I saw an addon for Firefox that does that a couple days ago. I think you can do the same thing with filters in uBlock Origin though, but if you don't use an adblocker, it might be useful.
How would such a plugin work? Say you're visiting a webpage with lots of graphical effects that require lots of computation. How would the blocker distinguish those computations from mining?
Interesting that they've considered whether the mining itself is bad, or if it's just bad form to mine without asking.
> The ethical way for a website to earn money by mining through its audience’s computers is to ask the audience for permission first, and to allow them the possibility to opt out. Actually, such a practice could make mining even more ethical than ads. After all, nobody asks us if we would like to see ads on a website. Mining parasitizes the user’s CPU, where ads parasitize the user’s attention, emotions, bandwidth, and often, their laptop or smartphone battery, and supports an industry of personal data harvesting that is a big headache in of itself.
If only. This isn't an alternative, it's a supplement. Sites have absolutely no incentive to stop advertising; they will simply continue to show the user ads while also discreetly wasting your electricity calculating hashes.
Yep, was thinking the same thing. It's a supplement. They sell your data and waste your electricity. But you forgot another part, which is the wear on your hardware.
Yes, that I'm okay with. If users are properly informed, then they can make an informed decision for themselves whether or not to use the service. And a responsible version of this would place an upper bound on the amount of mining done, so that I don't leave a tab open overnight and come back in the morning to find that my laptop has melted a hole through the floor.
I would accept this as an alternative to ads. Ads can easily be blocked and have a high tendency to be blocked as they can be quite intrusive and a risk. So publishers will get less incentive to server them if everyone is just blocking them.
Cryptominer scripts can just as easily be blocked. So bad ones (long running) can easily be punished and I can have miners be blocked when running on battery power. This might nudge the market into the right direction where people allow miners and pay for content with computer power as a proxy.
I might even see a framework for browsers emerging to facilitate this market and provide better more efficient API's (GPU access) and better control (no mining on battery). Since this way of paying for content does already carry a lot of overhead in terms of total cost for all parties involved :(.
Cryptominer scripts can just as easily be blocked.
Unfortunately this isn't true- it's pretty easy to proxy the request to coinhive through the web server of the main site. e.g. https://github.com/cazala/coin-hive-proxy
Site owners have incentive to run this proxy so they're not marked as a mining site OR to circumvent the 30% fee that coinhive collects. I don't think it will be possible to block mining in the future without blocking javascript completely.
That's true, but cryptominers will have a distinctive pattern when running. Ie: consuming a lot of cpu for a lot of time. So with some more work a blocker for this can emerge and kill obfuscated miners. Since miners really need to run to generate revenue while ads are sold on per view of click basis, incentive to play nice and be transparent with the user might be higher?
Electricity is very expensive in my country (The Netherlands) compared to other countries around us. I don't wanna pay for inefficient mining.
Blacklisting isn't the solution. A website shouldn't be allowed to continuously use 100% of all CPU/GPU resources. Of course, the reaction will be so sit right under the limit, but I suppose the limit shouldn't be static.
At least it helps strengthen the crypto-currencies, which is a good thing.
I'd be curious how much CPU is wasted rendering billions of ads, especially video, I suspect it's a lot more than the crypto hashing, and three orders of magnitude more money is made by this "borrowing" of your CPU in exchange for letting you read the site you're looking at.
I don't know how associating cryptocurrency with malware in the minds of millions of people is a good thing. It reinforces the idea that this is a medium of exchange used by criminals.
I'd be curious how much CPU is wasted rendering billions of ads, especially video, I suspect it's a lot more than the crypto hashing
The exact opposite. Video decoding is done quite efficiently in hardware now, and displaying ad images is not much worse than any other image or video. There is certainly an impact, but it's not continuous 100% client processor usage. On the contrary, mining is basically going to push the processor to 100% and keep it there just by virtue of how it works.
