Cloudflare Ditches Sites That Use Coinhive Mining "malware" (betanews.com) 84
Mark Wilson writes: Bitcoin has been in the news for some time now as its value climbs and drops, but most recently interest turned to mining code embedded in websites. The Pirate Bay was one of the first sites to be seen using Coinhive code to secretly mine using visitors' CPU time, and then we saw similar activity from the SafeBrowse extension for Chrome. The discovery of the code was a little distressing for visitors to the affected sites, and internet security and content delivery network (CDN) firm Cloudflare is taking action to clamp down on what it is describing as malware. Torrent proxy site ProxyBunker.online has contacted TorrentFreak to say that Cloudflare has dropped it as a customer. The reason given for ProxyBunker's suspension is that the site has been using Coinhive code on several of the domains it owns.
Good (Score:2)
Coinhive with no alert and option to disable is bullshit anyway.
Re: (Score:2)
Alternative to ads? (Score:2)
Maybe it is, but it may also be a suitable alternative to ads for some people... For example, my main objection to them is not that use up my computer's resources (indeed, AdBlock often takes more [extremetech.com]) — it is the screen real-estate, that the ads occupy. (And the incessant blinking of some of them.)
So, in exchange for accessing the content, I may be willing to let my computer do some coin-mining for the authors.
Re: (Score:2)
the site you're visiting is doing BOTH displaying ads and using your CPU for mining bitcoins which is exactly what is going on.
Some are, some are allowing a slider between revenue streams, and some are only asking for permission on the mining (no ads).
Your blanket statement is false as written, but Google and Cloudflare are pretending it's true. Google is in the ad business and Cloudflare is squarely in the ad distribution business, so both stand to lose tremendously if the Web doesn't remain ad-supported
Re: (Score:2)
Re: (Score:2)
There are some people who aren't aware that JavaScript is the Internet's equivalent of an STD...
Re: (Score:2)
Re: (Score:1)
Personnally, I`m fine with coinhive. In no time we will have cpu caps at 5% of a core on browsers which we can waive for legit sites, so those miners costs us almost nothing, and no ads is great :) Also, the browser already has to fight for cpu against my own miners. Beside, it`s not as if we didn`t have tens of other cores available for what we need to do on our computers should we core lock stuff .. oh well, to me it's a non-issue.
Re: (Score:2)
uBlock Origin already has rules to block CoinHive by default.
Re: (Score:2)
I've been thinking about this, and if there were a standard API for harnessing my CPU for a few cycles while I browsed, and a setting where I could decide how much time to give on a site-by-site basis, I think I'd be much more willing to do this than have ads. The thing that bugs me is the underhanded nature of it right now, but it's honestly kind of a good idea.
Of course, for this to work, several things need to be in place and the red tape in getting this off the ground properly would probably be a huge h
Re: (Score:2)
But as a way to pay for content, this is kind of brilliant.
If this was an alternative to ads and had some CPU cap, I'd agree. But this is being deployed in addition to ads and I don't know how aggressive it is about consuming resources.
Re: (Score:2)
The thing that bugs me is the underhanded nature of it right now
It's no less underhanded than ads are. Sure, you know that the ads are there, but the vast majority of people have no idea of all the tracking and selling of their information that's going on behind the scenes.
Re: (Score:3)
See: Brave browser
Re:Question (Score:5, Insightful)
> would you prefer ads or background JS running Bitcoin miners funding the websites you visit?
False Dichotomy, much?
The answer is: Neither:
* Ads are immoral -- they don't respect my time, space, bandwidth, or money, so Fuck-Off with your blatant greed,
* Stealing my CPU resources is just as heinous.
Your monetization problem is not my problem.
Re: (Score:2)
Re: (Score:2, Insightful)
What part of ...
Re: (Score:1)
Re: (Score:1)
Re: (Score:3)
> I was claiming there are only two ways to fund websites and that you're obliged to pick one of them
That is indeed what you were doing when you rejected the answer "Neither"
Here is an example:
Q. Would you like Cake or Pie?
A. Neither, I would like Ice-cream.
Now what part of OR [bfy.tw] do you not understand?? There are AT LEAST 4 different permutations:
A=Ads B=Bitcoin
A=0 B=0 I'm NOT OK with either one.
A=0 B=1 I'm OK
Re: (Score:3)
> when all I've done is ask which of two options is better.
You are assuming that either option is better. I disagree with your premise.
Analogy(*) Time!
Q. Would you like to be:
* Raped first, then murdered? OR
* Murdered first, then Raped?
A. The response NEITHER is a VALID answer.
There are at LEAST _four_ different answers -- some sick fucko might go "Both?"
(*) I neither approve nor condone. This imaginary example is just for illustration purposes only to make a point
Re: (Score:2)
Re: (Score:2)
I didn't offer any dichotomy. I asked you which you prefer.
