Worth knowing

Completely off topic!
djillusions24
Apprentice
Posts: 33
Joined: 30 Dec 2017, 22:18
kayak: JetOcean
Real Name: Jeremy

Re: Worth knowing

Post by djillusions24 »

Its not as dire as it sound, its actually been around since 2011 but lost popularity as most of the cryptocurrencies required some hefty processing power to be mined. It has recently made a resurgence due to an influx of altcoins that are restricted to CPU mining, meaning they are worth very little, the difficulty of mining is low and the barrier to entry is low. Mainly bytecoin and monero.

The biggest push for web sites to implement this mining technology is the MASSIVE downturn in advertising revenue as more and more people run adblockers and browsers like firefox actively employ tracker and ad blocking. Some sites were making thousands per month off advertising or referral links. I have one fairly popular site for a client that I run ads on, it averages $300-$400 ad revenue a month which has halved in the last 12 months. Unfortunately ad revenue keeps a lot of sites running, so the massive downturn in revenue is really hurting them.

coin-hive provide a 30% return to sites who employ their mining scripts, its literally one piece of javascript, about 20lines that sits in the site. Its triggered after a certain dwell time ie. the user is on the site longer than 2 minutes and is most commonly terminated when the user browses away or closes the tab.

Some took this further like piratebay and were heavily mining after the tab was closed via some persistent scripts and cookies. There seems to be a bit of work going on to prevent these scripts, you can turn javascript off in your browser but it will return a really S#!^ internet experience. You can get an extension for chrome now that blocks mining.

As a side note, brave browser actually gives users a small amount of crypto for opting in to see trusted ad's, this also returns revenue to site owners but they are not pesky spammy ads that we are used to.
User avatar
Steve_R
Square eyes
Posts: 961
Joined: 28 Jul 2014, 11:24
kayak: Hurricane Skimmer
Real Name: Stephen
Location: Berowra Heights (sigh!)

Re: Worth knowing

Post by Steve_R »

You make some good points. However, in the main, the websites that mine Crypto using visitors are doing it without full disclosure. If a website announces "it is a condition of this website that you allow your processor to min Crypto-currency to cover our costs, do you agree? [Yes] [No]" that's a perfectly open and honest way to do business. The user is given free choice. AFAIK, not a lot of websites do that. If any does, I haven't seen it.

You are quite right about the problem not being dire. However, it is a growing problem. The fact that someone snuck their code past government website operators (including in Australia) indicates the growth of the problem and that nobody is immune. My main purpose is to make people aware of the problem and to give them options.

Switching off javascript is only one many options. I add known miners to my hosts file. This requires some technical knowledge and update is not automated so would not suit most. There are other options available such as browser extensions and I believe Opera browser now blocks miners. Without knowing browser extensions do not contain other 'gotcha's' I could not recommend one (which doesn't mean they are not legitimate). Likewise, I am not an Opera user. If I was, what suits me may not suit somebody else. Users need to make their own choice.

On the bright side the downturn in Crypto currency prices and the flooding of the secondhand market with hardware previously used in Crypto mining may be an indication of the end of Crypto currency's wildcat days and we can settle back to worrying about other scams.

I tried Brave. From memory, gave it up due to slow progress getting an extension up and running. Also, they were running an out-dated version of LastPass and performance was worse than abysmal on my low-spec machine. however, the driving force behind it seems to be well respected. I will revisit. At the moment I use Epic. They claim to be private. For websites I wish to access that ask for advertising not to be stopped I use Puffin browser. They claim to do the processing in the ether and give the result on your PC, saving time and bandwidth. My tests indicates that true. Puffin works well on my low-spec browser.

All free browsers have the 'how do you make your money' question hanging over them - I can't help it, suspicion was my career.
Image

Do not argue with an idiot. He will drag you down to his level and beat you with experience - Greg King

It is impossible for a man to learn what he thinks he already knows ― Epictetus


BOT? https://checkip.kaspersky.com/
djillusions24
Apprentice
Posts: 33
Joined: 30 Dec 2017, 22:18
kayak: JetOcean
Real Name: Jeremy

Re: Worth knowing

Post by djillusions24 »

There is two ways they can implement the mining script, you're right they should gain permission but realistically so many things on the internet don't gain permission. There is a version of the script that acts as a captcha robot check, it clearly states while you are proving you are not a robot it will mine as oppose to clicking pictures that have cars in them!

Probably more alarming than the browser script is that people have found over 60 apps on the Google Play store that also have the script, this is one of the biggest downsides to Android being that Google do not review the app code while Apple do to ensure these type of things don't happen. I believe google is going to remove the apps as they get reported for having the script.

Opera does block miners, but I ditched that a few months ago when it was bought by a Chinese advertising company completely degrading everything Opera stood for! I dont use Brave as a mainstream browser but it has come along way since the early days, extensions are much better, performance is much better and they have added more password managers (I use BitWarden). I predominantly use Firefox Developer Edition, its pretty awesome for devs obviously, other than that I use Safari which has some amazing blocking capabilities built in and its a super fast browsing experience.
User avatar
Steve_R
Square eyes
Posts: 961
Joined: 28 Jul 2014, 11:24
kayak: Hurricane Skimmer
Real Name: Stephen
Location: Berowra Heights (sigh!)

Re: Worth knowing

Post by Steve_R »

djillusions24 wrote:you're right they should gain permission but realistically so many things on the internet don't gain permission.
Lack of permission really p's me off. When it comes to smart phones (Android, at least), uninstall and app to get rid of clutter and back it comes. On many days, open your phone and there's a list of app updates there to be installed. Do nothing to install them it doesn't matter. They get installed in any case. That's Google taking over my life giving me what they want me to have. They would say I agreed when I bought the phone. That's Hobson's choice. Meanwhile, all the crap and the few valued apps spy on everything you do. For most things I stick with the PC (pre-Windows 10) where there is some control.
djillusions24 wrote:Probably more alarming than the browser script is that people have found over 60 apps on the Google Play store that also have the script, this is one of the biggest downsides to Android being that Google do not review the app code while Apple do to ensure these type of things don't happen. I believe google is going to remove the apps as they get reported for having the script.
I have an Android and was well acquainted with the app issue before very recently deciding it's time to get a smart phone (browser extensions have a similar issue). VirusTotal (when installed) should take care of the app problem (VirusTotal is probably not suitable for average users due to proliferation of false positives and need to interpret results). Personally, Google doing whatever THEY want with MY phone and mining MY data is more of an issue.
Image

Do not argue with an idiot. He will drag you down to his level and beat you with experience - Greg King

It is impossible for a man to learn what he thinks he already knows ― Epictetus


BOT? https://checkip.kaspersky.com/
User avatar
Steve_R
Square eyes
Posts: 961
Joined: 28 Jul 2014, 11:24
kayak: Hurricane Skimmer
Real Name: Stephen
Location: Berowra Heights (sigh!)

Re: Worth knowing

Post by Steve_R »

djillusions24 wrote:you're right they should gain permission but realistically so many things on the internet don't gain permission.
Lack of permission really p's me off. When it comes to smart phones (Android, at least), uninstall and app to get rid of clutter and back it comes. On many days, open your phone and there's a list of app updates there to be installed. Do nothing to install them it doesn't matter. They get installed in any case. That's Google taking over my life giving me what they want me to have. They would say I agreed when I bought the phone. That's Hobson's choice. Meanwhile, all the crap and the few valued apps spy on everything you do. For most things I stick with the PC (pre-Windows 10) where there is some control.
djillusions24 wrote:Probably more alarming than the browser script is that people have found over 60 apps on the Google Play store that also have the script, this is one of the biggest downsides to Android being that Google do not review the app code while Apple do to ensure these type of things don't happen. I believe google is going to remove the apps as they get reported for having the script.
I have an Android and was well acquainted with the app issue before very recently deciding it's time to get a smart phone (browser extensions have a similar issue). VirusTotal (when installed) should take care of the app problem (VirusTotal is probably not suitable for average users due to proliferation of false positives and need to interpret results). Personally, Google doing whatever THEY want with MY phone and mining MY data is more of an issue.
Image

Do not argue with an idiot. He will drag you down to his level and beat you with experience - Greg King

It is impossible for a man to learn what he thinks he already knows ― Epictetus


BOT? https://checkip.kaspersky.com/
djillusions24
Apprentice
Posts: 33
Joined: 30 Dec 2017, 22:18
kayak: JetOcean
Real Name: Jeremy

Re: Worth knowing

Post by djillusions24 »

Steve_R wrote:Personally, Google doing whatever THEY want with MY phone and mining MY data is more of an issue.
Dont even get me started, I could rang about that particular topic for days!!

I have absolutely no association to, or with google - my life is google free :)
User avatar
Steve_R
Square eyes
Posts: 961
Joined: 28 Jul 2014, 11:24
kayak: Hurricane Skimmer
Real Name: Stephen
Location: Berowra Heights (sigh!)

Re: Worth knowing

Post by Steve_R »

It sounds like we have something very much in common. It's a pity so many people shrug their shoulders and accept invasions of privacy without question.

A check of the browser I mostly use, Epic, reveals it now blocks Cryptomining.
The world's only private and secure web browser blocks ads, trackers, fingerprinting, cryptomining, ultrasound signaling and more. Stop 600+ tracking attempts in an average browsing session. Turn on network privacy with our free VPN (servers in 8 countries).
I'm not quite that paranoid enough to worry about VPN.


Major downsides of Epic

1) Lack of configurability and few extensions pass their security tests
https://epicbrowser.com/webstore/?hl=en-US

2) The inbuilt search engine could best be described as rubbish, as the following search demonstrates well:
https://www.epicsearch.in/search?pno=1&q=vyak
Bookmarking StartPage (or IxQuick) gets around that limitation.


This gives some insight into the things search engines find out about us.
https://www.cnet.com/news/aols-disturbi ... ers-lives/

Here is a way to search the leaked data that helps understand how websites analyse who we are based on our searches(correctly or incorrectly). Have fun!
http://www.not-secret.com/
Image

Do not argue with an idiot. He will drag you down to his level and beat you with experience - Greg King

It is impossible for a man to learn what he thinks he already knows ― Epictetus


BOT? https://checkip.kaspersky.com/
User avatar
chrisw
Square eyes
Posts: 577
Joined: 17 Dec 2016, 18:06
kayak: Dune PA14
Real Name: Chris
Location: Werribee South

Re: Worth knowing

Post by chrisw »

Steve_R wrote:You make some good points. However, in the main, the websites that mine Crypto using visitors are doing it without full disclosure. If a website announces "it is a condition of this website that you allow your processor to min Crypto-currency to cover our costs, do you agree? [Yes] [No]" that's a perfectly open and honest way to do business. The user is given free choice. AFAIK, not a lot of websites do that. If any does, I haven't seen it.
Salon just started doing this for users who have adblocking turned on: https://www.cnbc.com/2018/02/14/salon-d ... onero.html.
djillusions24
Apprentice
Posts: 33
Joined: 30 Dec 2017, 22:18
kayak: JetOcean
Real Name: Jeremy

Re: Worth knowing

Post by djillusions24 »

I listened to an amazing podcast episode where they discussed people who are convinced the facebook app on mobile devices can hear you, due to the uncanny advertising results it returns in the news feed post discussing things verbally. They did an incredible amount of digging into their trackers and the way they do their targetted advertising to essentially prove they don't listen to you they are just incredibly good at tracking your movements, searches, locations etc. through your devices right down to the people you commonly interact with cross referencing places you both visit to build this super accurate profiles on people - it was really scary. Ill see if I can find it, you might be interested to listen to it.

I don't use a VPN often, but do have one, it comes in handy for certain things, but if you are cautious and employ some good browser plugins then you can be pretty illusive online without the VPN.

Ill check out the sites you mentioned though, sounds interesting.

StartPage rocks!
User avatar
Steve_R
Square eyes
Posts: 961
Joined: 28 Jul 2014, 11:24
kayak: Hurricane Skimmer
Real Name: Stephen
Location: Berowra Heights (sigh!)

Re: Worth knowing

Post by Steve_R »

chrisw wrote:
Steve_R wrote: Salon just started doing this for users who have adblocking turned on: https://www.cnbc.com/2018/02/14/salon-d ... onero.html.
That's a great example of the ethical way to do it.
Image

Do not argue with an idiot. He will drag you down to his level and beat you with experience - Greg King

It is impossible for a man to learn what he thinks he already knows ― Epictetus


BOT? https://checkip.kaspersky.com/
Post Reply