“Houdini” plugin for WordPress is no magician

closeThis post was published 8 years 10 months 13 days ago. A number of changes have been made to the site since then, so please contact me if anything is broken or seems wrong.

WordPress The F***?! satirical composite
Logo source and trivial modification with GIMP

I’ve seen some pretty absurd WordPress plugins show up in the Plugins dashboard widget on this site, but the recently-released “Houdini” takes the cake so far. It claims to prevent spammers from copying the contents of any post or page upon which the [houdini] shortcode is placed.

The fact is the internet is open can lead to theft especially to content stealing and plagiarism.

Until now, there was very little to discourage and deter this serious crime. Yes content theft and plagarism is a crime in some jurisdictions.

You cannot rely on others or the authorities to continue to police the internet as they do not have enough resources. You need to protect your content and deter this theft.

The basic form of content theft is to copy and paste your content to another medium.

Well Houdini, prevents this using a little known special algorithm that prevents copying by making the selected text that is targeted by the perps to be copied, to disappear! Yes disappear!!! The only way to recover is to reload the page in the web browser. If they try again, the content disappears again. As long as they keep trying to select and copy your content, the content will disappear before they can get a chance to execute the copy command!

After a few unsuccessful attempts, the theives will move on to a easier target.

Your safe!

WordPress › Houdini « WordPress Plugins

So what can we glean from this PHK Corporation plugin’s description, other than the fact that the author has poor English skills? We can most definitely conclude that phkcorp2005 has no understanding of how most copying of Internet content is carried out. As I and others have pointed out many times over in blog and forum posts, copying is usually not done by a person using a mouse to cut and paste, but rather by automated computer programs called scrapers. (For the uninitiated: See these two Wikipedia articles.)

What is left out of that messy, error-riddled description is the word “JavaScript”. It is by no means the only word or phrase that should be inserted, but it is the most important. That fifth “paragraph” (the formatting is also very poor) should say “special JavaScript algorithm”, which is synonymous in this case with “useless JavaScript algorithm”. All it does is wait for the user to try to select text in the browser and clear the selection if any is made. Besides, any copy-protection scheme based upon JavaScript is inherently useless by virtue of the fact that it doesn’t do anything to prevent copying. There are tons of ways to get around it. Disabling JavaScript, for example (as mentioned below).

For example, take hatkirby’s rant. I quote from that post the list of circumvention techniques below:

  1. Go old fashioned and turn off JavaScript. Yep, the script is rendered useless.
  2. More advanced content thieves likely don’t just go around to random blogs and copy/paste off of them. They write screen scrapers, small programs that visit sites and download specific parts of the site. As these do not render pages and simply download from them, the script isn’t even seen by the scraper.
  3. Due to the nature of the Internet, anyone, and I mean anyone, can see the source code of a website. It’s done differently in different web browsers, but it’s always pathetically easy and, as it simply shows HTML code instead of parsing anything, no scripts are run.
  4. RSS. Syndication feeds are normally viewed in feed readers with little to no JavaScript interpreter. Script bypassed.
  5. There’s this cool little button on most keyboards that says “Print Screen”. Even on the keyboards that don’t have it, there’s usually a key combination that achieves the same effect. It takes a picture of whatever’s on the screen. No selection occurs and yet the thief has a copy of your article. They do, however, have to retype it, so this keeps the lazy thieves out.

That’s just a smattering of ways to get around the JavaScript inserted by Houdini.

In the face of all the arguments presented, the plugin’s author has insisted that the purpose of Houdini is not to “prevent” copying, but to “deter” copying. I don’t think that statement holds any weight whatsoever. It still depends upon the copying being performed in a JavaScript-enabled browser by a human.

There’s also the matter of just how absurd copy-protection of any kind is on the Internet. Every single document or file anywhere on the Internet must be copied in order for the user-agent (usually a browser in the case of human interaction) to retrieve and display or otherwise make use of the content. This is why it’s quite simple for any user to just view the source code of a page. It has to be copied in order to display the content.

Also mentioned in the first (started, chronologically) forum thread is the ability of JavaScript to disable the browser’s context menu and thus the “View source” option. That’s just as useless as the selection-clearing code, and actually more so because many modern browsers allow specific JavaScript capabilities to be disabled—capabilities like removing or replacing the context menu—as an alternative to disabling all JavaScript. The “View source” option is also present in other places—places such as the browser toolbar’s “View” or “Tools” menu—which JavaScript code cannot modify even in the most permissive environment.

Legitimate quoting must also be considered. There are a million and one reasons why someone might legitimately want to copy a few sentences of a blog post. Maybe they like it enough to post a quote to Twitter or Facebook, or perhaps they want to comment on it in a blog post of their own. Content theft is a big problem, but the old methods of periodically searching for and reporting content stolen from one’s site are infinitely preferable to this plugin’s ineffective method.

Finally, why require the use of a shortcode? Why not just add the script globally to all content pages and forget that stupid “This page is copy protected” header?

At most, Houdini has the ability to add a superfluous <h5> tag to the page and annoy legitimate users with an obnoxious script while doing absolutely nothing to thwart real content thieves. I wonder if WordPress Extend would consider removing this laughable plugin from the directory… Of course, we bloggers would then be denied this ripe opportunity to satirize this particular piece of code. 😀

dgw

I am an avid technology and software user, in addition to being reasonably well-versed in CSS, JavaScript, HTML, PHP, Python, and (though it still scares me) Perl. Aside from my technological tendencies, I am also a theatre technician, sound designer, violinist, singer, and actor.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail (or subscribe without commenting)

Comments are subject to moderation, and are licensed for display in perpetuity once posted. Learn more.