March 23, 2005 1:50 PM PST

Firefox add-on lets surfers tweak sites, but is it safe?

Related Stories

Will Ajax help Google clean up?

March 17, 2005

Fight over 'forms' clouds future of Net applications

February 17, 2005

Firefox fortune hunters

November 17, 2004
Rip, mix--get burned?

That's one cautionary note making the rounds along with a popular new extension for Firefox that lets people customize Web pages they visit without the knowledge or cooperation of Web publishers. The extension, dubbed Greasemonkey, lets people run what's known as a "user script," which alters a Web page as the page is downloaded.

That capability has gained the extension an avid following of Web surfers who want to customize the sites they visit, removing design glitches and stripping sites of ads. But the extension comes with substantial security risks and could stir trouble among site owners who object to individual, custom redesigns of their pages.

News.context

What's new:
Greasemonkey, an add-on for the popular Firefox browser, lets surfers customize the sites they visit. Using the extension, one could, for example, jump directly to "printer-friendly," and ad-free, stories on news sites.

Bottom line:
The catch is that the type of scripts used to enable the customization can also be used by cyberthugs to make mischief on people's PCs. Caution, then, is advised.

More stories on Firefox

"Publishers for now seem to accept that it's OK for users to make some changes," said Danny Sullivan, editor of Search Engine Watch. "I can tell my browser not to run JavaScript, for example, and that could override what the publisher wants the page to do. But people are still struggling with where the line is. Some of these things may go to court, but I think in the long run publishers...will adapt...or develop other ways to combat it."

The idea of letting Web site visitors alter pages they visit isn't new. Many pages use the World Wide Web Consortium's Cascading Style Sheets recommendation to let users do just that--adjust colors, font sizes and other style elements.

Greasemonkey goes well beyond such superficial changes. Among other things, Greasemonkey can strip out ads, a feature that's sure to prove controversial with publishers, if it crosses over to the mainstream.

Web site customization tools that give Web surfers the ability to "rip and mix" Web page elements have drawn fire in the past when publishers balked at alterations. Google, for example, got into hot water with some sites after it released a toolbar that offers Web surfers the option of inserting hyperlinks into pages through its AutoLink feature.

In 2001, Microsoft abandoned the Smart Tags feature in Windows XP, which would have linked words in a Web page to pages of Microsoft's choosing.

By manipulating the Dynamic HTML, or DHTML, of a Web page, Greasemonkey scripts can perform a host of tasks, according to the GreaseMonkey UserScripts page. They can, for example, transform story links on The New York Times site and take readers to ad-free, printable versions. They can also change Slashdot's colors and make the site "less ugly," the page says.


Related story
Google toolbar move
raises online ire

Adding hyperlinks where
there weren't any before
is like hijacking a Web
site, some critics say.


Others are designed to execute more substantial changes, such as making connections to Yahoo Mail and Gmail more secure. One, called "Butler," is meant to remove ads on Google results pages, add links to competing search sites, and remove image copy restrictions from Google Print. (CNET News.com's tests of various scripts showed that some were more successful than others at delivering promised results.)

In what could signal a trend toward user scripts, Norwegian browser maker Opera Software has picked up the idea, adding similar functionality to beta 3 of Opera 8, acknowledging Greasemonkey on its Web site.

Regardless of how Web sites react to Greasemonkey--Google wasn't immediately available for comment on the various Google-oriented Greasemonkey scripts--the extension will have to face down substantial security concerns.

The trouble with Greasemonkey and user scripts in general is that scripts can be used for both good and ill, and end users scanning

CONTINUED:
Page 1 | 2

98 comments

Join the conversation!
Add your comment
Who's idea ?
It should look after, who's idea picked up the other! But really, the idea is very useful, primarily for Opera because of the UA sniffing.
Posted by (4 comments )
Reply Link Flag
Opera apparently had it first
Yes, it seems clear from Rijk's reponse (link below) that Opera was working on their implementation first, while Greasemonkey was deployed first.

<a class="jive-link-external" href="http://dunck.us/anabasis/archives/2005/03/19/user-scripts-spreading-to-opera/" target="_newWindow">http://dunck.us/anabasis/archives/2005/03/19/user-scripts-spreading-to-opera/</a>

However, Greasemonkey was developed in a vacuum. I guess the conditions were right for this to be developed, and the two projects happened to overlap. IE implementation any day now...?
Posted by (10 comments )
Link Flag
WHOSE, not "who's"
Is this the most common spelling mistake in America today?

It sure is the most annoying!

It's whose, not who's!
Posted by ivand67 (40 comments )
Link Flag
Who's idea ?
It should look after, who's idea picked up the other! But really, the idea is very useful, primarily for Opera because of the UA sniffing.
Posted by (4 comments )
Reply Link Flag
Opera apparently had it first
Yes, it seems clear from Rijk's reponse (link below) that Opera was working on their implementation first, while Greasemonkey was deployed first.

