Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT Technology

The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) 362

Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
This discussion has been archived. No new comments can be posted.

The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day

Comments Filter:
  • by GenP ( 686381 ) on Wednesday October 18, 2017 @11:22AM (#55390461)
    Even more reason to disable Javascript.
    • by monkeyxpress ( 4016725 ) on Wednesday October 18, 2017 @11:39AM (#55390591)

      Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it. Is anyone looking forward to going back to having to support Flash, Silverlight, java applets, and whatever new half-baked solution gets dreamed up by a bullying vendor.

      We are still heading towards a good place. It took a long time to beat down IE and its deliberate consensus killing behavior, and to nudge JS into a form that is sufficiently standardised and supported. We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there. Rather than rejecting JS outright, I think it is better to continue to find solutions to these sorts of problems. The web needs a common client side computing platform, and I don't see where any useful alternative is going to come from right now.

      • by JohnFen ( 1641097 ) on Wednesday October 18, 2017 @12:08PM (#55390875)

        Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it.

        I don't think that's anything close to a sufficient reason to accept the dangers associated with it. Javascript is not only a theoretical security problem, it's one that's very commonly exploited.

        All of the arguments that apply to getting rid of flash apply to getting rid of Javascript.

        We are still heading towards a good place.

        Maybe, but the evidence for this is weak.

        The web needs a common client side computing platform

        "Needs" is a very strong term. In my opinion, it's more of a "nice to have" than a "can't live without".

        • by phantomfive ( 622387 ) on Wednesday October 18, 2017 @01:40PM (#55391589) Journal

          Javascript is not only a theoretical security problem, it's one that's very commonly exploited.

          What exploits are you talking about here?

          • by JohnFen ( 1641097 ) on Wednesday October 18, 2017 @01:54PM (#55391689)

            Well, we can start with secret in-browser bitcoin mining.

            But, on the more malicious side, there are bunches of traditional exploits that do things like code injection, privilege escalation, installation of virii, etc. Also, there are a number of data exfiltration exploits in the wild. You know all those online ads that spread malware? They're using javascript to do it.

            Javascript isn't as vulnerable as it used to be, but you can't think of it as safe, either.

          • by OrangeTide ( 124937 ) on Wednesday October 18, 2017 @05:34PM (#55393015) Homepage Journal

            Someone was nice enough to collect a list of JavaScript vulnerabilities [github.com]. And I also found a list of Proof of Concepts [github.com] and many of them are for JavaScript and browser. And includes a nice paragraph description for each.

            I can't prove the earlier post's claim that "[the problem of JavaScript security is] one that's very commonly exploited."
            But it does seem that there are many well known security issues with popular implementations of JavaScript.

        • by dfm3 ( 830843 )
          Remember back in the early 2000's, when you'd occasionally come across a website that was entirely contained within Flash? Remember how much we all despised those?

          Well, we're basically back to that point with Javascript. When I want to read a few paragraphs of text with maybe a picture or two, why should I download 2+ MB of javascript libraries just so that the images can fade in from the background as I scroll down, or drift across the page Ken Burns style as I read?

          With more and more sites these days,
      • We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there.

        Webassembly is here NOW and available in all major browsers [caniuse.com]. The major drawback right now is that it can't access the DOM, but that will change in the future.

    • by Okian Warrior ( 537106 ) on Wednesday October 18, 2017 @11:42AM (#55390613) Homepage Journal

      Even more reason to disable Javascript.

      While I agree with that sentiment, I have to wonder why this is such a big deal?

      Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible.

      We've always wanted a way to monetize visiting a site, could this be a way to do it?

      Suppose we had a service where people could submit computationally intensive problems which can be broken down into smaller computational units. Such as "folding at home [stanford.edu]" or "seti at home".

      The answers to some of those problems could be valuable, so we could imagine research institutions paying money to use the system to solve those problems, and pay out based on the amount of computation a website brings in.

