Search

3 . 11 . 17

Is mining crypto currency a viable substitute to display advertising?


Monero from the masses

Any crypto enthusiasts out there may have noticed some interesting new developments unfolding last September, with not one but two popular websites deploying mining scripts designed to hijack a users CPU and use it to mine crypto currency.

The two sites were showtime.com and The Pirate Bay, both of which used the same tool to harvest processing power from their users and turn it into Monero – a cryptocurrency renowned for being ‘secure, private and untraceable‘.

This basically means that both sites were able to make money simply by having people viewing their pages – which is amazing if you run a site with a large number of users (such as these sites) but breathtakingly sinister when we consider that there was no warning given to the users, and effectively no consent needed to pirate people’s machines.

 

Why?

The initial uproar spread amongst Pirate Bay users and most noticeably to their subreddit where reports of 80-85% of their processors were being dominated for no apparent reason. Pirate Bay responded in their own blog stating:

“This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running…

Do you want ads or do you want to give away a few of your CPU cycles every time you visit the site?”

In the case of Pirate Bay it was an exercise to test how much money they could make to keep the site in business, and framed it as an alternative option to the traditional banner ads that you might see. As for showtime.com – whoever placed the scripts on their site remains a mystery. The mining code was silently removed after a user noticed it slowing down their machine and the story gained traction.

 

How?

Putting a mining script on your website is surprisingly easy, and in both instances was done using software from Coinhive, which offers easy integration for any site owner. The end result is the addition of several lines of HTML to your site code and users will be unaware that they’re mining on your behalf.

A screenshot from September shows what the code looked like when it was live on the showtime.com site:

showtime coinhive script

A screenshot of the script on showtime.com before it was removed (click to enlarge).

Coinhive offer a live demo, so if you’re interested in testing out the impact that you might experience if you subtle across one of these miners in the wild go here and have a play. I did with my laptop (sorry IT) and at one or two threads the lag was bearable – at all four threads I could barely get anything done.

 

CPU miner test

A test of the software on a regular Dell laptop

How much is too much?

The way that Pirate Bay implemented their script was poorly configured, and what they claim as a ‘typo’ meant that Coinhive was commandeering up to 100% of unused processing power for their own gains. showtime.com were a little more subtle with around 60% of CPU power being sucked into the ether, but still high enough to negatively impact user machines and get them caught.

If Pirate Bay go ahead with the miner in future and scrap all their ads it’s likely that the script has already been adjusted to 20-30% CPU drained, and will only be effective on a single Pirate Bay tab. Any user with ten tabs open trawling for torrents will not experience any significant reduction in PC performance.

 

So, a good concept?

Overall, yes. These initial tests were discovered because they were too obvious and too greedy – but there could be any number of sites that you visit every day which tax only a small amount of your CPU and you might not have noticed it.

The key here is consent. The initial outrage might not have existed if users were presented with a choice to support the site or not.

For sites that rely heavily on third party contributions to keep the lights on miners like this could be a real life saver. Just think, if Wikipedia were to mine Monero at a low level from the millions of readers they get each month we’d never have to see Jimmy Wales’ glossy dead eyes again.

Jimmy_Control_Fundraising_Banner

There’s clearly a massive appeal to running a clean looking site that can generate money directly into the site owners crypto wallets, and with the right consent features this could become something as commonplace as accepting cookies.

From an SEO perspective this would also place a greater value on creating quality content – because the longer a user is engaged with good, informative content the more money you earn. Sites can look nicer, be better and benefit everyone that comes to view them.

Coinhive have found other less intrusive ways to monetise web traffic as well, like making captcha alternatives. So instead of identifying pictures or scrambled letters to prove you’re a human, you can let users’ machines solve a specified number of hashes before they’re able to submit a form. It allows site owners to cut back on spam and earn money at the same time.

The same concept can also be applied to shortlinks – a softer way to put something behind a paywall and not ask for a long-term subscription. Users dedicate a set number of hashes before content can be accessed:

Screenshot of coinhive shortlink in action

Screenshot of coinhive shortlink in action

The potential to do good with this new technology is significant, but there’s also a risk that site owners might take it too far. While Pirate Bay made the argument that it’s mining or ads, we could quite easily end up with other sites doing both.

Who’s to say certain popular newspapers wouldn’t keep their excessive ads up and steal your processing power? How much would can be made from everyone that reads the sidebar of shame over lunch? How much could be made by embedding this in sharing links and mine Monero via social shares?

And what if it was Facebook, or Amazon?

Sites which hold your attention for long periods of time (such as a video site like YouTube or Netflix) would have the most to gain from CPU mining – which is partly why the showtime.com incident was so heinous.

 

How do you stop crypto mining taking over your browser?

Pirate Bay and showtime.com are just examples of the sites that have been caught doing this; without keeping an eye on your CPU and the scripts you’re loading from the sites you visit every day you won’t know whether you’re paying someone else for the privilege of reading their content.

One fatal flaw in the system – and an additional reason why consent is so important on this matter, is that Coinhive is a script on a page – once known scripts can be swiftly blocked. So far there have already reported successes at blocking Coinhive with Scriptsafe (a chrome extension) and it should also follow that Adblock plus – perhaps the most trusted ad blocker, should also be able to block it using custom filters.

(And in case you were wondering how much Monero is actually worth, there’s a price ticker below.)

 

Share This:


Comments