<a class="jive-link-external" href="http://dunck.us/anabasis/archives/2005/03/19/user-scripts-spreading-to-opera/" target="_newWindow">http://dunck.us/anabasis/archives/2005/03/19/user-scripts-spreading-to-opera/</a>

However, Greasemonkey was developed in a vacuum. I guess the conditions were right for this to be developed, and the two projects happened to overlap. IE implementation any day now...?
Posted by (10 comments )
Link Flag
WHOSE, not "who's"
Is this the most common spelling mistake in America today?

It sure is the most annoying!

It's whose, not who's!
Posted by ivand67 (40 comments )
Link Flag
Again, beware of FUD
Then there have also existed bookmarklets for a long time now which can also purport a security risk but since they are not targeted for end users it is not a big deal. I think same goes for this feature: it requires so much end user interaction (installing th e extension, a script and activating it) that one could expect a user that does all of this may properly select what he installs. Of course improved security is always welcomed.

More comments at mozillazine.org: <a class="jive-link-external" href="http://www.mozillazine.org/talkback.html?article=6274" target="_newWindow">http://www.mozillazine.org/talkback.html?article=6274</a>
Posted by pcabellor (13 comments )
Reply Link Flag
User script runs automatically
Well, just to be clear, once installed, a user script is run automatically (if enabled, and if the URL of the page matches the "include" pattern).

It is an important difference over bookmarklets; it's quite possible for someone to install a user script and not think about it as they browse.

Also, I tend to think of user scripts as extensions with a stricter security model (same as regular in-page JS security model).
Posted by (10 comments )
Link Flag
Again, beware of FUD
Then there have also existed bookmarklets for a long time now which can also purport a security risk but since they are not targeted for end users it is not a big deal. I think same goes for this feature: it requires so much end user interaction (installing th e extension, a script and activating it) that one could expect a user that does all of this may properly select what he installs. Of course improved security is always welcomed.

More comments at mozillazine.org: <a class="jive-link-external" href="http://www.mozillazine.org/talkback.html?article=6274" target="_newWindow">http://www.mozillazine.org/talkback.html?article=6274</a>
Posted by pcabellor (13 comments )
Reply Link Flag
User script runs automatically
Well, just to be clear, once installed, a user script is run automatically (if enabled, and if the URL of the page matches the "include" pattern).

It is an important difference over bookmarklets; it's quite possible for someone to install a user script and not think about it as they browse.

Also, I tend to think of user scripts as extensions with a stricter security model (same as regular in-page JS security model).
Posted by (10 comments )
Link Flag
Amazing how everyone ignores...
I think it is amazing how everyone ignores the fact that changing of someone else's web site no matter the reason is a copyright violation. I am beginning to see why Hollywood and the music industry are acting the way they do. No one seems to have any regards for people's property.

I see a time coming very soom when things like this will result in law suites. It happened to Google for changing sites and I suspect that large sites with the money for the lawyers will be going after people that change their web sites. After all most of these sites rely on advertising and anything that messes with that is going to get slammed with law suites.

The 26 year that made Greasemonkey as well as Opera for adding such feature to thier browser directly needs to be gone after. I hope it happens and I hope they both loose greatly.

People and companies need to respect everyone's copyrighted material.

Robert
Posted by (336 comments )
Reply Link Flag
Totally agree!
In fact, I think we should go further! I'm sick of people browsing my sites at 800x600. How dare they sully the look of my pages!

And those people who use babelfish translation tools to view my pages in French? Well, we already know how innately evil those Frenchies are. Sue 'em all, the bastards!

I heard there are even people using Microsoft's XP offline feature to MAKE COPIES OF MY WEB PAGES ON THEIR LAPTOPS for offline reading. How dare they! *I* own the copyright to my pages, and *I* dictate who can see them, how they can see them, and what they can do with them. No more adjusting fonts, no more Flash-removal bookmarklets, it's all evil evil evil.

Why? Because, as a Webmaster, I control the horiontal, I control the vertical! You... you are nothing but a peon visitor to my fine pages, and you do not have rights.

Got a problem with that? How 'bout I send the RIAA lawyers after you? Hrumph. Because I bet you're the same sort of scoundrel that makes MIX tapes for friends (those songs were NOT meant to be heard out of order... apart from their albums). You probably bastardize the sound of songs with an EQUALIZER, too. That's *NOT* how the artists intended their music to be listened to! It's not!!!

In fact, I'm talking with stereomakers right now to get those equalizer thingamabobs taken off.

MY CONTENT! It's MY CONTENT. Did you hear me?!?!?!?!!!!!!!11111
Posted by ThatAdamGuy (21 comments )
Link Flag
Copyright? Yes. That includes *fair use*
Certainly, copyright remains with the owner. At the same time, copyright law allows fair use, so letting me highlight a page or modify it in some way so that I can use the information more effectively.

