According to the report, ethical problems remain even when a user voluntarily consents to their CPU being used for mining, as the user might not fully understand that to which they are signing. While they might benefit from a lack of ads or higher quality video streaming on the site, they could also be stuck with “higher energy bills, along with accelerated device degradation, slower system performance, and a poor web experience.”
Also, economics are addressed to a more limited extent. From the actual report:
While visits to parked domains are considerably shorter than an average website, the data spans a period of three months and gives some insight into the profitability of cryptojacking. During the experimental period of about 3 months, they accumulated 105 580 user sessions for an average of 24 seconds per session. For the period examined, the revenue was 0.02417 XMR (Monero’s currency) which at the time of writing is valued at $7.69 USD.
In other words, cryptojacking burns a lot of electricity, slows down the CPU, degrades the web experience, and in return pays the malfeasants a pittance.
From Arxiv.org : A First Look at Browser-based Cryptojacking [arxiv.org] (warning for PDF).