nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Real Mad-quid: Murky cryptojacking menace that smacked Ronaldo site grows

The new replacement for ads?

Not sure what I'd rather (not) have to be honest

8
0

I'm OK with this

Honestly, I'd rather give up CPU cycles than see intrusive (or any, really) ads. I'm fortunate enough, probably like most people here, to have a powerful CPU, so the cycles are spare anyway. I could see how for a lot of users it'd be more of a problem.

It'd be nice to see it evolve into a way for it to be managed, via some sort of side action of seeing how well the page is loading, to determine how much strain the mining is having on the user.

But when I'm browsing the web, it tends to be all I'm doing (bar a tv show or movie playing in the corner) so I think it's a great way to help pay for sites.

The problem is the internet has always been "free", and that mentality is never really going to go away. Far too many people see ads as some sort of insult almost, even if they're not intrusive; just them existing is a problem. But content creators need to get paid!

9
6
Anonymous Coward

Re: I'm OK with this

true what you say about ads being an insult. number of products I've boycotted because of their ads mostly on youtube.

3
0

Re: I'm OK with this

Once upon a time, we searched for ET. Ahhh innocent bygone days.

2
0
Silver badge

Re: I'm OK with this

There is a cost for background mining, power, life of CPU etc. OK, perhaps minuscule and something I would agree to if asked for informed consent. The crucial point is that I am not asked so have not agreed and it is theft.

The other concern is security. Who knows what may be smuggled onto my PC along with the mining script.

1
0
Silver badge

I've been noticing something the past month or two

Previously I'd leave Firefox running for 3-4 weeks before it would get slow and I'd need to restart it. Lately I've needed to restart it a couple times a week, but I haven't updated it since early June. Makes me wonder if at some point I'm visiting a site with one of these Javascript miners, and it is somehow continuing to run in the background even after I've closed the tab/window for the site. Is that possible? Any way to tell?

3
0
Silver badge

Re: I've been noticing something the past month or two

Not possible unless they hack you computer. I got some nasties delivered to my computer last week, a nice 0 day from banners, and there very few pages that I have not blocked, including theregister.

2
0
Silver badge

Re: I've been noticing something the past month or two

Well I should be pretty safe from drive by malware, since I run Linux not Windows.

1
5

Troy?

Something fishy going on here. First we have Troy Hunt and now Troy Mursch. Can this be coincidence? Troy is where trojans come from. I smell a horse.

Whatever the truth may be, if I ever become a security pundit I'm changing my name to Troy Who.

6
0
Silver badge

Re: Troy?

A menage a Troy

11
0

This is why the NoScript plugin has become one of the most essential things any user needs... Been using it for years and have already been able to block attempts to run this kind of code... domains like coinhive are also now blocked at the source.

If you don't run anything to block scripts, you only have yourself to lame when/if something dodgy happens to your system.

I'd also recommend privacybadger and a good adblocker as the minimum steps every user should take.

Lastly... ditch chrome/edge and use firefox... I can't comment on browsers like safari or others as I've never used them.

9
1

Running No script is fine, but...

Problem is those attacks can come for legit sites that got hit by dodgy ads. You might think you're allowing the site you're visiting to present content properly but at the same time letting the malware in.

You can block other domains but, again, many sites use third-party JS code and need them for core functionality.

The web's a tough world...

3
0
Gold badge
Unhappy

Only they're not "running" this code are they?

You are.

On your PC/Slab/phone/Slate/whatever.

1
0
Bronze badge
Holmes

Misuse of Computer

Unless the user has specifically OKed the running of mining scripts they should fall under the misuse of computer laws; the code is making the computer do something not expected by the user or required to deliver the site's content.

Unless covered in the sites terms and conditions (not buried in them) or covered by a pop-up asking if it is OK, it just can't be legal to my mind.

Having said that I can see it would be useful for funding niche/hobbyist sites and would be OK with it provided the user is kept informed.

5
0
pdh

Re: Misuse of Computer

> it would be useful for funding niche/hobbyist sites and would be OK with it provided the user is kept informed

If managed properly (maybe via "official" browser or protocol support) maybe this could be a way to do truly unobtrusive micropayments? I.e. I let you use 10% (or whatever) of my CPU cycles for the duration of the time that I'm visiting your website, and in exchange you show me no ads and you collect no data about me.

3
0
Anonymous Coward

Re: Misuse of Computer

"Unless the user has specifically OKed the running of mining scripts they should fall under the misuse of computer laws"

Did you approve any of the various other intrusive and annoying crap scripts do? Ever heard of anyone prosecuted for what a non directly destructive or hacking script does?

0
0
Silver badge

Ghostery

Ghostery just notified me of updates to its list of blocks available, which I automagically have set, and guess what? Coin Hive is on the list under Essentials. Useful to know if your looking for killing these by default.

2
0
Anonymous Coward

A quick check on U-Block Origin shows that the AdGuard Base List contains:

! Block CoinHive

!+ PLATFORM(ext_ff, ext_opera, ios, ext_android_cb, ext_ublock)

||coin-hive.com^$third-party,domain=~cnhv.co

!+ PLATFORM(ext_ff, ext_opera, ios, ext_android_cb, ext_ublock)

||coinhive.com^$third-party,domain=~cnhv.co

||xbasfbno.info^$domain=oload.info|oload.tv

||jsecoin.com^$third-party

||minemytraffic.com^$third-party

||afminer.com^$third-party

||coinnebula.com^$third-party

||crypto-loot.com^$third-party

Other lists probably also address this...

2
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing