Showtime Websites Are Mining Monero With Your CPU, Unclear If Hack Or Experiment (bleepingcomputer.com) 58
An anonymous reader writes: Two Showtime domains are currently loading and running Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites. The two domains are showtime.com and showtimeanytime.com, the latter being the official URL for the company's online video streaming service. It is unclear if someone hacked Showtime and included the mining script without the company's knowledge. Showtime did not respond to a request for comment, but it could be an experiment as the setThrottle value is 0.97, meaning the mining script will remain dormant for 97% of the time. Despite this, Coinhive has been recently adopted by a large number of malware operations, such as malvertisers, adware developers, rogue Chrome extensions, and website hackers, who secretly load the code in a page's background and make money off unsuspecting users. At least two ad blockers have added support for blocking Coinhive's JS library -- AdBlock Plus and AdGuard -- and developers have also put together Chrome extensions that terminate anything that looks like Coinhive's mining script -- AntiMiner, No Coin, and minerBlock.
The Pirate Bay recently ran tests using Coinhive. A recent report has calculated that a site like The Pirate Bay could make around $12,000 per month by mining Monero in the background.
Naw, it's good he posted this. I would have no idea what the crazy conspiracy people have moved onto if not for posts like this.
I second this, but instead of JS genocide, install No Coin, CPU freed up right away. Very disappointed this was causing my IDEs auto complete to be entirely unusable while watching bootleg.
Java != Javascript. I don't know what your company is selling, but I will not buy anything from you if your IT dept cannot make the difference between Java and Javascript.
The site doesn't make money. Users lose money. (Score:2, Insightful)
It's not really a case of the site making money. They haven't actually produced anything of real value, so wealth hasn't been created. All they've done is consumed the computing and electricity resources of the site's users, and converted them to an entry in some distributed database. Overall, it's a net economic loss. Resources were consumed without producing anything of value.
Monero the coin being mined is supposedly optimized so that CPU or GPU will produce similar hash rates.
The Showtime websites this is placed on are where people stream pirated TV and movies. So visitors sit on them for 30 minutes to two hours on average.
I don't know how many people visit those sites, but it could easily be in the thousands to millions. Who knows how much money can could make off this.
I wonder if websites might move to a proof of work model, where their miner would have to execute for n cpu cycles for access to pages to be granted. I can see this becoming an alternative to advertising, especially with smartphone CPUs so relatively fast.
Entertainment is bad, and we should all work to produce boring but necessary things.
So, you're Mormon?
That, or a Marxist. Time wasted on frivolities means less that can be taken from you according to your abilities.
They haven't actually produced anything of real value, so wealth hasn't been created.
Why are people consuming the site's content?
My (admittedly limited) understanding of cryptocurrency mining is that it actually does produce value, in that the mining process itself is what's responsible for distributing, verifying, and otherwise maintaining the blockchain on which the currency is built. Which is to say, miners are the ones facilitating the use of the currency. It's actually part of what makes cryptocurrencies work so well, since the very act of maintaining the currency is both distributed and incentivized.
Based on your description of how virtual currency mining creates value, then couldn't we also create value by adding a zero to the end of our bank balances?
Or more specifically, by having only people with fancy computers add a zero to their bank balances.
The unfiltered internet is for dumb people (Score:2)
A system based upon the execution of unknown code downloaded from remote sites is inherently insecure. That'll probably never get through enough heads to do anything about it, but there it is.
Walled gardens that prevent the blocking of said unknown code are prima facie unusable.
Most people don't understand what that means. "What's Javascript?" might be the response. So they pay for too much bandwidth and tolerate the poor performance inherent in the unfiltered net. And all the usual risks of running unidentified code.
I don't use a script blocker and do a bit of ad-blocking. If a site slows me down, I close it. Problem solved.
Doing it sleathily is wrong, but perhaps... (Score:3)
That was my first thought, followed by, "Oh wait, bitcoin et al aren't sustainable."
Remember kids... (Score:3)
Never browse without properly community-maintained ad blocking and script blocking.
And if any company complains about not being able to 'serve' you properly as they'd like to... add a request to have that complaint blocked.
Ryan Fenton
Voluntary mining would be fine... (Score:3)
I would gladly donate CPU time to support a site instead of viewing ads.
I might even idle my browser there---if it doesn't affect anything else I do. They really need to have a light touch though.
And, it should go without saying, but no mining on mobile. If I have to choose between bandwidth for ads and battery life, I'll take the ads.
TULIPS! TULIPS! (Score:1)
OMG tulips! Tulips, everyone! Oh shiiiiiiiiiiiiii-
Am I missing something? (Score:1)
Before I swung by slashdot, I hit TPB and fired up my download of Star Trek. I haven't paid TPB for anything, and I'm not about to sign up for their VPN, or stay up all night playing "The most addictive game of 2017". But TPB has provided me with a valuable service, and for that, I am more than happy to throw them a few spare CPU cycles.
Thanks guys, keep up the great work!
Terrible way to fund sites (Score:3)
CPU mining has a return of between 1 and essentially 0% depending on the currency and the price of electricity. Best case scenario, you leave you web browser open for two days, you consume $1 of extra electricity and the web site gets $0.01. Unless the browser could leverage your GPU, you live in Quebec (cheap electricity) and it's winter so you are heating your house with the GPU, this is never going to make sense.
It makes perfect sense if it is other people paying for the electricity...