The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) 362
Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
Executable documents... (Score:5, Insightful)
What is the alternative though (Score:5, Insightful)
Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it. Is anyone looking forward to going back to having to support Flash, Silverlight, java applets, and whatever new half-baked solution gets dreamed up by a bullying vendor.
We are still heading towards a good place. It took a long time to beat down IE and its deliberate consensus killing behavior, and to nudge JS into a form that is sufficiently standardised and supported. We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there. Rather than rejecting JS outright, I think it is better to continue to find solutions to these sorts of problems. The web needs a common client side computing platform, and I don't see where any useful alternative is going to come from right now.
Re:What is the alternative though (Score:5, Insightful)
Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it.
I don't think that's anything close to a sufficient reason to accept the dangers associated with it. Javascript is not only a theoretical security problem, it's one that's very commonly exploited.
All of the arguments that apply to getting rid of flash apply to getting rid of Javascript.
We are still heading towards a good place.
Maybe, but the evidence for this is weak.
The web needs a common client side computing platform
"Needs" is a very strong term. In my opinion, it's more of a "nice to have" than a "can't live without".
Re:What is the alternative though (Score:4, Interesting)
Javascript is not only a theoretical security problem, it's one that's very commonly exploited.
What exploits are you talking about here?
Re:What is the alternative though (Score:4, Insightful)
Well, we can start with secret in-browser bitcoin mining.
But, on the more malicious side, there are bunches of traditional exploits that do things like code injection, privilege escalation, installation of virii, etc. Also, there are a number of data exfiltration exploits in the wild. You know all those online ads that spread malware? They're using javascript to do it.
Javascript isn't as vulnerable as it used to be, but you can't think of it as safe, either.
Re:What is the alternative though (Score:5, Informative)
Someone was nice enough to collect a list of JavaScript vulnerabilities [github.com]. And I also found a list of Proof of Concepts [github.com] and many of them are for JavaScript and browser. And includes a nice paragraph description for each.
I can't prove the earlier post's claim that "[the problem of JavaScript security is] one that's very commonly exploited."
But it does seem that there are many well known security issues with popular implementations of JavaScript.
Re: (Score:3, Insightful)
Oh, I dunno... Maybe... mining?
If that's literally the worst exploit out there, then Javascript is the most secure platform and VM ever invented. The only antivirus we'll ever need is "close the browser window."
Re: (Score:3)
Escaping a VM is a failure in the hypervisor (hardware or software).
Re: (Score:3)
Well, we're basically back to that point with Javascript. When I want to read a few paragraphs of text with maybe a picture or two, why should I download 2+ MB of javascript libraries just so that the images can fade in from the background as I scroll down, or drift across the page Ken Burns style as I read?
With more and more sites these days,
Re:What is the alternative though (Score:5, Insightful)
No matter what language browsers used the issues would be the same given the browser environment.
I agree, the fault isn't the precise language as such, the fault is the ability for webpages to push and execute code on your machine.
Re: (Score:2)
We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there.
Webassembly is here NOW and available in all major browsers [caniuse.com]. The major drawback right now is that it can't access the DOM, but that will change in the future.
Re: What is the alternative though (Score:5, Funny)
So much this. It's enough to make me want to go buy meth just to reverse-engineer it back into cold medicine because it's fucking easier to acquire.
Re: What is the alternative though (Score:2, Informative)
Get a prescription. Insurance wonâ(TM)t pay for it, but you can get as many as the doctor wrote for, with no rescrictions.
Source: Iâ(TM)m a pharamacist
Alternative to advertising? (Score:5, Interesting)
Even more reason to disable Javascript.
While I agree with that sentiment, I have to wonder why this is such a big deal?
Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible.
We've always wanted a way to monetize visiting a site, could this be a way to do it?
Suppose we had a service where people could submit computationally intensive problems which can be broken down into smaller computational units. Such as "folding at home [stanford.edu]" or "seti at home".
