
Show HN: No Coin – A browser extension to block coin miners - keraf
https://github.com/keraf/NoCoin
======
thinbeige
Today I read that The Pirate Bay tested this new form of monetization (running
a miner in you browser). I thought that might solve website monetization
finally. We still have to figure out stuff like battery draining on mobile but
it is the first step and I can buy some Monero which is well suited for JS/CPU
mining (or in other words, it doesn't have a huge upside when mined on GPUs).

And what do I see here? That before it even started people are fighting it.

Found this solution better than ads and infinetely loading ad-tech JS files.

~~~
gkya
I'd rather pay with my wallet than with my battery. And I'll pay only what _I_
buy. Lock me out if I don't pay, or tell me to GTFO, and I'm totally fine with
it, but you can't pick my hypotethical-pocket because I opened up your page.
This is like charging window-shoppers.

And like a sibling comment says, if this catches on, most web sites will do
both, i.e. ads + client-side mining.

One nice day publishing industry will no longer be an industry but a group of
non-profits, which won't have to sell stuff, and publish way more objective
and high-quality stuff.

edit: grammar

~~~
sillysaurus3
I'd argue that ads already pick your pocket just for window shopping the page.

There's no such thing as Adblock for video streams on Twitch anymore; the ads
are burned into the stream, so you can't block them. (Hopefully YouTube won't
switch to the same tech.)

Is that picking your pocket just for watching a video steam? If not, why is a
video steam materially different from consuming a website?

~~~
gkya
Ad money comes from a third party, not me. Whereas with this coinhive thing,
I'm paying with my computational power and my battery (which is the most
important thing here). Traditional internet ads increase resource consumption
too, which is part of why we block them. Ads that are part of a video are
different, you can skip them, and they cant breach your privacy (I dont know
what Twitch are doing, though).

~~~
sillysaurus3
(You can't skip them, sadly. The video won't buffer until the ad has fully
buffered, which happens in real time.)

~~~
sleepychu
Baked in v.s. player.

------
tombrossman
Title could be improved - this is for Google Chrome only. Anyone using an ad
blocker can simply add...

    
    
      https://coin-hive.com/lib/coinhive.min.js
    

...to their custom block-list instead, no need for an extension.

~~~
keraf
It is not exactly Google Chrome only, you can run it in any Chromium based
browser such as Opera, Yandex, Vivaldi, etc... And I do also have plans to
port the extension to FireFox (I haven't read their docs yet but I guess it
shouldn't be too hard).

Regarding the custom list for an adblocker, as said in other comments, the
idea was to keep it separate from adblocking. Coin mining in the browser is a
different issue. Where ads are tracking you and visually interfering with your
browsing experience, coin mining, if abused, is eating your computer
ressources resulting in slow downs (from high CPU usage) and excessive power
consumption. You might be OK with that and not with ads, or vice versa. Or you
might just want to keep ads blocked entirely and just enable the coin mining
script for a minute to pass a Captcha. That's why I believe having a separate
extension is useful.

~~~
abdullahdiaa
Here's the addon with the same code on firefox:
[https://addons.mozilla.org/en-US/firefox/addon/no-
coin/](https://addons.mozilla.org/en-US/firefox/addon/no-coin/)

Can you please share your email to make you the owner of it?

------
ComputerGuru
For context: The Pirate Bay is now launching a javascript-based Monero miner
in all visitors' browsers to mine coins for them in the background (possibly
as an alternative to ads).

~~~
slg
As long as there is disclosure of it and the mining is relatively efficient,
that is a very interesting business model. The site collects revenue relative
to the amount of time users spend on the site and not the number of page/ad
views. It is also a pretty seamless way to integrate micropayments from users
into a site. Handing over a credit card number or similar is a big barrier to
overcome while this requires no setup for the user. As a user I might prefer
this to ads in certain circumstances.

~~~
yjftsjthsd-h
> and the mining is relatively efficient

That's a huge "if"; it's my understanding that most cryptocurrencies are
currently only efficient with ASICs.

~~~
slg
Efficiency doesn't mean profitable. Traditional miners require profitability
while this system would only require some unknown level of efficiency. The
equipment costs is basically negligible because you are using idle capacity of
existing hardware. The marginal revenue also doesn't need to beat electricity
costs because the people paying the electricity are not the ones who are
receiving the revenue. For example if every $1 of electricity generated $0.90
of revenue, that would be equivalent to the site paying a 10% fee on the
micropayments they receive. That would likely be perfectly acceptable to both
sides.

------
detaro
Why is this an extension and not a filter list for existing adblockers?

~~~
keraf
Because it is different than ads. On a site, you might want to leave ads
blocked for privacy reasons but just enable the miner to pass the coin-hive
Captcha for example.

~~~
richdougherty
In uBlock you can just click the big off button and then click it on again. I
see that No Coin has a 'disable for 1 minute' button, which is slightly
different, but probably not worth a separate extension for most people.

[https://github.com/gorhill/uBlock/wiki/How-to-whitelist-a-
we...](https://github.com/gorhill/uBlock/wiki/How-to-whitelist-a-web-site)

~~~
rodorgas
OTOH I'm ok with ads, but not ok with miners. So wouldn't make sense have an
ad blocker that doesn't block ads.

People seems allergic to browser extensions this days. I also get the "why is
this an extension and not a filter?" on a non ad-related extension.

~~~
contravariant
Things is, all the funcionality to block certain content has already been
created and tested (at length) in uBlock Origin.

Using a different addon for exactly the same purpose but for different content
is the worst kind of separation of concerns.

~~~
rodorgas
Browser APIs to block content are fairly simple. There's no reason to use a
huge piece of software if you just want to block some urls.

Ad blockers have their own issues, including trust about maintainers
intentions.

------
paultopia
Wait, people are actually doing this? Using client-side resources not to
deliver content or applications to clients, or even to visibly deliver things
like advertisements, but to divert user CPU cycles for their own purposes?

I want to know more about this. Are they seeking any kind of consent from the
users, or even disclosing it to the users? If not, I have serious doubts about
the legality of this behavior.

~~~
wrinkl3
The Pirate Bay just tested that yesterday, apparently. They bundled a Monero
javascript miner with some of their pages. The funny thing is that while the
legality of that is questionable enough for the more reputable websites not to
go down that road, TPB is already shady enough to pull it off - and their
users don't really have anyone to complain to.

It's worth noting that this isn't exactly a new idea - some MIT students had a
project a couple of years ago that was basically that, except they tried to
turn it into a startup. The viability of it was questionable back then as
well.

~~~
quantumsequoia
I'm intrigued. Do you know what the startup was called?

~~~
frankacter
Not OP, but this is probably it:

[https://en.wikipedia.org/wiki/Tidbit](https://en.wikipedia.org/wiki/Tidbit)

------
wyc
For those wondering how it works, it seems to be a blacklist. Here's the crux
of it:

    
    
        chrome.webRequest.onBeforeRequest.addListener(details => {
            // ...
    
            // Is domain white listed
            if (isDomainWhitelisted(domains[details.tabId])) {
                return { cancel: false };
            }
            return { cancel: true };
        }, { urls: blacklistedUrls }, ['blocking']);
    
    

It's kind of sad how much boilerplate is required to write a simple extension.
I wonder if there's a framework for saving labor while building cross-
compatible browser extensions. Then again, maybe the world doesn't need yet
another JavaScript framework.

~~~
fiatjaf
That's what was attempted with Greasemonkey and Tampermonkey, wasn't it?
Userscripts and so on.

~~~
wyc
I loved using those tools, but I think many browser extensions today are more
involved than small shim scripts. A lot of them have CRUD operations, data
editing interfaces, css/image assets, etc. I was thinking about something a
bit more composed like create-react-app.

~~~
jacalata
I wrote a grease monkey script that allowed you to annotate a website and save
the notes permanently to local storage. It had all of the above features. The
only real limitation is the sandboxing.

~~~
PrimHelios
Do you have a link to the script? Sounds like something I'd use.

~~~
jacalata
I don't think I have a copy since userscripts died, but on cursory inspection
this Reddit script looks like it does similar things - [http://userscripts-
mirror.org/scripts/review/170091](http://userscripts-
mirror.org/scripts/review/170091)

------
pishpash
Use of excessive resources should be a privileged action, isn't something like
coinhive a malicious vector?

~~~
superkuh
No more than the existing trend of 'web app' entirely Javascript rendered
websites. My solution to both is very simple: I run JS only from white-listed
domains. Sure this breaks many sites but, well, fuck those sites.

~~~
AlexAffe
Someone mentioned a CoinHive Captcha. This is usually when my NoScript
approach breaks. There would be no way around enabling the captcha script,
therefore enabling the miner. Normally I then... fuck those sites, but what if
that's reaaaally becoming a thing and say StackOverflow does it? You would
need some way of adjusting allocated browser resources real fast and precise.
Only way I can think of right now...

------
Philomath
It's funny because just yesterday I was at a hackathon and made AddCoinPlus
[1], a browser extension that uses a very tiny bit of your CPU to mine for
non-profits of your choice. People really loved it because it is your choice
to do so or not, it's not a website making your CPU work for their own profit.

[1]: [http://addcoinplus.com/](http://addcoinplus.com/)

------
SCHiM
Leaving the problem with battery life behind for a moment, this really has the
makings of a perfect solution to the monetization problem imo. It's
decentralized, democratic, etc.

Also when taking the problem with battery life into consideration, if the
website notifies you that it does this you're free to find another website.

------
Animats
_The extension is simply blocking a list of blacklisted domains in
blacklist.txt._

Some way to detect that a non-visible page or service worker is using
excessive CPU time or GPU assets would be useful.

How long until porn sites start doing mining in the background?

~~~
maxencecornet
>How long until porn sites start doing mining in the background?

How long have porn sites _being_ doing mining in the background ?

Remember that porn sites are always the front line of innovation on the web,
some are probably already doing it

~~~
komaromy
> Remember that porn sites are always the front line of innovation on the web

Often stated, rarely with any actual support.

------
helb
Issue at uBlock's GitHub – "[Request for block] Crypto Miners":
[https://github.com/uBlockOrigin/uAssets/issues/690](https://github.com/uBlockOrigin/uAssets/issues/690)

------
fiatjaf
Asking people to mine for you on your website is just like asking customers to
wash the dishes at your restaurant. Even if you have a ton of them it is still
annoying and doesn't pay.

------
drumttocs8
Trading content for processing power seems like a logical and satisfactory
solution to an age-old problem- people wanting free stuff, businesses wanting
to stay in business. I think it's a beautiful example of new economic models
enabled by tech. Are people's main concerns battery life/power usage?

~~~
stordoff
My concern is that I can't leave a tab open long-term without risking a
performance hit. Of course that's also true now (with ads or heavy JS), but
those generally aren't deliberately trying to induce high(er) CPU loads.

~~~
drumttocs8
It makes sense. Maybe a cryptocurrency could be used to symbolize that
transaction, and limit the amount of allowed processing power.

------
thinkloop
I really like the idea of a proof-of-work captcha, but can it work? The hash
requirement needs to be low enough for mobile devices, but scraping and
automation are usually done on powerful servers. Is there an equilibrium where
it's comfortable for end users, but a real deterrent for servers?

~~~
codexon
No there isn't, that's why it won't work.

------
erikb
Imo: instead of a separate extention this should be a maintained blacklist for
ad blockers.

~~~
keraf
From another comment: "The idea was to keep it separate from adblocking. Coin
mining in the browser is a different issue. Where ads are tracking you and
visually interfering with your browsing experience, coin mining, if abused, is
eating your computer ressources resulting in slow downs (from high CPU usage)
and excessive power consumption. You might be OK with that and not with ads,
or vice versa. Or you might just want to keep ads blocked entirely and just
enable the coin mining script for a minute to pass a Captcha. That's why I
believe having a separate extension is useful."

~~~
erikb
I understand, but still I don't want to maintain a thousand separate tools
that basically do the same thing: block websites.

------
oliwarner
Current generation browsers are blocking [bad] adverts and plugins. How long
before we see hard CPU time limits on scripts? I can't imagine it's hard to
implement but what a waste of developer time.

This is why we can't have nice things.

------
einrealist
Is there a way to exploit the miner scripts? I mean in a way: Never trust the
client? If the proof is calculated on the client, how does the server confirm
that the proof is correct?

~~~
slig
Generally, checking the solution is trivial. Hashing billions of hashings to
find what you want is want takes resources.

~~~
einrealist
So when I intercept the script and send a bad proof back, it would not do any
harm? So no [https://xkcd.com/327/](https://xkcd.com/327/) for the bad miners?
I guess, we need browser extensions that just send the correct proof to my own
wallet then?

~~~
slig
The bad proof can be trivially checked and discarded.

If you want the results of the mining it makes more sense to run yourself with
a native miner than run on the browser.

This coinhive thing only makes sense [to run on a browser] because they're
exploiting the resources (hardware and electricity) from the visitors.

~~~
Roshie5u
It is true for checking final solution, but what in case of partial results? I
am not sure about monero but with BTC I could claim I checked range assigned
to me and found no solutions. I guess mining pools have solved it in some way.

edit: I see that Coinhive pays only for solved hashes, so there is no way to
"harm" them, and for website owner it makes no difference if hashes are not
computed at all or invalid results are submitted.

------
amriksohata
Can anyone explain to me like I'm a five year old why would anyone need to
block coin miners on their browser and why they would be mining there in the
first place?

~~~
aembleton
Mining consumes power. If you're on a mobile device, that power is limited and
will result in you having a flat battery sooner than you otherwise would.

They are used because the coins that are mined can be sold and the money used
to pay for hosting and food.

~~~
quickthrower2
I do Eli 5s every day:

Mining makes the battery die quicker.

They are mining to make money so they can buy food.

A silly man pays the bad man money for the tiny baby numbers they find in your
phone when they mine it.

You can still watch Frozen. The battery isn't dead yet.

------
knodi
The only reason i don't like browser based mining for websites is due to it
all being contingent on volume of visitors and not the actual content of the
site.

------
rdiddly
Tried the Chrome extension, but it just toggles between "Enable No Coin" and
"Unpause No Coin." I didn't disable it, but I have to enable it? Repeatedly?
And I didn't pause it, so why would I be unpausing it? Where do I look if I
merely want to find out whether it is currently 1) enabled and/or 2) paused?
And how do I toggle either or both of those? Does it need to be this
complicated?

~~~
keraf
This is a bug that is happening when the background script doesn't run. It
only happened to me in an outdated version of Opera. Updating my browser fixed
it.

It is a very early version of the extension, improvements are on their way.

~~~
rdiddly
I've got the browser sandboxed... and adblocked... and ScriptSafe'd and
sometimes HTML5-blocked... so maybe that has something to do with it too! Will
test it again with all that stuff turned off.

------
cpeterso
How long until a major consumer site like Facebook or Twitter starts mining on
users' timelines? How much could they generate?

------
thsowers
Worth noting that I found jsFiddle running coinscript this morning

------
colanderman
Though I'm opposed to the idea of web sites leeching mining time from me,
honestly it would probably use less CPU than so many websites that deluge me
with video ads…

~~~
PhasmaFelis
Maybe, but I already block those.

------
readams
This would make a lot more sense as a blocklist for ublock than as its own
extension. Actually I wouldn't be that surprised to learn it's already
blocked.

------
oh_sigh
It would be nice if there was some way to integrate charging status into this.
I would be fine donating a few seconds of CPU/GPU time for an ad-free
experience, but I would only want to do it if whatever device I was on was
running off of wall power and not it's battery.

------
adtac
This made me think: I wonder if there are WebAssembly based miners?

~~~
shadowfacts
Coin Hive already uses WebAssembly: [https://coin-hive.com/#hash-
rate](https://coin-hive.com/#hash-rate) (3rd paragraph under 'My Hash Rate
Seems Low').

------
gargravarr
And thus the arms race begins.

------
smegel
The only reason anyone would do this is if you actually wanted to take down
torrent sites.

