Popular Chrome Extension Embedded A CPU-Draining Cryptocurrency Miner

An anonymous reader writes: SafeBrowse, a Chrome extension with more than 140,000 users, contains an embedded JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent. The additional code drives CPU usage through the roof, making users' computers sluggish and hard to use.

Looking at the SafeBrowse extension's source code, anyone can easily spot the embedded Coinhive JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is the same technology that The Pirate Bay experimented with as an alternative to showing ads on its site. The extension's author claims he was "hacked" and the code added without his knowledge.

Lol thats so funny

all the chrome ppl were **extremely** smug when pirate bay pushed out a js coin miner.

if you're laughing now your intellectuality bankrupt.

Re:Lol thats so funny

[Provocateur]

The extension's author claims he was "hacked" and the code added without his knowledge

your intellectuality bankrupt.

Head explodes* *

Re:Lol thats so funny

My favorite Chrome extension is the Coincidence Detector.

Round up and exterminate all nazi scum

America will be great again, once we murder all the treasonous nazi faggots in their bitch sleep. Make it so!

Re:Round up and exterminate all nazi scum

America will be great again, once we murder all the treasonous nazi faggots in their bitch sleep. Make it so!

Captain Picard has finally snapped due to that annoying little shit Wesley Crusher.

"Shut up Wesley", indeed.

Re:Round up and exterminate all nazi scum

There... are... four... Mueller investigations!

Though wrong in this case... good model?

[RhettLivingston]

This hack was clearly wrong, but is the idea of intentionally using a cryptocurrency miner to profit from the writing of an extension a wrong one?

I think it would be interesting for websites and extensions to expand to giving a choice of at least three ways of paying for premium access. We already have a choice between paying a monthly fee or accepting advertisements on many sites. If given a third choice of allowing some of my CPU time to be utilized by the site or extension for cryptocurrency mining - at least on my plugged in laptop - I would choose to allow mining as long as it didn't peg my CPU and it was good at backing off when I had real needs.

In fact, with many websites I would love to have the option of allowing cryptocurrency mining to pay for it. It would be great if an efficient miner was built into the browser that could be utilized via some standard and has solid permission protection.

Re:Though wrong in this case... good model?

[Solandri]

If given a third choice of allowing some of my CPU time to be utilized by the site or extension for cryptocurrency mining

That's the same thing as paying for the extension, except instead of paying for it directly, you're paying for it indirectly via a higher electric bill. I (and I think anyone who really thinks this through) would rather pay a one-time fee to purchase the software/extension/access, instead of paying continuously for it every time I'm using my browser via a higher electric bill which works out to an indeterminate total sum.

Even if you're not paying for your electricity directly (your rent includes utilities), you still end up paying for it. If the landlord notices the electric bill is consistently higher, he'll just make your next rent increase a little higher. So you'll be paying a higher rent which pays a higher electric bill which pays for the software/extension/access. Burying expenses in this way under multiple layers of misdirection is how you nickle and dime people to death, and thwarts normal market forces by hiding the true cost of buying/using something.

If you don't like how much it costs to buy certain software or access, don't use it.

Re:Though wrong in this case... good model?

[Hentes]

Miners are now migrating to ASIC based rigs because GPU arrays aren't cutting it anymore, how efficient do you think a Javascript based software that "doesn't peg your CPU" is going to be? It's a gigantic waste of electricity, nothing else.

Re:Though wrong in this case... good model?

[Alain+Williams]

In fact, with many websites I would love to have the option of allowing cryptocurrency mining to pay for it. It would be great if an efficient miner was built into the browser that could be utilized via some standard and has solid permission protection.

Shhhh! Don't let Apple or Microsoft hear you. They already think that they own your PC/phone and can monetise it as they see fit. They could make a lot of money from crypto-currency mining on millions of machine world wide.

Re:Though wrong in this case... good model?

[John.Banister]

So, I could buy one extra solar panel, and it's free apps for life?

Re:Though wrong in this case... good model?

[mukinrestak]

So assuming each extension runs its own miner, that seems like a pretty bad idea in terms of resource drain, especially for power users who run lots of extensions. If we assume the browser runs one miner and each extension gets a share, what determines that share? Does a simple extension like DNS saver deserve the same share as something like NoScript? What do you do about extensions trying to game their share or disable/break other extensions? I think it'd probably be easiest and smartest to just stick to asking for donations or payment.

Re:Though wrong in this case... good model?

[Hognoxious]

That's the same thing as paying for the extension, except instead of paying for it directly, you're paying for it indirectly via a higher electric bill.

I'm running it on my machine at the office.

What? If the company made bigger profits it would pay me more?

Of course they would!

Re:Though wrong in this case... good model?

[RhettLivingston]

It's not that I don't like how much it costs to pay as much as there needs to be an easy model where I can make micropayments for over 100 sites without actually having to track all of those payments. I shouldn't have to endure ads to see sites that are worth a few cents a month. I would like to have an ad-free internet and if that means that my internet payment comes via my electric bill - which is less than $60 / month right now with the crazy low $0.10 / kWH type rates we have in Florida - so be it.

Re:Though wrong in this case... good model?

When someone else is paying for the electricity efficiency doesn't matter.

Re:Though wrong in this case... good model?

[EvilSS]

That's the same thing as paying for the extension, except instead of paying for it directly, you're paying for it indirectly via a higher electric bill.

I'm running it on my machine at the office.

What? If the company made bigger profits it would pay me more?

Of course they would!

And you got your company's permission first right? I mean people have been arrested in the US for doing this.

Re:Though wrong in this case... good model?

[RhettLivingston]

That is why I suggested the facility should be implemented by the browser with a secure standardized interface. Then it can be written in C++ and be highly optimized. Furthermore, the browsers already utilize the GPU, so it could utilize that too. I could even imagine if the model were widespread that computer makers might try to differentiate themselves by providing special circuitry.

This is not something where we'd be looking to provide for $100 worth of mining time per month from every user to pay for expensive internet things like Netflix. Rather it is something that would provide a few cents to allow me to read an article without a paywall. It should provide revenues to the website on the same order of magnitude as advertisement revenues where it takes many thousands of viewers to create significant money.

The focus for me would be to actually reward the creator of a site I'm reviewing with a micropayment without ever having to see an advertisement.

Re:Though wrong in this case... good model?

[EvilSS]

Miners are now migrating to ASIC based rigs because GPU arrays aren't cutting it anymore, how efficient do you think a Javascript based software that "doesn't peg your CPU" is going to be? It's a gigantic waste of electricity, nothing else.

It depends on the coin you are mining. Some are designed to resist ASIC mining, others are small enough that the difficulty levels are still low enough to make it worthwhile.

Re:Though wrong in this case... good model?

[mattwarden]

Hi. Stuff costs money. There is no free lunch. I know we pretend ad-supported stuff is free, but obviously it is not. Assuming the economics of ad-supporter stuff actually does work, then users are spending more on shit they otherwise wouldn't have purchased by at least as much as the "free" stuff costs to make.

Re:Though wrong in this case... good model?

[ShanghaiBill]

What? If the company made bigger profits it would pay me more?

It is unlikely they would pay you more, but it is likely they would hire more people. Profitable companies grow (so they can make more profit).

Re:Though wrong in this case... good model?

[swillden]

If given a third choice of allowing some of my CPU time to be utilized by the site or extension for cryptocurrency mining

That's the same thing as paying for the extension, except instead of paying for it directly, you're paying for it indirectly via a higher electric bill. [...] Burying expenses in this way under multiple layers of misdirection is how you nickle and dime people to death, and thwarts normal market forces by hiding the true cost of buying/using something

I agree, but it should be pointed out that the same is true of ad-supported sites. There is a cost for producing ad-supported content, and it's paid for by the advertisers, who in most cases pay for it by charging higher prices than they would otherwise. So, it's also a payment mechanism with multiple layers of indirection. One that has proven extremely useful and effective, and one that is quite progressive in the sense that generally it's the people with plenty of money who end up paying the bulk of the cost. But it is payment via layers of misdirection.

Also, in the case of the mining, note that the extra cost of the electricity isn't the only, and may not be the primary, way in which you pay. You also pay by buying the hardware on which the mining is done. That is a sunk cost, however, and assuming you don't end up buying bigger hardware than you would otherwise need, it is an actual payment you can make at no cost to you. You're paying in the form of capacity that would otherwise be unused. That could be a good deal.

Re:Though wrong in this case... good model?

I payed $0.02 / kWH in Spokane. WinME was rock-solid 4 hours at a time. Got paid to crack pr0n sites. City still sucked.

Re:Though wrong in this case... good model?

[RhettLivingston]

The extensions could set a price, not a "share", expressed perhaps as some number of calculations per second while the extension is active. That price would be made known to the user. I would expect it to typically be something that would result in pennies per month of revenue from a user. Extensions would be pressured to keep that down by users who would have to turn extensions off or pay in some other fashion if the overall budget was being exceeded. Frankly, even my quad core GPU equipped desktop replacement laptop couldn't consume enough electricity in the 10 hours a day or so that I run it to outright pay for many things like Netflix. The idea here would be to give developers who are currently getting nothing or nearly nothing (donations that typically amount to some hobby money) a micropayment type revenue stream if they can get many thousands of users and to eliminate ads on many websites.

My GPU is almost never used and I rarely go over 25% CPU usage with typical usage around 5%. There is a lot of budget there. Of course, I say "a lot" but if I use my laptop which has a 120W supply at full power 10 hours a day for 30 days it can consume a maximum of 36 kWHs or about $4 of electricity at my current rate.

So, yes, this only works if developers are happy with something like $0.05 of value from a user per month. This would be awesome for many extension developers. A mere 20,000 users would create a steady stream of $1000 per month. Sites would have to be happy with a fraction of the remaining available CPU time during the time that tab is in the foreground only.

Re:Though wrong in this case... good model?

[Hognoxious]

Companies don't hire people because they're making a profit. They hire people when, despite the threats & floggings, the existing workforce can't do the work needed.

Re:Though wrong in this case... good model?

It's a gigantic waste of someone else's electricity from the point of view of the person stealing CPU resources to get free coins.

Suppose it's only 1e-6 as efficient as ASICS (I don't know; I'm just throwing out a number that's plausible). The guy stealing the resources doesn't care! Suppose he has 1e7 (again, just throwing out a plausible number) people mining for him. Multiply those numbers together, and he's getting 1e-6 * 1e7 = 10 ASICS worth of free coins. Even if the numbers multiplied out to 1e-3, the guy still doesn't care how much electricity is being wasted because it's free coins for him.

Re:Though wrong in this case... good model?

I have an idea let's write a low impact OS extension that silently sends anonymized usage data back to the OS creator so that information can be used to improve the OS? But this feature would have to be openly declared, even if it is in the fine print, and not include any non-anonymized information that could track a specific OS user. In return this feature could reduce the cost of the OS in question? Yeah that's what I thought.

I cant' believe the number of people lining up to ponder the positive aspects of someone who embeds functionality in a innocuous web extension that effectively hijacks someone's computer resources so they can profit by participating in the biggest financial pyramid scheme currently in vogue. It's only a few processer cycles so what's the harm. The associated electricity or battery wear costs are to negligible to worry about. I suppose the next excuse will be "for the love of God it's for the children!". Bad actions are bad actions no matter who the offender maybe. Just because you think all corporations are soul eating monsters doesn't mean all their actions are bad and just because you happen to like the plucky indy developers and fellow travelers who do not work for the man doesn't mean all their actions are good. Every bug or security exploit in an MS product get's hammered as the end of the world and everyone who works on a MS product is declared a drooling idiot. However, any bug or security exploit of a non-MS product are causes for rational introspections and discussions that either down play the severity of the exploit in question or quickly point the finger some where else hoping all those "many eyes" will have the problem addressed in a jiffy before anyone notices.

Re: Though wrong in this case... good model?

Huh? I thought they were using ASICs since the first year of bitcoin.
Well, at least the ones who can do math were.

Re:Though wrong in this case... good model?

[h33t+l4x0r]

We've already covered this. ASIC doesn't do Monero well, that's the whole point. Anyway, what I don't like about this is that Coinhive is getting 30% of the take. That sounds way too high.

Re:Though wrong in this case... good model?

[RhettLivingston]

There is zero information about a user contained within the results of cryptocurrency mining operations. The result is simply cash or a piece of the puzzle necessary to create cash.

Furthermore, the current system is fully based not only on the hijacking of our computer resources but on the attempted hijacking of our attention and thoughts... is the data transmission, cpu cycles, memory, screen real estate, etc used up to display ads free? We pay in many insidious ways via the current system. I suppose some may be like my ex who actually stated "if we didn't have ads, how would we know what to buy"? Somehow, she didn't get my answer which was simply that we'd know because we needed it.

Re:Though wrong in this case... good model?

tldr: Unidentified person claims that generalization doesn't apply in his specific situation; backs it up with anecdote.

Re:Though wrong in this case... good model?

Are they hiring them because of how much revenue there is or because of how much work there is. It's obvious in your example that they hire more staff when there is too much work for them to do. And when there is no longer enough work they let some go. Exactly as the parent suggested.

Re:Though wrong in this case... good model?

Worse than that, his anecdote reinforces the parent when he thinks it was poking holes in it.

Re: Though wrong in this case... good model?

I smuggle unopened tins of coffee out of my workspace. I mean they're free, why not?

Re:Though wrong in this case... good model?

[thejynxed]

The thing you're ignoring though - it will end up just like it is now, with ads plastered everywhere AND they expect you to run their miner or not use their stuff/visit their page. Also, there is way too much room for abuse, everyone and their uncle will shove their stuff in no matter what any "spec" says they are allowed to do/should do.

Re:Though wrong in this case... good model?

In fact, with many websites I would love to have the option of allowing cryptocurrency mining to pay for it. It would be great if an efficient miner was built into the browser that could be utilized via some standard and has solid permission protection.

Fuck that. It's a terribly stupid idea.

You want to donate CPU? Go right the fuck ahead, download whatever the hell you want, and run it.

But on behalf of the rest of us, nobody who makes browses should be building any fucking shit into their browser which allows our CPU to be farmed out for shit like this. Because it will be a highly valuable target to hack, and will lead to asshole ad companies feeling entitled to use our CPU. Fuck that.

This is an idiotic idea. If a site wants money, they can fuck off, if they want to push ads that demand to run scripts, they can fuck off, and if they think my machine is part of a distributed server farm, they can go fuck their sisters. My CPU, not yours. My bandwidth, not yours.

Building shit like this into the browser is going to harm people who have no idea what the fuck it is, and further encourage advertisers in their sense of self entitlement.

You want to run ads, serve up a static image from your own goddamned web server. Don't expect to set cookies, run scripts or plugins, or other wise expect me to consent to any form of tracking. Everything else gets blocked.

On a desktop it makes sense

[rsilvergun]

the cost of the electricity is pretty minimal. I think the main thing is to limit how much CPU it uses. Maybe if you could get it to run on an empty core. Lord knows there's a ton of unused processor power out there. I'm posting this on a quad core where 3 out of 4 cores are doing basically nothing 90% of the time.

Re: On a desktop it makes sense

[Monster_user]

Most, if not all my machines are dual cores. One is hyperthreaded, but that is 2/4.

Same goes for over 90% of the computers my employer uses, if they are even dual core. I don't think quad core machines are that prevalent outside of more affluent communities and the enthusiast market. was not found on this server.

Re:On a desktop it makes sense

[LordKronos]

the cost of the electricity is pretty minimal.

My computer at idle uses about 70 watts. At full load, it uses about 175 watts. Over the course of a year, the cost of that difference is typically at least $100 (several times that in some areas).

But even if you only have your computer running this for an hour a day, what even worse is how much a waste it is. Mining is very intensive. GPU and specialty hardware is sometimes profitable. CPU mining with optimized native code is NOT. CPU mining with something as inefficient as javascript is totally like flushing money down the drain. Sure, it's profitable for the thieves embedding this in banners and extensions because they have no investment in the cost (in the same way that it's profitable for a thief to smash a $100 window to grab the $5 bill you left on you seat). But as a means of "you run this code on your computer and I'll consider it payment", its a gigantic waste. You're better off just saying "paypal me 3 cents and I'll let you use my stuff for a year". Your profit will be about the same off that customer, the customer will save a ton of money, and you won't be destroying the environment in the process.

Re:On a desktop it makes sense

the cost of the electricity is pretty minimal.

That really depends on where you live. At 0.18kWh or more the cost of electricity adds up pretty quick.

Re:On a desktop it makes sense

[rtb61]

You do work, you are entitled to the dividends from that work, your stuff does work, they are entitled to the dividends from that work. You are not only stealing users resources but the outcome of those resources. Claim value in that crypto currency and by your definition, you have stolen capital value as well as resource use.

More interesting how many people believe the author of the extension and obviously the code should show where the proceeds of crime were sent.

Re:On a desktop it makes sense

Sitting in my office with the outside temperature hovering around 100, I think I'd be inclined to find the people responsible and light them on fire...

Re:On a desktop it makes sense

[AHuxley]

Re "me 3 cents and I'll let you use my stuff for a year"
Not everyone wants to log into some payment system and type in their details per site. Enter their details, CC number.
Confirm the payment and then do that again for the next site and next site.
A third option to just directly connect to a site and use their mining option removes the payment system, CC layer.
Why pay for a third party payment gateway too?

Re:On a desktop it makes sense

No kidding. That's why we see more and more websites implementing Amazon Pay, Apple Pay, Android Pay. There is also a web payments track by the W3C--hey, they were decent before they voted to approve DRM.

Re:On a desktop it makes sense

but you forgot to mention the fact that when you mine you support decentralized blockchain application - next gen internet and freedom for the individual.

Breaking news!

[Hognoxious]

This just in: the next release of Firefox will have an extension that contains an embedded JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent.

Re:Breaking news!

[RhettLivingston]

Add the consent factor... allow websites to monetize via a mining micropayment when Firefox is detected, ads are turned off and the user consents - and you will either put Google out of business by wiping out the ad-supported web model or the cryptocurrency industry will be made illegal depending on who wins the war that would ensue.

wouldn't you immediately notice that?

The additional code drives CPU usage through the roof

Wouldn't you immediately notice that? Load monitor spikes, machine get sluggish, CPU fan spins up if you were on a laptop instead of desktop, you type "uptime" and expect to see something like "0.05", but instead it's "1.0", or something more like "8.0" if it was using multiple threads.

Then you go "WTF?" and look for which process is using an unexpected amount of CPU time.

How would this exist behind the users back for more than like 15 seconds? Do people look at unexpected symptoms and just shrug their shoulders and ignore them?

In SI for the rest of the world

4,000miles is 4.303×10^-5 astronomical units

Re: In SI for the rest of the world

Thank you, Mr Non Sequitur.

The truly sad part

The truly sad part is that some Javascript running supposedly sandboxed in your browser could ever make your computer "sluggish and hard to use". What the fuck?

Whatcoin?

[PCM2]

Serious question: I have not heard of a single one of these cryptocurrencies. They can only be in use by a tiny fraction of people compared to the Bitcoin community, which is already a very small, self-selecting minority. How can these random cryptocurrencies possibly be worth anything?

I mean ... we all know money is a fiction, right? So how can a cryptocurrency have any value if nobody will even accept it as a medium of exchange?

Re:Whatcoin?

Monero. Just remember Monero and you'll be fine. Everyone's mining for it.

Re:Whatcoin?

I suspect people are catching the coin fever, wanting to get in at the ground level with whatever coin types are out there. If one catches on, they expect to cash in. I'm sure a lot of people are wishing they'd started mining Bitcoin at the start.

Re:Whatcoin?

Money is no more a fiction than taxes. Money is the proximate means by which gub'mnt collects taxes. Good for the weight of all contracted private debts, and for the weight of all gub'mnt confiscation. **I tax you 50 sheep or $50**!! **I exchange 10 choice virgin daughters for 10 prime Arabian studs or $10**!! How more "real" can you get W/O a foo-foo definition of real? No reason to exchange anything else, but ... gun-barrel supported money !

Re:Whatcoin?

