HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.
HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

Salon Offers To Remove Ads If Visitors Help Mine Cryptocurrency

from the just-renting dept

As we've been discussing, the rise of stealth cryptocurrency miners embedded on websites has become a notable problem. In some instances, websites are being hacked and embedded with stealth cryptocurrency miners that quickly gobble up visitors' CPU cycles without their knowledge. That's what happened to Showtime recently when two different domains were found to be utilizing the Coinhive miner to hijack visitor broswers without users being informed. Recent reports indicate that thousands of government websites have also been hijacked and repurposed in this fashion via malware.

But numerous websites are also now exploring such miners voluntarily as an alternative revenue stream. One major problem however: many aren't telling site visitors this is even happening. And since some implementations of such miners can hijack massive amounts of CPU processing power while sipping a non-insubstantial amount of electricity, that's a problem.

The Pirate Bay for example was forced to stop using visitor CPUs and browsers to mine Monero last fall after Reddit users complained the miner was slowing down their PCs and eating up 80% of their CPU cycles. The website stated that it was simply exploring new revenue streams to keep the website afloat:

"As you may have noticed we are testing a Monero javascript miner. This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running."

This week Salon joined the fun, informing users that they'd be happy to suppress advertisements if site visitors are willing to help mine cryptocurrency:

Creative exploration of alternative revenue streams is obviously necessary, and there's numerous examples where site-driven cryptocurrency miners could be used to help bolster scientific research. Salon pretty clearly understands this decision is controversial, offering up an entire website explaining how making money from journalism is hard, and the company needed to explore some new, creative solutions in order to stay afloat:

"Salon is instructing your processor to run calculations. Think of it like borrowing your calculator for a few minutes to figure out the answer to math problems, then giving it back when you leave the site. We automatically detect your current processing usage and assign a portion of what you are not using to this process. Should you begin a process that requires more of your computer’s resources, we automatically reduce the amount we are using for calculations."

That said, security researchers have similarly warned that this is a very slippery slope, and for every website that's being transparent about the process and respectful of the possible impact on computer performance, there're countless others who quite obviously won't give much of a damn about either. These are, after all, the same websites that are now engaging in ham fisted and annoying ad blocker blocking, frequently oblivious to how their own obnoxious ad decisions drove the rise of ad blockers in the first place.

As Malwarebytes researchers recently noted, there's no limit of websites that are already pushing their luck on this front:

"The question at this point is: How far can publishers push the limits towards a really bad user experience? You may be surprised that for many, this is not really a problem at all and that double dipping is, in fact, a fairly common practice...publishers ought to be more transparent with their audience because no-one likes unannounced guests. Unfortunately, there will always be publishers that care very little about what kind of traffic they push, so long as it generates good revenues; for those, cryptominers are just an added income to their existing advertising portfolio."

If implemented with respect for the end user and transparency, such miners may not be a bad thing. But bad actors could very quickly create an environment where users feel they're being accosted by sites that don't respect either, resulting in another layer of cat and mouse gamesmanship between sites publishers and readers. So while there's certainly potential here, escalating an already adversarial relationship in the adblocker era isn't likely to excite readers, forge community, or save journalism anytime soon.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 14 Feb 2018 @ 6:44am

    Why would an honest business speculate of volatile Cryptocurrency for an Income? Next thing you know they will have massive debts because they obtained loans against an overvalued Cryptocurrency, and its value crashed before they could cash out.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2018 @ 6:45am

    So, Site visitors are cows to be milked?

    Salon joins a LOOOOOONG list of sites with that attitude. I say to them: Goodbye.

    reply to this | link to this | view in chronology ]

    • icon
      ShadowNinja (profile), 14 Feb 2018 @ 7:41am

      Re: So, Site visitors are cows to be milked?

      Indeed.

      People who think this crypo-mining is a great idea if sites get permission first aren't thinking ahead, don't understand the MAJOR security vulnerabilities this opens up, and how taxing it can be on your computer (as well as your electric bill).

      First, if this ever catches on it won't be just 1 site doing this. You'll have multiple sites clogging up your computer and sucking up your resources at once. Chances are good your computer will become unusably slow and bogged down.

      Second, if you can make someone's computer mine your crypo-currency, you can make their computer do all sorts of other bad things to through the same security hole. This is literally a hacker's treasure trove.