I dog-ear pages; I rip pages out of magazines; I cut articles from newspapers. Why shouldn't I be able to do similar things with web sites (change font size, pass it through a text-to-speech program, highlight sections, translate it to my native language).

DRM is not to protect copyright; don't let anyone tell you different. DRM removed fair use rights from the consumer.
Posted by (3 comments )
Link Flag
You must be a lawyer
Its the only explaination for your post.
Posted by Gerald Quaglia (72 comments )
Link Flag
Aiye, the copyright problems
You know, as long as you have a legal copy of a copyrighted work, you can do pretty much anything you want with it provided you don't spread your altered version around, or being technical about copyright law, expose your version to the public.

So, if you're running the user script only for personal use, you're pretty legally secure. Yes, as someone pointed out, this is part of fair use doctrine.

The only legal exception I am aware of to fair use is the DMCA's prohibition against circumventing a copy-protection mechanism--but, then, that section of that law is flawed anyway.

Yes, the content may be your property, but if you want to dictate what others do with it for personal use, you have to wrap it in copy-protection that prevents them from using it in any way you don't like. If I'm remembering the DMCA's terminology correctly, this copy-protection must be technological in nature. Sorry, a legal notice won't work; you actually have to give them something to break through first.

By the way, I'm not a lawyer--I just read the text of these laws and agreements affecting copyright for my own research.

Did you know that satire is protected fair use? If I wanted, I could copy parts of your posts just to make fun of them in a satirical way . . . Fortunately, I'm not interested in doing that. I just thought I would point that out to explain your "ownership" only entitles you, and Hollywood and the RIAA, to so much. It's the major loophole they slipped past Congress in the DMCA that gives them so much control, but as I said, you need to use copy-protection to use that loophole.

P.S. Technically, circumventing copy protection for fair use purposes is legal--Congress invalidated this, though, by making it illegal to create any tool that circumvents copy-protection. It provides no exceptions for this part of the law, assuming I'm remembering correctly. Thus, effectively, since you generally need a tool to circumvent copy-protection, even fair use becomes illegal for copy-protected works. Boy, did Hollywood and the RIAA pull the wool over Congress's eyes on that one.
Posted by (282 comments )
Link Flag
To finish your sentence . . .
"People and companies need to respect everyone's copyrighted material."

. . . and copyright holders need to return that respect by respecting the fair use rights of those people and companies. Both sides need to learn respect. Hollywood and the RIAA clearly have no respect for fair use, except when it benefits them. It's obvious you don't either, and you don't deserve any copyright you own until you learn that respect.
Posted by (282 comments )
Link Flag
It's NOT changing someone's site!
All it's changing is how one single individual USER views the site... nothing is changed for other visitors worldwide... so it's no big deal! It's no different to turning off images in your browser.
Posted by Anonymous1234567890 (53 comments )
Link Flag
Amazing how everyone ignores...
I think it is amazing how everyone ignores the fact that changing of someone else's web site no matter the reason is a copyright violation. I am beginning to see why Hollywood and the music industry are acting the way they do. No one seems to have any regards for people's property.

I see a time coming very soom when things like this will result in law suites. It happened to Google for changing sites and I suspect that large sites with the money for the lawyers will be going after people that change their web sites. After all most of these sites rely on advertising and anything that messes with that is going to get slammed with law suites.

The 26 year that made Greasemonkey as well as Opera for adding such feature to thier browser directly needs to be gone after. I hope it happens and I hope they both loose greatly.

People and companies need to respect everyone's copyrighted material.

Robert
Posted by (336 comments )
Reply Link Flag
Totally agree!
In fact, I think we should go further! I'm sick of people browsing my sites at 800x600. How dare they sully the look of my pages!

And those people who use babelfish translation tools to view my pages in French? Well, we already know how innately evil those Frenchies are. Sue 'em all, the bastards!

I heard there are even people using Microsoft's XP offline feature to MAKE COPIES OF MY WEB PAGES ON THEIR LAPTOPS for offline reading. How dare they! *I* own the copyright to my pages, and *I* dictate who can see them, how they can see them, and what they can do with them. No more adjusting fonts, no more Flash-removal bookmarklets, it's all evil evil evil.

Why? Because, as a Webmaster, I control the horiontal, I control the vertical! You... you are nothing but a peon visitor to my fine pages, and you do not have rights.

Got a problem with that? How 'bout I send the RIAA lawyers after you? Hrumph. Because I bet you're the same sort of scoundrel that makes MIX tapes for friends (those songs were NOT meant to be heard out of order... apart from their albums). You probably bastardize the sound of songs with an EQUALIZER, too. That's *NOT* how the artists intended their music to be listened to! It's not!!!

