opinion

CoinHive: Advertising Alternative or Exploit

CoinHive: Advertising Alternative or Exploit

About two months ago I read about CoinHive and it sounded interesting. CoinHive provides software that will execute a mining program for the Monero crypocurrency.

It allows you to use the CPU resources of your computer to mine for this crypocurrency, just like how people have been operating Bitcoin rigs for years. The company also provides a handy “ReCAPTCHA”-style anti-hitbot script.

This solution has a long way to go before it could even come close to replacing advertising revenue for publishers.

At the time of this writing, one Monero was worth $100.60.

The controversy is that people are not using their own computers to execute this script, and it’s not their own personal CPU resources being utilized.

You see, CoinHive provides this script to be placed on your website. If it were a script that operated on your hosting server, that may pose an issue on a shared hosting environment, causing some problems for your hosting company. But that’s also not what is going on.

The controversy is that as a piece of JavaScript, CoinHive executes on the website visitor’s computer (client-side). This directly taps into the CPU of anyone visiting that website and thereby spikes CPU usage and reduces computer performance.

Ultimately this can result in a bad website experience as well.

In early November, Ultimate Fighting Championship’s website was accused of running the cryptominer. Similarly, a small handful of top-ranking websites were using the script and have been exposed for exploitation of visitors who had not been informed.

It was only a matter of time until someone would attempt to get this past our anti-malware detections here at JuicyAds.

When the domain ZettaStomp.com registered to someone in Mexico alerted us that it was running the CoinHive script, I decided it was time to find out if it really does cause a poor surfing experience and if it was truly a threat.

The ZettaStomp.com landing page, comprised of just an iTunes button (and the CoinHive code) did not set off any alerts in Avast antivirus or any firewalls. In fact, there was really no indication it was running at all on our test PC, running an Intel i5-6400 Quad-Core CPU.

The CPU load immediately shot upwards and processed consistently around 80 percent of maximum load. I found no significant impact at all in using the computer, so I got more aggressive. I started surfing the Internet, played some MP3s, and then fired up multiple YouTube videos.

The test PC started to lag and CPU usage bumped up over 90 percent, but nothing terribly annoying. It did not seem to have any issue whatsoever handling the “exploitation” of its CPU by the CoinHive Javascript.

When I ran the miner from CoinHive.com directly, it showed that with my machine mostly idle, it would process approximately 26-30 hashes per second with my CPU pegged at 90-100 percent.

When I started running more applications the hash rate dropped, bumping up the threads only lagged the computer until it was unresponsive. This coming in the age of ad blockers, which have disrupted decades of the advertising-supported internet. These users are obliviously running around the internet advertising-free and not paying for anything (but still consuming resources).

They will ultimately be responsible for the end of free internet, surely to be replaced by subscription-based monetization models. This is running free website publishers into a corner where things like CoinHive become attractive, and it represents what may very well be a solution to the problem of the “free Internet” by providing a pseudo “free pay-to-play” model.

Direct consumers could provide their CPU resources for an amount of time that equally correlates with the amount of resources or costs to use the website, and would allow the publisher to profit from each user, but it’s just not that simple.

Ironically, the response from ad-blocking companies has been to block CoinHive script, choking this source of potential cash for publishers from the growing group of freeloading leechers. Likewise, this is not something you will find on an advertising network like JuicyAds.

Even though our Test PC did not flag using Avast, our anti-malware detection alerted us immediately. JuicyAds has a history of helping to criminally prosecute illegal malware distribution, and similarly in this case, the campaign was immediately disabled and advertiser sent packing.

As you can imagine, the anti-virus and anti-malware companies has similarly labelled CoinHive as a threat. According to TheRegister.co.uk, Malwarebytes alone has received over 130 million requests from users to block CoinHive, but even the director of Malwarebytes Labs provided a moderate statement regarding the technology:

“We do not claim that Coin Hive is malicious, or even necessarily a bad idea. The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.”

Coin Hive’s response appeared equally genuine and understanding regarding the ban-hammer coming down on them, reportedly saying, “We can’t blame them.”

In fact, CoinHive has already announced the alternative “AuthedMine” which requires implicit user consent for the coin miner to operate. Their website requests the support of ad-blocking and antivirus companies to allow the software to operate uninhibited. When I tested this solution, the CPU usage increased to approximately 40 percent.

Even if we assume that it’s both ethical and moral to basically hijack someone’s CPU for profit without their knowledge or consent, is it legal? I had no idea, so I enlisted the help of Corey Silverstein from Silverstein Legal to answer that:

“Mining cryptocurrency isn’t per se illegal. Things to consider here in terms of legal issues will involve the terms of service and privacy policy on the website where the mining operations are taking place. ‘Browser wrapped’ agreements (where the terms are just at the bottom of the page) have been deemed unbinding by different courts, because the user does not know they are there or what they include. Websites should be implementing a methodology for its users to agree to their legal documents via a check-box or some other type of e-signature,” Silverstein said.

“This practice could ultimately be something the FTC may look at; the FTC is no stranger to utilizing its powers to go after those who engage in fraudulent or deceptive trade practices and this type of hijacking could fit right into the FTC’s jurisdiction. Additionally, failure to inform website visitors or get consent to use their computing resources could start a chain of individual or class action lawsuits. Regardless, of when and how these type of website operators get in legal trouble, the idea of utilizing someone’s CPU resources without warning or consent is a recipe for disaster and eventually there will be consequences.”

According to an article from Pixalate, nearly 62 percent of the websites it found running CoinHive did not have a posted Terms and Conditions at all, and even more did not have a Privacy Policy (although, its unclear whether privacy is a relevant issue here).

So all of the legality aside, is the juice worth the squeeze? Probably not.

Simply running the miner on your computer with an average 30 per second hashrate, for a total of 10 hours per day, with the CoinHive miner would earn you approximately $0.49 per month. That isn’t even worth the amount of power the computer uses while its operating.

If you set up the miner on your website and say you had 1 million visitors per month to your website, with a 30-per-second hash rate, an average time on website of five minutes, with the CoinHive miner that pays out0.00015 Monero (XMR) per million hashes, you would expect to earn (drumroll) 1.35 Monero, or approximately $135 per month.

But what if Monero was worth as much as Bitcoin, surging recently to $10,000? Then it would make sense, right? Yes and no. While its true this math is a whole lot more attractive at $10,000 rather than the $100 current value of Monero, crypocurrencies work in a closed system with a finite amount of coin. This controls the value by how much of it is in circulation, and how much is available to be mined. The problem is strictly mathematics.

As the popularity of Monero grows and more and more websites mine the cryptocurrency, the number of available coins (and payments to the miners or publishers) will drop over time. Therefore, the cryptocurrency advertising solution for publishers has a limited lifespan built in, and over time will yield less and less revenue for the same amount of CPU work. That does not take into account any change in trading price of the Monero (speculators cause bubbles, and bubbles always burst). Things rarely (if ever) go up indefinitely.

After over a month of testing, my account is up to a whopping 0.00349 Monero, or $0.35.

CoinHive has suggested this technology is meant to replace advertising but with the rampant abuse, the auto-mining solution blocked by the same ad blocker and an opt-in model likely to produce significantly less revenue, this solution has a long way to go before it could even come close to replacing advertising revenue for publishers.

Juicy Jay is CEO and founder of JuicyAds. Readers can follow Jay on Twitter, @juicyads, visit JuicyAds.com, or like on Facebook.com/juicyads.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Holly Randall

If you’re one of the many regular listeners to Holly Randall’s celebrated podcast, you are already familiar with her charming intro spiel: “Hi, I’m Holly Randall and welcome to my podcast, ‘Holly Randall Unfiltered.’ This is the show about sex, the adult industry and the people in it.

Women In Adult ·
trends

What's Hot Now: Leading Content Players on Trending Genres, Monetization Strategies

The juggernaut creator economy hurtles along, fueled by ever-ascendant demand for personality-based authenticity and intimacy — yet any reports of the demise of the traditional paysite are greatly exaggerated.

Alejandro Freixes ·
opinion

An Ethical Approach to Global Tech Staffing

One thing my 24-year career as a technologist working to support the online adult entertainment industry has taught me about is the power of global staffing. Without a doubt, I have achieved significantly more business success as a direct result of hiring abroad.

Brad Mitchell ·
opinion

Finding the Right Payment Partner

Whenever I am talking with businesses that are just getting started, one particular question comes up a lot: “How do I get a merchant account?” It’s a simple question, but it has a complicated answer.

Jonathan Corona ·
opinion

The Taxman Cometh for Every Business

February may be the month of romance, but it is also a time when we need to think about something that inspires very little love: taxes. April is not far away, and the taxman is always waiting. This year, federal and most state income taxes are due Monday, April 15.

Cathy Beardsley ·
opinion

The Continuous Journey of Legal Compliance in Adult

The adult entertainment industry is teeming with opportunity but is also fraught with challenges, from anticipating consumer behavior to keeping up with technological innovation. The most labyrinthine of all challenges, however, is the world of legal compliance.

Corey D. Silverstein ·
profile

Alexzandra Kekesi Takes Charge as Aylo's Head of Community and Brand

While Alexzandra Kekesi was earning her bachelor’s degree in women’s studies from the Simone de Beauvoir Institute at Concordia University, feminist thinkers influenced her deeply, inspiring her passion for sex work advocacy.

Alejandro Freixes ·
opinion

New Year, New Tools for Tackling Chargebacks

Happy New Year! Looking back, 2023 saw some important developments for the industry. Visa lowered the limit on credit card surcharges to 3%, AI continued growing fast and Mastercard published an update to its Business Risk Assessment and Mitigation (BRAM) program.

Jonathan Corona ·
opinion

The Next Frontier in Computing, Storage Is Here

While I typically steer clear of diving too deeply into the technical nitty-gritty, in this month’s column I’m making an exception, because there’s a technological evolution underway that has the potential to fundamentally enhance technical outcomes and, more importantly, grow revenue.

Brad Mitchell ·
opinion

Raising Awareness and Taking Action Against Financial Discrimination

While foes of the adult entertainment industry often focus on “moral” concerns and perpetuate social stigmas, another form of attack can be equally or even more damaging: financial discrimination.

Corey D. Silverstein ·
Show More