Let me try to rephrase the answer you got:
Distracting interest-based ads and cryptocurrency mining are tied for unacceptable. It's futile to argue which is farther below the threshold of acceptability when at least one third option exists and is above this threshold. In this case, there are two third options: subscriptions and cessation of business.
Re: (Score:2)
Re: (Score:2)
Among the legitimate answers, "Hard to tell, they're both pretty shitty" is probably the closest.
Re: (Score:3)
Ouch!
What about providing something to help cover the costs of creating content you consumed? Do the words "immoral" and "heinous" apply there in any way?
Rgds
Damon
Publishers unwilling to take my money (Score:2)
What about providing something to help cover the costs of creating content you consumed?
For one thing, the act of viewing a work of authorship does not consume the work [gnu.org].
For another, publishers often don't even want to take my money. Where's the lawfully made region 1 or all region DVD copy of the film Song of the South, the film Pinocchio and the Emperor of the Night, or the TV series Spartakus and the Sun Beneath the Sea (the English language dub of Les mondes engloutis)?
Re: (Score:2)
Ads are immoral -- they don't respect my time, space, bandwidth, or money...
Of course they respect your time - They're buying it from you. Your time, space, and bandwidth are what they're purchasing in exchange for access to the content they're linked to. Your money is the ultimate prize. How can you say ads don't respect those things when they're literally the entire goal?
Maybe you're saying that they don't respect your time because they're demanding more than you think is fair? Browse elsewhere or pay for ad-free premium content.
Re: (Score:2)
Maybe you're saying that they don't respect your time because they're demanding more than you think is fair? Browse elsewhere
When I tried that, I got modded down for saying I couldn't RTFA.
or pay for ad-free premium content.
If I "pay for ad-free premium content" on one site, which other sites will honor my having "pa[id] for ad-free premium content"?
Re: (Score:2)
If I "pay for ad-free premium content" on one site, which other sites will honor my having "pa[id] for ad-free premium content"?
Surely you can't tell me that EVERY DEVELOPER wants to be paid for his time or bandwidth! I'd like a subscription to the Internet, please.
Adult Check: Grown-ups can pay for nice things (Score:2)
I'd like a subscription to the Internet, please.
That's what people think they're buying when they pay $60/mo to Comcast.
In the late 1990s, there was actually a service like that: Adult Check. A subscriber could pay $10 per month for access to all participating publishers' sites, and publishers would earn a commission based on page views. But nowadays, each publisher wants its own separate subscription. If the top 10 results for a Google Search query all want $4 for a 30-day subscription just to view one page, how is a viewer supposed to build a rounded p
Re: (Score:2)
If the top 10 results for a Google Search query all want $4 for a 30-day subscription just to view one page, how is a viewer supposed to build a rounded picture of an issue by comparing articles from multiple sources?
By viewing ads.
Re: (Score:2)
How is that possible while respecting viewers' privacy? As far as I'm aware, most web ads are served through a third-party server that not only serves ads but also builds an interest dossier based on tracking each viewer's request history across multiple websites. I guess websites could fall back to self-hosted ads when the browser fails to connect to the tracking server, but I haven't seen a lot of sites whose coding is smart enough for this sort of ad replacement [blockadblock.com].
In addition, sites end up playing the "Ads
Re: (Score:2)
Then you can choose option 3: Pay them money for their service. Or, don't use it.
How many subscriptions should one maintain? (Score:2)
To how many websites do you expect the median web user to maintain a subscription in any given month? For example, if the top ten results on Google Search for a given query are all subscription sites charging $4 per month, how many people would you expect to pay upwards of $20 to sample the majority of the results from a single query?
Re: (Score:2)
I'd like to see a system where I can let the miner do its thing if I want, OR let the site deduct some agreed-upon amount from a coin balance that I have. This would let people who want a free-as-in-beer experience on the web do their thing and also let people willing to part with a few pennies have a better overall experience / better battery life.
Re: (Score:2)
I'd like to see a system where I can let the miner do its thing if I want, OR let the site deduct some agreed-upon amount from a coin balance that I have. This would let people who want a free-as-in-beer experience on the web do their thing and also let people willing to part with a few pennies have a better overall experience / better battery life.
There's a fork of CoinHive that lets admins put up a permission box to ask the user before mining and limit the CPU usage (to say 15%), and Google is still shutt
Re: (Score:2)
Yeah, I can see Google would be unhappy about that. Though if they were clever about it they could develop a platform where people could earn coins for watching ads and plug in to the infrastructure. Maybe they've gotten too big for such risky innovation. They were very disruptive, but now need to fight the disruption...
Re: (Score:2)
would you prefer ads or background JS running Bitcoin miners funding the websites you visit?
Given just those two options and only a few minutes to ponder on it, I'm actually leaning towards the bitcoin miner.
In theory, javascript is supposed to be sand boxed in the browser, while flash was never designed in such a way for that to be possible, so in theory the miner is supposed to be more secure.
Of course in reality that isn't really the case, as there have been plenty of exploits using javascript over the years too. That would also only apply to flash ads, which isn't as dominate these days.
Norma
Didn't see TPB doing this as a bad thing (Score:2)
I don't see the big deal about this as long as the site is up front about it. Who cares about a few CPU cycles compared to the onslaught of blinking ads and countless popups. Popups are the worst.
So, if visiting TPB, or some other site, means an ad-free experience with a small spike in CPU use, I'm all for that.
Re: (Score:2)
> Who cares about a few CPU cycles
Script miners are very inefficient to start with, and for all the cryptocurrencies I am aware of, more mining means lower efficiency. There is a very strong motive to max out your CPU because no matter how hard they peg the needle, they're not really getting much from you and the power costs them nothing.
Are you really OK with the same people who are OK with pop-ups, pop-unders, uncloseable window cascades, fake AV warnings and more - are you OK with them deciding how
Re: (Score:2)
Are you really OK with the same people who are OK with pop-ups, pop-unders, uncloseable window cascades, fake AV warnings and more - are you OK with them deciding how much of your CPU is OK to appropriate?
100%. (Get it?)
Seriously, absolutely. Who cares? So I go on some site and they peg my CPU for two minutes. Doesn't cost me a dime because my CPU is working anyway. I'd trade that for 20 ads, 3 pop-ups, and a pop under.
Re: (Score:2)
I get that you don't understand a lot of computers - including pretty much every laptop - will engage in a lot of power saving that goes out the window with a CPU spike.
I get that you don't understand that a lot of people don't want their OS to become unresponsive just because they're visiting a particular site.
Mostly, though, I get that you have no clue that ad blockers exist.
Re: (Score:2)
I get that you don't understand a lot of computers - including pretty much every laptop - will engage in a lot of power saving that goes out the window with a CPU spike.
Oh no. Not that. Anything but that. Why, it's best to just through it away after it.
I get that you don't understand that a lot of people don't want their OS to become unresponsive just because they're visiting a particular site.
The CPU can spike without dropping the whole OS to a standstill. Exactly how stupid are you? Do you think that's exactly what's going to happen every time? People will be fine with something as long as it doesn't impact them. Snagging a few CPU cycles won't. Ads will. As with everything, this will get more efficient and better implemented.
Mostly, though, I get that you have no clue that ad blockers exist.
Don't run an ad blocker on the browser. I run pi-hole which does everything f
Re: (Score:1)
Except in many cases now, it's not just the primary site running a single CoinHive script, but by multiple instances of it being run by every third-party site with JavaScript loaded on the page you're visiting.
This shit needs nipped in the bud.
Re: (Score:2)
As long as it's optional and used how they say it will be, i'm perfectly fine with it.
Re: (Score:2)
Some of us leaves tabs open for days in the background. I'm going to be extremely pissed if I find out one of those sites has been stealing additional resources (yes, they are actually stealing now since it's something you no longer have and they took without asking: CPU, battery, heat, less time, etc..).
But they are asking. No, it's not stealing.even if it's something you no longer have. Rather than go into Megahertz and such, let's just say my CPU can execute 100 clock cycles per second. Now, if my computer only uses 20 in that second, I haven't "lost" 80. Nor can I store them to use later. So, if I have a choice to give some site 30 cycles a second, then I'm not losing anything.
If you know some cite is doing that and you decide to leave that tab "open for days" well, that's your choice.
Expect the next iteration of this to launch DDoS attacks against other sites.
Again, as lon
Cloudflare must die (Score:3)
Re: (Score:2)
ptaff (who has a really low /. ID number) thundered:
Cloudflare must die. It's the ultimate cross-site tracking MITM — worse than ads and pixel beacons because there's no way around it — and its CAPTCHA mechanism makes Tor browsing a PITA.
Can't sat as I've run into any CAPTCHA challenges using TOR. Then again, I only use TOR to access TPB when some media company is paying Indian hackers to DDoS it on the non-TOR web, so what would I know?
OTOH, I had to deal with CAPTCHAs all the freakin' time when one or another shitbag bot herder was hiding behind VPNUnlimited's San Francisco proxy. I entirely understood, though. If Cloudphlegm hadn't made life difficult for VPNUnlimited's other customers
Re: (Score:2)
Which CDN would you recommend to use instead of Cloudflare to mitigate request bursts and DDoS?
Coinhive (Score:1)
Re: (Score:2)
Plan was to display site monetized by borrowing some cpu cycles
That plan wasn't viable to start off with for one reason: Good luck getting a lot of revenue mining on the dinky little ARM in a pocket mobile computer.