
Digging into Browser-Based Crypto Mining - godelmachine
https://arxiv.org/abs/1808.00811
======
madisfun
If I did the math right, then if the notebook I typing this comment on mined
at 100% CPU load for 1 hour, the payout to the script owner would be
equivalent to US$0.00085. For nearly 200 Wh consumed, or 70g CO2 equivalent,
or $0.004/kWh. That's two orders of magnitude less than the cost of the energy
consumed, supposedly somewhere around 3% efficiency.

I suppose asking for donations/selling subscriptions/products/whatever is more
sustainable. Even if 3 users out of 100 agreed to donate/pay the monetary
equivalent of 1 kWh (~ $0.140), the site owner would receive more than forcing
100 users to heat the air for one hour and putting 7kg CO2 in the atmosphere.

The web doesn't need browser-based mining. The web needs affordable and
convenient microtransactions. With something better than a 0.05 + 5% fee.

~~~
noonespecial
It seems to me the problem its solving isn't efficiently 'mining' the
currency, its efficiently _transferring_ small amounts of money. If there was
a way a website could present a button I could use to flip them a penny
(without a complicated setup or previous relationship with them) on my way
thru if I like the content, I'd smash that thing all day long.

The telling thing is that people are seriously considering a system that
wastes 97% of the money in the tiny transaction to easily transfer the 3%.

~~~
pjc50
Essentially the problem with micropayments is microscams:
[https://news.ycombinator.com/item?id=15592192](https://news.ycombinator.com/item?id=15592192)

Stealth browser-mining lets everyone skip all the genuine attempts at
transferring value and go straight to microscams.

Edit: hoisted body of comment: "Unsolved, difficult problems of micropayments"

\- pay before viewing: how do you know that the thing you're paying for is the
thing that you're expecting? What if it's a rickroll or goatse?

\- so do you give refunds a la steam?

\- pay and adverts: double-dipping is very annoying

\- pay and adverts: how do you know who you're paying? A page appears with a
micropayment request, but how do you know you've not just paid the advertiser
to view their ad?

\- pay and frame: can you have multiple payees per displayed page? (this has
good and bad ideas)

\- pay and popups: it's going to be like those notification or app install
modals, yet another annoyance for people to bounce off

\- pay limits: contactless has a £30 limit here. Would you have the same
payment system suitable for $.01 payments and $1000 payments? How easy is it
to trick people into paying over the odds (see refunds)?

\- pay and censors: who's excluded from the payment system? Why?

Essentially the problem with micropayments is microscams.

Part 2: business model problems!

\- getting money into the system is plagued by usual fraud problems of card TX
for pure digital goods

\- nobody wants to build a federated system; everyone wants to build a
Play/Apple/Steam store where they take 30%

\- winner-take-all effects are strong

\- Play store et al already exist, why not use that?

\- Free substitute goods are just a click away

\- Consumers will pirate anything no matter how cheap the original is

\- No real consumer demand for micropayments

=> lemma from previous 3 items: market for online goods is efficient enough to
drive all marginal prices to zero

\- existing problem of the play store letting your kid spend all the money

\- friction: it would be great if you didn't have to repeatedly approve
things, such as a micropayment for every page of a webcomic archive. But
blanket approval lets bad actors drain the jar or inattentive users waste it
and then feel conned

\- first most obvious model for making this work is porn, which is inevitably
blacklisted by the payment processors, has a worse environment for
fraud/chargebacks, and is toxic to VCs (see Patreon and even Craigslist)

\- Internet has actually killed previously working micropayment systems such
as Minitel, paid ringtones (anyone remember the dark era of Crazy Frog?);
surviving ones like premium SMS and phone have a scammy, seedy feel.

\- accounting requirements: do you have to pay VAT on that micropayment? do
you have to declare it? Is it a federal offence to sell something to an
Iranian or North Korean for one cent?

------
cinooo
There are a number of other crypto coins that can be mined via the browser,
most notably Nimiq which uses an algorithm (Argon2d) that is ASIC resistant
meaning in theory it should be even more profitable for normal day users
without high end GPU systems to mine.

Nimiq itself is making some pretty interesting tech implementations such as
being written ground up in Javascript and rewriting core parts in Rust so it
will run in the browser via web assembly. Their code base is worth checking
out: [https://github.com/nimiq-network/core](https://github.com/nimiq-
network/core)

~~~
lifthrasiir
While the paper prominently mentions Monero as an example of browser-based
mining, the first part of the analysis is independent of specific
cryptocurrencies because it looks for heavy wasm usages. (The second part of
the analysis is specifically targeted to Coinhive as it had the largest share,
however.)

------
bfirsh
Here’s an HTML version if you’re on a phone: [https://www.arxiv-
vanity.com/papers/1808.00811/](https://www.arxiv-
vanity.com/papers/1808.00811/)

~~~
NetOpWibby
Bless

------
a_imho
I've been looking to experiment with browser mining solutions recently but the
offerings are really lacking imo. It seems to be a simple problem (let users
mine in exchange for virtual goods ~proportional to the solved hashes) but bar
CoinHive I ended up with nothing promising and I can't really justify their
30% cut.

------
arayh
I feel like one of the big issues here is that we're seeing more users
visiting websites on their mobile and that means website owners want to
monetize from mobile users. Browser-based mining takes a significant toll on
mobile battery and excessively increases the temperature of your mobile
device, which can lead to other concerns. Mining is also much slower on most
mobile devices.

Coinhive themselves suggest against implementing mining for mobile users, but
it appears that some people are not so concerned for their users' mobile
devices.

------
snissn
Is gpu powered keccak mining possible in a browser? Could anyone point me in
the right direction or interesting in collaborating?

~~~
s3xham
GPUs are just as power hungry as CPUs (keccak/sha3/sha2/cryptonight; it's
going to draw more power). Monetizing your user base via any type of proof-of-
work at this point is just plain stealing electricity IMHO, unless your user
base is an ASIC farm or working some unheard-of cryptocoin with a low mining
difficulty.

I ran 16 GPUs on Bitcoin for 18-24 months when it made sense to do so. I pool
hopped to game rewards and had failover bitcoind solo nodes for when pools got
DDoS'd. There was a time when it made sense, but ultimately GPUs got priced
out.

The people who are chasing this dream are quite literally 6 or 7 years late to
the profit margin vs. electrical efficiency equation in terms of Bitcoin and
maybe 18 months too late for Monero. That's the evolution of all POW mining,
electrical efficiency.

------
maufl
These guys also do other "internet measurement". You can find more here
[https://netray.io/](https://netray.io/)

------
larkeith
Could someone with an arXiv account let the authors know that they currently
have their emails listed as "{lastname}@comsys.rwth-aachen.de"?

~~~
heinrichf
That's on purpose, to avoid repeating the domain of the email for each author
at the same institution.

~~~
larkeith
Oh, I should have realized that.

------
browsercoin
im shopping around for ideas to implement with browsercoin.com and reading
this gives me some interesting perspectives.

first im not interested in Proof-of-Work or usage of blockchain at all...sort
of like with what CoinHive and other browser based JS miners do...once you
realize these mining activity really is just to add a level of authenticity
and verification to a transaction with the ultimate goal of having a
completely auditable trail going back to the genesis block. This exact
property can be built using Datomic where I can achieve more or less an
unalterable auditable logo of all transaction made to the database even
deletes without worrying about any of the mining rewards centralized by pools
that essentially dwarf and skew the wealth. The only difference being that
Datomic runs on some seriously secure corporate infrastructure, the miners
being Google, Amazon, Microsoft, Oracle, Fujitsu, Samsung all regulated and
still answering to the civic organs of democratic economies instead of unknown
nodes with opaque interests without regulation which makes it ripe for
disinformation.

what if instead of running some number crunching, you were incentivized to
consume a content, use an app? What if then you could use some of those
credits earned to distribute to content creators that you really like (sorta
like patreon but you "mine/get rewarded" when you complete a task). I see that
BAT of Brave Browser tries to do this but is anybody really using Brave
instead of their go-to browser....I doubt it....

I had this idea for the longest time of implementing something like this but
with instantly verifiable and creditable tasks. _Proof-of-Achievement_ I
coined it. But once I realize I'm not building an ICO or cryptofoolery but a
grassroots marketplace for task you can do in your browser.

Some scenarios:

Say you want users for your SaaS web app --> boom you got an audience.

Sa you want to get paid for your SaaS/Content/Video/Music --> boom the
audience that has "BrowserCoins" can pitch in to support your cause.

The main selling point being that for the miners the reward is immediate,
there will be some clever verification methods, but essentially when you
complete a task you "mine/rewarded" 10ßC....there came up with a currency
symbol on the spot.

Miner (running a browser extension):

    
    
        1. "hmm...create a profile on somebody's Tinder clone app"
    
        2. *several minutes later*
    
        3. "okay verified email, browser extension says successful"
    
        4. *you receive* 10ßC for a job well done from hnaddict393
    

hnaddict393 (created the job originally):

    
    
        1. miner#001 has complete your job titled "awesome dating app needs some love"
    
        2. verifier#091 is checking the quality of your job.
    
        3. verifier#092 is checking the quality of your job.
    
        5. verifier#091 has finished and has approved result.
    
        6. your job has been completed and 10ßC was removed from your account.
    
    

verifier#091 (you mine ßCs by verifying the output of a job):

    
    
        1. verifier#091 has started a verification task.
    
        2. verifier#092 has started a verification task.
    
        3. verifier#093 has started a verification task.
    
        4. verifier#093 has rejected output-reason: "profile looks fake"
    
        5. verifier#092 has accepted output. awaiting your verification.
    
        6. verifier#091 has accepted output. thank you, your verification pool has been credited 2ßC for reaching a consensus within the acceptable time outlined in EULA.
    
        7. verification task has reached a consensus: SUCCESS (2/3)
    

anyways kinda rambled on there but was just thinking of a proof of concept of
some sort based on replacing a PoW with a more meaningful work output.

~~~
dc_gregory
To coin the classic HN approach, isn't this just Mechanical Turk + a bank
account?

Being less reductionist, you could possibly bootstrap the chicken/egg issue of
getting task executors / task creators by proxying tasks off Mechanical Turk.

~~~
browsercoin
> mechanical turk + a bank account?

yup. basically _near_ insta-verified rewards and verification. The issue
mentioned below of someone botting can be solved by having "oracles" or
trusted advisors with a score to maintain.

> Being less reductionist, you could possibly bootstrap the chicken/egg issue
> of getting task executors / task creators by proxying tasks off Mechanical
> Turk.

not sure what you mean by proxy

