Your PC may be used to find cryptocurrency when you visit websites, with or without your consent.
A new report suggests hundreds of websites have taken The Pirate Bay’s lead and are now using visitor PCs to mine cryptocurrency without the consent of users.
A month or so ago, torrent search website The Pirate Bay raised concern among the community as visitors noticed their CPU usage surged whenever a page was opened.
At first, some worried that malvertising or embedded malware was at play; however, when the domain’s operators realized the game was up, they admitted the power surge was due to a “small experiment” in cryptocurrency mining.
Cryptocurrency, such as Bitcoin or Monero can be “mined” and acquired through computational power. If enough PC owners donate power, then mining can be a way to rake in revenue.
In The Pirate Bay’s case, the website’s operators were experimenting with a mining script from CoinHive which hunted for Monero. The trial was explained as a potential way for the website to run for free, without needing to rely on adverts.
It seems this idea has now taken root in other websites, too.
According to a new report from Adguard, in a matter of weeks, 2.2 percent of the top 100,000 websites on the Alexa list are now mining through user PCs.
In total, 220 sites that launch mining when a user opens their main page, with an aggregated audience of 500 million people.
CoinHive and JSEcoin are currently the most popular scripts being employed to hunt down cryptocurrency, and Adguard estimates that these domains have earned roughly $43,000 in a three-week period at little or no cost.
It has been estimated that The Pirate Bay may be able to make roughly $12,000 per month from mining cryptocurrency, due to the domain’s heavy flow of traffic.
The majority of websites currently using miners, however, come from a blurry area. Torrent search websites, domains hosting pirated content, and pornographic websites are the most likely to use cryptocurrency miners.
“There may be a further explanation for the fact that browser mining is found mostly on websites with a shady reputation,” the firm says. “These sites traditionally have trouble making money through advertising, so they are open to experiments and innovation.”
Websites with video-based content that keep users in place for some time are most likely to generate income from this method.
In itself, mining scripts have no ethical stance. It is a technology used to find cryptocurrency, nothing more and nothing less. However, the method in which it is employed is the issue.
By hijacking a visitor’s CPU, power is used. While many users may be happy to lend their power rather than be inundated with adverts, consent is key.
CoinHive has responded to the recent media attention and has asked users to make their website visitors aware of mining scripts.
“We’re a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what’s going on, let alone asking for their permission,” the company says. “We believe there’s so much more potential for our solution, but we have to be respectful to our end users.”
Cryptocurrency mining has potential, and if handled properly, there is little reason why website visitors would not agree to such schemes in comparison to ad-laden pages.
However, if domain operators do not respect their end users and do not seek permission, they are risking a hit to their reputation which they may not recover from.
Until this issue is resolved, take note — adblockers will generally block these scripts. It is up to domain operators and cryptocurrency mining script developers to work together to make this a viable alternative, and in the meantime, you can ensure your CPU is safe.
“Providing a real alternative to ads and users who block them turned out to be a much harder problem,” the company added. “CoinHive, too, is now blocked by many ad-block browser extensions, which — we have to admit — is reasonable at this point.”
Some hosting providers are taking on the issue, too. Earlier this month, it emerged that CloudFlare has taken steps to suspect accounts which stealth mine without permission.