Or Ethereum 6 months ago. If I'd dumped all my savings into Ethereum when I first considered it in March, I could convert it back to cash today, buy a new home and a Tesla, and still have enough cash to live easy for the rest of my life off of the principal without ever earning another penny via investment (which I would do just to never have to stress over investment or taxes again).

Re:Whatcoin?

[Jeremi]

how can a cryptocurrency have any value if nobody will even accept it as a medium of exchange?

It couldn't. So if we accept that these currencies have a valuation, then the likely explanation is that people exist who are willing to buy the currency at (roughly) that price.

Well, either that or someone is making up a price to see if they can find someone willing to buy at that price; but the likelihood of "imaginative pricing" diminishes as the number of buyers and sellers increases.

Re:Whatcoin?

Monero is the leading privacy coin with over billion marketcap and volume of 22 million USD over last 24hours.

Gave up on extensions

I donâ(TM)t use extensions at all anymore. If their not leaching on to your data their slowing down your PC . Not worth it in my opinion.

Re:Gave up on extensions

You are either trolling or a complete moron, decide now.

Re:Gave up on extensions

Can I be both?

Consider

[markdavis]

Like I said in one of the previous articles, I am not totally opposed to the concept, as long as it is done right. But there are things to consider:

1) Laptops: battery life is critical
2) Mobile: battery life is critical
3) Virtual: Does the guest really know the host is "idle" or expecting such a load?
4) Noise: I don't necessarily want my computer that is in my living room ramping up all CPU's and making lots of fan noise
5) Power: You might not think it uses more power, but it absolutely does. I see it on my UPS which tells me exactly how many watts my system is using based on CPU load.
6) Waste heat: And in the summer, I have to pay to remove that heat too through the A/C.
7) Work: Just because it is a computer you are using, doesn't mean it is YOUR computer or YOUR power. Do you have permission from the actual owner(s), not just the user?
8) Multiuser: Yep, there actually are still such systems, and CPU load matters in such environments.
9) Other tasks: I have other things going on sometimes that I want done in a timely manner and don't want anything competing for those CPU resources.
10) UPS: And even with a desktop or server, will it have control to stop the load when it is suddenly on battery because the mains were lost? Runtime/uptime might matter.
11) Wear: Believe it or not there is actually "wear" when a CPU operates, and the more it operates, the more wear. The fans have to spin up faster, the transistors create heat which degrades the chip, the thermal connections, puts stress on the board or socket or other components, pulls more power from the power supply, etc.

It could be a useful tool, but only if it explicitly allows a user to control every aspect of how and when CPU is used. Is the user is made aware of exactly what it is doing and why? Is there is a UI that allows the user to set amount of CPU, priority, perhaps how many cores or threads, and when it could be used? I doubt what I just listed is compatible with all the models that this new "panacea" of questionable "revenue" of side-line mining brings.

Donating "unused" CPU power is nothing new. I did it decades ago for various scientific research. But I also did it completely under my control and with full knowledge about the effects.

Re:Consider

This is simply malware as it is an extension that users are tricked into installing. But when it comes to web sites sending javascript to mine, your gripe is really with the browser. Web sites aren't under your control and any the browser allows them to run JavaScript on your system. Browsers should really severely limit the ability of untrusted web sites to consume a lot of CPU time (which outside of mining, only poorly behaving websites do for ads, bad code, etc.), and this problem would go away.

Re:Consider

As a small web hoster I've considered the theoretical idea of loading this onto all of my client's websites. My default position is that it is unethical, and I would never do it. But it's interesting to think about.

A lot of websites are poorly developed. Bloated scripts, images that are too big, javascript timers and loops running that don't do much, there's all kinds of opportunities for improving CPU efficiency, but this is not a huge priority in the current basic web development world. People install Wordpress, throw up a theme, and then hack at it sloppily until it does what they want, CPU usage be damned.

If I could improve the CPU efficiency of a site by 30% in exchange for installing a miner that increases usage by 15%, there's a 15% net gain, assuming the math is done right. Though this feels tricky without terminating the miner after some period of time since a lot of inefficiencies on the web only happen for a few moments, and even a 90% increase might buy you only a few seconds of mining. But in the cases of more serious website issues that consume CPU usage, there could be an opportunity there, but it feels like each individual site would require a highly targeted R&D to determine what can be saved, and how much mining could be gained for it.