      Third, running your computer full force like mining apps do isn't so good on your computer long term, nor is it good for your electric bill. Think of it this way, would your car last 10 years if you drove it at 100 MPH, or whatever it's maximum speed is, for 16 hours a day? Of course not. It would last longer at a more modest speed like 25 MPH, but that extra wear would still make it have a much shorter life. And then you'd need a lot of gas to keep your car running as I outlined in that example.

      reply to this | link to this | view in chronology ]

      • identicon
        Rich Kulawiec, 14 Feb 2018 @ 9:34am

        Re: Re: So, Site visitors are cows to be milked?

        Everything about the comment I'm following up is dead-on accurate. I'd just like to augment the second point, which should send cold shivers down the spine of anyone who understands what it means.

        As I've said many times: if someone else can run arbitrary code on your computer, it's not YOUR computer any more.

        So when -- not if -- WHEN a site like Salon is hacked, or its content delivery network is hacked, the new owners are free to use this mechanism to do whatever they want on your computer. They could mine whatever the next bogus cryptocurrency is. They could use it to run brute-force decryption attempts against passwords. They could download child porn into it and then attach it to a file-sharing network. They could...well, you get the idea.

        And if these actions are performed by what is nominally your computer, who do you think will bear legal responsibility for them? Do you think that a court will listen to, let alone understand, let alone believe, the argument that what your system was doing while you sitting in front of it was completely unknown to you and in no way your fault?

        (If you answer yes, then you really, really, REALLY should search Techdirt and the rest of the web for the name "Julie Amero".)

        If Salon can't exist without ads (which are a cesspool of malware and privacy-destroying tracking) and it can't exist without hijacking user's systems, maybe it should just shut down.

        reply to this | link to this | view in chronology ]

        • icon
          orbitalinsertion (profile), 14 Feb 2018 @ 1:41pm

          Re: Re: Re: So, Site visitors are cows to be milked?

          When people get used to computationally-intensive bog down on their systems, they won't be looking for a problem anymore. That means all sorts of badly designed regular malware might be ignored. It also means a hijack of the expected mining could be doing anything which is computationally-intensive. Like cracking encryption keys or brute-forcing passwords on a network that should be secure, or helping to DDoS the hell out of some target.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Feb 2018 @ 10:00am

        Re: Re: So, Site visitors are cows to be milked?

        Chances are good your computer will become unusably slow and bogged down.

        CPU scheduling limits/priorities/policies are an old technology. There's no good reason the computer should be "unusable".

        if you can make someone's computer mine your crypo-currency, you can make their computer do all sorts of other bad things to through the same security hole.

        It's a bad idea to run Javascript code, but there's no security hole being exploited here. If you allow scripting, this will run in the sandbox and not try to break out of it. (CPU-centric code like this is really easy to sandbox. Actual exploits come from complex interactions with DOM etc., not pure computational code.)

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Feb 2018 @ 10:50am

          Re: Re: Re: So, Site visitors are cows to be milked?

          Just because there isn't currently a publicly known way to exploit someone's computer via a sandboxed app with this access doesn't mean someone won't figure out or hasn't already discovered a means to do so.

          I know at some point you just have to trust something or someone but voluntarily handing over control of a computer to a third party before it has been fully vetted is a very insecure practice.

          Just remember spectre and meltdown. Those both exploited something that for years the world thought was safe.

          reply to this | link to this | view in chronology ]

          • identicon
            Bruce C., 14 Feb 2018 @ 12:14pm

            Re: Re: Re: Re: So, Site visitors are cows to be milked?

            Not only that, but the reason many users block javascript and ads, either entirely or selectively using a tool like NoScript or adblock, is because Javascript and ads have already been used to inject malware into users' PCs.

            On the other hand, legitimate, fuly-disclosed use of Javascript to crypto-mine on a website doesn't increase the threat envelope for anybody.

            Either you already allow scripts from that site to run, in which case you're vulnerable if/when that site gets hacked to host malware. Or, you block javascript for that site already, in which case the site is largely non-functional. These states occur regardless of whether the site does crypto-mining in JS or uses JS to manage interactions between your browser and their site.

            reply to this | link to this | view in chronology ]

            • identicon
              Rich Kulawiec, 14 Feb 2018 @ 12:39pm

              Re: Re: Re: Re: Re: So, Site visitors are cows to be milked?

              Or, if the Javascript is served from a content delivery network, and that's what's been hacked, then every site using that same CDN may also be serving up malicious code. So while the code may still be sandboxed inside the user's browser (we hope) it's not necessarily limited to the site that the user happens to be pointing their browser at.

