back to article Stealth web crypto-cash miner Coinhive back to the drawing board as blockers move in

Malwarebytes has had enough of Coinhive's alt-currency-generating browser-side code, and is now automatically blocking it. The biz joins ad-block plugins in preventing Coinhive's Monero-crafting JavaScript from running in webpages, using visitors' electricity and hardware to mine new money. Coinhive is a legit outfit, and its …

  1. Anonymous Coward
    Anonymous Coward

    Any examples of web sites currently using this revised version?

    I'm interested to take a gander, see how it works, what it does to PC utilisation and resources, and apart from the consent, how obvious or intrusive it is.

    Quite happy to take a gander at middle-of-the-road NSFW sites if need be.

    1. Anonymous Coward
      Anonymous Coward

      Re: Any examples of web sites currently using this revised version?

      I reckon the first who will have this embedded are pr0n and relationship sites - if that hasn't already happened. This needs distracted users, after all :).

    2. Anonymous Coward
      Anonymous Coward

      Re: Any examples of web sites currently using this revised version?

      Quite happy to take a gander at middle-of-the-road NSFW sites if need be

      Nah, Middle of the Road wasn't that NSFW, despite involving a blonde and weird outfits.

      :)

    3. Anonymous Coward
      Anonymous Coward

      Re: Any examples of web sites currently using this revised version?

      To answer my own question, there's a test script on the Coin Hive web site. Using the default two threads it take about 60% of my CPU capacity. On my overclocked i5 that just tweaks the cooling fan up by a few hundred RPM, enough to notice, not enough to materially intrude. Using just one thread halves the number of hashes, but is barely noticeable. Interestingly the default 2 thread setting is sufficiently obvious that it tells me which other less reputable web sites are already using this or similar. In terms of interference with other tasks, very little - with several tabs open I could watch Youtube vids without interruption, piffle about here, and so forth. If you were gaming, compiling or doing other heavy lifting then you would either notice the load or need to reduce the number of threads - even then it might be too difficult. YMMV, particularly if your PC fans are noisy.

      So on that basis, it works, isn't a problem on my machine and I'd tolerate it for access to decent content, with the important proviso that I wouldn't allow mining on my CPU and put up with adverts as well. It's either or.

      What's this worth to the content provider? Well in ten minutes my CPU created 17,500 hashes. From Coin Hive we have:

      (<solved_hashes>/30286051346) * 6.19 XMR * 0.7= 0.000143 XMR per 1M hashes

      As each XMR is worth about $88, that means that 10 minutes on the Reg would earn them 2.2 US cents. If I visit the Reg for twelve minutes on 240 days per year, then they make $6.34, for half that or single thread mining, they make $3.17. From previous guesstimating, it looks as though unique users generated about 30p per year for Situation Publishing. If I assume they've lifted that to 40p per reader per year (53c), the break even point for mining would be an accumulated viewing time of 240 minutes per year, or about one minute per working day. Potentially the Reg could make more money, pay for more journalism, and not have the internal conflict inherent in "biting the hand that feeds it".

      Would somebody like to check my maths out? And you might want to try running the Coin Hive script on some different machines, see how that works out?

    4. Matt Judge

      Re: Any examples of web sites currently using this revised version?

      Here you go: https://soloviyko.com/

      Malwarebytes started notifying me today.

  2. 0laf Silver badge
    Meh

    Potential

    Given the choice of the current plague of ads or a 'reasonable' use of processing for mining when visiting a site I want to consume content from, I might well chose to allow the mining.

    But your content better be worth it and you'd better not take the piss.

    1. Anonymous Coward
      Anonymous Coward

      Re: I might well chose to allow the mining

      Until some sites start doing the tulip mania money mining and ads.

    2. Anonymous Coward
      Anonymous Coward

      Re: Potential

      "Given the choice of the current plague of ads or a 'reasonable' use of processing for mining when visiting a site I want to consume content from, I might well chose to allow the mining."

      But presumably if you have a lot of tabs open you could easily have multiple sites doing this and quickly grind your PC to a halt?

  3. Conrad Longmore
    Devil

    For example..

    I found an example yesterday, you can see how it works in this URLquery report:

    https://urlquery.net/report/99294f72-2377-4f21-b4ce-183c0a88160f

    Blocking coinhive.com and coin-hive.com and the associated IPs should mitigate it IMO.

  4. m-k

    this freely available tool has been abused

    let's be frank, human beings are scum. Has there been ANY tool in the world, ever, that's not been abused, if not in step one, than in step two?

    1. Anonymous Coward
      Anonymous Coward

      Re: this freely available tool has been abused

      Dildos? Can't say that they are abused if they're used for the original purpose...

      1. eldakka Silver badge
        Coat

        Re: this freely available tool has been abused

        A large dildo could be used as a billy club.

        So yes, the tool, a dildo, can be abused to do something not intended (well, unless it was bought in the S&M aisle, in which case that could be exactly what it's meant for...)

  5. Pascal Monett Silver badge

    El Reg should install this tool

    I block ads because safety, but I would gladly give you processing time.

    And since I spend a fair amount of time during the day with one of your pages loaded in a browser, it would be worth it for you.

    1. Fred Flintstone Gold badge

      Re: El Reg should install this tool

      I block ads because safety, but I would gladly give you processing time.

      Actually, that a good point. It's better than ads because users are not sucked dry for personal information and (and I guess this is the major objections from the big boys) there's no middle man to rip off a large percentage of your earnings. Even better, it's basically a click-through from everyone because it works when you're there without the need to lure eyeballs into clicking anything with any sort of deception.

      You would still need to make it's the user's decision with a "do not bitcoin" sort of cookie approach, but it strikes me as a far more honest and straightforward approach. Provided, of course, we can trust the code - I see that as the main challenge.

      If El Reg would do this I'd be happy to make sure that would be left unblocked.

      1. David Roberts

        Re: El Reg should install this tool - there's no middle man

        I thought we established in previous threads that most of the money went to the electricity provider.

        If this mining gives value for money and profit then why not run your PC flat out as a mining tig and donate some of the profits to El Reg?

        If it costs you £2 to donate £1 to El Reg for example there are more cost effective ways. Like just donating a quid directly without mining.

  6. Doctor Huh?

    WTF?!?

    The ad-blocker sites seem to be exercising careful judgment.

    Were I appointed God of the Web, that abhorrent piece of trash would have been blocked within a minute of the first reports, and I would have spent the rest of the day devising means to smite the perpetrators. On The Second Day, the smiting would begin.

    It is good to have adults in charge of such things.

    1. Anonymous Coward
      Anonymous Coward

      Re: Were I appointed God of the Web

      Add "death penalty to those morons who design web forms that clear all the fields in case one of them has some incorrect information so you have to start from scratch again for the Nth time damn bastards !!*&ˆ!@ aaaarrgh" and I'll vote for you.

  7. Ken Moorhouse Silver badge

    First Come First Served

    Let's say you went into two separate sites that used the same miner. Coin Hive would be best off allowing only the first active miner to be enabled, otherwise performance would plummet.

    Sound reasonable? Consider the response of some dubious sites to that: try and get that first mining page closed down so that they can take the reins. If that were possible then expect your session with the primary site to be cut off without warning.

  8. analyzer

    The reg should at least give this a go

    Just tested this on my system with 4 threads running, it doesn't get in the way although there is a slight slow down. Running with only 2 threads I wouldn't really notice this at all.

    Dump the ads and use this, you are welcome to 2 threads of my CPU without all the crap that ads put on the page.

    Yes the Reg is one of the few sites I allow to show ads.

  9. Rabbit80

    Local radio

    My local radio station has coinhive in their radio player.. strayfm.com

    Was listening to it and noticed my CPU usage spiked to 100% and it was causing random freezing and stuttering (on a Ryzen 1600). Chrome extension to block it solved the issue for me!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020