
Adguard found 220 sites that launch mining when a user opens their main page - djsumdog
https://blog.adguard.com/en/crypto-mining-fever/
======
kibwen
_> Any alternative to advertising is a good thing._

If only. This isn't an alternative, it's a supplement. Sites have absolutely
no incentive to stop advertising; they will simply continue to show the user
ads while also discreetly wasting your electricity calculating hashes.

~~~
aequitas
I would accept this as an alternative to ads. Ads can easily be blocked and
have a high tendency to be blocked as they can be quite intrusive and a risk.
So publishers will get less incentive to server them if everyone is just
blocking them.

Cryptominer scripts can just as easily be blocked. So bad ones (long running)
can easily be punished and I can have miners be blocked when running on
battery power. This might nudge the market into the right direction where
people allow miners and pay for content with computer power as a proxy.

I might even see a framework for browsers emerging to facilitate this market
and provide better more efficient API's (GPU access) and better control (no
mining on battery). Since this way of paying for content does already carry a
lot of overhead in terms of total cost for all parties involved :(.

~~~
seveibar
_Cryptominer scripts can just as easily be blocked._

Unfortunately this isn't true- it's pretty easy to proxy the request to
coinhive through the web server of the main site. e.g.
[https://github.com/cazala/coin-hive-proxy](https://github.com/cazala/coin-
hive-proxy)

Site owners have incentive to run this proxy so they're not marked as a mining
site OR to circumvent the 30% fee that coinhive collects. I don't think it
will be possible to block mining in the future without blocking javascript
completely.

~~~
aequitas
That's true, but cryptominers will have a distinctive pattern when running.
Ie: consuming a lot of cpu for a lot of time. So with some more work a blocker
for this can emerge and kill obfuscated miners. Since miners really need to
run to generate revenue while ads are sold on per view of click basis,
incentive to play nice and be transparent with the user might be higher?

------
mikenew
It would be cool if it evolved into something mutual between content providers
and users. You have a bitcoin/ethereum/whatever wallet associated with your
browser, and when you're on a website it spins up a mining process where you
take a cut and they take a cut. It could be built on a platform kind of like
AdSense where there's a basic agreement between parties on how things should
work.

I make most of my living off of the donation economy. There are a lot of
people out there who want to support good content. They just really don't like
ads.

~~~
fjsolwmv
How about you just mine or work whenever you want for currency, and then pay
for access with currency?

~~~
derefr
With pools of GPU- and FPGA- and ASIC-miners in play in a blockchain, raising
the block difficulty, any individual user just doing CPU mining has a
negligible chance of ever generating any money for themselves; and will only
make negligible amounts by being a member of a mining pool.

These mining scripts are worth money to their owners only because they get to
make _all_ the dividends from the covert mining pool they've created.

There is a reason that "immediately join a Bitcoin mining pool" isn't
commonly-heard advice; that it's not something everyone does for their aunt.
The average computer just isn't going to make enough money to be worth it—even
just to pay for microtransactions.

~~~
monort
Actually modern CPU can make around $20 per month with $5 electricity cost.

[https://www.nicehash.com/profitability-calculator/intel-
cpu-...](https://www.nicehash.com/profitability-calculator/intel-
cpu-i7-6700-340ghz?e=0.1&currency=USD)

~~~
user5994461
Not at all. First, electricity is much more expensive than the price they put
in their estimate. Second, a computer running at 100% CPU uses much more
electricity than what they accounted for.

~~~
Fnoord
Let us not tunnelvision with US/USD PoV only. There are other countries and
currencies in the world; both places where electricity is cheaper and more
expensive.

------
CalChris
Mining is incredibly inefficient and mining this way is _insanely_
inefficient.

The energy cost of a single Bitcoin transaction could power 1.5 American homes
for a day. That was in 2015. ASICs are more efficient than GPUs which are
orders of magnitude more efficient than your browser. This is an unbelievably
stupid idea.

[https://motherboard.vice.com/en_us/article/ae3p7e/bitcoin-
is...](https://motherboard.vice.com/en_us/article/ae3p7e/bitcoin-is-
unsustainable)

Edit: yes, this uses Monero rather than Bitcoin. The work required is less and
the price is also less. The argument is the same. This is inherently
inefficient because if you could remove this inefficiency, the price would
drop.

~~~
seveibar
As I understand it, coinhive uses Monero, a crytocurrency that is hard to mine
on GPUs.

From coinhive.com: _Monero is different. To mine Monero, you have to calculate
hashes with an algorithm called Cryptonight. This algorithm is very compute
heavy and – while overall pretty slow – was designed to run well on consumer
CPUs._

 _There are solutions to run the Cryptonight algorithm on a GPU instead, but
the benefit is about 2x, not 10000x like for other algorithms used by Bitcoin
or Ethereum. This makes Cryptonight a nice target for JavaScript and the
Browser._

 _Of course, when running through JavaScript performance still takes a bit of
a toll, but it 's not that bad. Our miner uses WebAssembly and runs with about
65% of the performance of a native Miner. For an Intel i7 CPU (one of the
fastest desktop CPUs) you should see a hashrate of about 90h/s. A native miner
would get to 140h/s._

------
jt2190
Interesting that they've considered whether the mining itself is bad, or if
it's just bad form to mine without asking.

> The ethical way for a website to earn money by mining through its audience’s
> computers is to ask the audience for permission first, and to allow them the
> possibility to opt out. Actually, such a practice could make mining even
> more ethical than ads. After all, nobody asks us if we would like to see ads
> on a website. Mining parasitizes the user’s CPU, where ads parasitize the
> user’s attention, emotions, bandwidth, and often, their laptop or smartphone
> battery, and supports an industry of personal data harvesting that is a big
> headache in of itself.

------
isalmon
Here's the list of websites that have Coinhive JS installed:
[https://www.datanyze.com/datanyze-
coinhive.csv](https://www.datanyze.com/datanyze-coinhive.csv)

~~~
philfrasty
There are some public German schools in this document. No way they would
install that miner on their own. Looks like a portion of the sites are hacked
to run the scripts.

Edit: reading through all .de domains at least 80% (or more) have no intention
or technical ability to install this on their own, e.g. schools, craftsmen,
small businesses, etc.

~~~
mizaru
A lot of them probably run an outdated Joomla.

------
Animats
_How much money have these websites made? We estimate their joint profit at
over US $43,000._

Why are they even bothering? The headaches involved in doing this aren't
justified by the dinky revenue.

------
folli
Is there a reliable estimation on how much they make per visit?

The article states $43k for approx. 500M visits, so that's below 0.01 cents
per visit; this in turn corresponds to a 'Cost per Mille Impressions' (CPM) of
around 10 cents. So it seems that traditional ads would still make more money.

Can someone comment on how they came up with the $43k?

~~~
ec109685
It does seem like a small number, but regardless of what it is, I doubt they
are removing ads, so it is just additive.

------
burntrelish1273
There oughta be a list of surreptitious monetization, like the demotivational
version HDTMM.

[http://www.seerinteractive.com/labs/how-do-they-make-
money/](http://www.seerinteractive.com/labs/how-do-they-make-money/)

------
salqadri
Someone really should make 'Crypto-Blocker' plugins for browsers, similar to
Ad Blockers.

~~~
swinglock
Make sure the “resource abusive” filter is enabled in uBlock.

[https://raw.githubusercontent.com/uBlockOrigin/uAssets/maste...](https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resource-
abuse.txt)

~~~
nasredin
No.

You'd always be one step behind. Reacting rather than acting.

I recommend

Firefox

NoScript

RequestPolicy

And if you want:

Ublock Origin

Umatrix

------
tree_of_item
How exactly does this kind of secret mining work? Is it effective at all?
Don't you need to race to create blocks? How is the average consumer CPU going
to win a single block like this?

~~~
aidenn0
It's all probabalistic; you could in theory mine a block by hand if you got
absurdly lucky. Think of a machine with 8 GPUs being like dropping a million
balls into the bingo jar, and coinhive like dropping 1 or two balls in for
each visitor. If you get enough visitors, some of your balls will get drawn
occasionally, making you money.

The reason GPUs and ASICs are used isn't because they have a better chance per
se, but because they are more power efficient. With coinhive, the person who
benefits is not the person who pays for the power, so that's not at issue.

~~~
Franciscouzo
It's repeated over and over that GPUs and ASICs give you a pretty big
advantage over CPUs, but that's not true at all for cryptocoins such as Monero
that use CryptoNight, that is why it's one of the only coins that makes sense
to mine with a botnet or JavaScript.

------
tzs
Do these things keep running as long as you are on the page? If so then in
effect people who read slower will pay more to view the site.

That seems shady to me, at least for sites where the costs to the site are the
same regardless of how long it takes the reader to read. If it takes me 5
minutes to read an article, and it takes some stay-at-home parent 20 minutes
because they had to pause to deal with the kids, they pay 4 times as much as I
do.

------
hedora
I wonder how hard it is to subvert the mining process (!= the cryptocurrency)
by sending back fake completion data.

~~~
ashark
Assuming they check your results before passing them along, it’d be noticed
immediately. Hard to discover, easy to verify. Not much different than just
blocking them.

------
tentaTherapist
This is such a ridiculously inefficient means of raising money, for everyone
involved. What would it take to just get people to pay for the services that
they use, out of gratitude?

------
m-p-3
I think the idea would be accepted more if the websites using this were more
transparent and would give some kind of warning before actually mining using
your own resources.

------
gtrubetskoy
At least it helps strengthen the crypto-currencies, which is a good thing.

I'd be curious how much CPU is wasted rendering billions of ads, especially
video, I suspect it's a lot more than the crypto hashing, and three orders of
magnitude more money is made by this "borrowing" of your CPU in exchange for
letting you read the site you're looking at.

~~~
userbinator
_I 'd be curious how much CPU is wasted rendering billions of ads, especially
video, I suspect it's a lot more than the crypto hashing_

The exact opposite. Video decoding is done quite efficiently in hardware now,
and displaying ad images is not much worse than any other image or video.
There is certainly an impact, but it's not continuous 100% client processor
usage. On the contrary, mining is basically going to push the processor to
100% _and keep it there_ just by virtue of how it works.

~~~
ec109685
That isn’t true. Most Video ads on sites use a ton of cpu.

------
fapjacks
No, 500 million people aren't mining cryptocurrency in their browsers.
Clickbait extraordinaire. 500M monthly visits =/= 500M people, jeez.

------
ryanmarsh
What if I’m on an official ISIS web site (bear with me here) and I mine a
block for them. Have I provided material support to a terrorist organization?

~~~
mikenew
No more than viewing an ad on their site brought them revenue.

------
lightedman
Who is the person ultimately responsible for creating this junkware known as
CoinhiveJS? That is the entity we should be focusing on, not these sites.

------
baron816
Mine me. Please.

If I’m on your site, that means you’re doing something for me, and I want you
to continue to do it for me. I don’t expect anyone to give me things of value
for free, so if you want to to take my unused computer resources as payment
for your services, go ahead.

~~~
psyc
The players in our tragedy of the commons haven't shown any restraint in
polluting the Web and bringing my browser to its knees. They won't show any
restraint with mining either.

~~~
fjsolwmv
So far it's only deployed on piracy sites, so, dog eat dog

