Websites stealthily using the CPU resources of visitors could be a much larger problem than expected, with a report suggesting as many as 500 million PCs visit sites that use such tools.
The Pirate Bay became the most prominent example of a website choosing to hijack visitors’ PCs to mine for cryptocurrency last month — and again this week — but it’s not the only site to do so. In fact, according to a new report, the torrent site has now inspired a large swathe of websites with an aggregate audience of 500 million PCs to similarly exploit their user base without permission.
Adguard reports that in just the few weeks since The Pirate Bay launched its ‘test’ program for stealthily mining cryptocurrency, 2.2% of the top 100,000 websites according to Alexa are now following suit. Given their high traffic range, these 220 websites can affect 500 million people altogether.
Estimates suggest that the scheme has already earned these websites a total of $43,000 in the last three weeks, while the possible monthly earnings of The Pirate Bay alone using such a scheme are estimated to come to $12,000.
Obtaining users’ permission for the use of such scripts on the site has become the subject of much debate on the matter, with the ethical impact of increasing visitors’ power usage at the centre of such concerns. CoinHive, one of the two most popular script providers for cryptocurrency mining — and the one currently being used by TPB — has come down hard on sites that use its script without informing users or giving them a means of opting-out. The company issued the following statement on the matter:
As for the sites which are most likely to employ such tactics, Adguard points to the sketchier corners of the internet as being the most vulnerable, including pornographic websites, torrent search sites and those hosting pirated content. Sites which encourage users to park on the web page, such as those with videos, are best equipped to monetise such tools.
While cryptocurrency mining could have evolved as a solution to the intrusiveness of ads and the financial struggles of websites due to the subsequent rise of adblockers, such tools have now fallen victim to the same problem. Adblocking extensions have evolved and are now starting to also block such requests to the CPU and until the issue of consent is not fully tackled, as CoinHive itself admits, such measures are likely to remain in place.
Source: Adguard via ZDNet