What's probably more interesting is the notion that some smaller web hosts might begin to offer a hosting fee discount in exchange for installing a miner. They would explain the drawbacks but probably downplay them a bit, and a lot of people who don't care how much CPU their visitors' browsers use might choose this to save money, draining mobile batteries more than ever.

Re:Consider

"But I also did it completely under my control and with full knowledge about the effects."

This was done with likely precompiled, closed source binaries utilizing your hard drive space, processor, power supply and RAM. On comparison, these files are hosted on a website that you are connected to, utilized only your RAM space, processors and power supply .. and to be frank, you have total control over which website you go to. To expect them or a consumer to 'control every aspect of this' is infeasible.

Short and simple - if they don't like ads and do like the site content, then they will be expected to go there. Else, they will continue to use adblock to stop both ads and miners for now.

Additionally, consider that in the hypermonitized future we're going toward, it will not be a choice of ads vs miners because it's just as simple to provide both for maximum profits to the provider.

Re:Consider

[markdavis]

>" and to be frank, you have total control over which website you go to."

Far less control than intentionally installing a client (which was open-source) and it also had full settings/preferences. In contrast, how do you know which sites NOT to visit until you go there AND notice what they are doing?

>"Else, they will continue to use adblock to stop both ads and miners for now."

Interesting concept, perhaps ad blockers will evolve to also handle mining. But it might be more difficult than blocking ads, and it certainly won't be available for quite some time (until the demand is there).

This is what you deserve

By outsourcing millennial jobs to India and other countries you have a large amount of unemployed skilled developers who will use devious ways to make revenue. this is the same as toolbars and ransomware. Want to stop it, employ millennials.

Re:This is what you deserve

trust a millenial? those self-entitled, self-important kids??? HAHAHAHA they voted your president in. My money's on India. Stronger work ethic.

That explains Windows 10

Microsoft must have embedded mining code all throughout 10. No wonder it's such a resource hog.

Another Reason to Avoid Apps Whenever Possible

Further illustrates the risk of downloading any app. Even an app that's trusted today could become something entirely different after an update. To make matters worse, many smartphones are configured to update apps automatically. Though, even manual updating is no panacea, since often such security issues don't come to light until months later, if ever. So again, it's best to avoid apps whenever possible. Uninstalling or disabling apps not being actively used.

Re:Another Reason to Avoid Apps Whenever Possible

Further illustrates the risk of downloading any app. Even an app that's trusted today could become something entirely different after an update. To make matters worse, many smartphones are configured to update apps automatically. Though, even manual updating is no panacea, since often such security issues don't come to light until months later, if ever. So again, it's best to avoid apps whenever possible. Uninstalling or disabling apps not being actively used.

Totally agree. +5 to your comment.

Better yet, learn to write your own code and analyze downloadable code libraries (what I liked about the old Borland products that included the source code to the libraries included with their compilers), since you wouldn't intentionally harm yourself, would you?

Author was "hacked"

Let me get this straight. He didn't actually implement a cash grab by adding bitcoin mining to his popular product, and then apologize for the bad idea when he was caught out. Instead he was "hacked" and the code added without his knowledge.

I can only assume this means his products are all potentially malicious and we should all feel lucky nothing worse than a bitcoin miner was implemented. I heartily recommend no one ever use his products because he can't maintain security on them!

The problem is getting that 3 cents

[rsilvergun]

folks don't really pay for utility software much anymore. They've gotten used to just having it. Which means a lot less gets written. Still you're right about the cost of electricity. But then that's at full load. I think the idea would be to limit how much it uses so your CPU isn't under full load. That might not accomplish much but if you've got, say, 150k users it might. I don't know enough about crypto currency mining though to say.

Nautilus also did that

File manager of some sort on Ubuntu. For months I regularly saw it using up to 65% CPU for extended time periods. What was it doing??

So you love botnets too?

Just bend over why don't you

MINER MINER FORTY-NINER

1849. Live the dream. Again. And again. And again. And again....