Salon Offers To Remove Ads If Visitors Help Mine Cryptocurrency

from the just-renting dept

As we've been discussing, the rise of stealth cryptocurrency miners embedded on websites has become a notable problem. In some instances, websites are being hacked and embedded with stealth cryptocurrency miners that quickly gobble up visitors' CPU cycles without their knowledge. That's what happened to Showtime recently when two different domains were found to be utilizing the Coinhive miner to hijack visitor broswers without users being informed. Recent reports indicate that thousands of government websites have also been hijacked and repurposed in this fashion via malware.

But numerous websites are also now exploring such miners voluntarily as an alternative revenue stream. One major problem however: many aren't telling site visitors this is even happening. And since some implementations of such miners can hijack massive amounts of CPU processing power while sipping a non-insubstantial amount of electricity, that's a problem.

The Pirate Bay for example was forced to stop using visitor CPUs and browsers to mine Monero last fall after Reddit users complained the miner was slowing down their PCs and eating up 80% of their CPU cycles. The website stated that it was simply exploring new revenue streams to keep the website afloat:

"As you may have noticed we are testing a Monero javascript miner. This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running."

This week Salon joined the fun, informing users that they'd be happy to suppress advertisements if site visitors are willing to help mine cryptocurrency:

Creative exploration of alternative revenue streams is obviously necessary, and there's numerous examples where site-driven cryptocurrency miners could be used to help bolster scientific research. Salon pretty clearly understands this decision is controversial, offering up an entire website explaining how making money from journalism is hard, and the company needed to explore some new, creative solutions in order to stay afloat:

"Salon is instructing your processor to run calculations. Think of it like borrowing your calculator for a few minutes to figure out the answer to math problems, then giving it back when you leave the site. We automatically detect your current processing usage and assign a portion of what you are not using to this process. Should you begin a process that requires more of your computer’s resources, we automatically reduce the amount we are using for calculations."

That said, security researchers have similarly warned that this is a very slippery slope, and for every website that's being transparent about the process and respectful of the possible impact on computer performance, there're countless others who quite obviously won't give much of a damn about either. These are, after all, the same websites that are now engaging in ham fisted and annoying ad blocker blocking, frequently oblivious to how their own obnoxious ad decisions drove the rise of ad blockers in the first place.

As Malwarebytes researchers recently noted, there's no limit of websites that are already pushing their luck on this front:

"The question at this point is: How far can publishers push the limits towards a really bad user experience? You may be surprised that for many, this is not really a problem at all and that double dipping is, in fact, a fairly common practice...publishers ought to be more transparent with their audience because no-one likes unannounced guests. Unfortunately, there will always be publishers that care very little about what kind of traffic they push, so long as it generates good revenues; for those, cryptominers are just an added income to their existing advertising portfolio."

If implemented with respect for the end user and transparency, such miners may not be a bad thing. But bad actors could very quickly create an environment where users feel they're being accosted by sites that don't respect either, resulting in another layer of cat and mouse gamesmanship between sites publishers and readers. So while there's certainly potential here, escalating an already adversarial relationship in the adblocker era isn't likely to excite readers, forge community, or save journalism anytime soon.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Rich Kulawiec, 14 Feb 2018 @ 12:39pm

    Re: Re: Re: Re: Re: So, Site visitors are cows to be milked?

    Or, if the Javascript is served from a content delivery network, and that's what's been hacked, then every site using that same CDN may also be serving up malicious code. So while the code may still be sandboxed inside the user's browser (we hope) it's not necessarily limited to the site that the user happens to be pointing their browser at.

    If I'm reading what I see out of my browser right now, THIS site uses Javascript hosted at Akamai, Google, Twitter, Soundcloud, InstinctiveAds, Amazon, ISupportJournalism, and itself.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.