Hacker News new | past | comments | ask | show | jobs | submit login
Google Bans Crypto-Currency Mining Extensions from Chrome Store (iconow.net)
151 points by iconow on Apr 4, 2018 | hide | past | web | favorite | 37 comments

Mine got pulled off too. Few days ago my extension got pulled of without explanation. I freaked out, didn't know why, because it was only RSS reader. I had few ideas why it could be so I start fixing them. I mentioned in summary that it is replacement of google reader, which they might not like, so I removed that from description. It was also using google caja sanitizer, so I replaced it with something else. Then there was preset of feeds so I removed them all. I was about to resubmit it next day when they sent me an email that it was removed by accident. They didn't tell why exactly.

Now that I see they are removing cryptocurrency miners it all makes sense. I use SHA1 sum to make GUID of article if it is not present or if it is too long, so that must have triggered their system to mark my RSS reader as crypto miner.

Damn, there goes my favorite RSSGUIDCoin miner.

Interesting because coin miners use webassembly and Google appears to have gone after raw js hashing algorithms.

I strongly believe that extensions stealing resources and power from unwitting users should be banned. However, that many legitimate extensions have also been pulled reinforces that this is a lot of power in one place with no observable external oversight, and it has strong resemblances to how companies such as CloudFlare can ban whoever they want[1].

"Just don't use the platform" is becoming more expensive and less practical for consumers every passing day. The same economies of scale that allow individual Internet companies to effectively dominate markets also confer the power to decide who has access and how, even if there's essentially only one game in town. Anti-trust regulation may experience some interesting evolution these next few years.

[1] https://arstechnica.com/tech-policy/2017/12/cloudflares-ceo-...

What if they tell the users and require user action to begin mining?

It seems pretty rich for a company whose business model revolves around building traps for user data and then using to that data to drive mostly unwanted targeted advertising. Of the three choices:

1. paid services, 2. privacy violation + ads or 3. service uses X% of my CPU,

I'd choose 3 every time. The killer app of cryptocurrencies is monetizing PoW. Someone is going to build the new doubleclick on that and displace google.

I'll choose 4 every time: pay for services I find valuable with real money and use an ad blocker otherwise.

It seems that many of these mining extensions are obvious scams anyway, an other commenter in this thread gave this as an example: https://getcryptotab.com/en/

It's an obvious pyramid scheme. Even if you wanted to mine Monero in your web browser (not exactly the most efficient way I'd wager) why would you share the benefits with some random third party instead of directly joining an open pool?

If you want a laugh I suggest looking at their calculator that (with the default values) tells you that you're going to win $40k if you manage to enroll 10 million people underneath you. Good luck!

This particular extension is the first result when you search "bitcoin" in the Chrome Web Store, with close to 20k ratings (all absolutely genuine I'm sure).

Websites that actually use mining as an alternative to ads don't use extensions in my experience, they simply load a Javascript/wasm miner à la coinhive.

“Even if you wanted to mine Monero in your web browser (not exactly the most efficient way I'd wager) why would you share the benefits with some random third party instead of directly joining an open pool?”

I’d be cool with having a site mine at 35% cpu for the few minutes while I use their site in exchange for no ads and no tracking.

I think this is likely the only way that we can replace the Google/Facebook ad-driven business model that runs the consumer Internet.

But that's the thing, I really don't think what you're proposing has anything to do with what google wants to ban. What you're talking about is already possible using services like coinhive that can be used to embed a miner on your page instead (or on top) of using regular ads. That doesn't require any extension.

These cryptocurrency extensions like the one I linked in my previous post are not used to monetize websites, rather they're just a somewhat regular crypto miner shipped as a browser add-on. You don't use it to pay for browsing pages, you use it directly to mine the currency and earn money. It's probably significantly less efficient than a stand-alone miner but it's easier to distribute that way, especially if your goal is to scam people into integrating your pyramid scheme.

Would it not be better for you (and the rest of the world) if you instead willingly paid them the equivalent portion of your power bill, without actively wasting the resources?

I really don't want the world to devolve into a future where armies of ignored pre-teens with ipads are rapidly accelerating global warming, just so that they can watch clickbait videos and share content in $social_network_vNext, on sites sponsored by "monitising PoW".

Yes, it definitely would. I just think that it’s easier to mine as it basically does that without having a lot of billing in between.

What I think the crypto that sticks will basically be the unit of exchange where people are able to swap cpu, disk, memory without intermediaries. So it’s not speculation, but a real market for unused resources.

In the olden days phone numbers (900-SEXX) could charge you through the phone bill. It was convenient but really high transaction fees. If you could do this with electricity without having a big transaction that would be cool.

Also environmentally friendly as places with high power costs (coal, oil) could easily switch to lower cost resources (hydro, nuke) with renewables.

As a larger publisher, we're getting crap like this every second day by now... thanks to everyone bringing this to a stop, for me the cryptopocalypse can't come soon enough:


Good day to you!

Here is XXX, I am a business manager at Getcryptotab.com - is a bitcoin mining affiliate platform. And we're looking for publishers who are ready to help us to promote this project in exchange for high rates for you ;)

How it works - a user installs google chrome script and mines bitcoins, invites new users by a referral link and multiplies his earnings.

And we're looking for ad placements of a fixed banner with a direct link to our project.

We're ready to discuss the rates which will satisfy you and other different options for our convenient and profitable cooperation.

So please, add me on Skype and let's discuss.

Looking forward to hearing back from you and wish you have a great weekend!

-- Regards,

XXX Business Manager

>in exchange for high rates for you ;)

Anyone using winky face in a cold email like that should be slapped.

If you send me a winky face in an email, you're probably thinking, "I'm being cute."

When I receive a winky face in an email, I'm thinking, "I need an adult!"

He didn't say which "high rates". Maybe high rates of angry visitors? High rates of lawsuits? :)

Meh ... I use emoji all the time in my professional communications. If you don't like them, don't use them -- pretty simple ;)

Expand that to any usage ever and I'm on board with this policy

I agree ;-)

These people might be allowed to do what they do, if they were upfront about what they are doing, but in most cases they plug-in is fronting as something else and unbeknownst to most users, it's doing something else beside the stated purpose.

As they say, this is why we can't have good things, because someone will be unscrupulous and will take advantage of social norms.

I wonder if they will leave the door open for sites which "recoup" their costs/pay the bills via mining, if they are upfront about it.

From the statement, seems they might not, given "The company will however continue to permit extensions designed for blockchain-related purposes that do not involving _mining_ in the web store. " and "Google’s decision reverses its policy so far of allowing crypto-currency mining extensions in its Web Store so long as that was the extension’s sole purpose and users were adequately informed of the extension’s purpose."

So mining of any kind appears to be out. So much for an alternative to other micropayments systems.

> These people might be allowed to do what they do, if they were upfront about what they are doing, but in most cases they plug-in is fronting as something else and unbeknownst to most users, it's doing something else beside the stated purpose.

And where extensions were really just mining cryptocurrency, they were often clearly made to be deployed on systems the user wasn't authorized to use that way. For example, from the description of one Monero miner extension:

> The extension is anonymous and untraceable [ghost emoji] and you can use it on any amount of computers [personal computer emoji] The more processing power, the more money you get. Install the extension at home/work/school and win Bitcoins [money bag emoji]"

-- https://chrome.google.com/webstore/detail/bitcoin-monero-min...

Here's the official post from Google: https://blog.chromium.org/2018/04/protecting-users-from-exte...

Note that extensions that secretly mined cryptocurrency in the background were already banned from the Chrome store. The change here is that now Google's no longer going to try to discriminate between extensions that secretly mine cryptocurrency in the background from extensions that fully disclose that behavior. (Presumably because it's easier to automate enforcement of the rules this way.)

I see the fact we can now easily trade cpu power for currency to have many more unexpected effects.


One of the many reasons this behaviour is so scummy is that for popular cryptocurrencies, one very quickly reaches the point where £1 of electricity spend CPU mining produces much less than £1 of "currency". Economically, it only makes sense if you're exploiting many unaware users.

Isn't mining in a browser a direct threat to their ad-driven business? If you get rid of ads in exchange of some spare CPU/GPU cycles, their business model would no longer be relevant; no wonder they would love to ban it. I'd however gladly exchange it for ad-free websites.

