STE WILLIAMS

From this week, visitors to the Salon news site who are running an adblocker have been confronted with a novel choice: turn off your adblocker or let it use your browser to mine cryptocurrency while you read instead.

You’re on the horns of a dilemma: turn on ads and be annoyed by in-your-face content you’re tired of (and goodness knows what else besides), or turn on cryptomining and be annoyed by hidden content that sends your CPU into thermal overload (and goodness knows what else besides).

Interestingly, many security products – including Sophos – treat coin mining sites as so unloved and unlovable that they’re blocked by default, so Salon looks set to send you head-to-head with your own organisation’s sysadmins by forcing you to pick between the security devil of getting tracked by ads and the deep blue sea of letting cryptomining JavaScript have its way inside your network.

The difference between Salon and many other sites trying to make money through mining is that it asks its users for consent first and rationalises the mining as virtual payment for valued content. As it explains:

Your unused processing power are the resources you already have but are not actively using to it’s (sic) full potential at the time of browsing salon.com. Mining uses more of your resources which means your computer works a bit harder and uses more electricity than if you were just passively browsing the site with ads.

Naked Security ran a few tests and the phrase “uses more of your resources” should be understood to mean a pretty constant 99% CPU load, at which point page performance slows to a crawl.

It matters not how powerful a PC is because Coinhive uses everything available, which is unsurprising given the compute-heavy Cryptonight algorithm used to make Monero.

Maxing out the CPU will also cause a PC to consume more electricity, although only fractions of a cent more as long as the browser tab with Salon in it isn’t left running for long periods.

How does this business model work for Salon? If Coinhive’s claims are to be believed:

With just 10–20 active miners on your site, you can expect a monthly revenue of about 0.3 XMR (~$78).

The attractiveness of this business model is simplicity: sign up for the program, embed some JavaScript, and reap decent rewards if enough visitors play ball.

Coinhive does well too, as can be seen from a chart that shows how its Monero hashrate (calculations completed to make Monero) has risen dramatically, from which the company earns a 30% cut.

If this offers insight into why Coinhive has spread so rapidly since its launch in September, some reaction to Salon’s move has been less than positive.

Researcher Kenneth White tweeted:

Hey @Salon, this is a terrible idea. Forcing your readers to either run crypto mining code or disable ad blockers is actively harmful. pic.twitter.com/uOAeSzDa8i

— Kenn White (@kennwhite) February 13, 2018

But how can websites earn enough of a living to keep themselves afloat, especially with the rise of adblockers? In a world where readers seem disinclined to pay for content, and don’t want to allow advertising, cryptocurrency mining might look like the only viable option.

A fundamental problem is that Salon’s CPU-hogging implementation is unlikely to be sustainable. It isn’t at all clear that cryptomining is actually a viable way to make money for the sites that use it, and it probably doesn’t scale well either – if too many sites adopt it then web browsing would quickly become a chore.

If CPU utilisation were dialled back to lower levels, and user numbers grew, the idea might have legs.

As it stands, cryptomining has a lot of image-building to do (remember Pirate Bay?) and much to prove.

Follow @JohnEDunn
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/DL0RdWJS5sk/