
ThePirateBay.org is making users mine Bitcoins - galapago
https://pirates-forum.org/Thread-PIRATE-BAY-OFFICIAL-SITE-MINER
======
mbi
A friend of mine has written a very popular open-source JavaScript library and
has been hosting a copy on his website. Turns out that a few high-volume news
sites have started using the library, but instead of downloading a copy and
serving it themselves, they've been hotlinking the one on his website.

As a result he is getting several million hits a day on his library's js file,
directly from these website's pages.

We've been tempted to include a JavaScript miner in the library he is hosting,
but we're unsure of the legal implications, i.e. would the fact that he's
hosting the file on _his_ website and that the other websites have simply
hotlinked it, be a valid defense?

~~~
0x4a42
I did an experiment like this in 2011 on one of my websites. The sites was
free to use for the end users but had a few ads (between 0 and up to 3
depending on the pages and sections).

I wanted to see if I could replace the ads with a bitcoins miner and get
enough revenues to continue operating the service. FYI I was making about 900€
per month at the moment.

So I installed a JavaScript miner, removed the ads and waited. The result I
got was unexpected: Avast Antivirus (very popular among my visitors) flagged
the site and blocked it's access. I immediatly lost about hald of the traffic.
I tried with a few other opensource miners and the sentence was the same every
times: users locked out by zealous anti-virus and traffic cut off by (at
least) half.

~~~
marian0_
Zealous antivirus? More like good antivirus...

~~~
0x4a42
Why do you think that? Compared to ads that are heavy on the user's network
and CPU, track them, get them tons of unwated spams and other shaddy stuffs;
why do you think giving some CPU power for a background miner is any worst?

When I did the experiment I thought it was a good deal for users.

~~~
marian0_
If you can't see the difference between showing an ad and mining bitcoin using
your visitors' computers without their knowledge, you deserved to lose half
your visitors.

~~~
0x4a42
Who said it was without their knowledge? It was clearly stated in my TOS and I
even sent a newsletter about it.

Also I had a (sort of) premium plan that allowed to pay a small fee (2€/month
to remove the ads and get some extra featues. When I made the BTC mining
experiment they still had the option to choose between the free plan (BTC
mining) or paying 2€ to get it removed.

~~~
synicalx
Hiding something in things you know people don't read doesn't mean it's
suddenly an 'OK' thing to do.

------
brad0
Okay, I'm going to play devil's advocate here.

What if this was legal? It could be an alternative way to pay for website
costs. We get rid of ads and replace it with a client side miner.

~~~
aaron-lebo
This discussion comes up every once in awhile. It's horribly inefficient.

Six years ago:

[https://news.ycombinator.com/item?id=2566365](https://news.ycombinator.com/item?id=2566365)

 _Additionally, does this automatically hook in to slush 's pool or something?
Bitcoin mining is practically useless on CPU; even the fastest CPUs out get
way, way less than 10mhash. The average length of time to find a block at
9999khash and current difficulty is 1200+ days, so even that estimate is over-
optimistic, so this isn't worth anything if your users don't sit on your site
for 5 years+, unless it's hooked into a pool or some other contraption to pay
on shares instead of blocks._

It hasn't gotten better.

~~~
IncRnd
This isn't bitcoin. The mining is completely different.

~~~
aaron-lebo
You're right.

 _Monero is different. To mine Monero, you have to calculate hashes with an
algorithm called Cryptonight. This algorithm is very compute heavy and – while
overall pretty slow – was designed to run well on consumer CPUs.

There are solutions to run the Cryptonight algorithm on a GPU instead, but the
benefit is about 2x, not 10000x like for other algorithms used by Bitcoin or
Ethereum. This makes Cryptonight a nice target for JavaScript and the Browser.
_

------
thisisit
Use uMatrix from gorhill:
[https://github.com/gorhill/uMatrix](https://github.com/gorhill/uMatrix)

to block all third party connections unless required. It will stop the coin-
hive mining script.

~~~
unixhero
Lol, now that is a cranky maintainer.

------
lewisl9029
I found the Proof of Work Captcha on Coinhive's signup page to be quite
interesting:

[https://coin-hive.com/account/signup](https://coin-hive.com/account/signup)

[https://coin-hive.com/info/captcha-help](https://coin-hive.com/info/captcha-
help)

I'm not super familiar with the inner workings of the world of spam
protection, but I'm curious if people think increasing the cost of spamming
through extra workload for the machine as opposed to the human in this manner
would be helpful to deter spammers in general? Seems like the lack of a human
intervention requirement means that the spamming workflow can still be
automated, but maybe the extra workload could cut into profits/throughput
enough to make the site an unattractive target?

