, and go to view -> page style -> no style. That usually gives you the actual image displayed somewhere in the resulting page. No plugins needed.

    If you want to better ensure your name stays with an image, watermark it, and add meta-data. Depending on how annoying the watermark is, someone could take the time to paint it out, and meta data is trivial to strip. As the saying goes, if you can see it, you can take it. If you're that worried about it, don't show it to anyone.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      I've used DigiMarc for years as a way to invisibly watermark images. The only time I've had to use this was someone linking to images on my website, using my bandwidth. I changed the pics the links he pointed to, to random 4chan memes. He then threatened to sue, and claimed ownership of my images. Well, a DMCA takedown notice sent to his ISP and the ISP above him did the job. I then change my web code to only let people with a Referer header from my site view the pictures (primitive, but deters stuff),

    • Re:Trivial to bypass (Score:4, Interesting)

      by thegarbz ( 1787294 ) on Tuesday December 22, 2015 @02:27AM (#51163779)

      I like Flickr's attempt at blocking the image. If I want to download an image in Chrome I normally right click the image and hit S on the keyboard. Then save it somewhere. If a Flickr image is marked as download disabled and I right click an image in Chrome and click S I still get given a familiar save as dialogue. Except this time since Chrome doesn't think I clicked on an image it downloads the page. .... with the image at every available resolution. Just sorting the resulting folder by size gives the image.

      This isn't even a wilful bypass, it's an accidental bypass.

    • by Falos ( 2905315 )

      >If you're that worried about it, don't show it to anyone.

      This. "Three men can keep a secret if two are dead."

      Once you release something in the wild, any illusion of control over it exists on a voluntary basis. If you want moral (but not logistical) claim over it, put it behind conditional agreement. You don't see corporates protect their trade secrets with propaganda posters - you have people sign a fucking NDA and you STILL maintain a need-to-know over sensitives that you keep relatively quarantined.

      Because information is a contagion, not a possession.

  • by Anonymous Coward on Tuesday December 22, 2015 @12:01AM (#51163461)

    ... telling her how dumb this is. She knows, she didn't put those wheels into motion herself, and she sounds pretty gutted and apologetic.

    Play nice.

    • That's why I added the update right at the top explaining about that before the story even got picked up on Slashdot.

  • Yeah. Scripting - it's shut off unless needed. For me to enable any scripting I really do have to want the cheese.

    I'd rather find another site before any scripting is enabled in my browsers - and to accentuate my level of paranoia - I stopped loading Adobe stuff 5 years ago.

    • by ls671 ( 1122017 )

      Yeah. Scripting - it's shut off unless needed. For me to enable any scripting I really do have to want the cheese.

      Please enable javascript to see the big boobs then, please download and install our special plugin to see everything...

    • Don't forget to turn off cookies too.

  • "Few"? (Score:5, Insightful)

    by Ixokai ( 443555 ) on Tuesday December 22, 2015 @12:11AM (#51163495)

    I think you underestimate how many people this sort of thing stops. Yeah, it won't stop most techheads, but the inconvenience is enough to stop most people. Hell, most people don't even know you can turn off javascript. Most people don't even know what javascript is.

    That's sufficient for their purposes, really. They can't stop everyone, no system is perfect, its enough for them to minimize it.

    • by Art3x ( 973401 )

      I read the article, and it turns out it isn't mainly about how easy it is to bypass JavaScript restrictions. That's a part of it, and maybe he needs to be reminded of the majority's computer competence. But that's not the gist.

      It wasn't so much, "Ha ha, watch me bypass your flimsy JavaScript." It was more, "Oh the senseless inconvenience you put me and others through," and "This copy-blocking clashes with the Internet like a plaid shirt and checkered pants". A few of his points:

      1. If you don't want your stu

      • Oh, and don't forget:

        5. The way the DMCA is written it doesn't matter how pathetic or useless the lock is, merely that someone tried to digitally protect it.

        So, don't forget that defeating this flimsy javascript, is (according to a law bought and paid for by the copyright cartel) just the same as defeating crypto or breaking a physical lock.

        And those people don't recognize any of your points like how this incompatible with the intertubes. They bought a law which doesn't give a crap about any of that. Jus

        • Actually there is a court tested exception where if you crack the "lock" yourself it is okay. It is using someone else's tool that will get you into trouble. The trivial case of the web-browser based "protection" gives a practical application of this.