The answers to some of those problems could be valuable, so we could imagine research institutions paying money to use the system to solve those problems, and pay out based on the amount of computation a website brings in.
This is proportional to the number of users who view the website, and for how long. This could be a user-friendly alternative to advertising.
In fact, one can imagine the *government* paying money to use the system as a make-work program: it would encourage people to make better, more meaningful websites overall. Would the sociological benefit outweigh the extra costs?
(Assuming that people don't game the system, but it seems reasonable that we could learn all the gaming techniques over time and avoid them. Sort of how we deal with advertizing clicks currently.)
I don't see what the problem here is, and look at it as an opportunity.
Could this be a user-friendly way to monetize a website, as an alternative to advertising?
Re: Alternative to advertising? (Score:5, Insightful)
While you may not be affected, plenty of people are and will be.
Those on metered connections, or who have to pay overages for data.
Those running on mobile devices who need as much battery life as they can squeeze out of their devices.
Those who are at the lower end of the financial spectrum, who have to watch their wattage and struggle to replace their aging machines, and struggle to provide air conditioning and such to their homes.
Its kind of like the penny. For so many people it isn't even worth picking up, but for so many other people a penny is a big deal. My biggest concern would be battery life.
Re: (Score:2)
Re: (Score:2)
Videos are something I will always keep off when I'm on mobile, unless I'm using the Youtube app, I don't need to see anything moving.
Re: (Score:2)
sure, i guess, but the total degradation you take for using, say, DRMed web-streaming video rather than an optimized native encoding is still going to be orders of magnitude more significant than the total effect of mining unless you leave you have malware and/or your web browser is on shady sites 24/7.
afaic, the content cartels should pay out a subsidy to upgrade our computers for this shit.
Re: Alternative to advertising? (Score:4, Interesting)
The obvious solution is to let clients limit CPU usage for JS per tab, especially inactive/invisible tabs.
For instance, apart from whitelisted domains, every page switch gets 5 seconds of unlimited CPU usage for JS and is then throttled down to 1%. Added bonus is that it incentivizes efficiently coded JS in general whilst also protecting against JS mining and other JS CPU cycle stealing.
One could imagine finegrained clientside control of how much CPU time a certain website may consume, combined with the website providing tangible rewards for the CPU cycles. A sort of Patreon service with CPU cycles, if you will.
Re:Alternative to advertising? (Score:4, Informative)
The problems are that sometimes, I'll leave a webpage up for a day or two in a separate tab because I want to come back to dig deeper into something, but don't want to create a longer lived bookmark. Sometimes, I see a CPU getting chewed up by the browser and I had assumed up to this point it was a bug in the browser or accidental looping javascript error, and I have to start killing off tabs until I find the offending page. Probably miners all along.
Re: (Score:2, Insightful)
Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible
It is absolutely inevitable that if this practice becomes accepted, people will start trying to steal a greater and greater proportion of your CPU resources. Consider how restrained internet advertisers are with their adverts, t
Re: (Score:2)
While I agree with that sentiment, I have to wonder why this is such a big deal?
It's always a big deal when someone is injecting code on your machine without your knowledge or permission. Whether or not a specific example of the code is harmful isn't relevant -- that it can be done means that there will absolutely be more malicious code coming from somewhere.
We've always wanted a way to monetize visiting a site, could this be a way to do it?
Could be, but user notification and permission is a non-negotiable part of it. Without that, the code is malware.
Re: (Score:2)
How much battery power does it waste?
Re: (Score:2)
I suppose it depends on your definition of harm. I submit to you that this is actual theft. They are using your CPU, which directly costs you more money in electricity, cooling, premature replacement costs, and possibly lost productivity, to make them money. All without consent.
I call that theft.
Re: (Score:2)
https://mineblock.org/ [mineblock.org]
I'm sure Adblock Plus etc will also contain the URLs that need blocking if they haven't already done so.
Re: (Score:2)
HAHHAH he** beat you to it! posted right below this 8 minutes before you... though it looks more sane than the average APK post, so maybe not legit.
**he, APK, or someone claiming to be him. For someone that signs fucking everything with APK, I don't get why he doesn't just log in.
Re: (Score:2)
Even more reason to disable Javascript.
Right, but what can I do to fix windows 10? According to the article it could be mining bitcoin for someone else too.
In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...]
Re:Executable documents... (Score:5, Interesting)
That would be bad.
What I want to have to enable Javascript. If I feel like it. If it seems like I'm missing out on something.
Does slashdot stress out ad blockers or what? Why not have ads that don't require Javascript? If the ads are too many then I just won't come back.
What if browsers severely limited the amount of execution time Javascript had to set up event handlers on controls in a business application. Then also severely limit the execution time of those event handlers -- exclusive of the time it takes for an event handler to make a limited number of ajax calls to the page's originating server. Would this idea limit the bitcoin mining abuse, while not constraining real applications?
Why disable? (Score:2)
As long as you are fiddling with what runs on a page, I'd rather have the code altered to place mining results in my own account...
I personally would rather have silent cryptocurrency miners than ads though.
Re:Why disable? (Score:5, Insightful)
Mining to your own account in Javascript is stupid. It's incredibly inefficient (ie. it wastes lots more electricity than you will ever see in return). If you're going to mine it then mine it natively. The only reason it works for them is because it's not their electricity.
There is no way in hell the revenue from mining can match ads. This whole mining in the browser thing is just for illegitimate uses (ie. malware).
Re: Why disable? (Score:2)
I think in the long term you'll find there's no way in hell ads can match the revenue of mining. There were all sorts of people in the past that used to laugh at Bitcoin miners because they were spending "so much" on mining multiple bitcoins... I'm pretty sure the $10 of electricity then was worth it in the end.
As for it being more inefficient in Javascript, so what? The point is that randomly I would collect just a tiny bit of whatever, using code that someone else had spent a lot of care crafting and op
Re: Why disable? (Score:5, Insightful)
Since you can make more money by selling ads than mining bitcoin in Javascript, the only ones who will do it are those who don't have the ability to sell ads.
Autocorrect typo? (Score:5, Informative)
I suspect the submitter meant "rife" rather than "ripe".
Of course, since "ripe" can mean "stinky", maybe it fits.
Re:Autocorrect typo? (Score:5, Funny)
For all intensive porpoises, they both fit.
Re: (Score:2)
I see what you did they're.
Re:Autocorrect typo? (Score:5, Funny)
Their are just two many people out they're using there words wrong too get to upset.
Sew don't loose you're cool about it.
You can sea mini common examples that exist of incorrect usage.
People pick the write words two use according too there porpoises.
But you'd have two be a fool to begin or end a sentence with the word "but".
And only an idiot would begin or end a sentence with "and".
And a preposition is a very bad word too end a sentence with.
Anyway, you should never use the word anyway.
Only on weakdays ending in "y" you should utilize the word "use" whenever you would use the word "utilize".
And relax on the weakened.
Re:Autocorrect typo? (Score:4, Funny)
Re:Autocorrect typo? (Score:5, Funny)
Would they be fighting with bear hands?
Re: (Score:2)
it's a mute point, and you know it.
Re: (Score:2)
Preach on, brother.
Re:Autocorrect typo? (Score:5, Funny)
I hole-hardedly agree, but allow me to play doubles advocate here for a moment. For all intensive purposes I think you are wrong. In an age where false morals are a diamond dozen, true virtues are a blessing in the skies. We often put our false morality on a petal stool like a bunch of pre-Madonnas, but you all seem to be taking something very valuable for granite. So I ask of you to mustard up all the strength you can because it is a doggy dog world out there. Although there is some merit to what you are saying it seems like you have a huge ship on your shoulder. In your argument you seem to throw everything in but the kids Nsync, and even though you are having a feel day with this I am here to bring you back into reality. I have a sick sense when it comes to these types of things. It is almost spooky, because I cannot turn a blonde eye to these glaring flaws in your rhetoric. I have zero taller ants when it comes to people spouting out hate in the name of moral righteousness. You just need to remember what comes around is all around, and when supply and command fails you will be the first to go. Make my words, when you get down to brass stacks it doesn't take rocket appliances to get two birds stoned at once. It's clear who makes the pants in this relationship, and sometimes you just have to swallow your prize and accept the facts. You might have to come to this conclusion through denial and error but I swear on my mother's mating name that when you put the petal to the medal you will pass with flying carpets like it’s a peach of cake.
Re: (Score:2)
Re: (Score:2)
Yep, a bonified editor would see it didn't jive, and just fix it.
Wallah!
Possible fix (Score:5, Interesting)
Ideally a way to enable/disable per site so that sites that ask permission can be granted on a case-by-case basis.
Re: (Score:2)
That would only send invalid shares to the server, which would be rejected.
Re: (Score:3)
Re: (Score:3)
AFAICT, these sort of extensions are just blocking based on a URL list. They can play the cat and mouse game of moving them around and renaming scripts all day every day. IMO, we need an extension that detects those sort of code profiles and provides the option of killing off that code.
If one of these extensions does more than a simple blacklist, please let me know - I haven't found one.
so... (Score:2)
Re: (Score:2)
Re: (Score:3)
I'm sure there is one. But I can't think of any. I think that many web sites and applications use Javascript to briefly set up event handlers on controls. Those event handlers react to clicks and other user interactions, and spend very little time doing so.
But I can't think of an example of a browser-side CPU intensive application.
Actually, I CAN think of one that I would contrive. But it is a legit example. Suppose you had something that wanted a lot of CPU time, and p
Is there a way to request them to stop ads? (Score:5, Interesting)
No? Then this is the same discussion we had decades ago about ads and it will end up in the same way.
If you go to a site, then you give it explicit permission to use resources on your computer. Whether that resource is doing stuff on the Internet (AJAX) or doing stuff on your computer (mining).
A user can control your computer though, they can limit the amount of cycles a website or browser gets to spend, block JavaScript, block whatever resource they want. In the end, the user is letting them do this and once sites see that it's costing them more money than it profits (when people stop visiting the "slow website") they'll learn.
Paywalls (Score:2)
Is there a way to request them to stop ads?
Yes: pay $4 per month to every single site you visit. The user eventually ends up having to subscribe to multiple sites, or purchase $4 of pay-per-page credits on multiple sites, to read the results from one web search.
Re: (Score:2)
$4 per month would probably be enough to cover most of the websites you use
Do you mean $4 per website-user-month, or $4 per user-month to be shared across websites? If the latter, who would collect this $4?
Re: (Score:2)
If you go to a site, then you give it explicit permission to use resources on your computer.
Not blanket permission, you don't.
I get it, kind of (Score:3, Interesting)
But couldn't this be said about any code on a website? When you go to the page, you're loading whatever JS, Flash, etc that is on their site. You're the one going there, it isn't anything malicious.
What's the difference between this stuff, and say someone using uncompressed images that suck your bandwidth excessively? Is the only difference, that they may be profiting from this slightly? If so, why is that bad, when most sites need to show you some ad, sell you something, etc to be profitable?
Re:I get it, kind of (Score:5, Insightful)
I can see this becoming worse, especially with encrypted media extensions that obfuscate the presence of a mining tool under the guide of DRM.
Re: (Score:2)
I can see this becoming worse, especially with encrypted media extensions that obfuscate the presence of a mining tool under the guide of DRM.
This is one of the reasons why I will never enable EME, nor use a browser that doesn't let me disable it.
Re: (Score:3)
What's the difference between this stuff, and say someone using uncompressed images that suck your bandwidth excessively?
100% CPU utilization (GPU utlitization too if they can do it) will drain laptop and mobile batteries fast and heat the up. This is the antithesis of the direction things should go.
There is no way mining makes practical sense as a ubiquitous means to pay for web content. It would render the web practically unusable.
Second, as an ecnomic model it is incredibly inefficient. For every dollar you spend in electricity for their miner... how much money do they make from it. Not a tiny fraction. I'd rather just giv
Re: (Score:3)
There is no way mining makes practical sense as a ubiquitous means to pay for web content. It would render the web practically unusable.
I'd argue the web is already practically unusable if you turn your ad blocker off. On my tablet slashdot throws a giant pop over on the main page that covers roughly 2/3 of the screen. And then it loads video ads that have roughly a 30% of locking up my web browser. I can't imagine this being much worse, although it might end up harder to block.
Re: (Score:3)
This is about knowledge and consent.
The issue isn't bitcoin mining as such. The issue is doing it without the knowledge and consent of the user.
Ripe? (Score:3)
Yep (Score:5, Interesting)
I believe the word the author was looking for is "rife" as in filled with/replete with.
Just another reason that add blockers like uBlock Origin are mandatory. I also browse with a JS dynamic switch so I can kill JS with a button press for obnoxious sites.
I wish sites would just come out and say it (Score:5, Interesting)
"As an alternative to ads, we are testing out in-browser cryptocurrency mining as a means to fund our website. If you prefer our ad-supported version, click here" and see how many would actively choose ads. I mean if this is a functioning micro-transaction system I think it's got much less downsides than almost every other possible alternative, particularly that you don't need any kind of payment info or personal data. If it's any kind of site where you have an account you could have like points and build up a sort of credit you'd "pay" with to read articles and so on.
Re: (Score:2)
I wouldn't mind "paying" for sites in this way, except when I'm running on battery power, and only if it means no ads.
I'd much prefer to pay more directly though. Mining with JS can't be very efficient and will end up wasting a lot of energy. But since no-one has come up with a better way to do microtransactions in the fraction of a cent range it's the best of a bad bunch.
Re: (Score:2)
Re: (Score:3)
Monero is not viable on GPU? You do know there's Monero mining software for both AMD and NVIDIA [getmonero.org], right?
Disable Web Workers (Score:4, Interesting)
I presume these are using web workers as they don't lockup the UI? How many legitimate uses of web workers are there, couldn't we just disable them?
Maybe w3c should drop them from the browser spec entirely.
Service Workers enable offline mode (Score:2)
Offline mode in progressive web applications uses a Service Worker, a form of Web Worker that can act as a proxy for the hostname it's hosted on. Without a Service Worker, an application is more likely to show you the error message "There is no Internet connection" if you try using it on a laptop or tablet while riding the bus.
Or must all applications with an offline mode be native and therefore OS-specific?
Re: (Score:2)
That's a fully acceptable loss.
Re: (Score:2)
Without a Service Worker, an application is more likely to show you the error message "There is no Internet connection" if you try using it on a laptop or tablet while riding the bus.
Or must all applications with an offline mode be native and therefore OS-specific?
That's a fully acceptable loss.
My comment alluded to two different kinds of "loss".
Of these two, which did you intend to describe as "a fully acceptable loss"?
Re: (Score:2)
Both, actually.
Not that I think either of them are good, but we're entering into a world where we're going to have to make some sort of compromise one way or the other. Personally, being unable to use progressive web apps is my preferred compromise.
Re: (Score:2)
Personally, being unable to use progressive web apps is my preferred compromise.
For future reference, so that I can make examples in comments more relevant, which operating system do your primary PC and your primary mobile device run?
And how would you react if it became commonplace for sites to make a progressive web app available without charge but charge money for the native app? Would you pay $4.99 (limited ads) or $9.99 (ad-free) per platform per year to continue using an application?
GOOD. (Score:4, Insightful)
This is the endgame for javascript: executing unauthorized code on your computer. Now that it's becoming so entirely blatant, we may actually start seeing the general public getting protection from runaway javascript scripts.
Re: (Score:3)
45 years old programmer here.
I'm still under the shock that code can appear magically out of thin air, without wires, at speeds thousands of times faster than loading from an audio tape.
