Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
The Internet Technology

Cloudflare Ditches Sites That Use Coinhive Mining "malware" (betanews.com) 84

Mark Wilson writes: Bitcoin has been in the news for some time now as its value climbs and drops, but most recently interest turned to mining code embedded in websites. The Pirate Bay was one of the first sites to be seen using Coinhive code to secretly mine using visitors' CPU time, and then we saw similar activity from the SafeBrowse extension for Chrome. The discovery of the code was a little distressing for visitors to the affected sites, and internet security and content delivery network (CDN) firm Cloudflare is taking action to clamp down on what it is describing as malware. Torrent proxy site ProxyBunker.online has contacted TorrentFreak to say that Cloudflare has dropped it as a customer. The reason given for ProxyBunker's suspension is that the site has been using Coinhive code on several of the domains it owns.
This discussion has been archived. No new comments can be posted.

Cloudflare Ditches Sites That Use Coinhive Mining "malware"

Comments Filter:
  • Coinhive with no alert and option to disable is bullshit anyway.

    • Came here to say this.
    • Maybe it is, but it may also be a suitable alternative to ads for some people... For example, my main objection to them is not that use up my computer's resources (indeed, AdBlock often takes more [extremetech.com]) — it is the screen real-estate, that the ads occupy. (And the incessant blinking of some of them.)

      So, in exchange for accessing the content, I may be willing to let my computer do some coin-mining for the authors.

  • Genuinely interested (no strong opinion of my own - I have a gut feeling this software slows down your machine) - would you prefer ads or background JS running Bitcoin miners funding the websites you visit?
    • by PIBM ( 588930 )

      Personnally, I`m fine with coinhive. In no time we will have cpu caps at 5% of a core on browsers which we can waive for legit sites, so those miners costs us almost nothing, and no ads is great :) Also, the browser already has to fight for cpu against my own miners. Beside, it`s not as if we didn`t have tens of other cores available for what we need to do on our computers should we core lock stuff .. oh well, to me it's a non-issue.

    • I've been thinking about this, and if there were a standard API for harnessing my CPU for a few cycles while I browsed, and a setting where I could decide how much time to give on a site-by-site basis, I think I'd be much more willing to do this than have ads. The thing that bugs me is the underhanded nature of it right now, but it's honestly kind of a good idea.

      Of course, for this to work, several things need to be in place and the red tape in getting this off the ground properly would probably be a huge h

      • by gnick ( 1211984 )

        But as a way to pay for content, this is kind of brilliant.

        If this was an alternative to ads and had some CPU cap, I'd agree. But this is being deployed in addition to ads and I don't know how aggressive it is about consuming resources.

      • The thing that bugs me is the underhanded nature of it right now

        It's no less underhanded than ads are. Sure, you know that the ads are there, but the vast majority of people have no idea of all the tracking and selling of their information that's going on behind the scenes.

    • by GNious ( 953874 )

      See: Brave browser

    • Re:Question (Score:5, Insightful)

      by UnknownSoldier ( 67820 ) on Thursday October 05, 2017 @12:57PM (#55316429)

      > would you prefer ads or background JS running Bitcoin miners funding the websites you visit?

      False Dichotomy, much?

      The answer is: Neither:

      * Ads are immoral -- they don't respect my time, space, bandwidth, or money, so Fuck-Off with your blatant greed,
      * Stealing my CPU resources is just as heinous.

      Your monetization problem is not my problem.

      • I didn't offer any dichotomy. I asked you which you prefer. I'm well aware there are reasons to dislike both, but that doesn't mean you can't have an opinion on which is better, or, if you'd prefer, which is worse.

        I don't have the power to limit your choices to two ways to fund websites, and I'm not sure why you think I would have that power, or why you'd think I was demonstrating that.

        So... do you have an answer to the question?

        • Re: (Score:2, Insightful)

          What part of ...

          The answer is: Neither:

          ... do you not understand??

          • That part where it's not an answer to the question I asked.

            Here's a better idea: if you don't want to answer the question, just don't reply to it. Don't post some bullshit putting words into my mouth claiming I've made a "False dichotomy" when all I've done is ask which of two options is better.

            • > when all I've done is ask which of two options is better.

              You are assuming that either option is better. I disagree with your premise.

              Analogy(*) Time!

              Q. Would you like to be:

              * Raped first, then murdered? OR
              * Murdered first, then Raped?

              A. The response NEITHER is a VALID answer.

              There are at LEAST _four_ different answers -- some sick fucko might go "Both?"

              /Oblg. I could explain it for you ... [quickmeme.com]

              (*) I neither approve nor condone. This imaginary example is just for illustration purposes only to make a point

          • That part where it's not an answer to the question I asked.

            Here's a better idea: if you don't want to answer the question, just don't reply to it. Don't post some bullshit putting words into my mouth claiming I've made a "False dichotomy" when all I've done is ask which of two options is better.

            (Original missing for some reason)

        • by tepples ( 727027 )

          I didn't offer any dichotomy. I asked you which you prefer.

          Let me try to rephrase the answer you got:

          Distracting interest-based ads and cryptocurrency mining are tied for unacceptable. It's futile to argue which is farther below the threshold of acceptability when at least one third option exists and is above this threshold. In this case, there are two third options: subscriptions and cessation of business.

          • I appreciate the attempt, but no, that's not an answer to the question, nor is it rephrasing the question. The question is literally "Is X preferable to Y". It's of the "Would you prefer Superman or Batman to deal with crime in your city" or "Do you prefer Coke to Pepsi" variety.

            The idiot who responded to me was claiming that by asking the question, I was implying that people would be forced to take one path or the other.

            Legitimate answers are "Ads", "Bitcoin miners", or perhaps "Hard to tell, they're

            • by tepples ( 727027 )

              Among the legitimate answers, "Hard to tell, they're both pretty shitty" is probably the closest.

      • by DamonHD ( 794830 )

        Ouch!

        What about providing something to help cover the costs of creating content you consumed? Do the words "immoral" and "heinous" apply there in any way?

        Rgds

        Damon

        • What about providing something to help cover the costs of creating content you consumed?

          For one thing, the act of viewing a work of authorship does not consume the work [gnu.org].

          For another, publishers often don't even want to take my money. Where's the lawfully made region 1 or all region DVD copy of the film Song of the South, the film Pinocchio and the Emperor of the Night, or the TV series Spartakus and the Sun Beneath the Sea (the English language dub of Les mondes engloutis)?

      • by gnick ( 1211984 )

        Ads are immoral -- they don't respect my time, space, bandwidth, or money...

        Of course they respect your time - They're buying it from you. Your time, space, and bandwidth are what they're purchasing in exchange for access to the content they're linked to. Your money is the ultimate prize. How can you say ads don't respect those things when they're literally the entire goal?

        Maybe you're saying that they don't respect your time because they're demanding more than you think is fair? Browse elsewhere or pay for ad-free premium content.

        • by tepples ( 727027 )

          Maybe you're saying that they don't respect your time because they're demanding more than you think is fair? Browse elsewhere

          When I tried that, I got modded down for saying I couldn't RTFA.

          or pay for ad-free premium content.

          If I "pay for ad-free premium content" on one site, which other sites will honor my having "pa[id] for ad-free premium content"?

          • by gnick ( 1211984 )

            If I "pay for ad-free premium content" on one site, which other sites will honor my having "pa[id] for ad-free premium content"?

            Surely you can't tell me that EVERY DEVELOPER wants to be paid for his time or bandwidth! I'd like a subscription to the Internet, please.

            • I'd like a subscription to the Internet, please.

              That's what people think they're buying when they pay $60/mo to Comcast.

              In the late 1990s, there was actually a service like that: Adult Check. A subscriber could pay $10 per month for access to all participating publishers' sites, and publishers would earn a commission based on page views. But nowadays, each publisher wants its own separate subscription. If the top 10 results for a Google Search query all want $4 for a 30-day subscription just to view one page, how is a viewer supposed to build a rounded p

              • by gnick ( 1211984 )

                If the top 10 results for a Google Search query all want $4 for a 30-day subscription just to view one page, how is a viewer supposed to build a rounded picture of an issue by comparing articles from multiple sources?

                By viewing ads.

                • by tepples ( 727027 )

                  How is that possible while respecting viewers' privacy? As far as I'm aware, most web ads are served through a third-party server that not only serves ads but also builds an interest dossier based on tracking each viewer's request history across multiple websites. I guess websites could fall back to self-hosted ads when the browser fails to connect to the tracking server, but I haven't seen a lot of sites whose coding is smart enough for this sort of ad replacement [blockadblock.com].

                  In addition, sites end up playing the "Ads

      • Then you can choose option 3: Pay them money for their service. Or, don't use it.

        • To how many websites do you expect the median web user to maintain a subscription in any given month? For example, if the top ten results on Google Search for a given query are all subscription sites charging $4 per month, how many people would you expect to pay upwards of $20 to sample the majority of the results from a single query?

    • I'd like to see a system where I can let the miner do its thing if I want, OR let the site deduct some agreed-upon amount from a coin balance that I have. This would let people who want a free-as-in-beer experience on the web do their thing and also let people willing to part with a few pennies have a better overall experience / better battery life.

      • I'd like to see a system where I can let the miner do its thing if I want, OR let the site deduct some agreed-upon amount from a coin balance that I have. This would let people who want a free-as-in-beer experience on the web do their thing and also let people willing to part with a few pennies have a better overall experience / better battery life.

        There's a fork of CoinHive that lets admins put up a permission box to ask the user before mining and limit the CPU usage (to say 15%), and Google is still shutt

        • Yeah, I can see Google would be unhappy about that. Though if they were clever about it they could develop a platform where people could earn coins for watching ads and plug in to the infrastructure. Maybe they've gotten too big for such risky innovation. They were very disruptive, but now need to fight the disruption...

    • by dissy ( 172727 )

      would you prefer ads or background JS running Bitcoin miners funding the websites you visit?

      Given just those two options and only a few minutes to ponder on it, I'm actually leaning towards the bitcoin miner.

      In theory, javascript is supposed to be sand boxed in the browser, while flash was never designed in such a way for that to be possible, so in theory the miner is supposed to be more secure.
      Of course in reality that isn't really the case, as there have been plenty of exploits using javascript over the years too. That would also only apply to flash ads, which isn't as dominate these days.

      Norma

  • I don't see the big deal about this as long as the site is up front about it. Who cares about a few CPU cycles compared to the onslaught of blinking ads and countless popups. Popups are the worst.
    So, if visiting TPB, or some other site, means an ad-free experience with a small spike in CPU use, I'm all for that.

    • > Who cares about a few CPU cycles

      Script miners are very inefficient to start with, and for all the cryptocurrencies I am aware of, more mining means lower efficiency. There is a very strong motive to max out your CPU because no matter how hard they peg the needle, they're not really getting much from you and the power costs them nothing.

      Are you really OK with the same people who are OK with pop-ups, pop-unders, uncloseable window cascades, fake AV warnings and more - are you OK with them deciding how

      • Are you really OK with the same people who are OK with pop-ups, pop-unders, uncloseable window cascades, fake AV warnings and more - are you OK with them deciding how much of your CPU is OK to appropriate?

        100%. (Get it?)

        Seriously, absolutely. Who cares? So I go on some site and they peg my CPU for two minutes. Doesn't cost me a dime because my CPU is working anyway. I'd trade that for 20 ads, 3 pop-ups, and a pop under.

        • I get that you don't understand a lot of computers - including pretty much every laptop - will engage in a lot of power saving that goes out the window with a CPU spike.

          I get that you don't understand that a lot of people don't want their OS to become unresponsive just because they're visiting a particular site.

          Mostly, though, I get that you have no clue that ad blockers exist.

          • I get that you don't understand a lot of computers - including pretty much every laptop - will engage in a lot of power saving that goes out the window with a CPU spike.

            Oh no. Not that. Anything but that. Why, it's best to just through it away after it.

            I get that you don't understand that a lot of people don't want their OS to become unresponsive just because they're visiting a particular site.

            The CPU can spike without dropping the whole OS to a standstill. Exactly how stupid are you? Do you think that's exactly what's going to happen every time? People will be fine with something as long as it doesn't impact them. Snagging a few CPU cycles won't. Ads will. As with everything, this will get more efficient and better implemented.

            Mostly, though, I get that you have no clue that ad blockers exist.

            Don't run an ad blocker on the browser. I run pi-hole which does everything f

            • Except in many cases now, it's not just the primary site running a single CoinHive script, but by multiple instances of it being run by every third-party site with JavaScript loaded on the page you're visiting.

              This shit needs nipped in the bud.

  • by ptaff ( 165113 ) on Thursday October 05, 2017 @12:20PM (#55316155) Homepage
    Cloudflare must die. It's the ultimate cross-site tracking MITM — worse than ads and pixel beacons because there's no way around it — and its CAPTCHA mechanism makes Tor browsing a PITA.
    • by thomst ( 1640045 )

      ptaff (who has a really low /. ID number) thundered:

      Cloudflare must die. It's the ultimate cross-site tracking MITM — worse than ads and pixel beacons because there's no way around it — and its CAPTCHA mechanism makes Tor browsing a PITA.

      Can't sat as I've run into any CAPTCHA challenges using TOR. Then again, I only use TOR to access TPB when some media company is paying Indian hackers to DDoS it on the non-TOR web, so what would I know?

      OTOH, I had to deal with CAPTCHAs all the freakin' time when one or another shitbag bot herder was hiding behind VPNUnlimited's San Francisco proxy. I entirely understood, though. If Cloudphlegm hadn't made life difficult for VPNUnlimited's other customers

    • by tepples ( 727027 )

      Which CDN would you recommend to use instead of Cloudflare to mitigate request bursts and DDoS?

  • I thought TPB (and proxies) were 'trying it out'. They appear to still be 'trying it out' weeks later. Malwarebytes (full version) already blocks them so meh!

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...