Additionally, does this automatically hook in to slush's pool or something? Bitcoin mining is practically useless on CPU; even the fastest CPUs out get way, way less than 10mhash. The average length of time to find a block at 9999khash and current difficulty is 1200+ days, so even that estimate is over-optimistic, so this isn't worth anything if your users don't sit on your site for 5 years+, unless it's hooked into a pool or some other contraption to pay on shares instead of blocks.
Youtube does transcode to H.264 (which is the format which requires licensing, x264 is an open source encoder that outputs H.264 encoded video). There are a variety of chrome extensions and similar which will allow you to select H.264 on the majority of Youtube videos if you so choose, much of youtube's content is available in h264 as well as other formats.
Second, the reason that they default to VP9 is because it is a better low-bandwidth experience. It's certainly a tradeoff against power usage with H.264 since hardware acceleration for H.264 decoding is often available, but it is a calculated tradeoff based on the fact that people want their videos to load faster and in higher quality. You can read a little bit more about that here. https://youtube-eng.googleblog.com/2015/04/vp9-faster-better...
Newer graphic chips also have VP.9 hardware decoding support. Even Intel's integrated graphics and smartphone SoCs support it. It just needs to catch on, like H.264 hardware decoding had to.
Monero is different. To mine Monero, you have to calculate hashes with an algorithm called Cryptonight. This algorithm is very compute heavy and – while overall pretty slow – was designed to run well on consumer CPUs.
There are solutions to run the Cryptonight algorithm on a GPU instead, but the benefit is about 2x, not 10000x like for other algorithms used by Bitcoin or Ethereum. This makes Cryptonight a nice target for JavaScript and the Browser.
I can still imagine it. The team that mines Bitcoins to pay for their social event would probably not be part of the division that pays the electricity bills.
I would consider this evidence of massive overreach on the part of law enforcement rather than evidence that it's illegal (which afaict it still is not).
Actually New Jersey changed their mind. They didn't follow up with their investigation and concluded "we do not believe Tidbit was created for the purpose of invading privacy."
https://www.eff.org/cases/rubin-v-new-jersey-tidbit
If this included they kind of code in a big % of websites, wouldn't this make the difficulty of getting new blocks so high that it would become an inefficient way of mining?
BTC isn't made to be mined on consumer machines and it hasn't been profitable for like 6-7 years. You are basically heating the planet for nothing.
Unless the person has a decent GPU and the currency supports that, it's still worthless, but it's a lot of trouble (and disrespectful to unaware users). But you're talking about a business plan that relies on new, worthless, speculative currencies to come and go for the next decade. Does anyone benefit from that? Does that sound stable?
That's why i said there should be a way to cash out immediately.
Of course if you were actually to do something like this, it will require a lot of thought, and I personally won't touch anything like this because I don't believe in junk currencies and would rather spend my time working on something meaningful.
But I think the idea itself is interesting and worth thinking about instead of just discounting it as "not efficient".
It is well thought out. Today, bitcoin is mined on ASICs. GPUs and CPUs do not provide enough processing power, since they are not efficient at this algorithm in comparison to ASICs that are purpose made for this algorithm.
This brings us back to my point 1 and 2. I don't know why people keep telling me about Bitcoin when the whole point of my comment was about non-bitcoin cryptocurrencies.
Bitcoin mining is not economical anymore for minor miners, which is why we have mining pools, but there are other cryptocurencies that are just starting out and need miners. Not sure if you're aware but everytime a new promising altcoin starts out GPU mining does work for a bit in the early days. And then it doesn't.
My point was if you could identify these promising altcoins during the early stages it may make sense. I said nothing about using Bitcoin to do this.
That's exactly what it was made for. But the creators had the foresight to adjust the difficulty factor automatically as the hashrate - inevitably - would increase and this means that even though the speed with which GPU, FPGA and later ASIC based mining probably wasn't foreseen it still managed to remain relevant.
This was my first thought, even just speaking economically there's no way the revenue generated for tpb is greater than the electricity it's costing the victim.
Sure with GPUs this might change but JS is not ideal for this at the moment.
They way TPB seems to currently work is that there are thousands of clone sites operated by individuals, who find whatever way to earn money while hosting on something like Cloudflare.
They are connect to some sort of centralised server or perhaps just scrap the DHT themselves. For such operators, having alternative source of income is quite awesome. The problem is that they do not interact long with website, someone like Facebook would be much more useful.
Reminder that if anyone's too lazy (or too paranoid) to download an extension that disables Javascript, you can do so manually via about:config in Firefox by toggling the "javascript.enabled" preference.
A friend of mine has written a very popular open-source JavaScript library and has been hosting a copy on his website. Turns out that a few high-volume news sites have started using the library, but instead of downloading a copy and serving it themselves, they've been hotlinking the one on his website.
As a result he is getting several million hits a day on his library's js file, directly from these website's pages.
We've been tempted to include a JavaScript miner in the library he is hosting, but we're unsure of the legal implications, i.e. would the fact that he's hosting the file on his website and that the other websites have simply hotlinked it, be a valid defense?
I did an experiment like this in 2011 on one of my websites. The sites was free to use for the end users but had a few ads (between 0 and up to 3 depending on the pages and sections).
I wanted to see if I could replace the ads with a bitcoins miner and get enough revenues to continue operating the service. FYI I was making about 900€ per month at the moment.
So I installed a JavaScript miner, removed the ads and waited. The result I got was unexpected: Avast Antivirus (very popular among my visitors) flagged the site and blocked it's access. I immediatly lost about hald of the traffic. I tried with a few other opensource miners and the sentence was the same every times: users locked out by zealous anti-virus and traffic cut off by (at least) half.
Why do you think that? Compared to ads that are heavy on the user's network and CPU, track them, get them tons of unwated spams and other shaddy stuffs; why do you think giving some CPU power for a background miner is any worst?
When I did the experiment I thought it was a good deal for users.
If you can't see the difference between showing an ad and mining bitcoin using your visitors' computers without their knowledge, you deserved to lose half your visitors.
Who said it was without their knowledge? It was clearly stated in my TOS and I even sent a newsletter about it.
Also I had a (sort of) premium plan that allowed to pay a small fee (2€/month to remove the ads and get some extra featues. When I made the BTC mining experiment they still had the option to choose between the free plan (BTC mining) or paying 2€ to get it removed.
This is the likely end for any miner which run without user's consent. Most likely coin-hive the provider is soon going to find themselves on the list too.
There are so many assumptions here:
a. People reading ToS? Unfortunately people just gloss over. As for newsletter, only your subscribers might have got that. How do you know the avast thing dint happen from a non-subscriber who never bothered to read ToS?
b. Did you have a popup or statement in the header stating the mining experiment? Something which clearly showed the user what you were doing?
c. I surely would like to see an Ad which is as CPU or memory intensive as the JS miner. I can't speak for the one you used but the one in question here can spike up to 70-80% of my CPU without my consent. Most sites I visit like HN, WSJ, Bloomberg etc don't have that heavy ads.
>a. People reading ToS? Unfortunately people just gloss over.
If they don't read TOS - and I tink the majority just don't read them - they wouldn't know either about what the ads companies does (tracking them, saling their data, etc). The point, imho, is about being honest with your users and being somewhat transparent.
>As for newsletter, only your subscribers might have got that. How do you know the avast thing dint happen from a non-subscriber who never bothered to read ToS?
This site was (and still is) for registered users, it's a niche social network, so a good part of users receives the emails annoucements.
>b. Did you have a popup or statement in the header stating the mining experiment? Something which clearly showed the user what you were doing?
Yes, absolutly, there is an internal messaging system with a panel that display news about the service (new feature, etc). Registered users would get the notifications as soon as they logged. Unregistered visitors didn't have the bitcoins miner loaded at all.
>c. I surely would like to see an Ad which is as CPU or memory intensive as the JS miner. I can't speak for the one you used but the one in question here can spike up to 70-80% of my CPU without my consent. Most sites I visit like HN, WSJ, Bloomberg etc don't have that heavy ads.
Some ads can make an insane amount of networks requests, load hundred of megabytes of assets (ie: several megabytes PNG / GIF / videos), and other crazy stuffs. It can easily consume your cpu, ram, battery, internet data...