I'm still baffled that we have "web pages" with images that dozens if not hundred of times the maximum amount of RAM our 8-bit computers hard. I remember the first time I saw the power of EGA graphics in 320x200, 16 colours. It was the best computer graphics I had ever seen*.
I'm still amazed that computers are fast enough to
No such problem (Score:5, Interesting)
This "problem" is so exaggerated it's becoming annoying to hear about it again and again.
First of all, most respectable websites will never do anything like that. Secondly, shady websites which do host mining JavaScript are not normally visited by most people and the ones who visit such websites usually leave them quite fast, which means bad scripts can only run for a very limited amount of time. Thirdly, we've always had websites which peddle malware and somehow they stopped being newsworthy years ago. All of a sudden, they are again in the news.
Fourthly, we now have "good" websites which stress your CPU so much they can be considered "harmful". What about ad networks whose JS tax your CPU? Why aren't we talking about them?
Re:No such problem (Score:4, Interesting)
Flag them! (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
But its not malware. Malware is spread through malicious acts. If its fully disclosed up front, its just your choice to go there. I do like coinhive's capatcha alternative, I would rather mine for 20 seconds than to pick which image is a car or what a street sign is.
Isn't the whole point of those capchas to prove that it's a human making the decisions rather than a computer doing the registration work?
Re: (Score:2)
The real problem for OCD people like is that those damn street signs are frequently not quite completely in the damn boxes, so I never know if I should click on those boxes too. It's like someone is doing a really crappy job at "slicing" those images, whatever the term is.
Re: (Score:2)
But its not malware. Malware is spread through malicious acts.
Malware is any software that is running without my permission.
If its fully disclosed up front, its just your choice to go there.
I think the issue is that a lot of sites are not disclosing it.
Worse? (Score:2)
I prefer that any day of the week, better than idiotic ads that cover my reading area or flimmer around the screen, giving me eye-cancer.
I'd vote for a 'Mine me' setting that removes all the ads that come through my ublock and ghostery.
Re: (Score:2)
Yeah, I could consider it for my own website. Are you using a desktop browser, or one that supports the battery API and shows as "charging"? I'll show you a "remove ads" button in the corner.
When you click on it, ads disappear and you get 20/30 seconds mining (the time it takes you to read the dialog explaining what is happening). After that, mining stops and no ads in the whole site for the current session. I could even replace the "remove ads" with a "stop mining" button that restores the ads, in case the
Re: (Score:2)
As a user, it angers me that websites can tell any details about my machine including whether or not its running on battery.
commentsubject (Score:5, Interesting)
It's parasitic and hidden, but to believe that an opt-in checkbox equates to being "in the clear" - hell, that op-tin being offered at all is supposed to be par for today's commercial atmosphere - is awfully naive.
In fact, this "hidden" behavior? Is still transparent relative to the shit being done with various fingerprints/useragents, with the hundred different metrics possible on your phone. To say nothing of you unfortunate souls with accounts on facetweet and socnets.
It's almost refreshingly simple. They're mooching your CPU, your electricity, but the intent is plain, the motives obvious. Compare it to the clusterfuck, the rat-king of trade-and-parcel done with your credit info/score/history/etc. We're oblivious to the amount of closed-door behavior going on around us, of how many databases end up hooking a single instance of you flashing your insurance card to get a painkiller or flu shot, or a scratch on the car.
Again, it's unscrupulous, yes, but "shady"? Consider that word and apply it to the shady pickpocket who grabs your $20's and throws your wallet on the sidewalk, versus the shady cartels running our world, ISPs and Muh Big Pharma and all our good friends trashing the atmosphere/soil/rainforest/aquabeds/whatever without a moment's hesitation, global-scale behaviors behind purchased laws, behind NDAs, behind agreement named with so much obfuscating euphemism you think it benefits consumer proles. Go ask a stranger what "net neutrality" is.
Christ, you can probably stop these scripts with a browser mod or two, or a greasemonkey. Five minutes of placement. While if you fuck with your registry and hosts file maybe you'll get (most of) win10's bullshit to stop showing up on wireshark.
I'd probably prefer a silent miner (esp. if throttled to polite levels) over the butterfly dominoes from an ad watched by DoubleClick, with a facebook pixel watching. Submission is stupid about what he can hope for, naive, thinks an ad is just "Buy my book" and done. Thinks clicking "don't send me emails" is a win.
Not an apologist, just mentioning perspective.
Re: (Score:3)
Yeah, the more I thought about this the more I realized its actually vastly superior to the status quo.
The problem is it will almost certainly be done *in addition* to the status quo, not instead of.
Verses random ads which might include malware... (Score:2)
all that mining data (Score:2)
I don't see the problem (Score:2)
I think ads, and worse yet, auto play video are malware. In fact, auto play video with sound is the worst abomination on earth.
Crypto mining in the background is a lesser evil in my eyes. Annoying, sure, but less annoying than auto play video by orders of magnitude that wastes tons of cpu cycles and sometimes very expensive bandwidth.
Re: (Score:2)
Crypto mining in the background is a lesser evil in my eyes.
Really? As your phone or tablet or laptop heats up to its thermal limit, the fans go to maximum if it has any, while you watch the battery meter start dropping in real time? A device that gets 8hrs-12hrs normally is now uncomfortable to hold and projecting running out of juice in 20 minutes... that's less annoying?
crypto-mining slams the CPU or GPU or both to 100% and pins them there. The reason normal people don't run cryptominers of their own is that the electricity costs relative to currency mined is hi
Honestly (Score:2)
Little downside (Score:2)
If you don't have JavaScript disabled, your browser is already running code from websites that you never consented to or know what it's doing. So that argument seems ignorant.
The amount of electricity used even if you sat there and kept that browser tab open and active for hours, would be less than a penny. So nix that one too.
Unlike ads, it doesn't target or track users. It doesn't exfiltrate data. It doesn't distract from page content (ads do this by design).
It's egalitarian in that the longer you're on t
Re: (Score:2)
That is ridiculous. The act of visiting a website with a modern browser is giving consent to run whatever javascript the sites sends you, unless, as you said, you have disabled it. To say otherwise seems ignorant to me. You're *requesting* the content, it's not like it just gets streamed to you automatically.
Seems inefficient (Score:2)
Better than ads if you value your time (Score:2)
Ads grab my attention, JS miners just use CPU time. I consider my time to be more valuable than CPU time so that's a win for miners. And if a few cents of electricity is enough to support a website without ads, that's great.
This model is probably unsustainable but for the meantime, I think it is brilliant.
I can't wait for this to be done right! (Score:2)
I really can't wait for companies to start implementing this right, as a way to remove advertisements from their sites. Particularly newspapers and other publications I wish to support financially. There's no way I'm ever disabling my ad blocker, but I would absolutely allow using a share of my CPU resources to send a few cents while I'm reading an article or something. As the OP points out, doing it without user consent is not cool, but when done right I think this could be a very powerful tool.
Re:cryptocurrency-mining preferable to data-mining (Score:4, Interesting)
Last time I checked, websites weren't getting explicit consent for user data-mining either.
Yes they are. Private Browsing in Firefox does two things related to data mining: it turns persistent cookies into session cookies, and it doesn't connect to third party tracking services. "Disable protection for this site".
That assumes a website is not doing both ... in that case then fuck them all to hell.
They'll do both, arguing that doing both has precedent. Magazines, newspapers, and multichannel pay television rely on combined revenue from ads and subscriptions because they can't pay their writers with one or the other alone.
Re: (Score:2)
Re: (Score:2)
nice idea, but that was only in the EU. Something that consumer-focused would never fly in the United States, unfortunately. Perhaps in other parts of the world, though.
Re: (Score:3)
But I have 36 tabs open right now.
Without fact checking your numbers...
1) my computer would come to a crawl
2) I walk away for a day and it'll cost me $15/day...