              If I'm reading what I see out of my browser right now, THIS site uses Javascript hosted at Akamai, Google, Twitter, Soundcloud, InstinctiveAds, Amazon, ISupportJournalism, and itself.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 14 Feb 2018 @ 3:16pm

                Re: Re: Re: Re: Re: Re: So, Site visitors are cows to be milked?

                If I'm reading what I see out of my browser right now, THIS site uses Javascript hosted at Akamai, Google, Twitter, Soundcloud, InstinctiveAds, Amazon, ISupportJournalism, and itself.

                And none of that shit uses Subresource Integrity. Lovely. Any of it can compromise the security (grab passwords etc.) of Techdirt readers who enable Javascript. And, as you say, try to break out of the sandbox to do worse.

                reply to this | link to this | view in chronology ]

              • icon
                The Wanderer (profile), 15 Feb 2018 @ 5:50pm

                Re: Re: Re: Re: Re: Re: So, Site visitors are cows to be milked?

                FWIW, the JS from most of those domains isn't necessary for "the Techdirt experience" to function.

                I'm only allowing scripts from Akamai, Google APIs, and Techdirt itself, and I can use the full functionality of the comment system, as well as see the Insider Chat box. The Soundcloud embed (or I assume that's what it is) at the top of the page doesn't appear to work, but then I don't want it to; I'd be happier if it weren't even there.

                IIRC, even the Akamai permission isn't necessary; I'm pretty sure I've seen other Techdirt articles, just recently, where that wasn't listed in the source domains of present scripts.

                I can indeed see scripts from Twitter and from other Google domains, but they aren't being allowed to run, and the site still works fine.

                reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 14 Feb 2018 @ 3:14pm

            Re: Re: Re: Re: So, Site visitors are cows to be milked?

            Just because there isn't currently a publicly known way to exploit someone's computer via a sandboxed app

            I fully agree with you. That's not the point. The point is that this specific thing does not resemble an exploit, and there's little reason to consider it a slippery slope to one. JS exploits exist already and have a bright future; some stuff like Rowhammer might not even be fixable in software.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 14 Feb 2018 @ 7:15pm

              Re: Re: Re: Re: Re: So, Site visitors are cows to be milked?

              If there is a slippery slope here, we've already been sleding down it for a long time now. And at the bottom we've found snoopers and cryptocurrency miners.

              reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 14 Feb 2018 @ 5:12pm

            Re: Re: Re: Re: So, Site visitors are cows to be milked?

            Yes it was a bad idea of Netscape's to let sites run perform arbitrary computation, even if it's in a sandbox.

            But I'm sorry to report, you're over a decade too late to complain about this.

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Feb 2018 @ 9:55am

      Re: So, Site visitors are cows to be milked?

      So, Site visitors are cows to be milked? Salon joins a LOOOOOONG list of sites with that attitude.

      What do you mean "joins"? They were milking advertising revenue from their cows/visitors from the beginning.

      reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 14 Feb 2018 @ 6:50am

    "The question at this point is: How far can publishers push the limits towards a really bad user experience?"

    Some of those publishers have already gone from offering merely annoying ads to intrusive ads, to ads that auto play f*cking sound and/or video the moment you open their site to ads that actually cover the content you're trying to read - then they whine about you using ad blockers to try to get at the content!

    Can anyone really be surprised that "user experience" is secondary to revenue at this point. That's even before you get to the security risks associated with many of the ads, I'm solely talking about the experience of looking at the article.

    reply to this | link to this | view in chronology ]

    • identicon
      I.T. Guy, 14 Feb 2018 @ 7:35am

      Re:

      I love when you hit a site, start reading then the ads blast what you were reading further down the page. I can't get to the back button quick enough when that happens.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 14 Feb 2018 @ 7:53am

        Re: Re:

        That is usually when you decide that the content these publishers are so in love with isn't worth the hassle, and never visit again if you can help it.

        reply to this | link to this | view in chronology ]

    • identicon
      Rich Kulawiec, 14 Feb 2018 @ 10:28am

      Re:

      Two points: first, you're darn right. "User experience" has become synonymous with "be forcibly co-opted into the web designer's unique, idiosyncratic vision of how you should interact with as much bloated, slow, screen-chewing, bandwidth-eating, CPU-hogging crap as possible while you are given the minimal amount of useful content".

      I don't want a f**king experience. I want to read something or buy a widget or schedule an appointment.

