You’re a Miner, And You Don’t Even Know It!
On the topic of cyber crime with our class on the blockchain approaching, I thought I’d write a little about the malicious side of cryptocurrency mining.
As of September of 2017, 1.65 million computers are mining cryptocurrencies without the knowledge of their users. This is a result of viruses using CPU power of victim networks to mine; however, there’s an even darker side to mining without permission. Many websites, even major ones like the Pirate Bay (in a deviation from their typical classiness & good practices), use your computer to mine cryptocurrency while you browse.
There are even concerns that smart devices, or “the internet of things” as we discussed in class, could be hacked and used to mine cryptocurrency. Over 185 million devices may be mining cryptocurrency without their owners’ knowledge right now. Newsweek quoted John McAffee:
“The attacks are slowly escalating, similar to the way America developed the atomic bomb,” McAfee, who created the eponymous antivirus computer software but is now longer connected to it, said in October. “Clearly there are weaknesses. Anticipate that these will be exploited in a big way.”
The Pirate Bay initially experimented with cryptocurrency mining in place of their less than savory advertisements. Here’s a question for you: would you rather your favorite website show ads, or slow your computer a bit by using it to mine Bitcoin? Personally, I use uBlock Origin as an ad blocker. Like many ad block users, I have a little guilt visiting my favorite websites and not supporting them — but I’ve become spoiled, and I can’t stand ads. Now, some people have already begun making mining blockers, but I don’t know if I’d get one. If Reddit was transparent and truthful about mining Bitcoin through their users, and there was no noticeable effect on my device — perhaps I’m misled, but I think I’d prefer that to ads.
Do you think it’s unethical for a website to mine Bitcoin through their users’ computers, even if the website tells the users? Would you avoid a website for fear of being used for mining? Looking forward to hearing your thoughts. Unfortunately, I won’t be in class Monday, but I will be blogging & I will email any tech news I find to you all before Monday since I won’t be there to discuss in the beginning of class. Thanks!
Mike Smith
November 19, 2017 @ 5:12 pm
I’ll take a shot at your questions. Perhaps there’s a generational divide in the answers you’ll receive. Let me start with your ethics question. I’m just a simple engineer, but I wouldn’t accuse a website of being unethical if it told me that it was using my CPU to mine Bitcoin while I browsed their site. I also wouldn’t avoid the site simply for that reason, but I would like a different solution. I believe in choice. I’d prefer a website, which has decided it can’t stay in business unless it collects some fare from every visitor, to ask me what I’d like (or let me set a browser option that they query). Let’s assume for a moment that micropayments exist. I’d like the website to say, “I’m a pay site. How would you like to pay? In advertising, in CPU time and electricity you purchase, or in a direct micropayment?” I’d also like to know how much they’ll charge me. I avoid websites that have more real estate dedicated to advertisements than content. Similarly, I’d like to know if I’m going to be paying $25 more per month in electricity by visiting this website than if I didn’t. Overall, this comes down to predatory tactics. I dislike sites (and real-world entities) that try to gouge me before I realize it, because their business model doesn’t rely on any return customers.
Jim Waldo
November 19, 2017 @ 9:33 pm
So, I’ll pile on with Dean Smith…
I might not mind adding to the mining power of a site if I knew that the site was doing this and there was an opt-in. Years ago, you could install a screen-saver that would also run code for the Search for Extra-Terrestrial Intelligence (SETI) project, searching for patterns in the radio signals they were scanning. Lots of people did this, but it was an opt-in. I’d object if even a group like SETI started using my computer without me knowing about it. And even if they didn’t soak up much performance, I would worry about when ten, or twenty, or a thousand sites started “borrowing” my CPU cycles.
At least with ads I know I’m paying for the site. With bitcoin mining, not so much.