from the all-your-browsers-are-belong-to-us dept.
There has been a trend to burden visitors of javascript-infested web sites further by mining cryptocurrencies on the visiting machines. Sometimes it is the site hosting the web pages being visited doing the mining. Sometimes it is third parties. A recent report from Concordia University in Montreal, Canada, looks at the ethics behind browser-based cryptocurrency mining, focusing on the case of Coinhive.
According to the report, ethical problems remain even when a user voluntarily consents to their CPU being used for mining, as the user might not fully understand that to which they are signing. While they might benefit from a lack of ads or higher quality video streaming on the site, they could also be stuck with "higher energy bills, along with accelerated device degradation, slower system performance, and a poor web experience."
Also, economics are addressed to a more limited extent. From the actual report:
While visits to parked domains are considerably shorter than an average website, the data spans a period of three months and gives some insight into the profitability of cryptojacking. During the experimental period of about 3 months, they accumulated 105 580 user sessions for an average of 24 seconds per session. For the period examined, the revenue was 0.02417 XMR (Monero's currency) which at the time of writing is valued at $7.69 USD.
In other words, cryptojacking burns a lot of electricity, slows down the CPU, degrades the web experience, and in return pays the malfeasants a pittance.
From Arxiv.org : A First Look at Browser-based Cryptojacking (warning for PDF).
(Score: 1, Interesting) by Anonymous Coward on Monday March 12 2018, @06:46PM (2 children)
How long have we been telling people not to blindly run binaries they downloaded from the internet. I fail to see how javascript is any different.
(Score: 2) by bart9h on Monday March 12 2018, @09:31PM (1 child)
What I can't understand is why people run a computer without some kind of CPU usage monitor. Just a small icon on the taskbar will do. If it's stuck at 100% when you're not running some intensive computation, you know something is wrong, and go check what program is using the CPU.
(Score: 2) by kazzie on Tuesday March 13 2018, @07:19AM
^ Yeah, that intern can't be trusted with your CPU time.
(Score: 4, Interesting) by Zinho on Monday March 12 2018, @06:50PM (3 children)
The webcomic Erfworld just launched an experiment in opt-in cryptomining as a way to replace ad revenue, and they've declared that it's working. [erfworld.com] Conclusions from early in their experiment:
* browser-based mining is too inefficient, and costs the miner more than they're earning
* GPU-based mining shouldn't kill your card; the cards throttle themselves at high temperature, and are designed to run long-term anyways.
* having a handful of readers mine currency will result in a new decrease in carbon footprint for the comic! The dynamic bidding process for ads to all of their 5 million page impressions per month (plus the energy spent displaying the ads themselves) is more total energy than will be used by the miners.
Given that mining in ECMAscript is dodgy with the user's approval, doing it without their consent is fairly evil. It's too bad that the people doing it are probably looking at it as free money (very little of their own compute horsepower used); it would be good to see it die the natural death it deserves.
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
(Score: 1) by cocaine overdose on Monday March 12 2018, @07:51PM (2 children)
Welcome to the wild west of Closure and Web Assembly. Let me take your coat.
(Score: 3, Interesting) by Zinho on Monday March 12 2018, @09:31PM (1 child)
If this is the Wild West, I'll keep hold of my belongings; no offense.
I haven't been keeping track of web programming standards, so thanks for the pointers to Closure and WASM. Not sure I want any of that on me, but good to know it exists.
From my reading, both Closure and WASM run in a sandbox for security reasons; this means that neither have access to the GPU for hardware acceleration of the math. That being the case, I'm going to give the fine folks at Erfworld the benefit of the doubt and trust that they made a comparison of best-practices for both the web and downloadable clients before declaring the web version too lossy.
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
(Score: 2, Informative) by cocaine overdose on Tuesday March 13 2018, @02:38AM
One word: Monero. It's why CoinHive is mining it instead of ETH. Cryptonote is god in the CPU realm.
(Score: 2) by looorg on Monday March 12 2018, @08:25PM (5 children)
Are there some comparison numbers around? What does 105 580 user sessions a 24 seconds per session give in "normal" ad revenue? But yes some side project is never going to be as good as a dedicated machine, if it was there wouldn't be any dedicated machines running.
From the miners perspective: Yes it's burning a lot of electricity -- but it's not your electricity so you don't care. Slows down the CPU -- but not your CPU so you don't care. Degrades the web experience, that might be an issue since people will close your session or go someplace else if the experience is bad. Since the numbers seems to come from a domain parking service they might not actually be all that relevant compared to a live running service. The sessions are naturally short cause people don't stick around on those pages. The return is a pittance, could be. But is it scalable? What if you had a super popular site where people spend hours per day? Sure normal ads would be a lot more profitable there to so there is that but if you are one of them "youtube celebrity" type people that get millions of clicks and likes and whatelse there is per month. You have people watching your half hour video clips. What then? Perhaps it's a matter of tuning it so you don't run your script full blast just sucking down the host-CPU and making the experience totally shit. If you tune it down so it's not, or barely, noticeable. Jacking all CPU and resources just seems like really bad programming, if you are trying to do sneaky stuff you don't want it to be noticeable do you? Is a short burst of hijacking CPU cycle better then a slow and steady usage? What if you ran it at half speed but for twice as long, wouldn't the result be the same? Possibly better if the persons don't notice it and keep coming back or staying longer.
(Score: 2, Insightful) by c0lo on Monday March 12 2018, @09:16PM (4 children)
I can assure you if my CPU/video card fans go berserk, I'm not gonna spend hours every day on S/N in a very short time.
Popularity can go down.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Interesting) by fyngyrz on Monday March 12 2018, @09:32PM (2 children)
What about if it was reasonably throttled? Say, 10% of your available resources?
Personally, I'd much rather mine CC for a site than I would look at the excrement that passes for advertising these days.
But yes, if it floored the machine, that'd be an unacceptable level of consumption. I don't just surf the web; I do it during compiler builds, etc., and my machine is just about always running my SDR software, which requires about 10% of the system all by itself.
(Score: 2) by c0lo on Monday March 12 2018, @10:55PM
Pre-announced and reasonable may be Ok.
Mind you, it may or may not be, depending on the circumstances. Examples when it may not: reading S/N from my mobile (while using public transport), or reading S/N from the office's workstation while the monster C++ part of the project compiles for the next half-an-hour.
(substitute S/N with 'your favourite site using cryptomining to cover the costs')
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Interesting) by c0lo on Monday March 12 2018, @11:00PM
Even then I'd prefer a dedicated client than running in browser.
Any S/N coders raising to the challenge of implementing a native distributed cryptomining client to trickle in the S/N coffers?
No other dependencies please (a la Perla or Python)!
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by Sulla on Tuesday March 13 2018, @03:45AM
Finally a way to end the Colo menice! But in all seriousness we can't let soylent get the cryptocodes.
I think most of the editors, at least from what I have seen on the IRC are such ludites and respectors of your computer soverignty that they wouldn"t even consider it.
Ceterum censeo Sinae esse delendam
(Score: 2) by shortscreen on Tuesday March 13 2018, @04:52AM
Would-be miners just need to petition the W3C to add a hardware-accelerated mining API to HTML 6. They hate users. They'll do it.