Resultados 1 a 4 de 4
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] In-Browser Cryptocurrency Mining vs Ads

    Supporting websites through distributed crypto mining is only a good alternative to advertising if there is user consent.

    Daniel Oberhaus
    Sep 18 2017

    The modern internet runs on advertisements.

    Over the weekend, the torrent site Pirate Bay conducted an experiment to see if it could replace the advertisements that keep the site afloat with a new monetization scheme: Using visitors' browsers to mine cryptocurrency.

    Although the Pirate Bay is perhaps the freest of free services on the internet, it has operating costs like any other website. Historically, these costs have been supported through ad revenue and donations, but as the Pirate Bay admins detailed in a blog post, "we really want to get rid of all the ads."

    It makes sense. The Pirate Bay isn't exactly known for its tasteful and legitimate advertisements, which are often laced with malware. In fact, it was the Pirate Bay's terrible advertisements that prompted its co-founder Peter Sunde to argue that the site should be left to die after it was taken offline following a raid of its servers.

    "I've not been a fan of what TPB has become," Sunde wrote in a 2014 blog post. "The site was ugly, full of bugs, old code and old design. It never changed for one thing—the ads. More and more ads [were] filling the site, and somehow when it felt unimaginable to make these ads more distasteful they ended up even worse.

    Three years later, the Pirate Bay's solution was to embed the code for a cryptocurrency miner called Coin Hive in the footer of the site. The code used a portion of the visitor's CPU power to mine the privacy-oriented cryptocurrency Monero while the user was on the website.

    The miner could be blocked using a regular ad blocker or by disabling JavaScript, but at the time of this writing, the miner was no longer operating. According to TorrentFreak, a source from the Pirate Bay said the miner was only being tested for a few days as a possible replacement for ad revenue. The source did not clarify whether the miner will be used again in the future.

    Nevertheless, the Pirate Bay mining experiment raises an interesting question: Should cryptocurrency mining replace advertisements as a way to cover a website's operating costs?

    The idea of using the distributed computing power of an internet service's users to mine cryptocurrency is by no means new. Botnets have been used to hijack Internet of Things devices to use their processing power to mine Bitcoin several times in the past, and BitTorrent infamously used its app to mine for Litecoin on users' computers without really informing users it was doing so.

    In 2013, a group of MIT students created a code called TidBit that would allow websites to generate revenue by using visitor's processing power to mine for Bitcoin, a project that was shut down by court order. According to the ruling, using a person's CPU power to mine cryptocurrencies without consent is considered gaining access to that person's computer.

    More recently, security researchers have been reporting an uptick in malicious advertisements that are used to mine cryptocurrencies within a web browser. Since advertisements that use a person's processing power without their consent are banned from legitimate ad distribution networks, these 'malvertisements' are distributed by buying user traffic and directing it to a website that hosts the advertisement with the malicious mining script.

    In all of these cases, the primary issue is consent from the user. Obviously, hijacking IoT devices for a botnet usually isn't done with permission and neither is injecting malware into a device. But to download and run BitTorrent, users had to agree to a terms of service. A clause in this terms of service said that the software can make use of a computer's unused processing power and users would have to opt out of installing the mining software, but these details were buried in the terms of service that few users ever take the time to read.

    In this respect, the Pirate Bay's scheme was relatively more transparent. Rather than trying to bury its cryptomining plans in a wordy terms of service agreement, the code for the miner was clearly visible at the bottom of the site. The code was still pretty easy to miss, but the uptick in a visitor's CPU usage wasn't.

    The Pirate Bay blog post on its decision to implement a miner claims "a small typo" in the miner's code initially made it so that the miner would use all of a visitor's unclaimed processing power. This was soon fixed so that the miner would only use 20 to 30 percent of a visitor's CPU power and run only in the tabs in which the Pirate Bay website was open. Still, a 20-30 percent increase in CPU usage could cause a user's computer to slow to a crawl or crash.

    In short, if distributed mining schemes aren't properly implemented by allowing users to opt in and informing them just how much processing power will be used, it could have serious negative effects for a site's visitors.

    What is uncertain is whether the cryptomining scheme would have been enough to cover the website's costs or replace revenue from advertising. A 2014 report from McAfee, for instance, found that it was nearly impossible to turn a profit using botnets to mine for Bitcoin. That same year, the consumer advocacy group Digital Citizens Alliance published a report that claimed that leading torrent sites like Pirate Bay generate upwards of $4 million per year from advertising revenue.

    As seen in the Pirate Bay subreddit and official forum, not all users were happy about the new scheme, but many saw it as an improvement over advertisements. The one complaint uniting users, however, was that the Pirate Bay admins could have been more forthcoming about the miner.

    Although the Pirate Bay's mining scheme did come off a little shady, even 'legitimate' advertising schemes can run afoul of users. In 2015, for instance, it was revealed that Facebook used a long-lasting cookie to track web browsing habits that could then be sold to advertisers—even if you weren't a registered user on Facebook.

    Assuming that user consent is obtained, the issue ultimately boils down to whether internet users would prefer to pay for free web services with their privacy, or a few more cycles on their CPU.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    ICYMI: µTorrent's Shady Bitcoin-Mining Program

    Jason Koebler
    Mar 6 2015

    For roughly a decade, µTorrent has been, if not the best torrent download client, certainly one of the most attractive. It has well over 100 million users, who have been lured in by the program's small file size, unobtrusive nature, and well-designed powerful interface.

    You should uninstall it, right now.

    Packaged with the latest version of µTorrent is a program called Epic Scale, a surreptitious digital currency miner that secretly uses your computer's processing power in order to make money for µTorrent and Epic Scale.

    There is a clause in Epic Scale's policy that says its software might literally destroy your computer.

    From Epic Scale's terms of service:

    "You release Epic Scale and its agents … from and against all claims ... arising from or related to (i) the use of the Application on your computer, including without limitation any blowouts or other damage to your computer from overheating due to intensive use of graphics cards or chips, or any slowing of your processing speed."

    The shady package was discovered and ​posted on the µTorrent forums by a user named Groundrunner, who said that the program installed itself without prompting.

    "It's easily noticeable by the increased CPU load when the computer is idle," Groundrunner wrote in the post.

    An administrator for µTorrent confirmed that the program was, in fact, being installed on Windows machines, where it was generating Litecoin (which is similar to Bitcoin) and sending them back to µTorrent and Epic Scale. The program could be uninstalled, but only if you actually realized it existed in the first place.

    "Epic Scale is a cryptocurrency miner that uses a portion of your CPU cycles to contribute to the mining effort. A portion of the proceeds from this effort go to philanthropic initiatives," the admin wrote. "Epic Scale is a great partner for us to continue to generate revenue for the company, while contributing funds to good causes. In the future, Epic Scale plans to contribute CPU cycles to other initiatives, such as Genome mapping and other academic studies that require a great deal of processing power."

    The program doesn't install itself silently, as many other websites have reported, however. It's part of the standard installation process that µTorrent has turned into its main source of revenue. It's one of three separate pieces of not-so-great software you can easily install by clicking the wrong button. And, wow, if you mistakenly do this, you're in for a treat.

    From Epic Scale's agreement:

    "We may use your computer's processing power, network connection, memory and storage for various purposes, including, but not limited to, cryptocurrency mining, data processing, data analysis and/or scientific research and development."

    You are also giving Epic Scale access to your data and personal information.

    "Epic Scale alone (and its licensors) may collect data from you that you voluntarily enter in the click-through download and installation process and from your computer, in accordance with the terms of our Privacy Policy [], which is also available on our website, and which is incorporated in this Agreement."

    Christian Averill, a spokesperson for BitTorrent, which owns µTorrent, said that the company takes "claims of silent installs very seriously" and noted that anyone installing this "is accepting the offer separately from our software. These are strictly opt-in."

    "I mean with every install you make, you need to look at what you're clicking on and be mindful of that," he said. "There's a clear accept, do not accept tab."

    If we're sticking strictly to the facts, he's right about that. Except the "Accept/Do Not Accept" tabs are very similar to the ones you need to simply install the program without bloatware, and Epic Scale isn't really sold as being something that could potentially destroy your computer.

    Epic Scale, as a program that someone consciously downloads, installs, and runs when they want it to run, sounds like it's fine. But as a program that's installed with other software at the mere click of the button, one that is probably running on, Averill said, literally millions of computers in order to make other people money, it's a nightmare. Besides being a privacy invasion and a potential security risk, the program slows down your computer, wasting power and giving cryptocurrency to someone else.

    ​Someone purporting to be a founder of Epic Scale noted in a comment thread where users were complaining about the software that it does "use the PC at a low level when it's in use. Many users only use a fraction of their computation resources (email, Microsoft word, etc.) If the user is trying to do something intensive, we stop running."

    Further, Epic Scale says it donates a "high portion" of money to charity, but hasn't said what that percentage is (​a list of charities is here) and hasn't provided any proof of it doing so.

    All of this is to say, there are other BitTorrent clients out there that do the exact same thing as µTorrent, without the bloatware. µTorrent has been slowly sliding downhill for years—safely installing it on Windows without accidentally adding some terrible, difficult-to-remove toolbar or bloatware is a nightmare, requiring you to click through a series of confusingly-worded prompts.

    On Mac, the only thing it asks you to install is a (terrible) Yahoo toolbar, but that, too, is in a prompt that has been modified to look like an official terms of service prompt.

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Fans of Notorious Streamer Ice Poseidon Revolt Over Cryptocurrency Scandal

    Patrick Klepek
    Sep 21 2017

    Paul "Ice Poseidon" Denino is one of the more notorious "real-life" streamers, whose videos largely consist of walking around, yelling, and being intentionally outrageous. Notably, Denino was banned from Twitch in April. While streaming from an airport, a fan called in a bomb threat, and suggested Denino was behind it. Part of Denino's shtick is interacting with viewers, who try to suss out his location and mess with him. (Knowingly, he'll sometimes say where he is.) But recently, Denino's been hit with criticism for something different: hiding a cryptocurrency miner in a piece of software, CxStocks, that a bunch of his fans accessed through a website.

    The idea behind CxStocks was humorously meta. CxStocks would be a faux stock market where people could buy and sell stocks, based on how well liked someone was on stream. It was a funny way for the hardcore to take fandom, knowledge, and memes to another level.

    The hard part of CxStocks would be kickstarting an economy, and when the beta version of CxStocks went live yesterday, people discovered a surprising solution: a cryptocurrency miner that would run in the background, while you were using CxStocks. In order to trade on CxStocks, your CPU would be leveraged to generate currency for you to trade with. The fake economy would have a stabilizing center and the creators would be making money.

    CxStocks used Coinhive to accomplish this, a service in the news recently because torrenting website The Pirate Bay tried to ditch ads by embedding Coinhive. If you were using The Pirate Bay to download torrents, your CPU was used to pay for hosting and other fees associated with running The Pirate Bay. The response from users was mixed, and while many supported The Pirate Bay trying to get rid of ads, they wanted to know why their CPU use was shooting up. (The Pirate Bay did a poor job of disclosing what was going on and initially borrowed too much power.)

    "We decided to use Coinhive because it solved all the problems we were facing of people cheating the economy," said Andries, the developer behind CxStocks, over email today.

    There were multiple layers of problems. One, people felt tricked. Two, given how many young fans Denino has, there's reason to believe they wouldn't be aware of the risks of crypto mining. Kaspersky Labs security researcher Aleks Gostev told Motherboard recently that while user data isn't the big worry, "it does have the effect of increasing the energy consumption level of their machine, which results in more expensive electricity bills." That's to say nothing of the enormous performance hit crypto mining can inflict on a computer.

    Hiding crypto miners inside software isn't a new practice, either. It's been going on for years now. Last year, Zcash, a relatively recent form of cryptocurrency, was being used criminal hackers to sneak their way onto people's machines and slowly mine Zcash. Gostev estimated roughly $75,000 per year was being generated by these "zombie" computers.

    In this case, the CxStocks software does warn you before the crypto miner turns on:

    "There was no intent to be deceptive," said Andries. "We clearly stated cryptocurrency would be mined and CPU load would increase."

    Obviously, lots and lots of people disagreed with Andries' assertion; most of Denino's subreddit today has been taken over by people complaining about the inclusion of Coinhive.

    "We mine the coins, and the owners get to keep the actual coins," said one user. "In turn, we get virtual coins."

    The miner was quickly removed because, according to Andries, "people were misinformed." The removal reportedly happened at the request of Denino himself, and the ensuing firestorm has resulted in Andries being let go from Denino's company. Andries wasn't being paid for his work on CxStocks, according to Denino's spokesperson. Instead, he was working for free, and "Ice flew him to LA a few months ago as a thank you."

    "The goal is always to earn money," said Andries. "I run a business and the bills and server costs need to be paid somehow. Ice doesn't pay me for the features I add to [the] website so I had to improvise and Coinhive seemed like a good solution to fix all those problems."

    "Our developer, who released the mining software without consulting Ice, has been let go," said a spokesperson for Denino, "and is no longer associated with the company."

    Part of this may have been fueled by a public back-and-forth between Denino and Andries.

    Andries has deleted his reddit account, telling me "people were doxxing my old job and sending dead [sic] threats to my parents and old job."

    "Ice's community has always been visceral," said Andries, "although not to this extent. I think the reaction was so big this time because Ice hasn't been streaming (properly) for a while, so people are more inclined to create drama for entertainment purposes."

    Denino claims he "didnt [sic] know about the mining before it was released," and wasn't closely following every aspect of CxStocks' development because "there's a certain trust a developer and the person leading it should have." Denino is currently looking for another developer, who will be asked to finish the project "without the mining or sketchy shit."

    He did briefly come to Andries' defense, saying he's "done a lot for the community."

    "I can assure you I had no idea what the shekel mining was or that is was even being implemented," said Denino. "I was under the impression that Reddit accounts and YouTube accounts would be use to not inflate the economy. I'm not trying to scam anyone, if I really wanted to make money at any given time I would take any one of the weekly sponsors That get offered (anywhere from 5-20k). I usually don't take them so you don't see them."

    At the moment, you can't download CxStocks. It's unclear when it will come back.

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Ads don't work so websites are using your electricity to pay the bills

    Showtime forcing unknowing visitors to mine cryptocurrency, using computers rather than eyeballs on ads to generate money.

    Alex Hern
    27 September 2017

    With the continuing collapse in online advertising revenues, websites are turning to other methods to pay their hosting bills – including using visitors’ computers and phones to mine cryptocurrency.

    It’s a controversial practice, with some likening it to running malware on visitor’s computers, but it is a potentially lucrative endeavour for websites. The downside is that at best it slows down visitors’ machines, and at worst it can also drain their batteries or send their electricity bills soaring.

    BitTorrent search engine The Pirate Bay, and US video streaming service Showtime, are two sites that were discovered to be sending mining code to users. The former owned up, posting in mid-September that the code was “just a test” and that the experiment was being done with a view to removing all adverts from the site.

    The latter removed the code on Monday, shortly after a user noticed it and specialist press began reporting. But it has yet to answer questions on why the code was there from the Guardian and other media organisations.

    Cryptocurrencies, such as bitcoin and its successors, are backed by a system of “miners”, who race to be the first to solve tricky computing problems in exchange for a reward for doing so. The rewards are large – the bitcoin network, for instance, gives away coins worth $7m to miners every day – but to be in with a chance, miners need to gather an extraordinarily large amount of computing power.

    Not only is it expensive to buy those computers, it also consumes a huge amount of electricity to run them. As a result, the most profitable mining companies often have access to cheap energy, or some other efficiency boost - one firm, based in Iceland, saves money by letting the country’s naturally cold climate cool its computers.

    Website-based mining short circuits that: the electricity bills are paid by the visitor, but it’s the website that gets the reward.

    “Gaming and video sites typically are more resource intensive, so it seems to make little sense to run a miner at the same time without having a noted impact,” says Malwarebytes analyst Jérôme Segura. “Having said that, many people who consume copyrighted content are perhaps less likely to complain about an under-par user experience.

    “The question at this point is: how far can publishers push the limits towards a really bad user experience? You may be surprised that for many, this is not really a problem at all and that double dipping is, in fact, a fairly common practice,” he added.

    In the long run, such practices may simply push more users to install adblockers, Segura noted. It’s just as easy to block mining as it is to block adverts, using much the same techniques. Segura said: “There’s no question that users are annoyed by a rollout that did not include their opinion, even though many were actually favourable to this alternate solution to online ads.”

    Showtime did not respond to a request for comment.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens