Politifact Sees Unsactioned Introduction of Web Miner, Vows to Investigate

Raevenlord · Oct 16, 2017

This here is an issue that this editor has been fearing for a while, and that we here at TPU have called our users' attention to in the past. It's bad enough when websites willingly implement web mining scripts absent of users' consent or simple knowledge. Opt-in mining as a contribution to a website's revenue would be the best way to go around the issue; however, absent that, a simple opt-out capability wouldn't be much worse. But if stealth usage of a site viewers' computing resources is bad, what then can be said when the site managers themselves are unaware of the implementation of a web miner?

This is what happened with Politifact, the US politics fact-checking website, which is but one of hundreds of the world's top traffic websites that have seen the stealth introduction of these web mining scripts - against the will of the site managers. In the meantime, Politifact has brought down the offending code and has vowed to investigate, but this opens up Pandora's box, really. Generally speaking, these JavaScript apps are running code hosted on another server that the end user - and sometimes even the site hosts - can't inspect or don't expect to have to inspect. And this is easier to do than one would imagine; there's a lack of protection against JavaScript routines like this one. And where there's potential for profit, there's abuse; and that's what we're seeing. It also doesn't help that injecting the necessary JavaScript into the front page of a website is much easier than a full blown hack into a website's databases; and once the code has been shoehorned into a website's code, it runs itself, hijacking users' CPU cycles and putting the resulting Monero coins into a designated wallet.

Ad-blocker company AdGuard has released a blog post in which they presented some results on the state of web mining; in it, the company found that 220 websites launch mining algorithms when a user opens their main page - and these aren't your end of the Internet websites. These are estimated to boast of an aggregated audience of 500 million people from all over the globe - the Internet is mostly borderless, for everything that's positive about that - and negative. And this has happened in barely more than a month - Coinhive started offering their "mining as a service" code just a month ago, in the 14th of September. AdGuard estimates that these 220 sites' joint profit currently stands at over US $43,000. Those aren't millions - yet. But keep in mind this is money that has been made in three weeks at almost zero cost.

As we've mentioned before, if you want to be protected from such shenanigans, use an adblocker. These usually get the job done in blocking those extraneous bits of code, and will generally be enough to block this kind of scripts. uBlock Origin, AdBlock, AdGuard, or even some mining-specific blockers like AntiMine, NoCoin, and others. The choice is yours. Web based mining, however, is increasingly looking to be a dark cloud for users' rights on the Internet, and while the problem is a mere smoke column on the grand scheme of things right now, expect this trend to spread like wildfire.

View at TechPowerUp Main Site

Rehmanpa · Oct 16, 2017

Wonder how long till tweaktown adds this to their jumbled mess of ads ;P

Solaris17 · Oct 16, 2017

I KNEW IT
Pirate Bay Mines Coins in Your Browser - Revenue Model of the Future?

DeathtoGnomes · Oct 16, 2017

yea cuz what mega site cares about users right when it comes to their profit. facebook will attempt this too if it hasnt already.

remixedcat · Oct 16, 2017

and next these same companies that mine will blather on and on about climate change BS...

Dave65 · Oct 16, 2017

remixedcat said:
and next these same companies that mine will blather on and on about climate change BS...

You really went there?

:shadedshu:

Jism · Oct 17, 2017

As a webdeleloper, i can pretty much say that without going with a huge framework off the shell, but strictly custom build code, the changes are really zero to none that my websites are a succesfull target compared to these huge world wide traffic ranked websites.

Here's your problem. The ones who are responsible who create websites for these platforms, do not even fairly audit their code, do not even know what the hell they are doing sometimes. You might wonder why certain websites are being defaced or in this case, hacked and altered JS code, but it's simply due the fact that google is your biggest friend seeking vulnerable websites.

Websites these days are being clicked together rather then actually being custom work for the client. Yes clicking is far more easy, but here's where your culprit is. The unauditted code, the risk of being hacked, and the risk of infecting all your visitors with either malware or some bogus JS.

Now you got half the world going for an adblock, making revenue on a genuine website even more harder. I've used to crack websites in the past. These where usually your triple x websites where i'd create a login for you for 5$.

I've learned alot about defacing, hacking, cracking and all. This is simply hackers targetting big websites with a huge amount of traffic where these things would profit at maximum level. The fault is actually behind the people who build/maintain that website.

moproblems99 · Oct 17, 2017

Jism said:
As a webdeleloper, i can pretty much say that without going with a huge framework off the shell, but strictly custom build code, the changes are really zero to none that my websites are a succesfull target compared to these huge world wide traffic ranked websites.

Do you use shared hosting?

Jism · Oct 17, 2017

moproblems99 said:
Do you use shared hosting?

No. Shared hosting might be usefull if you just have a few "non-important" websites that don't require serious power, ram and other resources such as SSD storage and such. I have over 14 managed servers which server 2500 sites at this very moment. The load is less then 1% on every server. With managed i mean someone is taking care of them simular to updates, configurations and monitoring. My primary task is build websites.

I've used to start with shared hosting very long time ago but after a clusterfuck of fails i decided to take measures into own hands. The problem esp. with cheap hosting is that often issues like other users who mess up their website(s), IP's being blacklisted into RBL lists, google that does'nt trust your neighborhood that much, downtime(s) unannounced often or maintaince for no reason etc etc.

I've came a long way from working in hosting business as well. Both web & gaming servers basicly. My task was to maintain a half rack full of linux server(s) and one simple Windows machine. I just want to do what i do best and that is work on the technical things, not worry about updates, or grab for a manual when things go wrong.

That's what i pay people for.

bug · Oct 17, 2017

Yet another argument in favour of NoScript (or whatever comes after it).

GenericAMDFan · Oct 17, 2017

if you're using ad block plus or ublock origin you can block these web based miners by adding the "no coin" filter list: https://adblockplus.org/subscriptions#type_other

R-T-B · Oct 17, 2017

remixedcat said:
and next these same companies that mine will blather on and on about climate change BS...

That's an amazing level of conspiracy you got there...

remixedcat · Oct 17, 2017

no fo reals it's true.... mining uses a lot of power and thus, these ecocrats will try to use this to bait people

TheGuruStud · Oct 17, 2017

People still allow JS to run? :roll:

Octopuss · Oct 17, 2017

I still don't even understand the difference between Java and Javascript, so yes, apparently people do

FordGT90Concept · Oct 17, 2017

TheGuruStud said:
People still allow JS to run?

I wish I didn't but the internet today is utterly broken with out it.

bug · Oct 17, 2017

FordGT90Concept said:
I wish I didn't but the internet today is utterly broken with out it.

Still, what I do is install NoScript (that by default only runs JS from the sites you actually visit and blocks everything else). Then I whitelist the most widespread CDNs, googleapis, jquery,

R-T-B · Oct 17, 2017

remixedcat said:
no fo reals it's true.... mining uses a lot of power and thus, these ecocrats will try to use this to bait people

You don't save the planet by consuming energy, and if you are an "ecocrat" believe it or not that's what most all of them believe they are trying to do (and frankly, I believe they are, but that's a different debate).. No one is trying to bait someone into investing into solar via mass energy consumption.

I'm dropping this here as I don't really understand the logic of that at all.

Ruru · Oct 18, 2017

GenericAMDFan said:
if you're using ad block plus or ublock origin you can block these web based miners by adding the "no coin" filter list: https://adblockplus.org/subscriptions#type_other

Thanks, not giving toy money and paying more electricity.

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

Processor	i7 4790k / ryzen 1700
Motherboard	Asus Maximus VI Extreme / gigabyte b350 mini itx
Cooling	Corsair H70 / cooler master master liquid
Memory	32gb DDR3 / 32gb ddr4
Video Card(s)	Gtx 1080 / gtx 1080
Storage	128gb Samsung 850 Pro, 2tb hdd / 500gb 850 evo
Case	Thermaltake Chaser Mk-1 / Silverstone m13b
Power Supply	1000W OCZ Gold Full Modular / seasonic focus 850w
Mouse	Proteus Core G502
Keyboard	Corsair K95 RGB

System Name	RogueOne
Processor	Xeon W9-3495x
Motherboard	ASUS w790E Sage SE
Cooling	SilverStone XE360-4677
Memory	128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s)	MSI SUPRIM Liquid 5090
Storage	1x 2TB WD SN850X \| 2x 8TB GAMMIX S70
Display(s)	49" Philips Evnia OLED (49M2C8900)
Case	Thermaltake Core P3 Pro Snow
Audio Device(s)	Moondrop S8's on Schitt Gunnr
Power Supply	Seasonic Prime TX-1600
Mouse	Razer Viper mini signature edition (mercury white)
Keyboard	Wooting 80 HE White, Gateron Jades
VR HMD	Quest 3
Software	Windows 11 Pro Workstation
Benchmark Scores	I dont have time for that.

System Name	Dumbass
Processor	AMD Ryzen 7800X3D
Motherboard	ASUS TUF gaming B650
Cooling	Artic Liquid Freezer 2 - 420mm
Memory	G.Skill Sniper 32gb DDR5 6000
Video Card(s)	GreenTeam 4070 ti super 16gb
Storage	Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s)	1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case	Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s)	onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply	Corsair HX1000i
Mouse	Steeseries Esports Wireless
Keyboard	Corsair K100
Software	windows 10 H
Benchmark Scores	https://i.imgur.com/aoz3vWY.jpg?2

System Name	RemixedBeast-NX
Processor	Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard	Dell Inc. 08HPGT (CPU 1)
Cooling	Dell Standard
Memory	24GB ECC
Video Card(s)	Gigabyte Nvidia RTX2060 6GB
Storage	2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s)	Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case	Dell Precision T3600 Chassis
Audio Device(s)	Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply	630w Dell T3600 PSU
Mouse	Logitech G700s/G502
Keyboard	Logitech K740
VR HMD	Linktr.ee/remixedcat // for my music ♡♡
Software	Linux Mint 20
Benchmark Scores	Network: Ubiquiti Unifi Cloud Gateway Ultra/Unifi Switch Ultra 60w/Unifi Switch 8 60w/UAP-AC-LR/LITE

Politifact Sees Unsactioned Introduction of Web Miner, Vows to Investigate

Raevenlord

News Editor

Rehmanpa

Solaris17

Super Dainty Moderator

DeathtoGnomes

remixedcat

Dave65

Jism

moproblems99

Jism

bug

GenericAMDFan

New Member

R-T-B

remixedcat

TheGuruStud

Octopuss

FordGT90Concept

"I go fast!1!11!1!"

bug

R-T-B

Ruru

S.T.A.R.S.

System Name	Daves
Processor	AMD Ryzen 3900x
Motherboard	AsRock X570 Taichi
Cooling	Enermax LIQMAX III 360
Memory	32 GiG Team Group B Die 3600
Video Card(s)	Powercolor 5700 xt Red Devil
Storage	Crucial MX 500 SSD and Intel P660 NVME 2TB for games
Display(s)	Acer 144htz 27in. 2560x1440
Case	Phanteks P600S
Audio Device(s)	N/A
Power Supply	Corsair RM 750
Mouse	EVGA
Keyboard	Corsair Strafe
Software	Windows 10 Pro

System Name	Wut?
Processor	3900X
Motherboard	ASRock Taichi X570
Cooling	Water
Memory	32GB GSkill CL16 3600mhz
Video Card(s)	Vega 56
Storage	2 x AData XPG 8200 Pro 1TB
Display(s)	3440 x 1440
Case	Thermaltake Tower 900
Power Supply	Seasonic Prime Ultra Platinum

Processor	Intel i5-12600k
Motherboard	Asus H670 TUF
Cooling	Arctic Freezer 34
Memory	2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s)	EVGA GTX 1060 SC
Storage	500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s)	Dell U3219Q + HP ZR24w
Case	Raijintek Thetis
Audio Device(s)	Audioquest Dragonfly Red :D
Power Supply	Seasonic 620W M12
Mouse	Logitech G502 Proteus Core
Keyboard	G.Skill KM780R
Software	Arch Linux + Win10

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	64GB (2x 32GB) G.Skill Flare X5 @ DDR5-6200(Running 1T no GDM)
Video Card(s)	PNY RTX 5080 OC
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise (yes it's legit)

Processor	OCed 5800X3D
Motherboard	Asucks C6H
Cooling	Air
Memory	32GB
Video Card(s)	OCed 9070XT red devil
Storage	NVMees
Display(s)	32" Dull curved 1440
Case	Freebie glass idk
Audio Device(s)	Sennheiser, Custom 5.1
Power Supply	Don't even remember

Processor	Ryzen 5800X
Motherboard	Asus TUF-Gaming B550-Plus
Cooling	Noctua NH-U14S
Memory	32GB G.Skill Trident Z Neo F4-3600C16D-32GTZNC
Video Card(s)	Sapphire AMD Radeon RX 7900 XTX Nitro+
Storage	HP EX950 512GB + Samsung 970 PRO 1TB
Display(s)	Cooler Master GP27Q
Case	Fractal Design Define R6 Black
Audio Device(s)	Creative Sound Blaster AE-5
Power Supply	Seasonic PRIME Ultra 650W Gold
Mouse	Roccat Kone AIMO Remastered
Software	Windows 10 x64

System Name	BY-2021
Processor	AMD Ryzen 7 5800X (65w eco profile)
Motherboard	MSI B550 Gaming Plus
Cooling	Scythe Mugen (rev 5)
Memory	2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s)	AMD Radeon RX 7900 XT
Storage	Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s)	Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case	Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s)	Realtek ALC1150, Micca OriGen+
Power Supply	Enermax Platimax 850w
Mouse	Nixeus REVEL-X
Keyboard	Tesoro Excalibur
Software	Windows 10 Home 64-bit
Benchmark Scores	Faster than the tortoise; slower than the hare.

System Name	4K-gaming / console
Processor	5800X @ PBO +200 / i5-8600K @ 4.6GHz
Motherboard	ROG Crosshair VII Hero / ROG Strix Z370-F
Cooling	Custom loop CPU+GPU / Custom loop CPU
Memory	32GB DDR4-3466 / 16GB DDR4-3600
Video Card(s)	Asus RTX 3080 TUF / Powercolor RX 6700 XT
Storage	3TB SSDs + 3TB / 372GB SSDs + 750GB
Display(s)	4K120 IPS + 4K60 IPS / 1080p projector @ 90"
Case	Corsair 4000D AF White / DeepCool CC560 WH
Audio Device(s)	Sony WH-CH720N / Hecate G1500
Power Supply	EVGA G2 750W / Seasonic FX-750
Mouse	MX518 remake / Ajazz i303 Pro
Keyboard	Roccat Vulcan 121 AIMO / Obinslab Anne 2 Pro
VR HMD	Oculus Rift CV1
Software	Windows 11 Pro / Windows 11 Pro
Benchmark Scores	They run Crysis