Just Say No


As if the lack of trust hadn’t sunk low enough between internet users, advertisers, and the websites which host advertisements, along comes cryptojacking, a method for either honestly or dishonestly using the computing power and electricity of internet users to mine cryptocurrency. Last week, users of YouTube in some countries noticed that their antivirus and antimalware programs were alerting them to code hidden in ads on YouTube which were enlisting their computers for cryptomining without their permission. Google, which administers YouTube, claims to have fixed the problem. Unfortunately, there are many small websites that don’t have Google’s Information Technology (IT) resources and may have been hacked and had cryptojacking code installed without their knowledge.


Cryptojacking sounds like it should be illegal, but oddly enough it is not. There can be repercussions such as blacklisting for hiding code in ads, and of course this sort of activity serves to push more people toward the use of ad blockers, which deplete the revenue of honest websites as well as dishonest ones. There are now outfits on the web, Coinhive being the most notable, which promote to website owners the idea of replacing ads altogether with a bit of JavaScript code on the website itself that will enlist the computers of visitors in mining Monero, a type of cryptocurrency that, unlike Bitcoin, doesn’t require high end equipment. Coinhive takes 30% of the resulting mining revenue, and the website owner gets 70%. Coinhive rather dubiously promotes this as a fair business model for the website owner in a time of declining revenue from ads, while not mentioning its relative fairness for the website visitor.

Cryptocurrency Mining Farm
A mining farm of Genesis Mining in Iceland. These are mainly Zeus scrypt miners. 2014 photo by Marco Krohn. No subterfuge involved in this cryptocurrency mining operation. Note that because the calculations required to create the currency generate a lot of heat, there are fans at the ends of all the units.

As originally set up by Coinhive, the JavaScript ran without the internet user’s knowledge or permission. If an internet user visited a website running Coinhive‘s JavaScript code, and the user’s security software did not alert the user or block the code from running, the only indication the user had of being legally cryptojacked was how unusually busy their computer was and, when the electric bill arrived, how unusually high it was. Savvy computer users might also check running processes monitored by the task manager on their computer. But it’s a good bet that most computer users have no idea about task manager or where to find it on their computer. Some users don’t run any security software at all, or if they do, they misuse it. Running Coinhive software without the knowledge or permission of website visitors is sneaky at best, and more likely just plain unethical, and any arguments from Coinhive or anyone else that it is a fair replacement for ads is mere sophistry.

After some amount of pushing from internet users, Coinhive started offering an above board, opt-in type of cryptomining code so that website visitors knew what was being asked of them. Naturally that version has not proved popular with the website owners who partner with Coinhive because advising visitors of cryptomining activity only leads to the great majority of them declining to participate. People who are not computer savvy, when confronted with an option which will in all likelihood confuse and frighten them, will resort to the safest option and just say no. More computer savvy visitors will likely decide it’s not worth their while to have their computer slowed down to a crawl and their electricity bill hiked by a few dollars a month just to visit a website. Only the most indispensable websites could get away with it, and they are apt to have access to many other less complicated sources of revenue. Coinhive, meanwhile, continues offering the original, surreptitious version of its software.

Naturalist David Attenborough discusses brood parasitism among birds in this BBC wildlife segment.

The arms race between website owners and advertisers on one side, and website visitors on the other side, began when internet service was incredibly slow and most consumers had data caps. Ads, particularly Flash ads that jumped up and down to attract the visitor’s attention, slowed down internet service even more and sucked up the visitor’s limited data. Enter ad blockers. The thing about ad blockers, however, is that even though most of them offer users the ability to whitelist websites, most users are either unaware of that option or don’t bother to use it unless prompted by the website. Ad blockers often act effectively as blunt instruments then, punishing honest websites which display discreet, reputable ads in an above board manner, along with dishonest or careless websites which display gaudy ads that may or may not harbor malicious code. Like many other areas of life, on the internet a few bad actors can spoil the honest efforts of the majority of website owners. The answer to declining revenue from the arms race between advertisers and advertising blockers is not for website owners to get sneaky, however, which erodes trust, but to develop trust with their visitors and exercise restraint on their advertisers.
— Techly