          Now, its a defense not immunity so it doesn't protect against a lawsuit. However, you shouldn't run afoul of the DMCA on that particular point.

        • Oh, and don't forget:

          5. The way the DMCA is written it doesn't matter how pathetic or useless the lock is, merely that someone tried to digitally protect it.

          So, don't forget that defeating this flimsy javascript, is (according to a law bought and paid for by the copyright cartel) just the same as defeating crypto or breaking a physical lock.

          Nope. You installed NoScript, or had javascript turned off due to annoying pop-ups, either done for legitimate reasons, then when you visited the site in question saw something you liked and copy/pasted it. No warning appeared. The fact that a "protection mechanism" was applied, but it only did anything when a subset (even if majority) of people went there, means they would have no valid recourse against you. Unless, perhaps, you were stupid enough to brag about how you got around their protections, but

      • So much the #4. Yes, there are counterexamples*. But anyone who is actually interested in stealing stuff can put in the extremely modest effort to discover how to bypass Javascript protections.

        Put it this way: if so many people can work out that they need to download a torrent application and then wade through torrent search results in order to pirate a movie I think anyone interested in plagiarism can work out turning off Javascript.

        * my wife discovered that some of her online photographs had been "stolen"

    • "I think you underestimate how many people this sort of thing stops [...] That's sufficient for their purposes, really. They can't stop everyone, no system is perfect, its enough for them to minimize it."

      Probably you are right, and that's a problem on its own: most users don't know how to bypass these kind of measures... but most providers seem not to know what they are doing either.

      A naive example: I was looking for a second hand car and I was taking notes on candidates: some sites didn't allow me to copy

    • They can't stop everyone, no system is perfect, its enough for them to minimize it.

      Minimising only works if you can provide the same restrictions on all plays of the content. If you only minimise then the content "becomes available" by other means. Once it's available non-techheads have no problem accessing the content.

      e.g. Blu-ray. My girlfriend has no idea how to rip a blu-ray, doesn't have the hardware, the codecs, doesn't know which software she needs to decrypt it, or how the encryption scheme works. That doesn't stop her from having files like The.Avengers.x264.bluray-[guy-who-did-t

  • by rsilvergun ( 571051 ) on Tuesday December 22, 2015 @12:12AM (#51163503)
    be to trigger the DMCA. No matter how trivial it is you just violated the law by bypassing it...

    Also how slow a news day does it have to be for this to make the front page of /.? Seriously, it's not even a blog post. There's no content.
    • The DMCA's text cites "effective measures" being circumvented. Not sure this little trick qualifies. Wouldn't want to have to argue it in court, of course. ;)

  • Aggregators (Score:4, Informative)

    by Bite The Pillow ( 3087109 ) on Tuesday December 22, 2015 @12:13AM (#51163507)

    Years ago, fark.com went from external images to hosted images. I didn't see the endgame.

    This week, JavaScript is required to load the images. It's vendor lock in all over again. Because who uses an external host if you can just click upload?

    And then I see the same advert every 5 posts.

    Forbes is a white page to me, LATimes us just the menu with a word or two, and several other sites have absolute divs that cover most of the content.

    Your whining about idiotic DRM is just the tip of the iceberg. Bypassing by disabling is one thing. Loading a giant page that renders illegibly requires server resources that, as long as I mostly have wi fi, I'm willing to refresh repeatedly to ensure it really is a problem with the site.

    • by Ksevio ( 865461 )
      Moving to hosted images is probably more of a security/privacy thing since external images would let you track every person that viewed them. It also helps weak servers that might not be able to handle the load.
      • > since external images would let you track every person that viewed them.

        It's particularly crucial to Akamai and ad.doubleclick.net's collaborations. (http://motifcdn2.doubleclick.net/EMEA/ad-in-a-box/LiveStreaming/LiveStreaming_Build_Guide_EN.pdf ).

        As a warning, don't be confused by those pseudo-random looking URL's for web images. Many of them do come from the same set of back-end services run by a relatively small set of companies, and they provide tremendous metadata about web use down to the indivi

      • by henni16 ( 586412 )
        There is this.
        But the reasons I've heard more often are
        • * (hardware performance / hosting prices have reached a point that iit's possible now)
        • * doing SSL without browser complaints will be difficult if the page contains 3rd party images included via http instead of https
        • * images will still be there later; in most old threads, especially photoshop contests, they're mostly gone because the hosts don't exist anymore
        • * easier to moderate threads (no need to run their scripts anymore that check old threads for
    • by henni16 ( 586412 )

      Years ago, fark.com went from external images to hosted images. I didn't see the endgame. This week, JavaScript is required to load the images. It's vendor lock in all over again. Because who uses an external host if you can just click upload?

      Uh, I've Javascript disabled an no problem seeing images in Fark threads.
      As a matter of fact, if you've Javascript disabled, there's no "upload" to click and you have to use an external host (Fark then downloads the image from there onto their servers).

      And I wouldn't call some forum rehosting external images on their own servers "vendor lock-in".

    • I've hit sites that have really stupid javascript created overlays to obscure the page so you have to see their advertisement. Really annoying on a phone or even a tablet, particularly when they manage to push the close widget off of the devices screen. Fortunately, I've discovered that (at least most of them) are defeated simply by canceling the page load as soon as the content appears. The page then presents just fine without having run the javascript to display the advertisement.

  • Serious question.... is it even possible to disable browser hotkeys while they are on a page so that they can't view the source code to the web page they are visiting?
    • Re: (Score:3, Insightful)

      Who says you're using a browser to view or render a web page's contents?

      • by mark-t ( 151149 )
        Even assuming that one is.... afaik, there is no way in javascript to disable menu items, or even the hotkeys to those items.... can you imagine a webpage blocking alt-f4?
        • by cfalcon ( 779563 )

          > can you imagine a webpage blocking alt-f4

          Sure, it's the onclose event. By javascript spec, any attempt to close the window should run the onclose stuff, which can simply return false, thus preventing the browser from closing.

          Sample for an onclose event (this just fires an alert) is here:

          http://www.htmlnest.com/javasc... [htmlnest.com]

          You'll notice that it doesn't actually work- not only can you alt-F4, you can also just close the damned window. This is because modern browsers no longer fully support this ludicrous

    • by cfalcon ( 779563 ) on Tuesday December 22, 2015 @12:54AM (#51163645)

      Javascript is a steaming pile of shit, riddled with vulnerabilities and broken from tip to top.

      So of course they try to allow some overrides:

      http://stackoverflow.com/quest... [stackoverflow.com]

      Basically, you can google anything with "javascript disable" and get developers asking how to fuck their users in the pee hole. Often, there's an answer.

      It wouldn't actually prevent users from viewing source though- I'm not aware of a way to do that. However, if there is, you can find it at good old google bombing expert sex change:

      http://www.experts-exchange.co... [experts-exchange.com]

      Also note: the real workaround for this isn't globally disabling javascript, though if everyone did that the web would shape up immediately. The real workaround is the various -monkeys that let you redefine pieces of javascript locally. Many sites go through several hoops to prevent loading on a browser that won't run their shitscript, but redefining parts and/or loading your own CSS can get you around most of it.

      • by mark-t ( 151149 )
        I did google before I asked the question... I saw many claims, but none seem to actually work, even without disabling javascript. Nonetheless, the article at the link in the summary said that Ctrl-U hotkey was somehow disabled for them.
        • by cfalcon ( 779563 )

          Yea, like I said, I'm not aware of any way to do that. If there is one, it won't be effective in general. What they probably did was put a shit lot of linefeeds after a "Viewing source is disabled" comment at the top of the HTML- I'm not even joking, that's a real thing people do lol

          But you really can intercept Ctrl-U. The thing is, most browsers simply ignore it, for obvious reasons.

          You probably saw this mewling poopsack:
          http://stackoverflow.com/quest... [stackoverflow.com]

          And this dumb jive turkey:
          http://www.makingdiffere [makingdifferent.com]

          • by mark-t ( 151149 )
            The only thing I understood it was possible to disable in js was direct copy/paste, by intercepting mouse clicks on the panel, and disallowing the user from selecting text in the first place . That's a pretty far cry from disabling a hotkey, let alone a program menu item (fwiw, copy paste still technically works on the pages that try to disable it too, they just don't let you select text in the first place by intercepting the mouse click, so there's never anything to copy).
            • by cfalcon ( 779563 )

              This website claims to disable Ctrl-U as well:

              http://codingcrazy.com/disable... [codingcrazy.com]

              With scripts enabled, it actually seems to disable Ctrl-U in Firefox and Palemoon (not Chrome). Obviously there are easy workarounds (addons solve it easily, but also just changing dom.event.contextmenu.enabled to false lets you happily right click). What do you see when you go there in those browsers?

              The point is, obviously there are easy work arounds, and obviously most browsers ignore this crap, and obviously no users will r

              • If you need to write a "Web application" then you need access to things people expect to work, just as it works in their OS.

                • by cfalcon ( 779563 )

                  That's a lie, and that's bullshit. This destroys the user interface, and should never be allowed or tolerated. If these guys weren't malicious, they'd implement a little drag-down menu that would do all their things, or have a standard way of visibly showing the difference between an in-app menu and user level application menu. Even supporting this shit in the code makes developers confused, and they think they can vector hotkeys and tie them to ground.

                  Fucking idiots and assholes, enabled by a monumental

              • by mark-t ( 151149 )

                Wow... the website genuinely does block Ctrl-U, as well as other hotkeys, such as F12 to activate Firebug, which I didn't know was possible, although just clicking just once in the address bar while the page is showing, and then hitting the desired hotkey bypasses this.

                Also, of course, the menu choices to access the source in this way are still enabled and work normally.

                • by cfalcon ( 779563 )

                  The website tries to own the right click key too. It tries to vector everything it can, but you'll notice that a lot of it fails to work in many browsers, and all of it is trivially able to be worked around.

                  Javascript is such a turd lol

          • by tlhIngan ( 30335 )

            But you really can intercept Ctrl-U. The thing is, most browsers simply ignore it, for obvious reasons.

            Well, in Firefox and probably others, shift-right-click bypasses all right-click javascript. So if a site disables right-clicking, you can just hold shift and still access "View Page Source" in the context menu. Or anything else - I use an addon called "Nuke Anything" that lets you remove bits of the page and right-click javascript often disables that...

            • by cfalcon ( 779563 )

              Right, these assholes made everyone have workarounds. In Chrome, I have "Enable Copy" and "Enable Right Click", and if things get really rough then I go through some kinda monkey or whatever, but that's normally not an issue. I've never seen a browser in recent times that lets a website actually intercept Ctrl-U, but in strange aeons even common sense may die.

              • by cfalcon ( 779563 )

                ..as a note, http://codingcrazy.com/disable... [codingcrazy.com] does seem to fuck with a default setting firefox or palemoon. Maybe it won't for you, I dunno. You don't need an addon to fix this behavior or anything, of course.

              • What does ctrl-U do? I'm on a Mac and as far as I can tell there is no ctrl-U equivalent.

                • by cfalcon ( 779563 )

                  Your issue isn't that you are on a Mac, it's that you are in a version of Safari of 6 or later. In Lion and before, it was Strange Nordic Whilygig + U.

                  First, you could run firefox or chrome or whatever.

                  Second, Safari -> Preferences / Advanced Tab, ensure that the develop menu is on, then you can control click and get some options, among them view source.

                  This is obviously not as nice as having a keyboard shortcut like you used to have. If that's a deal, just grab a third party browser.

                  • Ah, so ctrl-U is the short cut for "view source"? Did not get that from the comments.

                    Even if that is completely disabled, you could just save the page and open it in a text editor.

                    The developer menus are obviously always activated on my browsers :D

                    Thanx for the info.

                    • by cfalcon ( 779563 )

                      > Ah, so ctrl-U is the short cut for "view source"?

                      It's in the links and is quite googlable, but the post I made discussing viewing source should have been the tipoff :P

                      > Even if that is completely disabled, you could just save the page and open it in a text editor.

                      Dude, if they think they can disable Ctrl-U, they ALSO think they can disable Ctrl-S and Ctrl-P. Depending on how gullible your browser is, one of the above links tries to do that too.

                      > The developer menus are obviously always activated

                    • Yeah, my bad, did not notice that the title of the thread was "Re:How do you stop someone from viewing the source" ;D

                      Following the stack overflow links I was more wondering about the idiotic approaches many use to accomplish that goal, and I did not really figure by reading them what ctrl-U was supposed to do.

                      So Safari already has a mode that steps so far above
                      Not sure if it is far above ... I used to use Chrome, but it has several nasty drawbacks for me. I stopped using FireFox since it is automatically u

                    • by cfalcon ( 779563 )

                      One of the big problems with writing a browser that does what the user wants is how aggressively ludicrous the javascript devs can be. For instance, many browsers have a setting that disables the ability of right click to be controlled from the HTML, but of course javascript can POLL this flag, and act on the result. The browser shouldn't be leaking user state like that, and it certainly shouldn't allow a savvy user to be asked to pull down their pants and bend over. It's totally possible to create a bro

    • You can do things like block the default behavior of the hotkeys and stuff. But you basically can't stop someone from getting the source code, because the web is open.

  • by avandesande ( 143899 ) on Tuesday December 22, 2015 @12:49AM (#51163631) Journal
    Another possibility is they are trying to avoid getting sued by content providers- that they have applied best practices to protect media.
  • Using shift key (Score:3, Interesting)

    by Ajay Anand ( 2838487 ) on Tuesday December 22, 2015 @12:54AM (#51163641)
    Some of the UI restrictions can be evaded just by pressing a special key like "shift" or "ctrl" while using the mouse and it does not require to disable javascript. I was so frustrated once that I copied the entire text from the page and posted it as a comment to tell them look, I can copy and paste.
    • The probably thought that you just loved their content so much that you were willing to type the whole thing out in order to better remember it. Now they'll disable copying comments so that others won't copy and paste from there! (Only half funny, unfortunately)
  • by fred911 ( 83970 ) on Tuesday December 22, 2015 @12:54AM (#51163643) Journal

    I would venture to say that it inconveniences more than a few, the majority of whom have no idea there is an alternative. Typically Joe Sixpack is clueless a click bait victim and the bread and butter of 90% of content sellers.

    Besides, Janice in accounting don't give a fuck!

  • You got to realize that someone knowledgeable in physical locks can bypass them as easy as you can bypass Javascript right click popups. Yet both still reduce undesirable actions, such as your story being reposted in full on someone's blog without giving credit, link to the source or a chance for you to make money on ads.

    It makes a difference when you at least communicate your wishes clearly. Not saying that copying is illegal, or implementing this behavior is best policy, just that it at least significantl

  • Yep... (Score:5, Interesting)

    by SharpFang ( 651121 ) on Tuesday December 22, 2015 @02:57AM (#51163839) Homepage Journal

    Sometimes they don't even notice.

    There was this site with "lessons" in using some API or library. There were code examples. And if you tried to select and copy, to paste an example into a compiler, a dialog would pop up telling you that the content is copyrighted and you're not allowed to copy it.

    And at the bottom of the page was a survey, "What can I do to improve these lessons?"

    I filled it out, with my email and a sarcastic comment about the copy restriction - that maybe forcing people to retype the examples isn't the best way of teaching. The owner of the site wrote me with a solemn apology, informing me that she didn't even notice the (dis)functionality was in place, and that it just got installed with the CMS and she didn't disable it because she didn't know it was there...

    So... whoops?

  • I hadn't noticed (Score:3, Informative)

    by evanh ( 627108 ) on Tuesday December 22, 2015 @05:13AM (#51164083)

    With No-Script blocking all scripting by default, it hadn't dawned on me that such activities occur.

  • Are sites which say enter your email address twice, but won't let me cut and paste the value from the one field to the other by trapping keyboard events. Yeah I get it, you're trying to stop email typos, but there are other, less annoying ways to deal with this problem - a confirmation email for example - and the chances are the site has one of those too.
  • The average user (Score:4, Informative)

    by Roodvlees ( 2742853 ) on Tuesday December 22, 2015 @07:35AM (#51164393)
    You overestimate the average user.
    They have no idea that that stuff can be bypassed so easily.
    If they did know, they'd think it's too much work.
    Then they'd forget about that being possible.
    • They would see that the person who provided them the content didn't want them to copy and paste and was willing to comply with the request. Sheep! (Half funny)
  • Yes, we all know that if they let you look at the page, your computer will download all the associated files and you'll have them. Just taking the files out of your Firefox cache is an obvious solution. Going in with developer tools already open is another one.

    That being said, most people don't even try these measures anymore. They used to be a lot more common. But even the average web user is getting more sophisticated.

    The new effort is to try to bake DRM into the browsers themselves.

  • ...in the not-too-distant future, the html document you requested will not load, and you'll be shown a short notification instead, saying "please use an OS and browser that comply with our DRM policy"? I am already seeing lots of messages of that flavor while I'm browsing the web using Linux/Firefox, tracking disabled. The claim is that I am trying to view valuable content without paying for it (pop-under windows and user tracking being the currency).
  • ... Slashdot has turned me into a screener. With posts like this one, I always check if they're from our friend Bennet before I go to the comments section.

If all else fails, lower your standards.

Working...