The new replacement for ads?
Not sure what I'd rather (not) have to be honest
Cryptojacking is well on its way to becoming a new menace to internet hygiene. On some sites, internet publishers are making money by using the spare processor cycles of visiting surfers to mine cryptocurrency, using scripts running in the background on pages to mine coins. In other cases, hackers have planted JavaScript on …
Honestly, I'd rather give up CPU cycles than see intrusive (or any, really) ads. I'm fortunate enough, probably like most people here, to have a powerful CPU, so the cycles are spare anyway. I could see how for a lot of users it'd be more of a problem.
It'd be nice to see it evolve into a way for it to be managed, via some sort of side action of seeing how well the page is loading, to determine how much strain the mining is having on the user.
But when I'm browsing the web, it tends to be all I'm doing (bar a tv show or movie playing in the corner) so I think it's a great way to help pay for sites.
The problem is the internet has always been "free", and that mentality is never really going to go away. Far too many people see ads as some sort of insult almost, even if they're not intrusive; just them existing is a problem. But content creators need to get paid!
There is a cost for background mining, power, life of CPU etc. OK, perhaps minuscule and something I would agree to if asked for informed consent. The crucial point is that I am not asked so have not agreed and it is theft.
The other concern is security. Who knows what may be smuggled onto my PC along with the mining script.
Previously I'd leave Firefox running for 3-4 weeks before it would get slow and I'd need to restart it. Lately I've needed to restart it a couple times a week, but I haven't updated it since early June. Makes me wonder if at some point I'm visiting a site with one of these Javascript miners, and it is somehow continuing to run in the background even after I've closed the tab/window for the site. Is that possible? Any way to tell?
This is why the NoScript plugin has become one of the most essential things any user needs... Been using it for years and have already been able to block attempts to run this kind of code... domains like coinhive are also now blocked at the source.
If you don't run anything to block scripts, you only have yourself to lame when/if something dodgy happens to your system.
I'd also recommend privacybadger and a good adblocker as the minimum steps every user should take.
Lastly... ditch chrome/edge and use firefox... I can't comment on browsers like safari or others as I've never used them.
Problem is those attacks can come for legit sites that got hit by dodgy ads. You might think you're allowing the site you're visiting to present content properly but at the same time letting the malware in.
You can block other domains but, again, many sites use third-party JS code and need them for core functionality.
The web's a tough world...
Unless the user has specifically OKed the running of mining scripts they should fall under the misuse of computer laws; the code is making the computer do something not expected by the user or required to deliver the site's content.
Unless covered in the sites terms and conditions (not buried in them) or covered by a pop-up asking if it is OK, it just can't be legal to my mind.
Having said that I can see it would be useful for funding niche/hobbyist sites and would be OK with it provided the user is kept informed.
> it would be useful for funding niche/hobbyist sites and would be OK with it provided the user is kept informed
If managed properly (maybe via "official" browser or protocol support) maybe this could be a way to do truly unobtrusive micropayments? I.e. I let you use 10% (or whatever) of my CPU cycles for the duration of the time that I'm visiting your website, and in exchange you show me no ads and you collect no data about me.
"Unless the user has specifically OKed the running of mining scripts they should fall under the misuse of computer laws"
Did you approve any of the various other intrusive and annoying crap scripts do? Ever heard of anyone prosecuted for what a non directly destructive or hacking script does?
A quick check on U-Block Origin shows that the AdGuard Base List contains:
! Block CoinHive
!+ PLATFORM(ext_ff, ext_opera, ios, ext_android_cb, ext_ublock)
||coin-hive.com^$third-party,domain=~cnhv.co
!+ PLATFORM(ext_ff, ext_opera, ios, ext_android_cb, ext_ublock)
||coinhive.com^$third-party,domain=~cnhv.co
||xbasfbno.info^$domain=oload.info|oload.tv
||jsecoin.com^$third-party
||minemytraffic.com^$third-party
||afminer.com^$third-party
||coinnebula.com^$third-party
||crypto-loot.com^$third-party
Other lists probably also address this...