If I’m on your site, that means you’re doing something for me, and I want you to continue to do it for me. I don’t expect anyone to give me things of value for free, so if you want to to take my unused computer resources as payment for your services, go ahead.
The players in our tragedy of the commons haven't shown any restraint in polluting the Web and bringing my browser to its knees. They won't show any restraint with mining either.
A phone battery only has around 10 watthours. That's less than 1 cent worth of electricity if you wait hours until it's mined empty. It's more effective to just donate a single cent than to let them mine on your phone.
How exactly does this kind of secret mining work? Is it effective at all? Don't you need to race to create blocks? How is the average consumer CPU going to win a single block like this?
It's all probabalistic; you could in theory mine a block by hand if you got absurdly lucky. Think of a machine with 8 GPUs being like dropping a million balls into the bingo jar, and coinhive like dropping 1 or two balls in for each visitor. If you get enough visitors, some of your balls will get drawn occasionally, making you money.
The reason GPUs and ASICs are used isn't because they have a better chance per se, but because they are more power efficient. With coinhive, the person who benefits is not the person who pays for the power, so that's not at issue.
It's repeated over and over that GPUs and ASICs give you a pretty big advantage over CPUs, but that's not true at all for cryptocoins such as Monero that use CryptoNight, that is why it's one of the only coins that makes sense to mine with a botnet or JavaScript.
You "race" by computing lots and lots of hashes until you get a low number. (Exactly how low it has to be depends on the current "difficulty".) So you distribute hashing code in the JS, and you get sent back a ton of hashes. The more hashes you get, the better your chances of winning the next block.
There are some public German schools in this document. No way they would install that miner on their own. Looks like a portion of the sites are hacked to run the scripts.
Edit: reading through all .de domains at least 80% (or more) have no intention or technical ability to install this on their own, e.g. schools, craftsmen, small businesses, etc.
It would be cool if it evolved into something mutual between content providers and users. You have a bitcoin/ethereum/whatever wallet associated with your browser, and when you're on a website it spins up a mining process where you take a cut and they take a cut. It could be built on a platform kind of like AdSense where there's a basic agreement between parties on how things should work.
I make most of my living off of the donation economy. There are a lot of people out there who want to support good content. They just really don't like ads.
Doesn’t seem to work in the real world. Most orgs over-value their content and don’t seem to realize that more effort put in does not translate to higher value (or real/perceived utility to the reader).
Hence the passive revenue generation of advertising. Once people have to put a number of resource they’re willing to pay next to the article they clicked on out of curiosity, they decide it’s not worth bothering.
or most users undervalue their content? who's to say who is in the right?
The fact is, users are currently used to free content. What can be done, business model-wise, to keep it that way, but remove ads from the equation? I don't see a way unfortunately.
With pools of GPU- and FPGA- and ASIC-miners in play in a blockchain, raising the block difficulty, any individual user just doing CPU mining has a negligible chance of ever generating any money for themselves; and will only make negligible amounts by being a member of a mining pool.
These mining scripts are worth money to their owners only because they get to make all the dividends from the covert mining pool they've created.
There is a reason that "immediately join a Bitcoin mining pool" isn't commonly-heard advice; that it's not something everyone does for their aunt. The average computer just isn't going to make enough money to be worth it—even just to pay for microtransactions.
Not at all. First, electricity is much more expensive than the price they put in their estimate. Second, a computer running at 100% CPU uses much more electricity than what they accounted for.
Let us not tunnelvision with US/USD PoV only. There are other countries and currencies in the world; both places where electricity is cheaper and more expensive.
That's definitely more economically efficient, but then people just pirate the content.
The caveat is taxation, though. If I earn the money and buy with it, I have to pay with after-tax dollars, but if I mine in browser, the money/cryptocurrency units never passed through me. Depending on personal income tax rates, that's as much as a 50% cost difference (for the income that would be earned by mining, though, not labor I have a comparative advantage in, of course).
Mining is incredibly inefficient and mining this way is insanely inefficient.
The energy cost of a single Bitcoin transaction could power 1.5 American homes for a day. That was in 2015. ASICs are more efficient than GPUs which are orders of magnitude more efficient than your browser. This is an unbelievably stupid idea.
Edit: yes, this uses Monero rather than Bitcoin. The work required is less and the price is also less. The argument is the same. This is inherently inefficient because if you could remove this inefficiency, the price would drop.
You seem confused. They aren't mining bitcoins, but Monero which is relatively efficient to mine on CPU, and another new one called JSEcoin which appears to have been designed specifically for efficient mining in javascript.
As I understand it, coinhive uses Monero, a crytocurrency that is hard to mine on GPUs.
From coinhive.com:
Monero is different. To mine Monero, you have to calculate hashes with an algorithm called Cryptonight. This algorithm is very compute heavy and – while overall pretty slow – was designed to run well on consumer CPUs.
There are solutions to run the Cryptonight algorithm on a GPU instead, but the benefit is about 2x, not 10000x like for other algorithms used by Bitcoin or Ethereum. This makes Cryptonight a nice target for JavaScript and the Browser.
Of course, when running through JavaScript performance still takes a bit of a toll, but it's not that bad. Our miner uses WebAssembly and runs with about 65% of the performance of a native Miner. For an Intel i7 CPU (one of the fastest desktop CPUs) you should see a hashrate of about 90h/s. A native miner would get to 140h/s.
I doubt efficiency is their primary concern. It seems that it is more likely to be efficacy that concerns them most. Namely, does it generate more income than it would without it?
The answer to that is probably yes. After all, it isn't their resources. They are simply adding a line of code to their markup and calling it a day.
I see no problem with this so long as they get consent and, ideally, allow a method to opt out, though the back button is opting out. I'd also mention that it should be informed consent. In plain language, the user should be aware of what is happening.
What if I’m on an official ISIS web site (bear with me here) and I mine a block for them. Have I provided material support to a terrorist organization?
Technically, yes. Legally? I'd assume mens rea still applies.
I am not a lawyer, this is not legal advice. If you wish to provide material support to ISIS, consult a qualified legal professional in the appropriate jurisdiction.
There is not control on what you run in your browser, that is a known problem. Javascript is usually throttled while the page is in the background (correct me if I'm wrong) because of this.
This might get interesting when OpenCL like stuff allows access to the GPU. Else I think it's hardly worth serving the miner. And it's obviously black hat (sneakily taking your user's power and cycles).
The 500 million people figure is founded on whose statistics? I'd like to pre-emptively call bs. The list of supposedly offending sites are all totally shitty fringe sites. I checked a few, adblock off. A few of those few had CPU activity, profiler immediately showed multithreaded CryptoNight. Page performance was shit.
This seems like an advertisement for their adblocker, which, oddly, is a downloadable .exe.
Everyone running that installer is liable to lose all the cryptocurrency he accesses through that computer. Just sayin'.
Assuming they check your results before passing them along, it’d be noticed immediately. Hard to discover, easy to verify. Not much different than just blocking them.
Is there a reliable estimation on how much they make per visit?
The article states $43k for approx. 500M visits, so that's below 0.01 cents per visit; this in turn corresponds to a 'Cost per Mille Impressions' (CPM) of around 10 cents. So it seems that traditional ads would still make more money.
Can someone comment on how they came up with the $43k?
Do these things keep running as long as you are on the page? If so then in effect people who read slower will pay more to view the site.
That seems shady to me, at least for sites where the costs to the site are the same regardless of how long it takes the reader to read. If it takes me 5 minutes to read an article, and it takes some stay-at-home parent 20 minutes because they had to pause to deal with the kids, they pay 4 times as much as I do.
This is such a ridiculously inefficient means of raising money, for everyone involved. What would it take to just get people to pay for the services that they use, out of gratitude?
I think the idea would be accepted more if the websites using this were more transparent and would give some kind of warning before actually mining using your own resources.
84 comments
[ 6.1 ms ] story [ 164 ms ] threadhttp://www.seerinteractive.com/labs/how-do-they-make-money/
uBlock origin’s additional blacklists blocks it
uMatrix blocks it.
Noscript blocks it.
https://addons.mozilla.org/en-US/firefox/addon/nominer-block...
An extension that tries to identify and stop all forms of js mining is probably hard to maintain and equally subvertable.
As long as the effort to block an entity is much lower than the effort to subvert the blocking the concept will probably work.
Especially since curating blocklists is somewhat more scalable than subverting the list.
https://raw.githubusercontent.com/uBlockOrigin/uAssets/maste...
You'd always be one step behind. Reacting rather than acting.
I recommend
Firefox
NoScript
RequestPolicy
And if you want:
Ublock Origin
Umatrix
Since the hackers have access to the adguard plugin, they can just test and adjust until their code passes.
And they can even make it dynamic.
> The ethical way for a website to earn money by mining through its audience’s computers is to ask the audience for permission first, and to allow them the possibility to opt out. Actually, such a practice could make mining even more ethical than ads. After all, nobody asks us if we would like to see ads on a website. Mining parasitizes the user’s CPU, where ads parasitize the user’s attention, emotions, bandwidth, and often, their laptop or smartphone battery, and supports an industry of personal data harvesting that is a big headache in of itself.
If only. This isn't an alternative, it's a supplement. Sites have absolutely no incentive to stop advertising; they will simply continue to show the user ads while also discreetly wasting your electricity calculating hashes.
Cryptominer scripts can just as easily be blocked. So bad ones (long running) can easily be punished and I can have miners be blocked when running on battery power. This might nudge the market into the right direction where people allow miners and pay for content with computer power as a proxy.
I might even see a framework for browsers emerging to facilitate this market and provide better more efficient API's (GPU access) and better control (no mining on battery). Since this way of paying for content does already carry a lot of overhead in terms of total cost for all parties involved :(.
Trouble is that capitalism and greed will take any good initiative and defile it. And then we're back to square one.
Unfortunately this isn't true- it's pretty easy to proxy the request to coinhive through the web server of the main site. e.g. https://github.com/cazala/coin-hive-proxy
Site owners have incentive to run this proxy so they're not marked as a mining site OR to circumvent the 30% fee that coinhive collects. I don't think it will be possible to block mining in the future without blocking javascript completely.
Another lap of the arms-race, I guess...
Blacklisting isn't the solution. A website shouldn't be allowed to continuously use 100% of all CPU/GPU resources. Of course, the reaction will be so sit right under the limit, but I suppose the limit shouldn't be static.
I'd be curious how much CPU is wasted rendering billions of ads, especially video, I suspect it's a lot more than the crypto hashing, and three orders of magnitude more money is made by this "borrowing" of your CPU in exchange for letting you read the site you're looking at.
The exact opposite. Video decoding is done quite efficiently in hardware now, and displaying ad images is not much worse than any other image or video. There is certainly an impact, but it's not continuous 100% client processor usage. On the contrary, mining is basically going to push the processor to 100% and keep it there just by virtue of how it works.
If I’m on your site, that means you’re doing something for me, and I want you to continue to do it for me. I don’t expect anyone to give me things of value for free, so if you want to to take my unused computer resources as payment for your services, go ahead.
The reason GPUs and ASICs are used isn't because they have a better chance per se, but because they are more power efficient. With coinhive, the person who benefits is not the person who pays for the power, so that's not at issue.
Edit: reading through all .de domains at least 80% (or more) have no intention or technical ability to install this on their own, e.g. schools, craftsmen, small businesses, etc.
I make most of my living off of the donation economy. There are a lot of people out there who want to support good content. They just really don't like ads.
Hence the passive revenue generation of advertising. Once people have to put a number of resource they’re willing to pay next to the article they clicked on out of curiosity, they decide it’s not worth bothering.
or most users undervalue their content? who's to say who is in the right?
The fact is, users are currently used to free content. What can be done, business model-wise, to keep it that way, but remove ads from the equation? I don't see a way unfortunately.
These mining scripts are worth money to their owners only because they get to make all the dividends from the covert mining pool they've created.
There is a reason that "immediately join a Bitcoin mining pool" isn't commonly-heard advice; that it's not something everyone does for their aunt. The average computer just isn't going to make enough money to be worth it—even just to pay for microtransactions.
https://www.nicehash.com/profitability-calculator/intel-cpu-...
The caveat is taxation, though. If I earn the money and buy with it, I have to pay with after-tax dollars, but if I mine in browser, the money/cryptocurrency units never passed through me. Depending on personal income tax rates, that's as much as a 50% cost difference (for the income that would be earned by mining, though, not labor I have a comparative advantage in, of course).
The energy cost of a single Bitcoin transaction could power 1.5 American homes for a day. That was in 2015. ASICs are more efficient than GPUs which are orders of magnitude more efficient than your browser. This is an unbelievably stupid idea.
https://motherboard.vice.com/en_us/article/ae3p7e/bitcoin-is...
Edit: yes, this uses Monero rather than Bitcoin. The work required is less and the price is also less. The argument is the same. This is inherently inefficient because if you could remove this inefficiency, the price would drop.
From coinhive.com: Monero is different. To mine Monero, you have to calculate hashes with an algorithm called Cryptonight. This algorithm is very compute heavy and – while overall pretty slow – was designed to run well on consumer CPUs.
There are solutions to run the Cryptonight algorithm on a GPU instead, but the benefit is about 2x, not 10000x like for other algorithms used by Bitcoin or Ethereum. This makes Cryptonight a nice target for JavaScript and the Browser.
Of course, when running through JavaScript performance still takes a bit of a toll, but it's not that bad. Our miner uses WebAssembly and runs with about 65% of the performance of a native Miner. For an Intel i7 CPU (one of the fastest desktop CPUs) you should see a hashrate of about 90h/s. A native miner would get to 140h/s.
The answer to that is probably yes. After all, it isn't their resources. They are simply adding a line of code to their markup and calling it a day.
I see no problem with this so long as they get consent and, ideally, allow a method to opt out, though the back button is opting out. I'd also mention that it should be informed consent. In plain language, the user should be aware of what is happening.
I am not a lawyer, this is not legal advice. If you wish to provide material support to ISIS, consult a qualified legal professional in the appropriate jurisdiction.
This might get interesting when OpenCL like stuff allows access to the GPU. Else I think it's hardly worth serving the miner. And it's obviously black hat (sneakily taking your user's power and cycles).
The 500 million people figure is founded on whose statistics? I'd like to pre-emptively call bs. The list of supposedly offending sites are all totally shitty fringe sites. I checked a few, adblock off. A few of those few had CPU activity, profiler immediately showed multithreaded CryptoNight. Page performance was shit.
This seems like an advertisement for their adblocker, which, oddly, is a downloadable .exe.
Everyone running that installer is liable to lose all the cryptocurrency he accesses through that computer. Just sayin'.
The .CSV list someone offers instead of the weblink (https://docs.google.com/spreadsheets/d/1ysujhza_qRWHu_ulyWNy...) might also be exploited.
Why are they even bothering? The headaches involved in doing this aren't justified by the dinky revenue.
The article states $43k for approx. 500M visits, so that's below 0.01 cents per visit; this in turn corresponds to a 'Cost per Mille Impressions' (CPM) of around 10 cents. So it seems that traditional ads would still make more money.
Can someone comment on how they came up with the $43k?
That seems shady to me, at least for sites where the costs to the site are the same regardless of how long it takes the reader to read. If it takes me 5 minutes to read an article, and it takes some stay-at-home parent 20 minutes because they had to pause to deal with the kids, they pay 4 times as much as I do.