In fact, I'm talking with stereomakers right now to get those equalizer thingamabobs taken off.

MY CONTENT! It's MY CONTENT. Did you hear me?!?!?!?!!!!!!!11111
Posted by ThatAdamGuy (21 comments )
Link Flag
Copyright? Yes. That includes *fair use*
Certainly, copyright remains with the owner. At the same time, copyright law allows fair use, so letting me highlight a page or modify it in some way so that I can use the information more effectively.

I dog-ear pages; I rip pages out of magazines; I cut articles from newspapers. Why shouldn't I be able to do similar things with web sites (change font size, pass it through a text-to-speech program, highlight sections, translate it to my native language).

DRM is not to protect copyright; don't let anyone tell you different. DRM removed fair use rights from the consumer.
Posted by (3 comments )
Link Flag
You must be a lawyer
Its the only explaination for your post.
Posted by Gerald Quaglia (72 comments )
Link Flag
Aiye, the copyright problems
You know, as long as you have a legal copy of a copyrighted work, you can do pretty much anything you want with it provided you don't spread your altered version around, or being technical about copyright law, expose your version to the public.

So, if you're running the user script only for personal use, you're pretty legally secure. Yes, as someone pointed out, this is part of fair use doctrine.

The only legal exception I am aware of to fair use is the DMCA's prohibition against circumventing a copy-protection mechanism--but, then, that section of that law is flawed anyway.

Yes, the content may be your property, but if you want to dictate what others do with it for personal use, you have to wrap it in copy-protection that prevents them from using it in any way you don't like. If I'm remembering the DMCA's terminology correctly, this copy-protection must be technological in nature. Sorry, a legal notice won't work; you actually have to give them something to break through first.

By the way, I'm not a lawyer--I just read the text of these laws and agreements affecting copyright for my own research.

Did you know that satire is protected fair use? If I wanted, I could copy parts of your posts just to make fun of them in a satirical way . . . Fortunately, I'm not interested in doing that. I just thought I would point that out to explain your "ownership" only entitles you, and Hollywood and the RIAA, to so much. It's the major loophole they slipped past Congress in the DMCA that gives them so much control, but as I said, you need to use copy-protection to use that loophole.

P.S. Technically, circumventing copy protection for fair use purposes is legal--Congress invalidated this, though, by making it illegal to create any tool that circumvents copy-protection. It provides no exceptions for this part of the law, assuming I'm remembering correctly. Thus, effectively, since you generally need a tool to circumvent copy-protection, even fair use becomes illegal for copy-protected works. Boy, did Hollywood and the RIAA pull the wool over Congress's eyes on that one.
Posted by (282 comments )
Link Flag
To finish your sentence . . .
"People and companies need to respect everyone's copyrighted material."

. . . and copyright holders need to return that respect by respecting the fair use rights of those people and companies. Both sides need to learn respect. Hollywood and the RIAA clearly have no respect for fair use, except when it benefits them. It's obvious you don't either, and you don't deserve any copyright you own until you learn that respect.
Posted by (282 comments )
Link Flag
It's NOT changing someone's site!
All it's changing is how one single individual USER views the site... nothing is changed for other visitors worldwide... so it's no big deal! It's no different to turning off images in your browser.
Posted by Anonymous1234567890 (53 comments )
Link Flag
Why is adblock not even mentioned?
Why is adblock not even mentioned? It's been available for over a year now, it's bug-free, it's spyware free, and so far no malicious code has been written for it and tens of thousands of people use it. Perhaps it's because CNET is attempting to fear readers into not using legit and actual working extensions that would block a source of revenue? perhaps.

What is up with the state of investigation on this site lately. Many basic errors that would take a few minutes of research to prevent!
Posted by 201293546946733175101343322673 (722 comments )
Reply Link Flag
The state of ad-blocking
I don't recall--has this been legally tested yet? You know, I could see some anal-retentive judge issuing an injunction over this because it is a tool that modifies the content for the end user, even though it *only* does it for the end user.

Anything the user uses to intentionally change the content for their own use personal use should be fine. Like I said, you can do it yourself as long as you don't spread it around or show it to someone else, but I could see a judge say that helping someone do it by providing a tool is a violation. Hopefully, it would fail on appeal.
Posted by (282 comments )
Link Flag
Why is adblock not even mentioned?
Why is adblock not even mentioned? It's been available for over a year now, it's bug-free, it's spyware free, and so far no malicious code has been written for it and tens of thousands of people use it. Perhaps it's because CNET is attempting to fear readers into not using legit and actual working extensions that would block a source of revenue? perhaps.

What is up with the state of investigation on this site lately. Many basic errors that would take a few minutes of research to prevent!
Posted by 201293546946733175101343322673 (722 comments )
Reply Link Flag
The state of ad-blocking
I don't recall--has this been legally tested yet? You know, I could see some anal-retentive judge issuing an injunction over this because it is a tool that modifies the content for the end user, even though it *only* does it for the end user.

Anything the user uses to intentionally change the content for their own use personal use should be fine. Like I said, you can do it yourself as long as you don't spread it around or show it to someone else, but I could see a judge say that helping someone do it by providing a tool is a violation. Hopefully, it would fail on appeal.
Posted by (282 comments )
Link Flag
What is it worth
So a new extension for Firefox called Greasemonkey allows users to change the content of pages they view them on the web. It does seem this technology differentiates itself in that the user uses a script that they control and understand what links or information has changed on the page because of this script. To me personally I have no issues with browsing the web with normal unadulterated pages as I really lack the need or desire to modify it. I still personally have issues with this technology given it seems to undermine the financial backing that allows web sites to produce revenue and thus provide services at little or no direct cost to the consumer and at the same time provide jobs and contribute to our economy. Now, one could say it does cost us when we purchase these goods and services but to that I would say your better off since you got to use that good or service. Certainly I would agree the ability to change things such as font, screen size, and other attributes that are inherently aesthetic should be allowed and are freely available. But do you really want to open up your browser to the possibility that one could attack your system so easily just so you can make aesthetic changes? I really don't think this is on par with the toolbar feature that Google had by the fact that there was a third party that was neither the reader nor the publisher making changes to the content that existed. If you don't like sites with ads I would highly recommend you stay with government, university sites that way the *icky* capitalism thing would bother you so much.

I have to say I really don't think there is much that companies can do via litigation to stop or kill this kind of thing. Instead capitalists will do what they always have done and adapt.

<a class="jive-link-external" href="http://russ.johnsonville.net/default.aspx?Page=Blog" target="_newWindow">http://russ.johnsonville.net/default.aspx?Page=Blog</a>
Posted by russ960 (22 comments )
Reply Link Flag
What is it worth
So a new extension for Firefox called Greasemonkey allows users to change the content of pages they view them on the web. It does seem this technology differentiates itself in that the user uses a script that they control and understand what links or information has changed on the page because of this script. To me personally I have no issues with browsing the web with normal unadulterated pages as I really lack the need or desire to modify it. I still personally have issues with this technology given it seems to undermine the financial backing that allows web sites to produce revenue and thus provide services at little or no direct cost to the consumer and at the same time provide jobs and contribute to our economy. Now, one could say it does cost us when we purchase these goods and services but to that I would say your better off since you got to use that good or service. Certainly I would agree the ability to change things such as font, screen size, and other attributes that are inherently aesthetic should be allowed and are freely available. But do you really want to open up your browser to the possibility that one could attack your system so easily just so you can make aesthetic changes? I really don't think this is on par with the toolbar feature that Google had by the fact that there was a third party that was neither the reader nor the publisher making changes to the content that existed. If you don't like sites with ads I would highly recommend you stay with government, university sites that way the *icky* capitalism thing would bother you so much.

I have to say I really don't think there is much that companies can do via litigation to stop or kill this kind of thing. Instead capitalists will do what they always have done and adapt.

<a class="jive-link-external" href="http://russ.johnsonville.net/default.aspx?Page=Blog" target="_newWindow">http://russ.johnsonville.net/default.aspx?Page=Blog</a>
Posted by russ960 (22 comments )
Reply Link Flag
just wow
So closing my eyes during a commercial is copyright violations? how about covering my ears? What part of copyright law states that I have to view the content presented to me in the manner originally intended? You do realize that browsers all show webpages differently, and they always will. You do realize that there are built in functions of a browser to block images or not run scripting code?

Just wow. Where do you come from dude?
Posted by 201293546946733175101343322673 (722 comments )
Reply Link Flag
Don't worry.
Don't worry--copyright holders don't actually have this level of protection unless they wrap their work in technological copy-protection. Of course, closed eyes can't possibly be used as a tool to circumvent copy-protect, so that's safe. Just be careful of using markers, though--those can circumvent the copy protection on some music CDs. You may want to throw those out to avoid criminal and civil liability. :)
Posted by (282 comments )
Link Flag
what about wearing glasses to read!
What's more funny is that people then aren't allowed to wear glasses or contact lens to look at copyrighted content because it "modifies" the look of the webpage.
Posted by nrlz (98 comments )
Link Flag
just wow
So closing my eyes during a commercial is copyright violations? how about covering my ears? What part of copyright law states that I have to view the content presented to me in the manner originally intended? You do realize that browsers all show webpages differently, and they always will. You do realize that there are built in functions of a browser to block images or not run scripting code?