      This is proportional to the number of users who view the website, and for how long. This could be a user-friendly alternative to advertising.

      In fact, one can imagine the *government* paying money to use the system as a make-work program: it would encourage people to make better, more meaningful websites overall. Would the sociological benefit outweigh the extra costs?

      (Assuming that people don't game the system, but it seems reasonable that we could learn all the gaming techniques over time and avoid them. Sort of how we deal with advertizing clicks currently.)

      I don't see what the problem here is, and look at it as an opportunity.

      Could this be a user-friendly way to monetize a website, as an alternative to advertising?

      • by Monster_user ( 5075027 ) on Wednesday October 18, 2017 @11:58AM (#55390787)
        CPU cycles equals wear and tear, slower performance, and likely more bandwidth consumption.

        While you may not be affected, plenty of people are and will be.

        Those on metered connections, or who have to pay overages for data.
        Those running on mobile devices who need as much battery life as they can squeeze out of their devices.
        Those who are at the lower end of the financial spectrum, who have to watch their wattage and struggle to replace their aging machines, and struggle to provide air conditioning and such to their homes.

        Its kind of like the penny. For so many people it isn't even worth picking up, but for so many other people a penny is a big deal. My biggest concern would be battery life.
        • Someone should do a comparison of each. Bandwidth is going to be a lot lower with mining since 90% of ads are video ads or animated gifs. Yes CPU might be used, but the power needed to render videos and those animated images still need cpu/gpu cycles.
          • by Rakarra ( 112805 )

            Videos are something I will always keep off when I'm on mobile, unless I'm using the Youtube app, I don't need to see anything moving.

        • sure, i guess, but the total degradation you take for using, say, DRMed web-streaming video rather than an optimized native encoding is still going to be orders of magnitude more significant than the total effect of mining unless you leave you have malware and/or your web browser is on shady sites 24/7.

          afaic, the content cartels should pay out a subsidy to upgrade our computers for this shit.

        • by dinfinity ( 2300094 ) on Wednesday October 18, 2017 @05:06PM (#55392855)

          The obvious solution is to let clients limit CPU usage for JS per tab, especially inactive/invisible tabs.

          For instance, apart from whitelisted domains, every page switch gets 5 seconds of unlimited CPU usage for JS and is then throttled down to 1%. Added bonus is that it incentivizes efficiently coded JS in general whilst also protecting against JS mining and other JS CPU cycle stealing.

          One could imagine finegrained clientside control of how much CPU time a certain website may consume, combined with the website providing tangible rewards for the CPU cycles. A sort of Patreon service with CPU cycles, if you will.

      • by link-error ( 143838 ) on Wednesday October 18, 2017 @12:01PM (#55390815)

        The problems are that sometimes, I'll leave a webpage up for a day or two in a separate tab because I want to come back to dig deeper into something, but don't want to create a longer lived bookmark. Sometimes, I see a CPU getting chewed up by the browser and I had assumed up to this point it was a bug in the browser or accidental looping javascript error, and I have to start killing off tabs until I find the offending page. Probably miners all along.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible

        It is absolutely inevitable that if this practice becomes accepted, people will start trying to steal a greater and greater proportion of your CPU resources. Consider how restrained internet advertisers are with their adverts, t

      • While I agree with that sentiment, I have to wonder why this is such a big deal?

        It's always a big deal when someone is injecting code on your machine without your knowledge or permission. Whether or not a specific example of the code is harmful isn't relevant -- that it can be done means that there will absolutely be more malicious code coming from somewhere.

        We've always wanted a way to monetize visiting a site, could this be a way to do it?

        Could be, but user notification and permission is a non-negotiable part of it. Without that, the code is malware.

      • by AmiMoJo ( 196126 )

        How much battery power does it waste?

      • by iCEBaLM ( 34905 )

        Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care?

