Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Coinhive – Embeddable JavaScript Crypto Miner (coin-hive.com)
212 points by pr0gramm on Sept 14, 2017 | hide | past | favorite | 97 comments

This is much better than I thought it would be. I wonder how many commentors actually tried the demos.

Two of the three ways I could see on the page to use it involve delaying the user slightly (while doing a proof of work) after a checkbox or link is clicked. Not constantly running in the background. The one that does constantly run requires clicking a play button, which seems "opt-in" to me.

They also have some revenue numbers on there. Though no details on the traffic other than it peeked at 2,000 simultaneous users so that's hard to quantify with the data.

One big question actually is if you use the captcha system, is it actually effective at proving you are human?

Also, the short link one is a little stealthy. But overall it only delayed my experience by a couple seconds so I probably wouldn't care unless it happened very often.

> This is much better than I thought it would be. I wonder how many commentors actually tried the demos.

In what way is it better than your expectations?

(For me, it behaved as expected: immediately maxed my CPU load and spun up the fan)

My expectations were pretty low. I was expecting it to be doing something with the user's consent or using some sort of UX anti-pattern to trick the user into doing it. I was pleasantly surprised.

As far as performance. It didn't do enough to spin up my fan. My CPU only went to 30% (inclusive of all the other apps I have running (using Chrome on OS X).

I was under the impression most browser limit how much CPU the Javascript thread can use because of the good old days when writing a tight infinitely loop in Javascript could freeze someone's computer.

That's not entirely the case. Just this weekend I managed to crash my browser multiple times after forgetting to clamp a loop that ran multiple canvas operations. CPU shot steady to 100% and my entire system locked up for a bit.

I'm also curious about the Captcha. It's a great idea, but what's to say that bots won't be able to run it as well?

It isn't that bots can't do it, it is that they must waste significantly more resources than they would otherwise.

they are able to run it but at high costs. deterring some spammers in some cases.

I'll try it right now on a website with 1k visits per day, with 40 seconds session average.

I will report back in a few days

I guess <6 cents per day, let me know if that was right or not.

I will !

And post / re-post: "I tried that crypto-coin ad alternative thing and you won't believe these results!" ;-)

>And post / re-post: "I tried that crypto-coin ad alternative thing and you won't believe these results!" ;-)

Haha, according to what I've gathered for the few past hours, it seems that ads are still way more viable. But I'll write my conclusions in 3 days

"3 days ago" ಠ_ಠ


"6 days ago" ಠ_ಠ

I kinda wanna try it on ours... We have 1.5 million sessions a day with ~50 minutes average session duration.

Full 100% load on all CPU threads success ;)

Use of Monero (XMR) is an interesting choice. Monero is quickly being adopted as the coin of choice on dark net markets due to its builtin anonymity features. But dedicated third party-services such as escrow, multi-sig, etc have not kept pace with user demand. There seems to be an open window of opportunity for Monero centric contracts and payments.

This is definitely an interesting POC and makes an interesting case for why XMR might be ideally suited technically for web microtransactions. With the obvious caveats about hijacking browser performance being opt-in only that others have pointed out of course. Keep going!

This idea has been tried before (https://hashcash.io/). Question for the developers:

1. How is this attempt different from HashCash, aside from using Monero?

2. What are you going to do if and when people develop counter strategies to bypass having to do the work?

> 1. How is this attempt different from HashCash, aside from using Monero?

I've never heard of either service, so I checked out both. One big difference between the two is that I knew pretty quickly what Coinhive was and how to use it, but I could never figure out what the heck HashCash does. I suspect if I clicked on one of their many "buy access to the API" links I may get more info, but that's not very cool.

to answer to question 2: I guess they could limit hash rate result by IP address.

I think GP is talking about the case in which people kill off the mining script, so that it doesn't mine, after the side loads. I.e. ad-block for sneaky cryptocoin miners.

Indeed I did not understand it in that way, It took so long for adblock to be a thing that I think it is a non issue for now.

What a great idea. Seems like a disruptive new revenue model for sites with good content. I wonder if it will be co-opted for use by sites offering pirated content, which raises interesting legal/ethical questions since Coinhive keeps 30% of the mining profits (i.e., are they accomplices of the pirates since they are profiting from the illegal acts?)

In theory it could be a revolution I guess, in practice I'm not sure it would mine enough coin and so generate enough income to be worth it.

But having an equivalent using GPU in application like games may be profitable.

looking at how GTA V utilizes all 4 cores on various CPUs, always hovering at 80-100%, I already suspect that they use gamers' PCs for mining

Or maybe they simply alter the rate of some CPU-bound simulation components within the open world?

I really like this. Not 100% sure how much a user can actually earn in say a 30 minute period but definitely going to try and add this as a form of monetisation in one of my sites and see how users respond.

I wish you could ask for money directly instead of inflicting the payment on me through my power bill...

Opt in would be the best of both worlds - you can have ads disabled as long as you run this, or access is discounted if you run this.

Doesn't have to be your power bill ;) (e.i. public library, work)

What are your stats looking like?

Cant imagine that anyone blocking ads wouldnt also block this

Some people block ads because they don't like the tracking that comes with it. When asked to add a site to the whitelist to support it the downside is that you will be tracked.

Why? It isn't an ad. Most users block ads because they find ads annoying, not because of script bloat.

I would definitely block it, simply because the browser isn't the only application running on my computer.

I don't know about everybody else but script bloat, and its implications for performance in generally and scrolling smoothness in particular, are the main reason that I block ads - the visual distraction is a secondary factor.

I use uBo for performance and battery savings

Aren't we blocking ads to cut websites's revenue streams?

Yeah you can be sure as shit I'm going to avoid any site that plans on thrashing my CPU.

Just an advice, on your landing page, you have a miner ui, showing the hash rate.

I wonder if you can change the hash rate to something more understandable, such as USD/hr?

The captcha thing is great. I'm tired of annotating Googles Machine Learning Datasets for them!

I was playing with my own Proof-of-work a couple years ago with a pause every X ms so we don't lock the browser while doing the calculations. If someone want's a simple introduction to basic hashing on the clientside here is a simple implementation: https://gist.github.com/Xeoncross/d5a9482e5231db62fb87

coin-hive/Monero would solve a lot of issues with simple MD5/SHA1 implementations like mine (like bot GPU's blowing through any kind of hashcash challenge).

I run the demo miner on the coinhive landing page for about 1 minute and chose 1 thread (my laptop has 4 threads). I then noticed that the 100% cpu load kept rotating between the 4 threads that my cpu has. Is this a common behavior in cpu mining (because of cpu pipelining) or is this a feature that the developer implemented? How does this affect the cpu performance and general work load? Is it possible to edit the script to target 50% cpu usage on all threads? Please excuse my ignorance.

It's common behavior of most operating systems, tasks are not kept scheduled on the same CPU (unless configured).

It's creative approach to content monetization that solves some of the problems associated with ads, such as visual clutter. But mining is a computationally intensive process. So, in a world where this became commonplace, I can't see how you could have more than a few websites running on the client, contending for CPU power, without the end-user experience ending up being severely affected - and the revenue that content makers end up getting out of this as well.

It's taking more than a minute for me to sign up on Coinhive because of the proof-of-work in their registration form.

Definitely a no-no for computers older than 3 years.

Used the library to create a crypto charity. All mined currency will go to the top charity people mined for.


This is a really good idea, but I'm not convinced of the Crypto mining side of it.

Why not just build a system that allows customers to buy and sell CPU resources, in a similar way to how a ad network allows customers to buy and sell ads?

That exists (for crypto mining). https://www.nicehash.com/

I'm actually working on a project that does that!

i guess because the consumers might not always be tech savvy. they just want those items/coins/rewards in whatever game/app they are playing/using. a minor pop-up about the mining stuff wouldnt bother them (although app perf might be affected). that's how i see it.

I think this is a really great idea! I'd rather have sites do this then bombard me with 10000 banners. Sure it increases my CPU load but I'd argue it reduces my cognitive load!

I really like this, as there is opt in consent. Perhaps you could default the number of threads to `navigator.getHardwareConcurrency -1`

How much does this earn per user per minute, on average?

Any estimtes?

to earn 0.01 USD you need 1MH at the moment. In my browser I can generate 25H/S so about 44 days on one browser to generate 1$

I tried double checking this math but I have a question on this.

Coinhive says their formula is:

(<solved_hashes>/<global_difficulty>) * <block_reward> * 0.7

and then goes on to give an example of:

(<solved_hashes>/29275633095) * 6.51 XMR * 0.7 = 0.000156 XMR per 1M hashes

Does this mean the original formula (XMR gain) is actually per million solved hashes (instead of per solved hash)? If so, it seems like a million hashes would only give you 0.0000000001556584613 XMR ($0.00000001519798996).

If that payout formula is actually per hash (and if so, why do they say "per million hashes" in the example?), you'd end up with a much more reasonable 0.0001556584613 XMR ($0.015 at $97.64-monero).

Am I just reading their site stupidly wrong (and/or do I just have a gross misunderstanding of how this all works)?

They also say they were able to generate $2k in 2 weeks with an avg of 2,000 users...

Using the Monero prices I looked up right now it seems more like 21 days. Not that it really is meaningfully better.

2,112 users 30 minutes on your site

I'm confused how they say they had 2,000 users and generated $6k in 2 weeks.

Also, they say that they had 120KH/s hashing power on average with 2k users.

Or maybe just some great computers filling the hallowed halls.

I see this as an excellent way to monetize views and fairly good tradeoff.

The issue I see with it, mobile (I tried) is around 10x less. So while it works for desktop, for mobile it would be challenging to use this, on top of draining battery etc.

However, this is probably one of the rare unique ideas how to monetize users presence on the site, and as such I welcome it and look forward to see how it will develop.

In Chrome I didn't notice that tab being out of focus decreases load, so it would work for as long as the site is open.

Wondering if it's possible to use GPU instead of/in addition to CPU and what would be the impact on performance of site.

WebCL/WebGL and stuff is there, but you will have to go through supporting 20 different "standard compliant" implementations

How do I self host this? I can't deal with the type of overhead needed for validating the captcha across the network..

Can this run in the background without affecting the user? Eg: the UI lagging, laptop fans turning to max, etc.

There's throttling settings.

running it makes my laptop fans turning to max

I've heard some using MinerGate web mining in this way. Now, those same people can use Coin-Hive.

Running on 2015 Mac with Chrome, I got 75 H/s

At the current exchange rate, that's about $3.78/month.

If this is not clearly opt-in I wish those responsible for using it on their site a slow and painful death.

Performance and bloat in browsers are a huge problem and having this constantly running in the background (without consent) is an absolute nightmare.

I agree that there should be some sort of notification but other than that, I actually find this idea quite sympathetic. If you read my site, you can pay me by mining for me. It requires no extra effort on your part -- no credit card or micropayment login etc., and the longer you spend on my site, the more you pay. The exchange of value seems more clear cut that ads.

I have tons of sites opened 24/7. If yours happen to be loaded and you try to exploit my machines resources I will be quite pissed.

That's fair.

I suppose a more polite version would run only when the tab is in focus. But as has been pointed out, this doesn't seem feasible because of the tiny amount of value generated so I think it's an interesting idea to explore more than anything else.

Browsers throttle not active tabs.

Surely it's horrendously inefficient? That means my costs are much higher than the benefit you get from me, and a lot of energy is wasted.

2-5 cents per 24 hours of a user being on your site seems like a bad tradeoff for the downsides.

2-5 cents per 24 hours seems fairly equivalent to ads, actually.

Ad CPM (or more appropriately, RPM) seems to average somewhere around $2.50 (that's per thousand impressions). If these thousand users were on the site for 24 hours, that would be $20-$50, a more realistic scenario would be users on a site for a few minutes, generating comparable revenue to ad impressions.

On my desktop (which, not coincidentally, is where you'd have the best results trying to mine cryptocurrencies), I would honestly prefer this over tracking cookies, obnoxious and intrusive ads, extra network connections, and all that crap. And I run an ad-blocker, so this will let you get some revenue while ad RPM will be 0. On my phone or laptop using battery power, you're not going to have any success mining and I'm not going to want this. (I also run an ad blocker on those, so...yeah).

Your comparison doesn't take into account that 24 hours here means the user had to keep your tab open for 24 hours to make 2-5 cents.

That's nothing like ads.

Also, if the payment was higher than fractions of a cent, people would start "freezing" the site the moment it loaded - just as, back in the day, we disconnected our phone line modems as soon as the page we needed finished downloading, to avoid paying the phone company for time not spent transferring data.

With US electricity prices.

German electricity prices are north of 40¢/kWh. This is significantly more expensive.

I calculated the site owners profit, not the cost to the user.

network calls for tracking and ads is already a huge performance problem on most sites, but it is still a thing

No reason not to treat it just as badly as attempts to mine bitcoin off your CPU. Both of those waste your resources, for someone else's profits, without your consent.

Devils advocate here.

Isn't just visiting the site giving consent to allow the sandbox (browser) to be utilized as the site directs?

This is an extreme case, granted, but it's still within the bounds of the sandbox.

Perhaps we'll have a new browser setting soon to throttle this type of thing instead of having to go whole hog and turn of JavaScript.

The implied consent is based on trust. The browser is my user agent, it is meant to interpret the data that it gets from HTTP stream the way I want it. I let it do the things as specified in the received data (i.e. by you), because I trust that you're not an asshole and will not abuse that power.

Unfortunately, there are plenty of assholes on-line, who decided to abuse the default behaviour - so now we have ad blockers and reader modes.

Ultimately, it is (by intention and design of the HTTP protocol, and computer networks in general) up to me what I do with the data - if, how, and which parts of it I decide to process.

It is giving consent, in some sense. But make a popular website use visitors' browsers to launch a DDoS attack and you'll find that "anything goes as long as it's the bounds of the sandbox" doesn't really apply.

Apart from that, people can easily take a different view altogether. When I visit a site, I download some bits. Doing so I don't consent to anything -- what I do with these bits is up to me.

So, what would I need to change to mine on my account rather than their account. I like their home page top fold but I want to mine for myself. The service must be going through a pool of some sort?

I love this idea, congratulations on the launch.

This is a brilliant idea! I could see it being used with Nimiq- a project in development for a browser-based blockchain...This could provide more profitable mining.

This is also the direction I wanted to see BAT to go in- getting rid of paywalls and ads in exchange for a basic return to the publisher and user based on duration spent on the site along with interaction.

why not webassembly? it could be ~10 times speedup.

It's actually using webassembly if available, otherwise it fallbacks on asm.js

>If true, the miner will always use the asm.js implementation of the hashing algorithm. If false, the miner will use the faster WebAssembly version if supported and otherwise fall back to asm.js. The default is false.

Source : https://coin-hive.com/documentation/miner

that's great.

This is a novel method of monetisation. Instead of a paywall users could have the option to mine for the duration of their use of the content.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact