There has been a trend to burden visitors of javascript-infested web sites further by mining cryptocurrencies on the visiting machines. Sometimes it is the site hosting the web pages being visited doing the mining. Sometimes it is third parties. A recent report from Concordia University in Montreal, Canada, looks at the ethics behind browser-based cryptocurrency mining, focusing on the case of Coinhive.
According to the report, ethical problems remain even when a user voluntarily consents to their CPU being used for mining, as the user might not fully understand that to which they are signing. While they might benefit from a lack of ads or higher quality video streaming on the site, they could also be stuck with "higher energy bills, along with accelerated device degradation, slower system performance, and a poor web experience."
Also, economics are addressed to a more limited extent. From the actual report:
While visits to parked domains are considerably shorter than an average website, the data spans a period of three months and gives some insight into the profitability of cryptojacking. During the experimental period of about 3 months, they accumulated 105 580 user sessions for an average of 24 seconds per session. For the period examined, the revenue was 0.02417 XMR (Monero's currency) which at the time of writing is valued at $7.69 USD.
In other words, cryptojacking burns a lot of electricity, slows down the CPU, degrades the web experience, and in return pays the malfeasants a pittance.
From Arxiv.org : A First Look at Browser-based Cryptojacking (warning for PDF).
(Score: 0) by Anonymous Coward on Monday March 12, @06:46PM
How long have we been telling people not to blindly run binaries they downloaded from the internet. I fail to see how javascript is any different.
(Score: 2) by Zinho on Monday March 12, @06:50PM
The webcomic Erfworld just launched an experiment in opt-in cryptomining as a way to replace ad revenue, and they've declared that it's working. [erfworld.com] Conclusions from early in their experiment:
* browser-based mining is too inefficient, and costs the miner more than they're earning
* GPU-based mining shouldn't kill your card; the cards throttle themselves at high temperature, and are designed to run long-term anyways.
* having a handful of readers mine currency will result in a new decrease in carbon footprint for the comic! The dynamic bidding process for ads to all of their 5 million page impressions per month (plus the energy spent displaying the ads themselves) is more total energy than will be used by the miners.
Given that mining in ECMAscript is dodgy with the user's approval, doing it without their consent is fairly evil. It's too bad that the people doing it are probably looking at it as free money (very little of their own compute horsepower used); it would be good to see it die the natural death it deserves.