        I suppose it depends on your definition of harm. I submit to you that this is actual theft. They are using your CPU, which directly costs you more money in electricity, cooling, premature replacement costs, and possibly lost productivity, to make them money. All without consent.

        I call that theft.

    • https://mineblock.org/ [mineblock.org]

      I'm sure Adblock Plus etc will also contain the URLs that need blocking if they haven't already done so.

    • Even more reason to disable Javascript.

      Right, but what can I do to fix windows 10? According to the article it could be mining bitcoin for someone else too.

      In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...]

    • by DickBreath ( 207180 ) on Wednesday October 18, 2017 @01:55PM (#55391695) Homepage
      I don't want to have to disable Javascript.

      That would be bad.

      What I want to have to enable Javascript. If I feel like it. If it seems like I'm missing out on something.

      Does slashdot stress out ad blockers or what? Why not have ads that don't require Javascript? If the ads are too many then I just won't come back.

      What if browsers severely limited the amount of execution time Javascript had to set up event handlers on controls in a business application. Then also severely limit the execution time of those event handlers -- exclusive of the time it takes for an event handler to make a limited number of ajax calls to the page's originating server. Would this idea limit the bitcoin mining abuse, while not constraining real applications?
  • Autocorrect typo? (Score:5, Informative)

    by Hartree ( 191324 ) on Wednesday October 18, 2017 @11:25AM (#55390481)

    I suspect the submitter meant "rife" rather than "ripe".

    Of course, since "ripe" can mean "stinky", maybe it fits.

    • by gnick ( 1211984 ) on Wednesday October 18, 2017 @11:29AM (#55390505) Homepage

      For all intensive porpoises, they both fit.

    • by Anonymous Coward on Wednesday October 18, 2017 @12:17PM (#55390941)

      I hole-hardedly agree, but allow me to play doubles advocate here for a moment. For all intensive purposes I think you are wrong. In an age where false morals are a diamond dozen, true virtues are a blessing in the skies. We often put our false morality on a petal stool like a bunch of pre-Madonnas, but you all seem to be taking something very valuable for granite. So I ask of you to mustard up all the strength you can because it is a doggy dog world out there. Although there is some merit to what you are saying it seems like you have a huge ship on your shoulder. In your argument you seem to throw everything in but the kids Nsync, and even though you are having a feel day with this I am here to bring you back into reality. I have a sick sense when it comes to these types of things. It is almost spooky, because I cannot turn a blonde eye to these glaring flaws in your rhetoric. I have zero taller ants when it comes to people spouting out hate in the name of moral righteousness. You just need to remember what comes around is all around, and when supply and command fails you will be the first to go. Make my words, when you get down to brass stacks it doesn't take rocket appliances to get two birds stoned at once. It's clear who makes the pants in this relationship, and sometimes you just have to swallow your prize and accept the facts. You might have to come to this conclusion through denial and error but I swear on my mother's mating name that when you put the petal to the medal you will pass with flying carpets like it’s a peach of cake.

  • Possible fix (Score:5, Interesting)

    by Anonymous Coward on Wednesday October 18, 2017 @11:26AM (#55390491)
    Is there a way that someone could write a browser plugin that returns wrong/garbage results to the crypto mining command and control server, rendering entire massive calculation trees wrong and useless and destroying their scheme?

    Ideally a way to enable/disable per site so that sites that ask permission can be granted on a case-by-case basis.
    • That would only send invalid shares to the server, which would be rejected.

    • Just use the "No Coin" extension.
      • by unrtst ( 777550 )

        AFAICT, these sort of extensions are just blocking based on a URL list. They can play the cat and mouse game of moving them around and renaming scripts all day every day. IMO, we need an extension that detects those sort of code profiles and provides the option of killing off that code.

        If one of these extensions does more than a simple blacklist, please let me know - I haven't found one.

  • Just have a cpu/gpu threshold on what processes on threads can consume, both individually and in aggregate?
    • The problem is this could cause legitimate sites to slow down.
      • Can you give an example?

