Salon magazine mines crypto-cash with readers' PCs

Large discussion on HN a week ago (153 comments):

https://news.ycombinator.com/item?id=16364919

Prime example of failed business models and their desperate attempts to survive.

I'm really disappointed about how online publishers handle the decline of ad revenue. Of course my ad-blocker will also block your miner script, what do you think how this works? And better yet, integrating external third-party JavaScript into your website screams for abuse by attackers. Someone could just change the wallet address the scripts mine for and suddenly all your visitors not only do not mine for Salon, but mine for someone else entirely.

But yeah, ask me about "well how do we make money?" and I don't really have an answer myself. IMO sources like Patreon are the most appealing for me, though it might hurt websites I have not yet in my list and would not be able to access if I'm not a subscriber.

Isn't that a good thing?

Imagine you have a little widget in your browser that displays something like '50%' which means you constantly use 50% of one core to mine a cryptocurrency for the page you are currently looking at.

And in return you get an ad free web. I think that would be way better then the web as we know it.

I am completely fine with this. The entire question of "How does a web site providing content 'for free' make money?" still seems to be in flux. Yes, people might push for some sort of micropayments thing, and The Guardian is making their method work, but I don't know if that's the exception or the rule. At least, not right now.

Given the choice, I prefer a background miner over ads. Even on a laptop that's running on battery. For one thing, removing the ads (and all the annoying JS they load) should make the page much better to load & navigate, meaning I can go through the content faster. If I don't want to use up my battery, then I'll add the site to my Read Later list, and read it then.

So...doesn't this mean their website will start getting flagged as malware? Many security companies flag CoinHive as malware...

   $ curl -s https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/hosts|grep salon.com
   0.0.0.0 worker.salon.com

Thinking about this, how long till ad blockers will also block these crypto mining scripts... it's not that different.

Their website was already unreadable on mobile so I guess they're now going to make sure you can't view it on a desktop/laptop by pegging your cpu to 100%

So they did seize the means of production after all. The means of Monero production.

Again mostly negative comments here. May I ask why? It's 100% opt-in so I don't really see what blocking mining scripts has to do with it. I also block mining scripts but that's for rogue sites doing it without my consent (The Pirate Bay) while this feels like a legitimate use-case. Correct me if I'm wrong.

The headline makes it sound like they automatically start it if you're using an adblocker. That is not the case. Check the screenshot in the article.

The web is open and free because ads made it possible when the internet was first evolving. You only understand the internet as “free” because someone else was footing the bill to begin with. Ads can no longer support an open web as you once knew it. So, the web closes down (publishers gating their content - subscriptions) one by one and what do you end up with? A closed web. Plain and simple. Those who feel the web is “free” are under an illusion becaue they know and knew of nothing different. These people are ignorant and the ignorance is what is actually causing the web to close down faster. The more ignorance the faster it closes. I’m not saying ads and mining are great ways to pay the toll but it’s the only options since I don’t see any user here writing checks to websites out of good will. Salon at least is trying to keep the web “open” by giving options - and by the way, when did an option, in your control, ever offend you. Offended? Fine you don’t have to opt in. That’s like saying your pissed of because the restaurant accepts discover card when you only chose to carry Amex or cash.

There are a lot of people here who just don’t know what they are talking about and unfortunately they’ll never know who they are because they are always right. That’s fine because that’s the way the world works unfortunately and it’s human nature but a little honest research would do the greater community as a whole a great deal of good.

The problem with ads is that they are not just ads these days. There is a big industry whose "product" is tracking users across sites, trying to build detailed profiles in order to present people with targeted ads they are more likely to click on.

In other words, a massive invasion of privacy that may very well come back to haunt us (think of an oppressive government trying to find potential dissidents, either to bombard them with propaganda or worse).

Using my browser as a cryptocurrency miner as I visit a site has obvious problems, especially on mobile devices, but from a privacy perspective it is far less troubling. With the exception of blogs people write in their spare time, most web sites need a way to recover their expenses. Even more so for news sites that employ journalists etc.

At that point, the interesting question is how effective running a Javascript miner is. When I visit web sites using a browser that has no ad blocker or tracking protection installed, I notice that ads, tracking scripts, etc. can use quite a bit of CPU, RAM and bandwidth, too. If I could be sure that a site using crypto-miners does not just gobble up my phone's battery like crazy, the idea is not that bad, as long as sites are transparent and up-front about it.

Some sites already offer a model where you either have ads or make a donation and get an ad-free page. Something similar with cryptominers could work, too.

(All this assumes, of course, that web site owners play fair, which is hopelessly naive all too often.)

For this model to be successful(long term), sites/anyone who does this, must set an early precedent to inform and get consent from users. (this is, of course, antithetical toward modern advertising philosophy)

Otherwise, it crosses a line from Adware to Malware, further validates the reclassification of ad blocking/protection from optional to required, and will meet a quick demise

Bitcoin was inspired by Hashcash in 1992: a Proof-of-Work that protects services from DoS. Now we have come full circle.

https://en.wikipedia.org/wiki/Hashcash

The best way to prevent this in firefox:

1. Run Noscript extension

2. Run RequestPolicy extension

3. Keep your adblock/ublock rules updated as they block miners

4. Don't ever visit Salon

The first three also work on most other websites that have miners or were hacked and had a miner injected.

They've been doing shady shit with JS for years like auto-reloading their home page and other shady practices. The only solution to sites running bad JS like Salon is to block the JS. uBlock origin, NoScript, etc. The only downside is that none of these tools is user-friendly enough to run without any user input. The idea that other entities should be able to run their code on my computer was a bad one to begin with and still is. I think people are slowly coming to that realization as this default begins to show just how dangerous it is.

If this is done without explicit permission from the user, I can see it being some sort of hacking offence.

So yes, I run adblockers. I will also run coinblockers. You're not going to be mining on my laptop processor and battery. Not yours.

If you don't want me reading your stuff for free (which is perfectly reasonable!) then block me, instruct your server not to send content on those terms. I'm happy with that. But I will not render your ads, nor run your mining script.

Luckily, my adblocker (uBlock Origin) blocks mining scripts as well, so the joke's on them.

This is a wonderful innovation, allowing visitors access without ads while providing revenue to the site.

not using UMatrix or NoScript in 2018, kek.