Silent Crypto Miners Appearing on Websites

Discussion of topics related to ad blocking.
Locked
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Silent Crypto Miners Appearing on Websites

Post by gotitbro »

I just came across a website that was using a silent JavaScript miner (crypto miner) called Coinhive which was using a lot of CPU of my not so powerful device. These JavaScript mines seem to have gained popularity in recent times especially with news reports coming in that even The Pirate Bay has started using these miners (actually the same Coinhive one).

I get why websites are turning to these JS miners, to get some revenue with cryptocurrencies maybe because ads aren't performing that well. But that doesn't give them the right to use my machine as a node for their mining purposes without my consent. All they had to do was show a little popup asking my permission.

What do you think about these silent JS miners?

More Info: https://github.com/uBlockOrigin/uAssets/issues/690
TPB Report: https://torrentfreak.com/the-pirate-bay ... er-170916/
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

gotitbro wrote: Sun Sep 17, 2017 11:36 am What do you think about these silent JS miners?
If someone is using my machine or resources for their own personal gain justified or not is not cool with me. Especially when it's done without my consent. Might as well be malware AFAIC.
"If it ain't broke don't fix it."
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

[mention]Lanik[/mention] Exactly, but here we have people who not only have no problem with TPB for doing so but also support it https://torrentfreak.com/the-pirate-bay ... qus_thread. When I asked for why this was so I got a response hat this is better than malicious ads.

It seems like a right justification but now that I think about it is it really? This seems worse than malicious ads to me I don't even have take any action here.
-Mark-
Postaholic
Postaholic
Posts: 382
Joined: Tue Jul 05, 2016 7:46 pm

Post by -Mark- »

That's f*** invasive! Forcing visitor's resources downright for personal gains is unacceptable, needs to be firewalled.

Gorhill created a filterlist for that-https://raw.githubusercontent.com/uBloc ... tterns.txt

Adding that now :ubergeek:
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

[mention]-Mark-[/mention] That filter list still seems to be a work in progress something could still change drastically with it. And you're right its invasive it is beyond me why people are even supporting this.
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

[mention]smed79[/mention] That list seems to be fairly new. Is it correct to add it to the database without much testing?

Were you the one who added it on the ABP page?
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

gotitbro wrote:Were you the one who added it on the ABP page?
Why me? I have just found this list by accident at ABP sub page when I wanted to subscribe to Fanboy's Annoyances.
gotitbro wrote:Is it correct to add it to the database without much testing?
I don't understand what you mean by "without much testing"?

For any other question/issue ask at https://github.com/hoshsadiq/adblock-nocoin-list/issues
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

[mention]smed79[/mention] I thought you had some control over ABP's subscription page :p

What I meant with not much testing was that we don't know if its going to be an actively maintained list and handled properly, that is all.
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

You can follow the NoCoin repo on github and proposed to optimize the filters if you see something not handled properly.
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

How it all began: https://news.ycombinator.com/item?id=15246145

The above entry was posted on Hacker News (HN) on 14 September, 2017 by pr0gramm which operate the pr0gramm.com German imageboard. pr0gramm are the original creators of Coinhive as they have themselves told us on their webpage (have since removed this info and shifted the Coinhive website to coinhive.com from coin-hive.com). Coinhive as told by the creators originated from an experiment on the imageboard itself which itself was curiously completely opt-in and had to be run in a separate tab (miner.pr0gramm.com).

Just two days later on 15 September, 2017 it was reported that The Pirate Bay (TPB) has started using Coinhive and taking in account the time frame TPB probably got acquainted with Coinhive through the HN thread. Browser based cryptominers which were unheard of at the time got a lot of media exposure due to being used by the one of the most popular torrent sites. In no time there were multiple web based crypto miners available for anyone willing to use them even as plugins. The web mining segment is highly saturated as of now with many solutions available being used mostly on piracy and not so trustworthy websites.

I am not saying that Coinhive/pr0gramm were the first to implement browser based mining but they sure made it mainstream.
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Yes I read about that. Just goes onto show their "security". Thankfully the hacker didn't do something nefarious such as spreading malware just changed the settings to get the all Monero mined for the websites for himself.

He apparently found their password from the 2014 Kickstarter data leak. I can't believe they didn't change their passwords after that.
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

? WhoRunsCoinhive => http://www.whorunscoinhive.com/thelist
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Nice website. I do not understand what they mean by "Coinhive Site Key". Is it the same as Google Analytics, FB website tags?
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

e.g kickass.cd ==> http://i.imgur.com/AOw3on1.png (joztQmQ87OjS1....).

"the ‘site key’ is a unique identifier to indicate which beneficiary will be paid" - Coinhive’s documentation.
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

So, the site keys that are listed and contain multiple domains probably belong to one person/entity?
Eg: http://www.whorunscoinhive.com/coinhive_id/OT1CIcpkIOCO7yVMxcJiqmSWoDWOri06

Also when tried to search kickass.cd on the whorunscoinhive.com website it did not detect it :/
Locked