locksUpdate: See the comments for the blogger’s explanation. Her site had been recently hacked; her webmaster had asked her server host for increased security but got considerably more than they had bargained for. The offending Javascript has since been removed from this site, but I’m leaving this article up as a general screed against all the sites out there that do this, as there are still plenty of them.

Today I happened to notice a really amusing blog post by way of The Passive Voice, called “10 Reasons Why Being a Writer is Like Being Santa Claus.” The blog post itself is pretty funny, though probably not entirely topical for TeleRead in and of itself. (I could probably stretch a point and say something about writers who self-publish, but even that would feel like reaching.)

But my inspiration for this post comes in when I wanted to copy and paste list item number 7 into a Google Hangouts session where I chat with a couple of fellow writers on my Internet fiction project. The bit about grasping at carrots seemed appropriate to one of my co-writers in particular, for more than one reason. But the site was set up to prevent copying and pasting, and a little Javascript window popped up to tell me so.

What’s more, when I hit Ctrl+U to try to view the source (as you can often get around copy-paste blocks by doing that), another little Javascript window popped up to tell me that was forbidden, too.

That made me a little angry. So I took about thirty seconds to look up how to do it, then I went into my Chrome settings and turned off Javascript. I still couldn’t copy and paste directly from the page, but viewing source worked just fine. A quick copy-and-paste of the relevant portion of the page source into Notepad, a little bit of clicking around and backspacing to get rid of the HTML formatting, and I could copy and paste it into the Hangouts window with no problem.

What on earth moves someone to try to lock their words down to the point where you can’t copy and paste them out of an ordinary web page? It’s counterproductive. For starters, I’d never have found the blog post if I hadn’t found it excerpted on The Passive Voice. (Apparently Passive Guy also knows the trick of disabling Javascript.) If you want to get your content shared, you have to accept that sometimes people are going to excerpt it. I frequently excerpt stories here, as fair use permits me to do for the purpose of criticism and commentary.

Furthermore, it’s ineffective. This isn’t a form of DRM where you need to crack encryption. All you need to do is tell your web browser, “Okay, stop doing what that web site tells you and do what I tell you instead.” Is trying to lock down content like that really doing to do anything more than annoy someone who knows their way around web browsers?

And what kind of contempt does that show for your readers? Copying and pasting a relevant paragraph here and there is one of the primary ways people relate to content now. It’s how we share it with our friends who might lack the time or inclination to go visit the URL unless we prompt them with a tempting tidbit. Everybody does that.

If you don’t want your words copied and shared, don’t post them in public on the Internet. If someone is going to copy your entire post and try to pass it off as their own, most of them will be savvy enough to do that whether you use Javascript or not. (Maybe you’ll stop a few people, but as easy as it is to do, I doubt you’ll deter pretty much anyone who knows enough about web design to host their own site.) If they do rip off the whole thing, you file a DMCA request to have it taken down—which you could do whether or not you tried to prevent them from being able to copy it in the first place. It’s just not worth the goodwill you’ll lose from coming off as some kind of control freak by comparison to the 99.99% of the rest of the web who doesn’t bother.

And when you get right down to it, this is effectively a parable for digital rights management in general. Yes, stripping the DRM from e-books is a little more complicated and involved, and it relies on someone out there being willing to do the grunt work for you of coding up a way to crack the digital lock. But once that code is out there, anyone willing to Google it and download it can do it, so any e-book you buy from Amazon or Barnes & Noble or even check out of your local library can be freed of its fetters just by dragging and dropping it into Calibre.

The same holds true for movies. The DRM on DVDs was defeated long ago by DVDJon. Even the DRM on Blu-rays, which changes every so often, is re-cracked just as soon as it changes; the only practical effects of changing Blu-ray DRM are to make Blu-ray players that can no longer update their firmware to deal with the new DRM obsolete, and allow the manufacturers of the DRM-cracking tools to sell expensive lifetime subscriptions for updates to their tool. Small wonder that Steve Jobs prompted music labels to drop DRM on digital music sales!

That doesn’t make it legal, and it certainly doesn’t make it morally right to redistribute those cracked copies via peer-to-peer. But illegal isn’t the same as infeasible—and prohibiting a user operation such as copying and pasting or viewing source doesn’t make it infeasible either.

Incidentally, it’s against the law in the US and a number of other places to tell people how to bypass DRM. In theory, it could be illegal to tell people how to turn Javascript off, too—except that the US law only applies to effective protection measures. And while I’m not a lawyer myself, and there’s some debate over how effective DRM is in general, it seems unlikely that anyone could see a “protection measure” you bypass by simply turning Javascript off as being “effective” enough to come in for that kind of legal protection. Some people keep Javascript turned off in their browsers as a matter of course, and they wouldn’t even encounter the pop-ups or the lock out of viewing the source.

In conclusion, enjoy the funny blog post that I linked above. Enjoy it however you like—because if the user prohibitions get in the way, getting rid of them is just a Javascript-disable away.


  1. I use a plug-in called “Clearly” which grabs the text portion of a post and displays it as an overlay of the original. So, click one button, select text, Ctrl+C, then Ctrl+V … ‘V’ for “Voila!”
    Tried on the linked article and it worked like a charm. Yay!

  2. Chris, I apologize for the hassles on my blog. I have nothing to do with them. We’ve been hacked and somebody stole all the content of the blog and pirated it to a Brazilian site and I had an empty blog.

    We moved to WordPress (at huge expense) and got hacked again this week. So my webmaster spoke to the server. It’s the server (Flywheels) who put on all that DRM stuff. I had no idea until you mentioned it. I have had a popular blog for years, getting up to 100,000 hits a month and I grew that following by being very open and friendly about comments. So it stings to be accused of something I have no control over that already has me in tears.

    The server is now making me moderate every single comment, which means I can’t sleep or even go for a walk. Very very upsetting. I’m begging them to put the commenting back the way it was, but they keep saying we’ll get hacked again.

    It’s enough to make me give up blogging altogether. I do apologize. Aside from killing off the blog (and maybe myself) I don’t know what I can do.

    • All right, I can see how getting hacked would be frustrating and could lead to an overreaction in terms of security. Being able to copy and paste text has little to do with the kind of site hack that could result in someone downloading all your content and then erasing your site, but communication can go awry at the best of times, and I don’t doubt that asking for increased security could be interpreted in ways you didn’t originally intend. I should probably have been a little more temperate in my blog post. You’re not the only site I’ve come across to try to lock content down; you were just the lucky recipient of the amassed frustration such measures have provoked in me until it got to the breaking point. 😛

    • Bridget, I hope you’ll read my comment above. I had NOTHING to do with this.

      It’s simply the highest security program the server has, which they put on less than 24 hours ago, so this is the first I’ve heard of it. It has me in tears! .

      My old blog was very popular and it got hacked and pirates took all the content and put it on a site in Brazil. My own blog was empty of content. Heartbreaking. Five years of work. They got in and changed the codes and drove all my traffic to their site. All my posts were there (along with the Bible…in English. Very weird) He was using it to sell advertisements for electronics.

      My friend who’s a web designer moved the old un-secured blog from Blogger to a self-hosted WordPress site (with a lot of hard work and hassle) and we thought we were home free. Then, in spite of WP security plug ins, on Thursday the guy got in again and rewrote our codes to drive traffic to his site.

      I am not paranoid or crazy. My webmaster is trying to keep the hacker out and still have a blog that is open and friendly, If people could stop beating me up for a while, I could get this straightened out. This could happen to anybody. Even you. Snark doesn’t help.

  3. I hate sites that do this, it’s totally counterproductive. Snopes began doing the copy block several years ago, which meant telling people to go read this long article. Most won’t do that since they don’t do anything that tells them that great deal is a scam—rather they like to follow the scam instructions and then complain when their computer is filled with malware. I long ago found that I could use the print command, save to PDF, and could copy whatever I wanted. It’s just a silly waste of my time, so now I avoid sites that are so controlling.

  4. Just to add to what Anne has explained above, I’m the guest blogger in question and would like to thank everyone for persevering with the piece, most notably Anne, who is trying to moderate comments within 8-hour gap time zones amongst other security horrors not of her making.

    The Santa article was written and posted with the intent of being widely shared, excerpted, quoted, pummelled, or whatever you’re having yourselves, with the mere hope of a bit of honest attribution along the way. Nothing good ever comes easy!

  5. I too would apologize, except I still think whoever did this is an idiot.

    In this situation that’s not the author/blogger, and since my comment would still appear to be directed at them, I apologize for that lapse.

    • Nate–Thanks. I’m a huge fan, and I have great respect your opinions. I’m passing all this info on to the server and I hope we can get things back to normal by the end of the day. It’s been a major pain for me to have to moderate every comment. First hackers and now this. Gotta get this thing under control. It’s the Holidays. There are beasts to be roasted and cheerful holiday beverages to be consumed. I do not need to spend this week bogged down in tech stuff.

  6. The irony I see here is I click to go to read an article about javascript user prohibitions being futile, and what I’m presented with is this: http://imgur.com/MaAtsSD – It’s not exactly a perfect analogy to that because I can click it away; it’s not preventing me from doing stuff on your site in the same sort of place as ‘fair use’

    …However, with that notice, it’s trying to suggest to me to do something that I clearly am not willing to comply with (see advertisements) in the same way you’re not willing to comply with copy-paste restrictions on some sites (or, apparently, on some e-books).

    It’s just funny because we all as humans are unwilling to actually come to terms with that in general, we have subjective morality; we will take issue with certain things that don’t benefit us, while at the same time we have complete ‘blind spots’ for the ways we do the same thing where they align with our views.

  7. I’m encountering more and more sites that utilise various methods to block normal web functionality. Unfortunately some of these sites are too clever to fall for simply disabling Javascript, as doing so will break their entire website. Normally I just leave the site and never go back, but I hit one too many so I decided to see what could be done about it. Fortunately, and the reason I love Firefox, there’s the right to click addon which will restore this functionality without needing to turn off Javascript.


  8. Perhaps we can put an end to this. Propose a patch to Firefox that will not allow any selection/copy disabling using Javascript, by removing those events from those available. The web page should not be informed when a selection is done, nor any copy action.

    If the event is not produced, they cant catch it…