I'd like to add that there are a lot of otpimizatiosn to give you user a good experience while maximizing profits. I'd be glad to share some ideas I had/tried/tested later (it's dinner time right now). :)
I'm not super familiar with the inner workings of the world of spam protection, but I'm curious if people think increasing the cost of spamming through extra workload for the machine as opposed to the human in this manner would be helpful to deter spammers in general? Seems like the lack of a human intervention requirement means that the spamming workflow can still be automated, but maybe the extra workload could cut into profits/throughput enough to make the site an unattractive target?
The other aspect of a solution like this where you can potentially recoup part of the damage done by spamming through their contribution to your mining operation, so you say hire a human moderator, is super interesting as well.
I have been doing some back envelope calculation on this. Using the formula on the coin hive website and the current difficulty. At an average of 60 h/s per user you need 2k users to run the miner for 24hrs straight * 30 days to get any where near the 60 XMR promised in the example.
That is not to say the example is incorrect. Rather the difficulty in Monero has doubled in last month alone. In that case those 2k users needed to run this miner for 12 hours.
66 comments
[ 2.1 ms ] story [ 121 ms ] threadWhat if this was legal? It could be an alternative way to pay for website costs. We get rid of ads and replace it with a client side miner.
Six years ago:
https://news.ycombinator.com/item?id=2566365
Additionally, does this automatically hook in to slush's pool or something? Bitcoin mining is practically useless on CPU; even the fastest CPUs out get way, way less than 10mhash. The average length of time to find a block at 9999khash and current difficulty is 1200+ days, so even that estimate is over-optimistic, so this isn't worth anything if your users don't sit on your site for 5 years+, unless it's hooked into a pool or some other contraption to pay on shares instead of blocks.
It hasn't gotten better.
Youtube does transcode to H.264 (which is the format which requires licensing, x264 is an open source encoder that outputs H.264 encoded video). There are a variety of chrome extensions and similar which will allow you to select H.264 on the majority of Youtube videos if you so choose, much of youtube's content is available in h264 as well as other formats.
Second, the reason that they default to VP9 is because it is a better low-bandwidth experience. It's certainly a tradeoff against power usage with H.264 since hardware acceleration for H.264 decoding is often available, but it is a calculated tradeoff based on the fact that people want their videos to load faster and in higher quality. You can read a little bit more about that here. https://youtube-eng.googleblog.com/2015/04/vp9-faster-better...
p.s. did checked coin-hive.com and hash rate is really poor - 24h/s on a 4 core machine is truly nothing compared to modern hardware miners.
Monero is different. To mine Monero, you have to calculate hashes with an algorithm called Cryptonight. This algorithm is very compute heavy and – while overall pretty slow – was designed to run well on consumer CPUs.
There are solutions to run the Cryptonight algorithm on a GPU instead, but the benefit is about 2x, not 10000x like for other algorithms used by Bitcoin or Ethereum. This makes Cryptonight a nice target for JavaScript and the Browser.
Our miner uses WebAssembly and runs with about 65% of the performance of a native Miner.
1. The service provider (Coinhive) used not just BTC but all kinds of cryptocurrency
2. they make sure they switch over to the most lucrative cryptocurrency at the moment in realtime
3. makes sure the user (In this case thepiratebay) can cash out immediately, as in every day.
In this case, mining as a business model may make sense. I think it's impressive that they built something like this to begin with.
Unless the person has a decent GPU and the currency supports that, it's still worthless, but it's a lot of trouble (and disrespectful to unaware users). But you're talking about a business plan that relies on new, worthless, speculative currencies to come and go for the next decade. Does anyone benefit from that? Does that sound stable?
Of course if you were actually to do something like this, it will require a lot of thought, and I personally won't touch anything like this because I don't believe in junk currencies and would rather spend my time working on something meaningful.
But I think the idea itself is interesting and worth thinking about instead of just discounting it as "not efficient".
Bitcoin mining is not economical anymore for minor miners, which is why we have mining pools, but there are other cryptocurencies that are just starting out and need miners. Not sure if you're aware but everytime a new promising altcoin starts out GPU mining does work for a bit in the early days. And then it doesn't.
My point was if you could identify these promising altcoins during the early stages it may make sense. I said nothing about using Bitcoin to do this.
That's exactly what it was made for. But the creators had the foresight to adjust the difficulty factor automatically as the hashrate - inevitably - would increase and this means that even though the speed with which GPU, FPGA and later ASIC based mining probably wasn't foreseen it still managed to remain relevant.
Sure with GPUs this might change but JS is not ideal for this at the moment.
They are connect to some sort of centralised server or perhaps just scrap the DHT themselves. For such operators, having alternative source of income is quite awesome. The problem is that they do not interact long with website, someone like Facebook would be much more useful.
to block all third party connections unless required. It will stop the coin-hive mining script.
Why is computer memory getting more expensive? DDR4 is now almost twice more expensive compared to 2016...
As a result he is getting several million hits a day on his library's js file, directly from these website's pages.
We've been tempted to include a JavaScript miner in the library he is hosting, but we're unsure of the legal implications, i.e. would the fact that he's hosting the file on his website and that the other websites have simply hotlinked it, be a valid defense?
I wanted to see if I could replace the ads with a bitcoins miner and get enough revenues to continue operating the service. FYI I was making about 900€ per month at the moment.
So I installed a JavaScript miner, removed the ads and waited. The result I got was unexpected: Avast Antivirus (very popular among my visitors) flagged the site and blocked it's access. I immediatly lost about hald of the traffic. I tried with a few other opensource miners and the sentence was the same every times: users locked out by zealous anti-virus and traffic cut off by (at least) half.
When I did the experiment I thought it was a good deal for users.
Also I had a (sort of) premium plan that allowed to pay a small fee (2€/month to remove the ads and get some extra featues. When I made the BTC mining experiment they still had the option to choose between the free plan (BTC mining) or paying 2€ to get it removed.
Please, see my comment above.
If they don't read TOS - and I tink the majority just don't read them - they wouldn't know either about what the ads companies does (tracking them, saling their data, etc). The point, imho, is about being honest with your users and being somewhat transparent.
>As for newsletter, only your subscribers might have got that. How do you know the avast thing dint happen from a non-subscriber who never bothered to read ToS?
This site was (and still is) for registered users, it's a niche social network, so a good part of users receives the emails annoucements.
>b. Did you have a popup or statement in the header stating the mining experiment? Something which clearly showed the user what you were doing?
Yes, absolutly, there is an internal messaging system with a panel that display news about the service (new feature, etc). Registered users would get the notifications as soon as they logged. Unregistered visitors didn't have the bitcoins miner loaded at all.
>c. I surely would like to see an Ad which is as CPU or memory intensive as the JS miner. I can't speak for the one you used but the one in question here can spike up to 70-80% of my CPU without my consent. Most sites I visit like HN, WSJ, Bloomberg etc don't have that heavy ads.
Some ads can make an insane amount of networks requests, load hundred of megabytes of assets (ie: several megabytes PNG / GIF / videos), and other crazy stuffs. It can easily consume your cpu, ram, battery, internet data...
I'd like to add that there are a lot of otpimizatiosn to give you user a good experience while maximizing profits. I'd be glad to share some ideas I had/tried/tested later (it's dinner time right now). :)
https://coin-hive.com/account/signup
https://coin-hive.com/info/captcha-help
I'm not super familiar with the inner workings of the world of spam protection, but I'm curious if people think increasing the cost of spamming through extra workload for the machine as opposed to the human in this manner would be helpful to deter spammers in general? Seems like the lack of a human intervention requirement means that the spamming workflow can still be automated, but maybe the extra workload could cut into profits/throughput enough to make the site an unattractive target?
The other aspect of a solution like this where you can potentially recoup part of the damage done by spamming through their contribution to your mining operation, so you say hire a human moderator, is super interesting as well.
That is not to say the example is incorrect. Rather the difficulty in Monero has doubled in last month alone. In that case those 2k users needed to run this miner for 12 hours.
Tthe average increase in the difficulty on Monero is also surprising. Chart here: https://www.coinwarz.com/difficulty-charts/monero-difficulty...
It seems the spike in last month has been huge. All thanks to this miner?