        I'm sure there is one. But I can't think of any. I think that many web sites and applications use Javascript to briefly set up event handlers on controls. Those event handlers react to clicks and other user interactions, and spend very little time doing so.

        But I can't think of an example of a browser-side CPU intensive application.

        Actually, I CAN think of one that I would contrive. But it is a legit example. Suppose you had something that wanted a lot of CPU time, and p
  • by guruevi ( 827432 ) on Wednesday October 18, 2017 @11:29AM (#55390509)

    No? Then this is the same discussion we had decades ago about ads and it will end up in the same way.

    If you go to a site, then you give it explicit permission to use resources on your computer. Whether that resource is doing stuff on the Internet (AJAX) or doing stuff on your computer (mining).

    A user can control your computer though, they can limit the amount of cycles a website or browser gets to spend, block JavaScript, block whatever resource they want. In the end, the user is letting them do this and once sites see that it's costing them more money than it profits (when people stop visiting the "slow website") they'll learn.

    • Is there a way to request them to stop ads?

      Yes: pay $4 per month to every single site you visit. The user eventually ends up having to subscribe to multiple sites, or purchase $4 of pay-per-page credits on multiple sites, to read the results from one web search.

    • If you go to a site, then you give it explicit permission to use resources on your computer.

      Not blanket permission, you don't.

  • I get it, kind of (Score:3, Interesting)

    by Arthur Brownlee IV ( 2890683 ) on Wednesday October 18, 2017 @11:31AM (#55390521)
    You don't want things loading in your browser session that are doing things you don't want them to do.
    But couldn't this be said about any code on a website? When you go to the page, you're loading whatever JS, Flash, etc that is on their site. You're the one going there, it isn't anything malicious.
    What's the difference between this stuff, and say someone using uncompressed images that suck your bandwidth excessively? Is the only difference, that they may be profiting from this slightly? If so, why is that bad, when most sites need to show you some ad, sell you something, etc to be profitable?
    • by ctilsie242 ( 4841247 ) on Wednesday October 18, 2017 @11:36AM (#55390563)

      I can see this becoming worse, especially with encrypted media extensions that obfuscate the presence of a mining tool under the guide of DRM.

      • I can see this becoming worse, especially with encrypted media extensions that obfuscate the presence of a mining tool under the guide of DRM.

        This is one of the reasons why I will never enable EME, nor use a browser that doesn't let me disable it.

    • by vux984 ( 928602 )

      What's the difference between this stuff, and say someone using uncompressed images that suck your bandwidth excessively?

      100% CPU utilization (GPU utlitization too if they can do it) will drain laptop and mobile batteries fast and heat the up. This is the antithesis of the direction things should go.

      There is no way mining makes practical sense as a ubiquitous means to pay for web content. It would render the web practically unusable.

      Second, as an ecnomic model it is incredibly inefficient. For every dollar you spend in electricity for their miner... how much money do they make from it. Not a tiny fraction. I'd rather just giv

      • There is no way mining makes practical sense as a ubiquitous means to pay for web content. It would render the web practically unusable.

        I'd argue the web is already practically unusable if you turn your ad blocker off. On my tablet slashdot throws a giant pop over on the main page that covers roughly 2/3 of the screen. And then it loads video ads that have roughly a 30% of locking up my web browser. I can't imagine this being much worse, although it might end up harder to block.

  • by Luthair ( 847766 ) on Wednesday October 18, 2017 @11:34AM (#55390539)
    More like rife.
  • Yep (Score:5, Interesting)

    by LeftCoastThinker ( 4697521 ) on Wednesday October 18, 2017 @11:35AM (#55390549)

    I believe the word the author was looking for is "rife" as in filled with/replete with.

    Just another reason that add blockers like uBlock Origin are mandatory. I also browse with a JS dynamic switch so I can kill JS with a button press for obnoxious sites.

  • by Kjella ( 173770 ) on Wednesday October 18, 2017 @11:37AM (#55390567) Homepage

    "As an alternative to ads, we are testing out in-browser cryptocurrency mining as a means to fund our website. If you prefer our ad-supported version, click here" and see how many would actively choose ads. I mean if this is a functioning micro-transaction system I think it's got much less downsides than almost every other possible alternative, particularly that you don't need any kind of payment info or personal data. If it's any kind of site where you have an account you could have like points and build up a sort of credit you'd "pay" with to read articles and so on.

    • by AmiMoJo ( 196126 )

      I wouldn't mind "paying" for sites in this way, except when I'm running on battery power, and only if it means no ads.

      I'd much prefer to pay more directly though. Mining with JS can't be very efficient and will end up wasting a lot of energy. But since no-one has come up with a better way to do microtransactions in the fraction of a cent range it's the best of a bad bunch.

  • Disable Web Workers (Score:4, Interesting)

    by Luthair ( 847766 ) on Wednesday October 18, 2017 @11:39AM (#55390583)

    I presume these are using web workers as they don't lockup the UI? How many legitimate uses of web workers are there, couldn't we just disable them?

    Maybe w3c should drop them from the browser spec entirely.

    • Offline mode in progressive web applications uses a Service Worker, a form of Web Worker that can act as a proxy for the hostname it's hosted on. Without a Service Worker, an application is more likely to show you the error message "There is no Internet connection" if you try using it on a laptop or tablet while riding the bus.

      Or must all applications with an offline mode be native and therefore OS-specific?

      • That's a fully acceptable loss.

        • by tepples ( 727027 )

          Without a Service Worker, an application is more likely to show you the error message "There is no Internet connection" if you try using it on a laptop or tablet while riding the bus.

          Or must all applications with an offline mode be native and therefore OS-specific?

          That's a fully acceptable loss.

          My comment alluded to two different kinds of "loss".

          • A. Loss of ability to view and edit cached data while offline
          • B. Loss of compatibility with your preferred operating system because the application's developer lacks the finances to maintain a port thereto

          Of these two, which did you intend to describe as "a fully acceptable loss"?

          • Both, actually.

            Not that I think either of them are good, but we're entering into a world where we're going to have to make some sort of compromise one way or the other. Personally, being unable to use progressive web apps is my preferred compromise.

            • by tepples ( 727027 )

              Personally, being unable to use progressive web apps is my preferred compromise.

              For future reference, so that I can make examples in comments more relevant, which operating system do your primary PC and your primary mobile device run?

              And how would you react if it became commonplace for sites to make a progressive web app available without charge but charge money for the native app? Would you pay $4.99 (limited ads) or $9.99 (ad-free) per platform per year to continue using an application?

  • GOOD. (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Wednesday October 18, 2017 @11:42AM (#55390625)

    This is the endgame for javascript: executing unauthorized code on your computer. Now that it's becoming so entirely blatant, we may actually start seeing the general public getting protection from runaway javascript scripts.

  • No such problem (Score:5, Interesting)

    by Artem S. Tashkinov ( 764309 ) on Wednesday October 18, 2017 @11:42AM (#55390631) Homepage

    This "problem" is so exaggerated it's becoming annoying to hear about it again and again.

    First of all, most respectable websites will never do anything like that. Secondly, shady websites which do host mining JavaScript are not normally visited by most people and the ones who visit such websites usually leave them quite fast, which means bad scripts can only run for a very limited amount of time. Thirdly, we've always had websites which peddle malware and somehow they stopped being newsworthy years ago. All of a sudden, they are again in the news.

    Fourthly, we now have "good" websites which stress your CPU so much they can be considered "harmful". What about ad networks whose JS tax your CPU? Why aren't we talking about them?

    • Re:No such problem (Score:4, Interesting)

      by mjr167 ( 2477430 ) on Wednesday October 18, 2017 @11:55AM (#55390763)
      Lincoln Caverns (a cave in central PA that gives tours) had one running on thier website when I went to check tour prices earlier this week. It's not just shady sites doing this, but legitimate businesss that you might actually want to do business with.
  • Flag them! (Score:5, Insightful)

    by kurkosdr ( 2378710 ) on Wednesday October 18, 2017 @11:57AM (#55390783)
    Flag. These. As. Malware. Let's see how these smarty pants website owners and advertisers react when their users start avoiding the site because they are getting anti-malware alerts and get demoted in search engine results
    • But its not malware. Malware is spread through malicious acts. If its fully disclosed up front, its just your choice to go there. I do like coinhive's capatcha alternative, I would rather mine for 20 seconds than to pick which image is a car or what a street sign is.
      • by Rakarra ( 112805 )

        But its not malware. Malware is spread through malicious acts. If its fully disclosed up front, its just your choice to go there. I do like coinhive's capatcha alternative, I would rather mine for 20 seconds than to pick which image is a car or what a street sign is.

        Isn't the whole point of those capchas to prove that it's a human making the decisions rather than a computer doing the registration work?

      • I would rather mine for 20 seconds than to pick which image is a car or what a street sign is.

        The real problem for OCD people like is that those damn street signs are frequently not quite completely in the damn boxes, so I never know if I should click on those boxes too. It's like someone is doing a really crappy job at "slicing" those images, whatever the term is.

      • But its not malware. Malware is spread through malicious acts.

        Malware is any software that is running without my permission.

        If its fully disclosed up front, its just your choice to go there.

        I think the issue is that a lot of sites are not disclosing it.

  • I prefer that any day of the week, better than idiotic ads that cover my reading area or flimmer around the screen, giving me eye-cancer.

    I'd vote for a 'Mine me' setting that removes all the ads that come through my ublock and ghostery.

    • Yeah, I could consider it for my own website. Are you using a desktop browser, or one that supports the battery API and shows as "charging"? I'll show you a "remove ads" button in the corner.

      When you click on it, ads disappear and you get 20/30 seconds mining (the time it takes you to read the dialog explaining what is happening). After that, mining stops and no ads in the whole site for the current session. I could even replace the "remove ads" with a "stop mining" button that restores the ads, in case the

      • As a user, it angers me that websites can tell any details about my machine including whether or not its running on battery.

  • commentsubject (Score:5, Interesting)

    by Falos ( 2905315 ) on Wednesday October 18, 2017 @12:02PM (#55390831)

    It's parasitic and hidden, but to believe that an opt-in checkbox equates to being "in the clear" - hell, that op-tin being offered at all is supposed to be par for today's commercial atmosphere - is awfully naive.

    In fact, this "hidden" behavior? Is still transparent relative to the shit being done with various fingerprints/useragents, with the hundred different metrics possible on your phone. To say nothing of you unfortunate souls with accounts on facetweet and socnets.

    It's almost refreshingly simple. They're mooching your CPU, your electricity, but the intent is plain, the motives obvious. Compare it to the clusterfuck, the rat-king of trade-and-parcel done with your credit info/score/history/etc. We're oblivious to the amount of closed-door behavior going on around us, of how many databases end up hooking a single instance of you flashing your insurance card to get a painkiller or flu shot, or a scratch on the car.

    Again, it's unscrupulous, yes, but "shady"? Consider that word and apply it to the shady pickpocket who grabs your $20's and throws your wallet on the sidewalk, versus the shady cartels running our world, ISPs and Muh Big Pharma and all our good friends trashing the atmosphere/soil/rainforest/aquabeds/whatever without a moment's hesitation, global-scale behaviors behind purchased laws, behind NDAs, behind agreement named with so much obfuscating euphemism you think it benefits consumer proles. Go ask a stranger what "net neutrality" is.

    Christ, you can probably stop these scripts with a browser mod or two, or a greasemonkey. Five minutes of placement. While if you fuck with your registry and hosts file maybe you'll get (most of) win10's bullshit to stop showing up on wireshark.

    I'd probably prefer a silent miner (esp. if throttled to polite levels) over the butterfly dominoes from an ad watched by DoubleClick, with a facebook pixel watching. Submission is stupid about what he can hope for, naive, thinks an ad is just "Buy my book" and done. Thinks clicking "don't send me emails" is a win.

    Not an apologist, just mentioning perspective.

    • Yeah, the more I thought about this the more I realized its actually vastly superior to the status quo.

      The problem is it will almost certainly be done *in addition* to the status quo, not instead of.

  • Verses random ads which might include malware which the website does not know about. I would rather mine for a minute than pay for a paywall or get malware installed. If its fully disclosed on the site its a good alternative.
  • it has to go somewhere right? so why not find that location and send in a goon squad and smash up their operation, or the very least block their ip address or domain so they find themselves out of the loop
  • I think ads, and worse yet, auto play video are malware. In fact, auto play video with sound is the worst abomination on earth.

    Crypto mining in the background is a lesser evil in my eyes. Annoying, sure, but less annoying than auto play video by orders of magnitude that wastes tons of cpu cycles and sometimes very expensive bandwidth.

    • by vux984 ( 928602 )

      Crypto mining in the background is a lesser evil in my eyes.

      Really? As your phone or tablet or laptop heats up to its thermal limit, the fans go to maximum if it has any, while you watch the battery meter start dropping in real time? A device that gets 8hrs-12hrs normally is now uncomfortable to hold and projecting running out of juice in 20 minutes... that's less annoying?

      crypto-mining slams the CPU or GPU or both to 100% and pins them there. The reason normal people don't run cryptominers of their own is that the electricity costs relative to currency mined is hi

  • This is just the latest in a sad downward spiral of the internet. I am old enough to remember the pre-monetization days where the internet was something truly innovative and interesting. Now that Big Corporation has got its money mitts on it, it's not interesting anymore. Yesterday was a watershed moment for me as I closed both of my Facebook and Twitter accounts. I want nothing more to do with these scoundrels. They basically circulate news that is either outrightly fabricated or purposely skewed. I even r
  • If you don't have JavaScript disabled, your browser is already running code from websites that you never consented to or know what it's doing. So that argument seems ignorant.

    The amount of electricity used even if you sat there and kept that browser tab open and active for hours, would be less than a penny. So nix that one too.

    Unlike ads, it doesn't target or track users. It doesn't exfiltrate data. It doesn't distract from page content (ads do this by design).

    It's egalitarian in that the longer you're on t

    • by hackel ( 10452 )

      That is ridiculous. The act of visiting a website with a modern browser is giving consent to run whatever javascript the sites sends you, unless, as you said, you have disabled it. To say otherwise seems ignorant to me. You're *requesting* the content, it's not like it just gets streamed to you automatically.

  • Mining in this way seems like it would yield very low value for the amount of electricity used and only makes sense if electricity was free (or you are not the one paying for it). That seems to be the case here. They don't care one bit if they only get $.05 worth of bitcoin after expending $1 worth of electricity if you are the one paying the dollar instead of them. It is like those charitable organizations that sign up all these ridiculous call centers that take 90% of your donations. The charity still get
  • Ads grab my attention, JS miners just use CPU time. I consider my time to be more valuable than CPU time so that's a win for miners. And if a few cents of electricity is enough to support a website without ads, that's great.

    This model is probably unsustainable but for the meantime, I think it is brilliant.

  • I really can't wait for companies to start implementing this right, as a way to remove advertisements from their sites. Particularly newspapers and other publications I wish to support financially. There's no way I'm ever disabling my ad blocker, but I would absolutely allow using a share of my CPU resources to send a few cents while I'm reading an article or something. As the OP points out, doing it without user consent is not cool, but when done right I think this could be a very powerful tool.

The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones

Working...