Slashdot Mirror
The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
Even more reason to disable Javascript.
I can see this becoming worse, especially with encrypted media extensions that obfuscate the presence of a mining tool under the guide of DRM.
Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it. Is anyone looking forward to going back to having to support Flash, Silverlight, java applets, and whatever new half-baked solution gets dreamed up by a bullying vendor.
We are still heading towards a good place. It took a long time to beat down IE and its deliberate consensus killing behavior, and to nudge JS into a form that is sufficiently standardised and supported. We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there. Rather than rejecting JS outright, I think it is better to continue to find solutions to these sorts of problems. The web needs a common client side computing platform, and I don't see where any useful alternative is going to come from right now.
This is the endgame for javascript: executing unauthorized code on your computer. Now that it's becoming so entirely blatant, we may actually start seeing the general public getting protection from runaway javascript scripts.
Anons need not reply. Questions end with a question mark.
Flag. These. As. Malware. Let's see how these smarty pants website owners and advertisers react when their users start avoiding the site because they are getting anti-malware alerts and get demoted in search engine results
CPU cycles equals wear and tear, slower performance, and likely more bandwidth consumption.
While you may not be affected, plenty of people are and will be.
Those on metered connections, or who have to pay overages for data.
Those running on mobile devices who need as much battery life as they can squeeze out of their devices.
Those who are at the lower end of the financial spectrum, who have to watch their wattage and struggle to replace their aging machines, and struggle to provide air conditioning and such to their homes.
Its kind of like the penny. For so many people it isn't even worth picking up, but for so many other people a penny is a big deal. My biggest concern would be battery life.
Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible
It is absolutely inevitable that if this practice becomes accepted, people will start trying to steal a greater and greater proportion of your CPU resources. Consider how restrained internet advertisers are with their adverts, then apply the same level of restraint to mining scripts. It will be taken right up to the point where it is barely tolerable, if not further. And since I mentioned advertisers, how about a double-whammy, because ads laden with mining code are coming, absolutely guaranteed.
In theory, I actually agree with you. I'd accept doing a small amount of mining as a micro-payment in lieu of ads to support websites I visit. I just have zero faith that it won't be abused left, right and center to the detriment of my browsing experience.
Mining to your own account in Javascript is stupid. It's incredibly inefficient (ie. it wastes lots more electricity than you will ever see in return). If you're going to mine it then mine it natively. The only reason it works for them is because it's not their electricity.
There is no way in hell the revenue from mining can match ads. This whole mining in the browser thing is just for illegitimate uses (ie. malware).
The point (which you seemed to have missed) is that any vaguely legitimate website will be able to make more money selling ads than they will by mining bitcoin on their visitor's computers. (Note that as Bitcoin value increases, the effort required to mine increases as well.)
Since you can make more money by selling ads than mining bitcoin in Javascript, the only ones who will do it are those who don't have the ability to sell ads.
"First they came for the slanderers and i said nothing."