Just wow. Where do you come from dude?
Posted by 201293546946733175101343322673 (722 comments )
Reply Link Flag
Don't worry.
Don't worry--copyright holders don't actually have this level of protection unless they wrap their work in technological copy-protection. Of course, closed eyes can't possibly be used as a tool to circumvent copy-protect, so that's safe. Just be careful of using markers, though--those can circumvent the copy protection on some music CDs. You may want to throw those out to avoid criminal and civil liability. :)
Posted by (282 comments )
Link Flag
what about wearing glasses to read!
What's more funny is that people then aren't allowed to wear glasses or contact lens to look at copyrighted content because it "modifies" the look of the webpage.
Posted by nrlz (98 comments )
Link Flag
No one is entitled to use a web site
I suggest that you read the terms of use when you go to a web site next time. They are empty words. To quotes CNet's own, "Your use of our sites constitutes your binding acceptance of these Terms...". One of the terms that you have accepted is to not modify the contents without permission. While there are client-side alterations like font size that publishers implicitly agree to by placing their materials on the web, what Greasemonkey does is clearly not one of them.

If you don't like the terms of use, then leave. People don't have a right to free information.
Posted by Chung Leong (111 comments )
Reply Link Flag
This isn't client side?
I admit, I don't use Greasemonkey, but it sounds to be like these user scripts are run client-side to me. If I'm wrong, let me know, but as long as the alterations are done client-side with the user's permission, I don't think even C-Net's terms of use can trump that.

I mean, it also says you can't "participate in the transfer or sale of . . . any of the materials or content or our sites in whole or in part." I understand sale of, but by receiving the content by viewing the sale, aren't you participating in the transfer of the content of the site in part?

Just because something is stated in the terms of use doesn't mean it is valid or legal. Clearly, viewing the web site is legal, and I doubt C-Net Networks would counter that position. I would even say you are legally secure saving one of these documents on your hard drive for later viewing, and even changing the content, as long as you're the only one who ever sees it.

Writing a user script and using it client side thus seems to be pretty hard to attack legally to me. Spreading a user script around, however, could be problematic, depending on what it does. That would have to be tested in court.
Posted by (282 comments )
Link Flag
I put up a BIG posted in public view but DON'T YOU DARE LOOK AT IT
Right, because that kind of "thinking" isn't totally inane...
Posted by (13 comments )
Link Flag
that's about as childish as illegal software site's disclaimers
So you come to a site and your reading the content and lo and behold you're in a "binding" contract because one party says so? Perhaps you're unfamiliar with the concept of "giving consent"? Your reading of my comment constitutes acceptance of my terms. Terms: you will name your first three children bob regardless of gender, and will donate 57% of your gross income to Abstinence.net.

Riiiight, because that's not inane at all, is it?
Posted by (13 comments )
Link Flag
No one is entitled to use a web site
I suggest that you read the terms of use when you go to a web site next time. They are empty words. To quotes CNet's own, "Your use of our sites constitutes your binding acceptance of these Terms...". One of the terms that you have accepted is to not modify the contents without permission. While there are client-side alterations like font size that publishers implicitly agree to by placing their materials on the web, what Greasemonkey does is clearly not one of them.

If you don't like the terms of use, then leave. People don't have a right to free information.
Posted by Chung Leong (111 comments )
Reply Link Flag
This isn't client side?
I admit, I don't use Greasemonkey, but it sounds to be like these user scripts are run client-side to me. If I'm wrong, let me know, but as long as the alterations are done client-side with the user's permission, I don't think even C-Net's terms of use can trump that.

I mean, it also says you can't "participate in the transfer or sale of . . . any of the materials or content or our sites in whole or in part." I understand sale of, but by receiving the content by viewing the sale, aren't you participating in the transfer of the content of the site in part?

Just because something is stated in the terms of use doesn't mean it is valid or legal. Clearly, viewing the web site is legal, and I doubt C-Net Networks would counter that position. I would even say you are legally secure saving one of these documents on your hard drive for later viewing, and even changing the content, as long as you're the only one who ever sees it.

Writing a user script and using it client side thus seems to be pretty hard to attack legally to me. Spreading a user script around, however, could be problematic, depending on what it does. That would have to be tested in court.
Posted by (282 comments )
Link Flag
I put up a BIG posted in public view but DON'T YOU DARE LOOK AT IT
Right, because that kind of "thinking" isn't totally inane...
Posted by (13 comments )
Link Flag
that's about as childish as illegal software site's disclaimers
So you come to a site and your reading the content and lo and behold you're in a "binding" contract because one party says so? Perhaps you're unfamiliar with the concept of "giving consent"? Your reading of my comment constitutes acceptance of my terms. Terms: you will name your first three children bob regardless of gender, and will donate 57% of your gross income to Abstinence.net.

Riiiight, because that's not inane at all, is it?
Posted by (13 comments )
Link Flag
There is a huge difference
Between greasemonkey and what google wants to do. To even try and compare the two shows you have zero understanding.

Greasemonkey allows the end user to modify a web page on the client side only, as does google. But google wants to throw in ads and whatnot that might damage the website. Like putting amazon ads on a small online bookstores page. With grease monkey the user can alter the way he views it, and I doubt a user is going to add ads to a page through greasemonkey.

And no, this is not a copyright violation. If I used it to alter websites in some way, your web site has not been touched, nor does it affect your next visitor.
Posted by Bill Dautrive (1179 comments )
Reply Link Flag
There is a huge difference
Between greasemonkey and what google wants to do. To even try and compare the two shows you have zero understanding.

Greasemonkey allows the end user to modify a web page on the client side only, as does google. But google wants to throw in ads and whatnot that might damage the website. Like putting amazon ads on a small online bookstores page. With grease monkey the user can alter the way he views it, and I doubt a user is going to add ads to a page through greasemonkey.

And no, this is not a copyright violation. If I used it to alter websites in some way, your web site has not been touched, nor does it affect your next visitor.
Posted by Bill Dautrive (1179 comments )
Reply Link Flag
ATTN: Robert Barnet
No I do not want your pop-ups that hijack my web viewing

No I do not want your cookies, (one site I've visited had eight)

NO I DO NOT WANT TO STRAIN MY EYES to read your supersmall obscure typeface

No I do not want your ads. I know how to use
Google and I can spell Wandangle Widget just fine so the next time I need one I can get it myself

......

Oh, and by the way, and if I do use Google I don't want your search engine hijacking my request
(I had a non search item pop-up generate because the site I went to had an ad for a similar unwanted item)
If I want a right-handed widget pole the last thing I need is an ad for left handed goose oil, let alone TWO ADS

SO

until you tell me truthfully what ALL is on your site I WILL USE WHATEVER MEANS to remove unwanted material

you sound like the spammers that intentionally misspell words so the spam filters will allow it to pass, anything so your content will be viewed

WELL there is an uprising and you WILL fall along with your intrusive ads and unwanted pop-ups and impossible to read type

SURFERS OF THE WEB UNITE!!!
Posted by qazwiz (208 comments )
Reply Link Flag
Sorry for misspelling your name Mr. Barnett
nuf said
Posted by qazwiz (208 comments )
Link Flag
Fine...
Fine the visit someone elses site. If you want what I have to offer you will view it as I see fit otherwise you can go straight to...

Robert
Posted by (336 comments )
Link Flag
ATTN: Robert Barnet
No I do not want your pop-ups that hijack my web viewing

No I do not want your cookies, (one site I've visited had eight)

NO I DO NOT WANT TO STRAIN MY EYES to read your supersmall obscure typeface

No I do not want your ads. I know how to use
Google and I can spell Wandangle Widget just fine so the next time I need one I can get it myself

......

Oh, and by the way, and if I do use Google I don't want your search engine hijacking my request
(I had a non search item pop-up generate because the site I went to had an ad for a similar unwanted item)
If I want a right-handed widget pole the last thing I need is an ad for left handed goose oil, let alone TWO ADS

SO

until you tell me truthfully what ALL is on your site I WILL USE WHATEVER MEANS to remove unwanted material

you sound like the spammers that intentionally misspell words so the spam filters will allow it to pass, anything so your content will be viewed

WELL there is an uprising and you WILL fall along with your intrusive ads and unwanted pop-ups and impossible to read type

SURFERS OF THE WEB UNITE!!!
Posted by qazwiz (208 comments )
Reply Link Flag
Sorry for misspelling your name Mr. Barnett
nuf said
Posted by qazwiz (208 comments )
Link Flag
Fine...
Fine the visit someone elses site. If you want what I have to offer you will view it as I see fit otherwise you can go straight to...

Robert
Posted by (336 comments )
Link Flag
What about database-based web site? Are they vulnerable too?
What about dynamic database-based websites, rather than static HTML websites? Can the Firefox extension alter those websites as well? Are dynamic websites also vulnerable to the security issues raised by this browser extension?
Posted by (2 comments )
Reply Link Flag
I would doubt it . . .
Greasemonkey, as I understand it, and others have confirmed to me, only operates on the client side. The security risk seems pretty mild, thus, as it can only affect what the client sees. It can't alter anything on your server side, so it's safe.

The article seems to be focusing on the relatively mild security risk that someone might install a malicious user script onto their own computers. This, however, is a security risk that can be controlled really well just through a little bit of common sense. I don't believe that your data could be altered in any way, since a site such as yours would, I believe, make a custom HTML page on each request to return to the browser. I think this is all Greasemonkey could affect, and thus, you are safe on your end.
Posted by (282 comments )
Link Flag
What about database-based web site? Are they vulnerable too?
What about dynamic database-based websites, rather than static HTML websites? Can the Firefox extension alter those websites as well? Are dynamic websites also vulnerable to the security issues raised by this browser extension?
Posted by (2 comments )
Reply Link Flag
I would doubt it . . .
Greasemonkey, as I understand it, and others have confirmed to me, only operates on the client side. The security risk seems pretty mild, thus, as it can only affect what the client sees. It can't alter anything on your server side, so it's safe.

The article seems to be focusing on the relatively mild security risk that someone might install a malicious user script onto their own computers. This, however, is a security risk that can be controlled really well just through a little bit of common sense. I don't believe that your data could be altered in any way, since a site such as yours would, I believe, make a custom HTML page on each request to return to the browser. I think this is all Greasemonkey could affect, and thus, you are safe on your end.
Posted by (282 comments )
Link Flag
stop the fear mongering, you cretins!
I no more have to view inline webads than I have to look at billboards when I drive. In both cases the practice tends to be unwise. Had the adfirms stuck with mere images I might not have taken the approach of removing ALL content I'd rather not see. Since "they started it" with malware injected ads, evil activex, cross domain tracking cookies, and other PRIVACY intrusive methods I say turnabout is fair play.

Remember THEY didn't buy my hardware, they don't pay my monthly bills, and most imporatantly I AM NOT IN A CONTRACT WITH THEM. So I'm doing nothing illegal. "By viewing you accept" preambles are total feces!

If you have a defective business model that's hardly my problem. If you think you can charge for your oh so amazing content then do it. Good luck to you. I'm not going to stand in line to view some guy's opinion. I'll simply go elsewhere, thanks. GreaseMonkey is NOT a new concept. Piror to it I'd used Proxomitron. It fetches the page, modifies it as I SEE FIT, and passes it to the browser. And greasemonkey is not the only tool in my arsenal to change the world to my liking:

<a class="jive-link-external" href="http://AdBlock.mozdev.org" target="_newWindow">http://AdBlock.mozdev.org</a> with FiltersetG
<a class="jive-link-external" href="http://rip.mozdev.org" target="_newWindow">http://rip.mozdev.org</a> -- click and it's gone

If I want to evade cross domain tracking cookies I combine

<a class="jive-link-external" href="http://tor.eff.org" target="_newWindow">http://tor.eff.org</a>
<a class="jive-link-external" href="http://privoxy.com" target="_newWindow">http://privoxy.com</a>

based on this lovely article:

<a class="jive-link-external" href="http://www.extensionsmirror.nl/index.php?showtopic=2288" target="_newWindow">http://www.extensionsmirror.nl/index.php?showtopic=2288</a>


"danger danger" is a weak attempt by the feeble to disuade the many from using an awesome tool. Remember "they" don't want you to have any privacy. Well fork them. It's my computer, thanks.
Posted by (13 comments )
Reply Link Flag
stop the fear mongering, you cretins!
I no more have to view inline webads than I have to look at billboards when I drive. In both cases the practice tends to be unwise. Had the adfirms stuck with mere images I might not have taken the approach of removing ALL content I'd rather not see. Since "they started it" with malware injected ads, evil activex, cross domain tracking cookies, and other PRIVACY intrusive methods I say turnabout is fair play.

Remember THEY didn't buy my hardware, they don't pay my monthly bills, and most imporatantly I AM NOT IN A CONTRACT WITH THEM. So I'm doing nothing illegal. "By viewing you accept" preambles are total feces!

If you have a defective business model that's hardly my problem. If you think you can charge for your oh so amazing content then do it. Good luck to you. I'm not going to stand in line to view some guy's opinion. I'll simply go elsewhere, thanks. GreaseMonkey is NOT a new concept. Piror to it I'd used Proxomitron. It fetches the page, modifies it as I SEE FIT, and passes it to the browser. And greasemonkey is not the only tool in my arsenal to change the world to my liking:

<a class="jive-link-external" href="http://AdBlock.mozdev.org" target="_newWindow">http://AdBlock.mozdev.org</a> with FiltersetG
<a class="jive-link-external" href="http://rip.mozdev.org" target="_newWindow">http://rip.mozdev.org</a> -- click and it's gone

If I want to evade cross domain tracking cookies I combine

<a class="jive-link-external" href="http://tor.eff.org" target="_newWindow">http://tor.eff.org</a>
<a class="jive-link-external" href="http://privoxy.com" target="_newWindow">http://privoxy.com</a>

based on this lovely article:

<a class="jive-link-external" href="http://www.extensionsmirror.nl/index.php?showtopic=2288" target="_newWindow">http://www.extensionsmirror.nl/index.php?showtopic=2288</a>


"danger danger" is a weak attempt by the feeble to disuade the many from using an awesome tool. Remember "they" don't want you to have any privacy. Well fork them. It's my computer, thanks.
Posted by (13 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.