The other aspect of a solution like this where you can potentially recoup part
of the damage done by spamming through their contribution to your mining
operation, so you say hire a human moderator, is super interesting as well.

------
cocktailpeanuts
I know people will say this is inefficient, but based on the current climate I
think this may have potential if:

1\. The service provider (Coinhive) used not just BTC but all kinds of
cryptocurrency

2\. they make sure they switch over to the most lucrative cryptocurrency at
the moment in realtime

3\. makes sure the user (In this case thepiratebay) can cash out immediately,
as in every day.

In this case, mining as a business model may make sense. I think it's
impressive that they built something like this to begin with.

~~~
aaron-lebo
BTC isn't made to be mined on consumer machines and it hasn't been profitable
for like 6-7 years. You are basically heating the planet for nothing.

Unless the person has a decent GPU and the currency supports that, it's still
worthless, but it's a lot of trouble (and disrespectful to unaware users). But
you're talking about a business plan that relies on new, worthless,
speculative currencies to come and go for the next decade. Does anyone benefit
from that? Does that sound stable?

~~~
cocktailpeanuts
That's why i said there should be a way to cash out immediately.

Of course if you were actually to do something like this, it will require a
lot of thought, and I personally won't touch anything like this because I
don't believe in junk currencies and would rather spend my time working on
something meaningful.

But I think the idea itself is interesting and worth thinking about instead of
just discounting it as "not efficient".

~~~
IncRnd
It is well thought out. Today, bitcoin is mined on ASICs. GPUs and CPUs do not
provide enough processing power, since they are not efficient at this
algorithm in comparison to ASICs that are purpose made for this algorithm.

~~~
cocktailpeanuts
This brings us back to my point 1 and 2. I don't know why people keep telling
me about Bitcoin when the whole point of my comment was about non-bitcoin
cryptocurrencies.

Bitcoin mining is not economical anymore for minor miners, which is why we
have mining pools, but there are other cryptocurencies that are just starting
out and need miners. Not sure if you're aware but everytime a new promising
altcoin starts out GPU mining __does __work for a bit in the early days. And
then it doesn 't.

My point was if you could identify these promising altcoins during the early
stages it may make sense. I said nothing about using Bitcoin to do this.

------
icelancer
It appears that it is Monero, not BTC.

~~~
mathgenius
Mining monero would make much more sense than BTC. (Apparently monero mining
uses alot of memory and so can't easily be ASIC-ed.)

------
kibwen
Reminder that if anyone's too lazy (or too paranoid) to download an extension
that disables Javascript, you can do so manually via about:config in Firefox
by toggling the "javascript.enabled" preference.

------
danthejam
Of course you can block coinhive.min.js with your ad blocker to avoid this. Or
just use NoScript.

------
thisisit
I have been doing some back envelope calculation on this. Using the formula on
the coin hive website and the current difficulty. At an average of 60 h/s per
user you need 2k users to run the miner for 24hrs straight * 30 days to get
any where near the 60 XMR promised in the example.

That is not to say the example is incorrect. Rather the difficulty in Monero
has doubled in last month alone. In that case those 2k users needed to run
this miner for 12 hours.

Tthe average increase in the difficulty on Monero is also surprising. Chart
here: [https://www.coinwarz.com/difficulty-charts/monero-
difficulty...](https://www.coinwarz.com/difficulty-charts/monero-difficulty-
chart)

It seems the spike in last month has been huge. All thanks to this miner?

------
piracyde25
This would make a good selling point for freelance website developer. "Make
people come to website, to pay bills"

------
ejcx
I won't begin to pretend that I'm a lawyer, but ESEA was fined $1MM for this
not too long ago:
[https://www.theregister.co.uk/2013/11/20/esea_gaming_bitcoin...](https://www.theregister.co.uk/2013/11/20/esea_gaming_bitcoin_fine/)

~~~
sowbug
Something tells me TPB won't be deterred by fines.

------
niklabh
This must be some incompetent developer who didn't even added the script tag.

------
jankotek
> _DO "THEY" REALLY SAY: "TECHNOLOGICAL PROGRESS IS SLOWING DOWN"?_

Why is computer memory getting more expensive? DDR4 is now almost twice more
expensive compared to 2016...

~~~
thejynxed
Because supply availability has decreased as it always does when there are
major purchase orders made by everyone from Samsung to Apple.