Not at all. In-browser cryptomining is not even within an order of magnitude as lucrative as ads (probably not even two orders of magnitude), and users actively despise having the browser slow to a crawl because these are in the background. It's far worse for users than standard advertising.

Even though it’s much less lucrative than ads, it can still disrupt google. It’s work examining the equivalent of mining in CPM terms to compare.

But precisely why it’s less lucrative is why it’s a threat. Remember when Napster came out and the argument was “they’ll never make as much money as the record industry?”

For new entrants making an order of magnitude less is perfectly fine because they are a new market. Why would they care if google loses $1B in ad revenue if they make $100M. Especially since you don’t really need a market maker like Google matching ad buyers to content makers, the $100M can go directly to content creators running sites.

The payout for Adsense is super low for display. They don’t reveal the payout ratio for clicks, but I expect it’s 10-30%.

So for comparison for $1B in current AdSense payout to content sites, content creators only get $100-300M based on clicks.

If you replaced this with crypto miners then you only need 10-30% payout from browser miners in order for content creators to break even. But ad in all the readers who never click (like me, the ads are not relevant) this gets more attractive.

If google is smart, they do recognize this as a threat.

Given that every day more people browse the web on relatively weaker handheld devices running on batteries I have a hard time believing that most people will be fine with having websites drain their batteries and if it becomes commonplace I expect that many people will block them.

And remember that mining is effectively a zero-sum game, the more people mine the harder it becomes to mine. It effectively means that every new websites who switches to mining for monetization makes it less valuable for all the other websites already doing it since you're all sharing the same cake.

These are good points, but the mining is really minimal. Considering that I’m content sites I run, I make less than 1 cent per visitor for an average 4 minute session. 75 of sessions are between 3-8 minutes.

So I don’t need to mine a ton, just a little bit. I would actually be cool with a micro transaction program where I just paid them a penny if I thought the visit was worthwhile.

I really liked the flattr model.

> is effectively a zero-sum game

That's only true for deflationary currencies. One can conjure up an ad-replacement currency, let's call it impre$$ion, that would be inflationary and perhaps linearly related to the time spent on the page regardless of computing performance of a viewer (though some viewers might be more valuable than others, e.g. those running iOS). Then there could be a separate market/stock-exchange for impre$$ions, replacing ad income. I wouldn't be surprised if something similar was in the works already.

There'd be no reason whatsoever for such an imaginary currency to have any value.

How many orders of magnitude more lucrative is cryptomining than users with adblock?

Users knowingly doing cryptomining are probably in the 90%+ adoption rate neighborhood of adblock.

Finally, if users had even an inkling of how their data is bought, sold and aggregated, they may very well prefer a sluggish browser. Maybe not, but it's certainly not a forgone conclusion.

Many adblock users like myself would happily browse with any number of ads, if I could block the tracking by itself.

But cryptomining in browsers is highly inefficient. No user likes their laptop's or desktop machine's fans going crazy when visiting a site. Regardless if the reason is cryptomining or some stupid javascript code.

Google should be much more concerned about stuff like BAT (Basic Attention Token).

TPB has implemented miners over ads and I have absolutely no issue with that whatsoever. I rather have the folks around me hear fans spinning than random russian lady dancing in my browser.

For some, it could very well be an alternative.

Without ad blockers my fan frequently kicks in from flash/js ads. I frequently have to kill tabs like YouTube and even Reddit for hitting high cpu just from doing dumb stuff.

I still visit those sites anyway.

I hate ads but i'd prefer them to this.

This reads like it was written by someone with very little understanding of what they are talking about, drawing connections where there are none, namely but not limited to email malware and chrome extensions.

I agree that the article is conflating a couple of things:

- chrome extension that have the sole purpose of mining

- chrome extension that covertly mine cryptocurrencies

- malware that has nothing to do with chrome extensions and that mines cryptocurrencies

I'm not sure why you're being downvoted here, but I guess it's because your post comes off as a bit dismissing.

This reads like it was written by someone drunk off the cryptocurrency koolaid.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact