So are you saying that we should make sure not to block this IP range, in case somebody somewhere wants to share our content on social media, if we want to allow that?

Or on the other hand, if we don't want to allow people to share our content, we should block this IP range.

But also, how do we keep up with the IP range changes that might occur?

EDIT Or is it the UA we should block (or not)?

I really hope they'll switch to a more specific UA real soon...
Then we can serve that a simple page in the site-appropriate design saying:

Please visit <link to original page> to see the shared information.

Best of both worlds! ;)

So are you saying that we should...

I'm not saying anything other than identifying the UA, the host range, and what it is/does IMO.

well does anyone have an opinion as to whether this should be blocked, and if so, what would be the best way to do it?

I block "pear" in the UA.

I block most AWS ranges, but poke holes to let through things I like.

We may be anticipating a non-problem. From Mozilla:

New: Keep track of articles and videos with Pocket.
New: Clean formatting for articles and blog posts with Reader View.
New: Share the active tab or window in a Hello conversation.

[venturebeat.com...]

The first two appear to be user side tools, not shared, and the latter is sharing a screenshot or tab in a Hello Conversation.

I've seen a lot of this UA from AWS over the years, from many different ranges.
I'm intrigued as to how you identified it, though. Have they owned up somewhere? Or did you try it out and spot your own shadow in your logs?

I tried it out for the explicit purpose of seeing what it could do and how to identify & block it.

What I object to about this tool is Mozilla making it very easy for the user to scrape intellectual and other property from a web site without permission from the owner. This has become almost the norm on the internet, but here's another tool right there in the browser. One click and what ever is on the page is grabbed and stored in the Amazon cloud.

Articles from my pages get stripped of my Adsense and other advertising and shared other places on the net without my permission, nor compensation. This also damages the worth of my web site, if the content is available other places than at my site, hence branding becomes devalued.

I am not trying to convince anyone of anything. Some webmasters will not see anything wrong with this action by Mozilla, others probably will feel much as I do about having our property scraped. Mozilla certainly is not the only offender, I'm just disappointed they have disregarded the rights of webmasters in doing so.

I've seen a lot of this UA from AWS over the years, from many different ranges.

Pear is not new. It is a programming language often used as an extension to PHP (another programming language) so it's likely you have seen "pear" included in UAs before, from various actors.

What I posted above is the UA used in the scrape/archive attempt by the AWS server. The visitor will come in on their own IP with the Firefox UA. Then when they click the Pocket icon displayed in the Firefox chrome and choose what they want to steal, that's when the the AWS UA will hit.

As predicted above, coming from other dynamic AWS cloud ranges:

54.64.0.0/11
54.64.0.0 - 54.95.255.255

54.91.86.120 - - [04/Jun/2015:17:33:18 -0700] "GET /example.html HTTP/1.1" 403 913 "-" "HTTP_Request2/2.2.0 (http://pear.php.net/package/http_request2) PHP/5.3.29"

Note: same UA as first seen

what they want to steal, that's when the the AWS UA will hit.

That's a mischaracerization. The user is saving to read later FRO< THEIR OWN FIREFOX ACCOUNT. This argument (theft, modification) is not likely to advance to a court as there is existing case law supporting the USER'S right to timeshift, record media (music, tv, for example, cameras and Xerox previously).

I haven't used Pocket (if I want something I already know how to get it), so I don't know if the entire page, including ads, iframes, header/footers menus etc. is copied to the user's firefox account., if so then the webmaster has lost part of the TIVO argument about killing advertisements in his recording (time shifting) role.

jf only the USER can see the stored content to be read later, I see no problem with it. You've already had the visitor and he/she MIGHT come back after reading that content.

For all this noise one might think that even the browser cache on all machines was just as dangerous as Pocket (has a copy of your site right there!)

if only the USER can see the stored content to be read later, I see no problem with it. You've already had the visitor and he/she MIGHT come back after reading that content.

You obviously don't sell advertising or publish Adsense since this is stripped away by Pocket.

...he/she MIGHT come back...

Sorry, I see no absolutely no benefit in anyone stealing my property, for any reason. As for the "read it later" argument, that's why my web site is there.

I haven't used Pocket

:)

As I said earlier, some will see this and other scrapers in a different light than I do. For me, it is serious when my income is threatened, at any level.

There was an earlier build of Pocket that was a free stand alone that Firefox users could add on (sometimes referred to as the "old" Pocket). Same people behind it, but it was not widely used. However this new version is championed by Mozilla and offered with the latest update, so many more users will be aware and use it. There is also a full featured upgrade offered at a monthly charge.

Anyone know where the option is to turn this off?

There are lots of people posting at various forums asking for help to get rid of Pocket. Mozilla makes it difficult, or at least not obvious.I uninstalled from Add Ons and the button disappeared but the red icon "Save to Pocket List" remained at the top of my Bookmarks list.

To get rid of that thing I had to go into about:config, search for "pocket" and clear, false, 0 everything related. It's also mentioned in a horizontal linear list of extensions there, so I deleted that as well. Finally got rid of the red icon.

[added]
Well whadoya know... another Pocket button showed up in the Customize Firefox icon tray, easily deleted. They really don't want us to get rid of this thing. What happened to Mozilla anyway. They used to be on our side :)

How to fully remove or delete firefox pocket.
Does this help? [help.getpocket.com...]

I spent a lot of time searching for a fix. Tried several things, but stuff remained inside the Profiles folder, userChrome, etc. Besides, that link is to remove the *old* pocket version.

One of my problems was due to having several versions of Firefox at different times, in different locations on this machine.

Deleting the listings from about:config finally did it, except for that last icon I found in the custom tray :)

Is this something that's going to restore itself with every update? I really hope not. This is not going to do FF reputation any good what-so-ever, imho.

Thanks for doing the research keyplyr. Would you mind summarising the whole procedure in one post? Thanks in advance.

I tried to get rid of it over several days while doing many other things so my memory is not so linear but...

• I used the gear icon in Pocket to access my account, then delete my entire Firefox account (I reopened my Firefox account later, after everything was removed.)

• I uninstalled the extension in Tools > Add Ons

• From my Windows C drive: Programs > Mozilla Firefox > Chrome > Profiles > userChrome.css and removed the listing there.

• With Firefox launched, I typed about:config in the address bar, then searched for "pocket" which resulted in about 8 or 10 listings.

• Changed them all to false or 0, and on several I needed to Modify to remove any account numbers. There was also a horizontal linear list of extensions where I found mention of "pocket" somewhere in the middle of the list, so I removed that part of the extension list.

• Closed browser, relaunched browser... voila!

Note: A lot of "fixes" mentioned at other forums didn't work for me or I couldn't find what they were talking about. I don't know if all these steps are necessary or not. I just kept trying things until it was gone.

How curious (killing Pocket in "your" own browser). To what purpose? If you don't like it, don't use. If you don't have a Firefox Account, it's pretty useless anyway.

Short straw poll: How many FF users have a FF account? (not me)

And last: How does removing it from you current FF install tell Mozilla *you* don't like the product?

Also wondering why similar products for IE and Safari have not met with the same reaction (and existed much earlier).

Why are you so involved with this Tangor? You have no Firefox account... You admitted you had not even installed this software so you have no knowledge of it first hand, so what is your point? ...or do you just like to argue about things you don't understand?

I seem to remember you being a fan boy about a mobile caching app, another piece of software you had never used.

If this convo is related to getpocket.com -- I've blocked any appearance of "getpocket" as a referrer since at least 2014 because of off-site, pocket-related pages+graphics grabs:

http://getpocket.com/a/queue/
http://getpocket.com/a/queue/list/
http://getpocket.com/a/read/123456789
http://getpocket.com/a/archive/
http://getpocket.com/redirect?url=http%3A%2F%2Fwww.example.com%2F
http://getpocket.com/redirect?url=http%3A%2F%2Fwww.example.com%2Fdirectory%2Fexample.html

(Preceding REFs seen with and without "www" -- but usually without.)

If this convo isn't related to getpocket, um -- "Nevermind."

Dunno if it's the same, but thanks... don't want that either :)

@keplyr

Answered none of my questions, but will answer yours.

I see no reason to modify something integrated into my browser for something I don't use.
I see no great problem with the product as it is user side, not a "tool" to scrape sites (I do do the research)
I've never commented on any other mobile data app, so you must be confused.

My real concern is some raising a battle flag (and confusion for other webmasters) for a non-problem. We have enough FUD in this industry without adding more.

And...

This release is what, a week old? We don't have enough data to come to any determination whatsoever.

While I don't use the product, and do not have an FF account, two users in the house do, and are, using the product.... and in the week so far, have not even gone back to read those store and see later articles. So, I believe in real life this is probably a non-issue.

As a scraping tool, Pocket is a putz. Real scrapers have better tools, with better results. Pocket does, however, give the webmaster that visitor because they had to visit the site to make the choice to read it later.

Folks will do what they choose, and that is as it should be. Just cautioning about taking a step that will have a possible bad return when the Pocket user is denied.... they may no longer have any confidence in that site and might never return again. Last thing we need to do is antagonize the USER!

This is why I am invested, kiddies. This time it is the USER who is affected, not some robot or scraper. Pick and chose your battles and make sure they are the ones you really which to fight.

YMMV

@Pfui - if you can recall, was there anything unique about the UAs showing these referrers? Also, were these same users already on your site when the referrers started to appear, or were these referrers independent remote requests.

@keyplyr:

was there anything unique about the UAs

UAs were all over the map -- computers, mobiles, Windows, Macs, etc.

already on your site... or were these referrers independent remote

Both, suggesting people were either actively saving pages, and/or returning from having saved. And the vaaast majority, when redirected to info about changing UAs, promptly -- e.g., within 30 seconds -- reappeared using regular browsers.

@tangor:

Real scrapers have better tools, with better results.

Technically, I'd agree. Technically. Plus they're easiest to spot because they often hail from notorious server farms, or are egotistically compelled to include their names in their UAs.

But in terms of actual resources wasted/abused (& copyrights violated), 'faux scrapers' like pocket and its save-in-one-place ilk -- evernote; genieo; instapaper; readability -- are vastly more damaging precisely because they're in the hands of innocent and/or clueless end users.

Hardly a week goes by that someone doesn't try to 'save everything', the bulk of which will probably never be viewed again. The worst example was the guy in China that literally started saving hundreds of thousands of posts "to read on the train."

Hardly a day goes by that someone who tries to save even a single page for offline viewing doesn't use a UA that mixes up relative file paths and cause scores of errors. Or that someone who has already saved pages -- whether using a bad app or a badly coded one -- doesn't set off cascades of errors when loading pages offline.

(Yes, I'm looking at you, Microsoft Word/Office, LibreOffice, OpenOffice, etc., full of wasteful GET, HEAD and PROPFIND hits for Every.Single.Graphic.)

Hardly an hour goes by that RSS apps don't hit every 20 minutes, 24/7 despite proper time/access instructions. After a few weeks of abuse leading to 403s and no live people from those IPs, they get dropped via iptables.

Point of spontaneous mini rant is, to each breathing visitor his/her own browsing methods/apps -- UNLESS your impact exceeds reasonable use/expense. (Whatever happened to click-read-click-read?) Then I don't care who you are or what you're using. Talk to the 403.

Um... Was there a question? :)

Thanks Pfui

Just a general statement - Some of us rely financially on our online businesses, others have non-commercial fan pages or hobby sites. There's likely little difference in the value we put on our hard work, but there often is a significant dissimilitude in the way we judge what is or what is not a threat to that hard work..

Some of my articles have been "re-published" a dozen or more times. But I'm almost certain that in the vast majority of cases it was done "manually" by someone who saw the article and decided that they wanted a copy of it on their own site. In fact, I've seen many sites whose content consisted mostly of things that the owner happened to see somewhere and decided to manually copy.

You can block all the bots and all the sophisticated scraping tools that exist, but that won't stop manual copying by humans.

Was there a question?

Whatever happened to "Save Page As"?

...

It was blocked :)


Seriously, that feature is still present in a couple browsers. Very easy to block. Also a lot of fun to manipulate how the page renders & functions on the thief's local machine. Force the hot-link, then you can do anything you want with it :)