Mining machine

Users’ web browsing experiences could be used to mine for cryptocurrencies in the future. Source: Shutterstock

Forget banner ads, welcome to crypto-mining

THERE have long been attempts to monetize the Internet. While revenues from ads (display and search) are surging due to massive increases in mobile use, desktop ad revenue has been declining for a couple of years – albeit with the majority of revenues flowing to the big names (Google, Microsoft et al).

Traditional ways to monetize websites and services have included:

  • Collecting users’ data to sell on (“sign up with your email address to download our whitepaper”)
  • Sponsored content
  • Banner and display ads
  • Paywalls and/or subscription plans

However, this list of methods is now joined by so-called crypto-jacking or drive-by mining. These terms describe a way others’ computers can be used to mine cryptocurrencies and therefore make a website owner some money.

The method is simple and legitimate. When visiting a website, a user’s web browser runs a piece of JavaScript (available here) which employs the browsing computer, in conjunction with the code creator’s servers, to mine for cryptocurrencies (Monero, in this instance).

Monero image

Monero is a commercially oriented cryptocurrency. Source: Coinivore

A variant on the code was used by a would-be self-styled “hacker” in a mod (downloadable modification) for the popular game Grand Theft Auto 5 in September. Players of the mod-ed game found their processor cycles employed to make the author a few dollars.

The organization behind the code, Coin Hive, is a perfectly legitimate outfit whose simple code could be, and was designed to be, used quite openly by consenting web hosts and visitors.

However, the code was installed by enough websites in such a way that the use of browsers’ CPU cycles (and therefore electricity) was not throttled, and nor were the unsuspecting visitors to the sites given any clue as to what was going on. Their only hint was a sluggish browsing experience and the remotest chance of a squawk from installed security software.

Such was the level of abuse that some cybersecurity companies such as Malwarebytes have added Cloud Hive’s servers to public blacklists of proscribed addresses, effectively turning the organization into pariahs.

Cloud Hive reacted by announcing and marketing a variation, called AuthedMine. In a blog post the company said:

“AuthedMine enforces an explicit opt-in from the end user to run the miner […] We have gone through great lengths to ensure that our implementation of the opt-in cannot be circumvented and we pledge that it will stay this way. The AuthedMine miner will never start without the user’s consent.”

The permission pages have now been translated into 46 languages by Coin Hive and the hope is that site administrators currently using the open source code in an abusive (and arguably, foolish) manner will come to their senses and legitimize their revenue creation by switching to AuthedMine.

When the original code’s use first came to light, it was found to be active on just a few sites, including CBS’s Showtime website. A site such as Showtime that relies on intensive processor activity on the part of users is probably not the best place to start to harvest cryptocurrencies.

But, it is arguable that sites less reliant on client-side processing (such as text-heavy non-interactive websites) may find cryptocurrency mining – after approval by the site viewer – a viable source of income.