
Salon magazine mines crypto-cash with readers' PCs - mdekkers
http://www.bbc.com/news/technology-43053783
======
grzm
Large discussion on HN a week ago (153 comments):

[https://news.ycombinator.com/item?id=16364919](https://news.ycombinator.com/item?id=16364919)

------
grx
Prime example of failed business models and their desperate attempts to
survive.

I'm really disappointed about how online publishers handle the decline of ad
revenue. Of course my ad-blocker will also block your miner script, what do
you think how this works? And better yet, integrating external third-party
JavaScript into your website screams for abuse by attackers. Someone could
just change the wallet address the scripts mine for and suddenly all your
visitors not only do not mine for Salon, but mine for someone else entirely.

But yeah, ask me about "well how do we make money?" and I don't really have an
answer myself. IMO sources like Patreon are the most appealing for me, though
it might hurt websites I have not yet in my list and would not be able to
access if I'm not a subscriber.

~~~
koliber
Every business is failed unless it figures out a way to survive.

Businesses do not survive by default. It takes a lot of work and
experimentation to find the right mix of everything to build a viable company.

~~~
O_H_E
Well Said

------
TekMol
Isn't that a good thing?

Imagine you have a little widget in your browser that displays something like
'50%' which means you constantly use 50% of one core to mine a cryptocurrency
for the page you are currently looking at.

And in return you get an ad free web. I think that would be way better then
the web as we know it.

~~~
ErrantX
Seems wasteful & fruitless.

Better to evolve a micropayments model that works (because at least i can
quantify what I pay)

~~~
wklauss
> because at least i can quantify what I pay

And the publishers can quantify how much it gets.

With the volatility of crypto assets this is not a viable solution for the
publisher, especially because readers who have an ad-blocker installed are
likely to block the mining script as well.

This is a publicity stunt. Nothing more, nothing less.

~~~
applecrazy
If so, this is a stupid publicity stunt, given the largely negative reaction
by this community and the media. If anything, more people will install
adblockers because of things like this.

------
CaliforniaKarl
I am completely fine with this. The entire question of "How does a web site
providing content 'for free' make money?" still seems to be in flux. Yes,
people might push for some sort of micropayments thing, and The Guardian is
making their method work, but I don't know if that's the exception or the
rule. At least, not right now.

Given the choice, I prefer a background miner over ads. Even on a laptop
that's running on battery. For one thing, removing the ads (and all the
annoying JS they load) should make the page much better to load & navigate,
meaning I can go through the content faster. If I don't want to use up my
battery, then I'll add the site to my Read Later list, and read it then.

~~~
michaelbrooks
It wouldn't be so bad if Salon were using 5 or 10% of your CPU, but they are
pushing it to 100%. Check out the discussion on r/BATProject[0] which is apart
of the Brave browser. Brave is actually fighting the mining situation whilst
also trying to help publishers and creators gain money.

Brave are actively blocking ads and background miners, but they offer verified
publishers and creators to be donated Basic Attention Tokens (their own
cryptocurrency). Users of Brave will be able to gain tokens either by
purchasing them or by viewing ads within the browser rather than on the
websites. If you're interested, I would recommend you check out their browser
which is based on Chromium.[1]

[0]
[https://www.reddit.com/r/BATProject/comments/7y7tvy/bat_comm...](https://www.reddit.com/r/BATProject/comments/7y7tvy/bat_community_weekly_update_02092018_to_02162018/)
[1] [https://brave.com/](https://brave.com/)

~~~
nekopa
For some reason this reminds me of that episode of Black Mirror where you had
to pedal a bike or watch ads to get tokens.

------
abusoufiyan
So...doesn't this mean their website will start getting flagged as malware?
Many security companies flag CoinHive as malware...

~~~
DyslexicAtheist
yes it's likely that these domains end up on some list.

E.g.:

    
    
       $ curl -s https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/hosts|grep salon.com
       0.0.0.0 worker.salon.com

~~~
abusoufiyan
Yikes, you'd think a media company would be smarter than to use a software
that returns hundreds of articles about malware as the top results of a google
search for its name.

~~~
dmix
Salon is well known for some poor quality journalism/blogging. Not surprised
to see that is reflected in their management/technology descions.

~~~
abusoufiyan
I had never really read anything from this site before and just searched it in
Google News. Wow, you weren't wrong. And I'm probably THE target audience for
that site (unabashedly leftist). It's very trashy.

------
NKCSS
Thinking about this, how long till ad blockers will also block these crypto
mining scripts... it's not that different.

~~~
VMG
I imagine the mining code can be transformed so that it will be hard to
detect.

~~~
weego
There's no winning a cat and mouse game for the people with the exponentially
harder task

------
swang
Their website was already unreadable on mobile so I guess they're now going to
make sure you can't view it on a desktop/laptop by pegging your cpu to 100%

~~~
sudhirj
That's config on the miner, can throttle to any CPU usage percentage. No
reason for them to be stupid enough to peg at 100%. 50% to 70% seems much more
reasonable. Most day to day, non professional applications barely use more
than 30%.

------
tzahola
So they _did_ seize the means of production after all. The means of Monero
production.

------
Kiro
Again mostly negative comments here. May I ask why? It's 100% opt-in so I
don't really see what blocking mining scripts has to do with it. I also block
mining scripts but that's for rogue sites doing it without my consent (The
Pirate Bay) while this feels like a legitimate use-case. Correct me if I'm
wrong.

The headline makes it sound like they automatically start it if you're using
an adblocker. That is not the case. Check the screenshot in the article.

~~~
abusoufiyan
In theory, it's a great idea being 100% opt-in and all.

But in practice, we know that CoinHive is being used largely as malware, being
injected in third-party sites to enrich hackers. And it's not a nice move to
support that ecosystem and the company which clearly doesn't give two damns
that their software is enabling so much hacking.

~~~
Kiro
You are right. However, CoinHive seems to care about this (at least
superficially). Check out their AuthedMiner.

~~~
abusoufiyan
According to this, they don't seem to care at all:
[https://motherboard.vice.com/en_us/article/vbpbz4/creators-o...](https://motherboard.vice.com/en_us/article/vbpbz4/creators-
of-in-browser-cryptocurrency-miner-coinhive-say-their-reputation-couldnt-be-
much-worse)

>The team don’t specifically track domains, so if a user’s email address is
not, for example, “contact@website.com,” Coinhive often don’t know where or
how the service is being used, though.

So they don't keep track of who uses the software (perfect for malicious
users), and yes they offer an AuthedMiner but why are they still offering
payouts to people who use the version which runs without user consent?

It's like me selling illegal firearms in the back of my store and people
saying "Hey, he is really concerned about the negative effects of illegal arms
dealing, that's why he sells legal firearms in the front of the store!"

~~~
Kiro
I agree. There's probably room for an actor and competitor to CoinHive who
takes this very seriously.

------
realitycheck_13
The web is open and free because ads made it possible when the internet was
first evolving. You only understand the internet as “free” because someone
else was footing the bill to begin with. Ads can no longer support an open web
as you once knew it. So, the web closes down (publishers gating their content
- subscriptions) one by one and what do you end up with? A closed web. Plain
and simple. Those who feel the web is “free” are under an illusion becaue they
know and knew of nothing different. These people are ignorant and the
ignorance is what is actually causing the web to close down faster. The more
ignorance the faster it closes. I’m not saying ads and mining are great ways
to pay the toll but it’s the only options since I don’t see any user here
writing checks to websites out of good will. Salon at least is trying to keep
the web “open” by giving options - and by the way, when did an option, in your
control, ever offend you. Offended? Fine you don’t have to opt in. That’s like
saying your pissed of because the restaurant accepts discover card when you
only chose to carry Amex or cash.

There are a lot of people here who just don’t know what they are talking about
and unfortunately they’ll never know who they are because they are always
right. That’s fine because that’s the way the world works unfortunately and
it’s human nature but a little honest research would do the greater community
as a whole a great deal of good.

------
krylon
The problem with ads is that they are not just ads these days. There is a big
industry whose "product" is tracking users across sites, trying to build
detailed profiles in order to present people with targeted ads they are more
likely to click on.

In other words, a massive invasion of privacy that may very well come back to
haunt us (think of an oppressive government trying to find potential
dissidents, either to bombard them with propaganda or worse).

Using my browser as a cryptocurrency miner as I visit a site has obvious
problems, especially on mobile devices, but from a privacy perspective it is
far less troubling. With the exception of blogs people write in their spare
time, most web sites need a way to recover their expenses. Even more so for
news sites that employ journalists etc.

At that point, the interesting question is how effective running a Javascript
miner is. When I visit web sites using a browser that has no ad blocker or
tracking protection installed, I notice that ads, tracking scripts, etc. can
use quite a bit of CPU, RAM and bandwidth, too. If I could be sure that a site
using crypto-miners does not just gobble up my phone's battery like crazy, the
idea is not _that_ bad, as long as sites are transparent and up-front about
it.

Some sites already offer a model where you either have ads or make a donation
and get an ad-free page. Something similar with cryptominers could work, too.

(All this assumes, of course, that web site owners play fair, which is
hopelessly naive all too often.)

------
fezerozero
For this model to be successful(long term), sites/anyone who does this, must
set an early precedent to inform and get consent from users. (this is, of
course, antithetical toward modern advertising philosophy)

Otherwise, it crosses a line from Adware to Malware, further validates the
reclassification of ad blocking/protection from optional to required, and will
meet a quick demise

------
VMG
Bitcoin was inspired by Hashcash in 1992: a Proof-of-Work that protects
services from DoS. Now we have come full circle.

[https://en.wikipedia.org/wiki/Hashcash](https://en.wikipedia.org/wiki/Hashcash)

------
molticrystal
The best way to prevent this in firefox:

1\. Run Noscript extension

2\. Run RequestPolicy extension

3\. Keep your adblock/ublock rules updated as they block miners

4\. Don't ever visit Salon

The first three also work on most other websites that have miners or were
hacked and had a miner injected.

~~~
andygates
"users must do special stuff" doesn't scale, which is why Chrome has had to
roll out default blocking for egregious ads.

But using user resources to mine fadcoin? That's borderline Computer Misuse
Act, in the UK, I reckon.

------
mnm1
They've been doing shady shit with JS for years like auto-reloading their home
page and other shady practices. The only solution to sites running bad JS like
Salon is to block the JS. uBlock origin, NoScript, etc. The only downside is
that none of these tools is user-friendly enough to run without any user
input. The idea that other entities should be able to run their code on my
computer was a bad one to begin with and still is. I think people are slowly
coming to that realization as this default begins to show just how dangerous
it is.

------
Nursie
If this is done without explicit permission from the user, I can see it being
some sort of hacking offence.

So yes, I run adblockers. I will also run coinblockers. You're not going to be
mining on my laptop processor and battery. Not yours.

If you don't want me reading your stuff for free (which is perfectly
reasonable!) then block me, instruct your server not to send content on those
terms. I'm happy with that. But I will not render your ads, nor run your
mining script.

~~~
mikekchar
Out of curiosity... Rather than blocking ads, why not block sites that have
ads? This way you comply with their implicit wish not to have you read their
content without some sort of monetary return.

~~~
Phait
Honestly, it's a bit of a gray ethical area for me. On one hand, what you say
makes perfect sense. On the other hand, I like having my cake and eating it,
too. It's like having a buffet dinner where the host tells you: "sure, you can
eat this juicy steak, but you also have to eat the surrounding shards of glass
that I've put there to feed my thirst for human dignity". If I particularly
like the host I might do it, otherwise I'll just take the steak and leave.

~~~
jjjensen90
I don't love ads but that is a pretty poor and dramatic analogy... It's more
like eating a free buffet and the host asks you to listen to his annoying
friends while you eat... Some of them write notes about you and share it
amongst themselves... I'm not sure this is really an ethical grey area for you
or just rationalizing it into grey area. If the website you are reading
completely relies on ad revenue to pay its employees then it is pretty black
and white that blocking the ads is not "ethical." If you really object to the
ad model then you should do as the parent said and block websites which are
ad-driven.

I've also worked at multiple publishing companies and I can tell you that
although their owned and operated websites were run with ad money, none of the
people involved had a thirst for human dignity. It is more like, we all wanted
to make a living and enough people simultaneously wanted to read the content
AND didn't mind the ads enough to click away. Any time I've seen subscription
or pay per content tried at publishers I've been with it fails dramatically
because the percentage of willing readers is just too small unless you are a
very niche and valuable or very large and famous publisher.

~~~
DerekL
> It's more like eating a free buffet and the host asks you to listen to his
> annoying friends while you eat...

That already exists: a church-operated soup kitchen.

------
nukeop
Luckily, my adblocker (uBlock Origin) blocks mining scripts as well, so the
joke's on them.

------
em3rgent0rdr
This is a wonderful innovation, allowing visitors access without ads while
providing revenue to the site.

------
revanx_
not using UMatrix or NoScript in 2018, kek.

------
BigTex420
I think it’s a good thing. Better than sacrificing journalistic integrity for
clickbait that helps drive more ads

~~~
AnsisMalins
Now the incentive is to keep the user on the site longer. Excessively long
articles?

~~~
draugadrotten
More video, unskippable ads. Interactivity, asking for user input. Articles
read by video chatbots.