      Second, credit to Paul Gardner for this concise summation:

      "Trying to read articles online is becoming a pretty miserable experience when you spend so much time trying to battle ads and page adjustments. It's like trying to read a book where the text keeps moving and someone keeps slapping it out of your hands."

      reply to this | link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 14 Feb 2018 @ 1:44pm

      Re:

      I remember times when a lot of ads backed off for a while from being egregiously annoying. They always return to form after a bit, though.

      blink, deprecated

      reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 14 Feb 2018 @ 6:54am

    I've got an even better offer

    Hey Salon,

    I have an even better offer for you!

    How about, you run ads and mine cryptocurrency in browsers, and in exchange I'll never visit your site ever again.

    Ever.

    Never ever.

    Even if you change this policy, I won't know about it because I will not ever visit your site again.

    This is a fantastic opportunity for you and I think you should take advantage of it. What makes this such a great offer is the fact that the internet offers so many choices of sites that one can visit to obtain information.

    Sincerely,

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Feb 2018 @ 3:20pm

      Re: I've got an even better offer

      Even if you change this policy, I won't know about it because I will not ever visit your site again.

      A year from now, they'll be shouting from the rooftops (again) that they've dispensed with their user-hostile behavior (again) and everyone should come back. Or they'll be dead. Either way I'll be laughing and laughing.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2018 @ 6:57am

    Really, *Salon*?

    The popup asks users to "consider" unblocking ads, as if it's optional, but it looks like you're forced into 2 unpaletable options... or leaving completely. And are they forgetting their history:

    More important, by this point the public was, understandably, thoroughly confused about how to get to read Salon content. It took many years for our traffic to begin to grow again. Paywalls are psychological as much as navigational, and it's a lot easier to put them up than to take them down. Once web users get it in their head that your site is "closed" to them, if you ever change your mind and want them to come back, it's extremely difficult to get that word out.

    Also, the FAQ has clearly not been copyedited, because they make the mistake of using "opt-in" where it should be "opt in" (verb form): "If I opt-in, will I see ads?". This does not make a good first impression...

    (That said, the content is loading fine for me. Maybe the "third option" is to disable Javascript.)

    reply to this | link to this | view in chronology ]

  • identicon
    Nate, 14 Feb 2018 @ 6:59am

    "Salon Offers To Remove Ads If Visitors Help Mine Cryptocurrency"

    Yeah, that's not even close to what is going on here. Salon doesn't offer to do anything; if you don't have an ad blocker, you don't get the pop-up, but if you do then you are blocked from reading the site until you either turn off the your security extension (the ad-blocker) or agree to let Salon run the miner in your web browser.

    That is not an "offer", and Salon doesn't actually block ads (visitors are doing that). What Salon is doing is issuing an ultimatum.

    P.S. According to my readers, if you have a JS blocking extension then Salon's trick doesn't work.

    reply to this | link to this | view in chronology ]

  • identicon
    Nick-B, 14 Feb 2018 @ 7:05am

    Stop bad ads

    It's ridiculously simple, if they want to stop people from blocking ads, they need to stop letting advertisers write their own script to play in place of ads. I refuse to display ads on most sites because I simply cannot trust that they didn't sell out ad space to some adware scam. Heck, just the other day I was on Yahoo on my parent's computer and one link to a Yahoo article led me to one of those "YOUR COMPUTER HAS A VIRUS" scam redirects.

    If data tracking and demographics targeting is so important to advertisers, then the ad companies themselves need to offer this service themselves for advertisers. There needs to be an end to allowing anyone on the internet to write a script that only HALF the time delivers malware when the ad companies aren't looking.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Feb 2018 @ 9:13am

      Re: Stop bad ads

      It's ridiculously simple, if they want to stop people from blocking ads, they need to stop letting advertisers write their own script to play in place of ads.

      You might then enable them, but I wouldn't. I don't ever want to see banner ads. I might download them and not display them, so it looks good to their advertisers, but my ad-blocker removed that feature and I can't be bothered to add it back.

      reply to this | link to this | view in chronology ]

  • identicon
    uvleln56Xi, 14 Feb 2018 @ 7:07am

    I wonder what role DRM will play in this?

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 14 Feb 2018 @ 7:20am

    I'll unblock ads when sites like Salon agree to take legal responsibility for any and all damage that scam ads on their site might do to my computer.

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 14 Feb 2018 @ 7:21am

    "explaining how making money from journalism is hard"

    LMFTFY....
    Explaining why with the passage of decades of declining revenues and growing executive pay, they haven't bothered to consider the model is flaw in the current marketspace, instead they have decided that the blockchain will save them!!!!!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2018 @ 7:23am

    Don't see anything but down sides to this.

    How about I just don't turn off the adblocker and keep noscript from letting this cryptominer get started?

    I don't think any site is so exclusive that those that won't show their content without java a place I need be. All it tells me is to go search for another site without that issue.

    Until ad companies clean up their act, I'm not allowing any ads shown. When I get malvertising, they don't want to talk to me or anyone else with that problem, you on your own. If the hours it takes to clean my system is on me, so is the cure.

    There's a reason why ad blockers have become popular. Ad companies have pulled too many sneakies in the past.I sure as heck don't trust them or any site pushing ads now.

    reply to this | link to this | view in chronology ]

  • icon
    John85851 (profile), 14 Feb 2018 @ 8:13am

    Browsing the internet while rendering an image

    I might be in the minority, but here's something to consider:
    I actually use my computer's processor to render images of digital models. This means the rendering software will take 80-85% of my CPU usage, usually for about an hour or two.

    I use this time to browse the web and read interesting stories. I sometimes load up 5 or 6 tabs with stories to read just so Firefox doesn't have to load any pages, then I started rendering an image.

    So what happens to people like me who are already using their processor? Will Salon work if its crypto-miner can't run any calculations because there's no free CPU cycles? Will I get a pop-up saying to free up more CPU or the site won't load the rest of the page?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Feb 2018 @ 10:05am

      Re: Browsing the internet while rendering an image

      So what happens to people like me who are already using their processor? Will Salon work if its crypto-miner can't run any calculations because there's no free CPU cycles? Will I get a pop-up saying to free up more CPU or the site won't load the rest of the page?

      It's the other way 'round. The page loads, and then if Javascript is enabled it will bring the popup to prevent you from reading. Just kill all scripts once the content is there, or disable/block scripts to begin with, and you'll be fine.

      There's no minimum mining requirement either, but if you renice your browser to avoid this CPU hog the whole thing is likely to be slow (scrolling etc.), unless you seek out the JS thread(s) and only renice that.

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 14 Feb 2018 @ 9:17am

    Hang on! Universal fix coming soon! -- HTML5, chock full of DRM will make BOTH advertising AND "mining" unavoidable! Long while back, TD jeered my notion that version 5 is sheerly for advertising, and you'll still jeer because...

    ... knee-jerk gainsayers, but won't change facts.

    BTW: a few months back, was reported that Google's Chrome would remove advertising EXCEPT that from Google.

    Teh "free" internets and "don't be evil" stage is over, now you're going to get all the corporatism you deserve: ruthless and unavoidable, while spying on your every action, anything typed, permanent tracking cookies, web site history and stats, mouse / finger movements, page position, noise in the room, and even direction of your eyes by way of the cameras.

    So I quote John Galt: Brothers, you asked for it! -- Every time you let masnicks get away with asserting that corporations have First Amendment right that's superior to yours, you BEG to be ruled by corporations.


    [And actually, even advertising isn't the ultimate goal: HTML5 is another big step toward total surveillance.]

    reply to this | link to this | view in chronology ]

    • icon
      Killercool (profile), 14 Feb 2018 @ 9:43am

      Re: Hang on! Universal fix coming soon! -- HTML5, chock full of DRM will make BOTH advertising AND "mining" unavoidable! Long while back, TD jeered my notion that version 5 is sheerly for advertising, and you'll still jeer because...

      Well, according to Common Law, a bird in the hand is worth two in the bush, so there.

      reply to this | link to this | view in chronology ]

    • icon
      An Onymous Coward (profile), 14 Feb 2018 @ 11:01am

      Re: Hang on! Universal fix coming soon! -- HTML5, chock full of DRM will make BOTH advertising AND "mining" unavoidable! Long while back, TD jeered my notion that version 5 is sheerly for advertising, and you'll still jeer because...

      Foil is on sale this week at Costco. Better go stock up!

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 15 Feb 2018 @ 1:14am

      Re: Hang on! Universal fix coming soon! -- HTML5, chock full of DRM will make BOTH advertising AND "mining" unavoidable! Long while back, TD jeered my notion that version 5 is sheerly for advertising, and you'll still jeer because...

      "HTML5, chock full of DRM will make BOTH advertising AND "mining" unavoidable"

      False. Intelligent people will just avoid the places that do that.

      Although, I'd laugh my ass off if Mike could implement something that targets your IPs and makes sure you mine currency for him. You've just stated you see nothing wrong with people doing that, after all.

      "BTW: a few months back, was reported that Google's Chrome would remove advertising EXCEPT that from Google"

      Don't like it? Use a different browser. There are many competitors.

      reply to this | link to this | view in chronology ]

      • identicon
        Thad, 15 Feb 2018 @ 7:17am

        Re: Re: Hang on! Universal fix coming soon, on the outside of the tracks, you take 'em, the same old babies with the same old toys, the neighbors screaming when the noise annoys, somebody naggin' you when you're out with the boys.

        False. Intelligent people will just avoid the places that do that.

        I don't agree with equating online savvy with intelligence. Lots of intelligent people aren't aware of what's going on with the JavaScript on a given website. Hell, even reputable websites have been known to accidentally serve up malware through their ad networks.

        None of which has a damn thing to do with HTML5; Blue is, as always, an idiot, and, as always, has no idea what he's talking about. HTML5 does allow for DRM in video and audio content (and people a little more literate than Blue will have noticed that Techdirt believes that this is a bad thing), but that's got nothing to do with running code. DRM may indeed introduce security vulnerabilities, but it certainly doesn't make cryptocurrency mining unavoidable, because, uh, it has fucking nothing to do with cryptocurrency mining. Browsers run executable code through JavaScript, not HTML.

        Neither does HTML5 make advertising inevitable. DRM'ed video isn't any more "inevitable" than DRM-free video. An autoplay video is an autoplay video, with or without DRM. There are ways of blocking videos from autoplaying, and many browsers now have autoplay disabled by default and prompt the user to turn it on on a per-site basis.

        tl;dr add web browsers to the extensive list of things Blue lacks a basic understanding of but still has very strong opinions on.

        reply to this | link to this | view in chronology ]

  • identicon
    Ryan, 14 Feb 2018 @ 9:40am

    hypothetical

    How is using your CPU to mine crypto any different than using your CPU to load a million javsacript widgets and slide slows and AJAX content and what not that allt he sites do these days anyway?

    reply to this | link to this | view in chronology ]

    • icon
      takitus (profile), 14 Feb 2018 @ 11:19am

      Re: hypothetical

      The answer is quite possibly “no different at all”. Unless the site owners (let alone the users!) of a modern script-heavy site have taken the time to check the multitude of (probably obfuscated) JavaScript they run for vulnerabilities, questionable requests and even suspicious busy loops, pretty much anything could be running in a user's browser. Clearly most site admins aren’t doing much checking.

      As other commentators have noted, a browser’s sandbox cannot prevent a script from doing arbitrary number crunching. Mining blockers like NoCoin block known mining scripts, but this blacklisting approach can’t stop “trusted” (but compromised) scripts from mining while ostensibly sliding widgets around.

      The popular computing world accepts that a modern Web browser must run every piece of JavaScript thrown at it. Correspondingly, Web browsers have become enormously complex programs with code-line counts on the order of entire operating systems, which users must, nevertheless, trust to protect them from tons of arbitrary code. And the Web development world has decided that more, not less JavaScript is the solution to their customers’ problems. I think it’s fair to say that no one has a clear idea what’s going on when they use the modern Web.

      reply to this | link to this | view in chronology ]

      • identicon
        Christenson, 14 Feb 2018 @ 12:54pm

        Re: Re: hypothetical

        I think it's more to say that no one has clear bounds on what their browser does when they use the web....

        And, the minute we allow any form of recursion, the problem of bounding the behavior of the programs we load becomes insoluble.

        As an end user, I need to be able to (without too much inconvenience) limit the amount of damage any given browser tab can do and control it. My! That looks a lot like what my OS needs to do with programs, too!

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Feb 2018 @ 1:18pm

          Re: Re: Re: hypothetical

          My! That looks a lot like what my OS needs to do with programs, too!

          That what Qubes OS, or Linux Containers do.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2018 @ 5:30pm

    This will be fantastic for power bills and the environment.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 5:10am

    TANSTAUCP

    There ain't no such thing as unused computing power. If the system does not need all of its CPU power, it will switch off some parts, to save the batteries.

    Allowing Salon to run a crypto-miner will cost you at least some electric power, and therefore money.

    Ads will also cost you money, because they nudge you into buying stuff you don't need. Both propositions (ads and miners) are hypocritical in this regard.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.