Raevenlord
News Editor
- Joined
- Aug 12, 2016
- Messages
- 3,755 (1.22/day)
- Location
- Portugal
System Name | The Ryzening |
---|---|
Processor | AMD Ryzen 9 5900X |
Motherboard | MSI X570 MAG TOMAHAWK |
Cooling | Lian Li Galahad 360mm AIO |
Memory | 32 GB G.Skill Trident Z F4-3733 (4x 8 GB) |
Video Card(s) | Gigabyte RTX 3070 Ti |
Storage | Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB |
Display(s) | Acer Nitro VG270UP (1440p 144 Hz IPS) |
Case | Lian Li O11DX Dynamic White |
Audio Device(s) | iFi Audio Zen DAC |
Power Supply | Seasonic Focus+ 750 W |
Mouse | Cooler Master Masterkeys Lite L |
Keyboard | Cooler Master Masterkeys Lite L |
Software | Windows 10 x64 |
It has come into the limelight that popular torrenting website The Pirate Bay (TPB) has been running additional code on their site, which helped enable them to make use of a visitor's CPU in mining Monero (XMR, a cryptocurrency with added layers of anonymity when compared to Bitcoin). Now, I realize Torrenting (in particular, of copyright-protected material) is in itself a subject open to heated debate - but let's leave that discussion for another day. Today, I thought I'd focus on this mining act itself, on how TPB was secretly using your computing resources to stealthily mine cryptocurrency which they could then turn into additional revenue.
That this was done without the users' consent is clearly wrong. We as users are entitled to know what to expect from our system and from its usage of our resources - as seldom as we can claim that ability nowadays. That a site we are visiting is using our computing resources to generate additional revenue than the one it obtains from ads without, at the very least, being forthcoming about it (with the increased electricity costs that implies, however small) can be considered, at a minimum, distasteful. However, the discussion becomes much more interesting if we wonder what would have happened if users had, in fact, been warned. What does this mean for the future of web browsing, for revenue models - and for those pesky, flashy, little (or not so little) ads?
To our forum-lurkers: this article is marked as an Editorial
First things first: TPB's miner worked through a JavaScript string, tucked away in the site's footer, and was provided by Coinhive. Coinhive offers site owners the option to convert the CPU power of users into Monero cryptocurrency coins (which is more profitable than Bitcoin). The miner does increase CPU usage noticeably - that's how the trail was originally found, through abnormal CPU usage spikes in certain pages of TPB. The miner wasn't enabled site-wide, however; it appears that its usage was limited to search results and category listings, and not on the homepage or individual Torrent pages. The code was throttled at different rates (there are reports of both 0.6 and 0.8) but the increase in resources was, apparently, immediately noticeable.
The fact that the miner uses JavaScript means that 1) security shouldn't be a concern; and 2) it's easily blockable by browser extensions most users (at least, readers of TPU) already know. Blocking or disabling JavaScript can stop the automatic mining; this can be done via browser settings, script blocker add-ons for your browser of choice (such as NoScript and ScriptBlock), or through ad-blockers (you'll need to add the miner URL manually, for now). TPB operators have, in the meantime, said that the miner was deployed as a 24 hour test as "(...) a new way to generate revenue," stating that "We really want to get rid of all the ads. But we also need enough money to keep the site running." Apparently, a small typo in the code is to blame for the package's detection, since it seems that the code would, at times, peak to 100% CPU usage. According to TPB's operators, "This should be corrected now so only 20-30% should be used. Also it is restricted to run in one tab only so even if you have 10 tabs open it will only be running in 1."
This is where we're going to take our tangent in the discussion- could this present itself as a "revenue model of the future" for websites? Some users tend to forget that nothing comes for free in this Earth we live in; there are expenses to every single site out there, and ad revenue, as intrusive as it can sometimes be, is what enables most websites to operate, bringing their respective contents to users. However, the dependency on ad revenue for websites has driven some of them to increase ad aggressiveness, with full window or tab pop-ups, messages for users of ad-blocking apps that demand ad-blockers be deactivated on the page, "clickbaity" interfaces with dozens of clicks being needed so you can read an article in its entirety and so on. Ads, when done right and respectfully, are a good way of powering the webpages that we visit, demanding slightly more computing resources on our part, as well as a a measure of attention and focus, and nothing more. To be fair, loading a webpage isn't a zero-sum load on your system, although it is generally not even close to the 100% usage that TPB's Coinhive implementation was demanding (or its 20% iteration, for that matter).
However, we've all seen what happens where revenue is concerned; as an income generator, ads started being more and more exploited in the ways mentioned above, which, naturally, gave way to ad-blocking mechanisms for the offenders - which incidentally, also caught honest, balanced, ad-based websites in the crossfire. And this is, again, the issue with webpage-based miners, even if throttled - only exacerbated by the increased computing strain a given page puts in our computing resources.
The thing here is, virtually every single page in the web nowadays pushes ads through to your computer. This means every page you load, whether in a single or multiple tabs, also loads ads. Luckily, ads are relatively inexpensive when it comes to computing - but even so, there are sometimes measurable performance improvements in using an ad-blocker that prevents them from being loaded. Faster page loads, reduced usage of system resources, the whole galore. Now consider how much more load a cryptocurrency miner will put on your hardware, multiply it by the number of tabs/websites you visit at any given moment, and... why is my 8-core system lagging, really?
The problem, I believe, doesn't lie with the Coinhive technology of embedding the miner in pages. TPB's code was tweaked for the miner to only run in a single tab, for example. It was also further throttled so that it doesn't show as much of an impact on the browsing experience. These are sensible decisions- almost like the conception of ad revenue in the Internet. The problem isn't with the technology per se; it's with site managers, who see increased revenues and want to increase those even more. For every site that implements this system sensibly (let's say, it only runs on a single tab, and uses up to 2% CPU load), I bet there are ten others who are integrating it so that it loads on every tab, with a different instance loading up on every click, and taking up 40% of your computing resources each time (example only, though unfortunately, I fear I'm not exaggerating here).
Another issue stems from the number of websites that implement this additional/alternative revenue model; how many tabs do you usually have open? I'm definitely not a power user, but even for the writing of this article, I had, at one time, 11 different tabs open. Even if only one tab from one website loads up the cryptocurrency miner, and only loads your system by 1%, it's still a linear increase with every website you load. How much processing power (and the energy bill that comes with it) are you willing to give away? If, say, you're only comfortable with 20% usage on your CPU for this, does this mean you'll have to implement a hard limit on the number of websites you have open at the same time?
I thoroughly enjoy the idea; it's ingenious, can be implemented reasonably, and would offer site managers an alternate revenue stream (though it would most likely be an additional revenue stream, let's be honest). I'd be willing to give some additional spare CPU cycles for this if it meant no intrusive ads, no flashy colors grabbing my attention. But in the end, the issue, as always, isn't with the technology; it's with the people that implement it. Web mining is, in my view, unfeasible, because people who abuse the system will automatically profit more. Eventually, the abuse will be widespread and visible enough that users will get sick of those poor team players, and ad-blockers, browser developers (who have already implemented limits to how many computation resources a background tab can demand), and website operators will end up driving web mining the way of the ads. If only we could all be sensible and reasonable, right?
View at TechPowerUp Main Site
That this was done without the users' consent is clearly wrong. We as users are entitled to know what to expect from our system and from its usage of our resources - as seldom as we can claim that ability nowadays. That a site we are visiting is using our computing resources to generate additional revenue than the one it obtains from ads without, at the very least, being forthcoming about it (with the increased electricity costs that implies, however small) can be considered, at a minimum, distasteful. However, the discussion becomes much more interesting if we wonder what would have happened if users had, in fact, been warned. What does this mean for the future of web browsing, for revenue models - and for those pesky, flashy, little (or not so little) ads?
To our forum-lurkers: this article is marked as an Editorial
First things first: TPB's miner worked through a JavaScript string, tucked away in the site's footer, and was provided by Coinhive. Coinhive offers site owners the option to convert the CPU power of users into Monero cryptocurrency coins (which is more profitable than Bitcoin). The miner does increase CPU usage noticeably - that's how the trail was originally found, through abnormal CPU usage spikes in certain pages of TPB. The miner wasn't enabled site-wide, however; it appears that its usage was limited to search results and category listings, and not on the homepage or individual Torrent pages. The code was throttled at different rates (there are reports of both 0.6 and 0.8) but the increase in resources was, apparently, immediately noticeable.
The fact that the miner uses JavaScript means that 1) security shouldn't be a concern; and 2) it's easily blockable by browser extensions most users (at least, readers of TPU) already know. Blocking or disabling JavaScript can stop the automatic mining; this can be done via browser settings, script blocker add-ons for your browser of choice (such as NoScript and ScriptBlock), or through ad-blockers (you'll need to add the miner URL manually, for now). TPB operators have, in the meantime, said that the miner was deployed as a 24 hour test as "(...) a new way to generate revenue," stating that "We really want to get rid of all the ads. But we also need enough money to keep the site running." Apparently, a small typo in the code is to blame for the package's detection, since it seems that the code would, at times, peak to 100% CPU usage. According to TPB's operators, "This should be corrected now so only 20-30% should be used. Also it is restricted to run in one tab only so even if you have 10 tabs open it will only be running in 1."
This is where we're going to take our tangent in the discussion- could this present itself as a "revenue model of the future" for websites? Some users tend to forget that nothing comes for free in this Earth we live in; there are expenses to every single site out there, and ad revenue, as intrusive as it can sometimes be, is what enables most websites to operate, bringing their respective contents to users. However, the dependency on ad revenue for websites has driven some of them to increase ad aggressiveness, with full window or tab pop-ups, messages for users of ad-blocking apps that demand ad-blockers be deactivated on the page, "clickbaity" interfaces with dozens of clicks being needed so you can read an article in its entirety and so on. Ads, when done right and respectfully, are a good way of powering the webpages that we visit, demanding slightly more computing resources on our part, as well as a a measure of attention and focus, and nothing more. To be fair, loading a webpage isn't a zero-sum load on your system, although it is generally not even close to the 100% usage that TPB's Coinhive implementation was demanding (or its 20% iteration, for that matter).
However, we've all seen what happens where revenue is concerned; as an income generator, ads started being more and more exploited in the ways mentioned above, which, naturally, gave way to ad-blocking mechanisms for the offenders - which incidentally, also caught honest, balanced, ad-based websites in the crossfire. And this is, again, the issue with webpage-based miners, even if throttled - only exacerbated by the increased computing strain a given page puts in our computing resources.
The thing here is, virtually every single page in the web nowadays pushes ads through to your computer. This means every page you load, whether in a single or multiple tabs, also loads ads. Luckily, ads are relatively inexpensive when it comes to computing - but even so, there are sometimes measurable performance improvements in using an ad-blocker that prevents them from being loaded. Faster page loads, reduced usage of system resources, the whole galore. Now consider how much more load a cryptocurrency miner will put on your hardware, multiply it by the number of tabs/websites you visit at any given moment, and... why is my 8-core system lagging, really?
The problem, I believe, doesn't lie with the Coinhive technology of embedding the miner in pages. TPB's code was tweaked for the miner to only run in a single tab, for example. It was also further throttled so that it doesn't show as much of an impact on the browsing experience. These are sensible decisions- almost like the conception of ad revenue in the Internet. The problem isn't with the technology per se; it's with site managers, who see increased revenues and want to increase those even more. For every site that implements this system sensibly (let's say, it only runs on a single tab, and uses up to 2% CPU load), I bet there are ten others who are integrating it so that it loads on every tab, with a different instance loading up on every click, and taking up 40% of your computing resources each time (example only, though unfortunately, I fear I'm not exaggerating here).
Another issue stems from the number of websites that implement this additional/alternative revenue model; how many tabs do you usually have open? I'm definitely not a power user, but even for the writing of this article, I had, at one time, 11 different tabs open. Even if only one tab from one website loads up the cryptocurrency miner, and only loads your system by 1%, it's still a linear increase with every website you load. How much processing power (and the energy bill that comes with it) are you willing to give away? If, say, you're only comfortable with 20% usage on your CPU for this, does this mean you'll have to implement a hard limit on the number of websites you have open at the same time?
I thoroughly enjoy the idea; it's ingenious, can be implemented reasonably, and would offer site managers an alternate revenue stream (though it would most likely be an additional revenue stream, let's be honest). I'd be willing to give some additional spare CPU cycles for this if it meant no intrusive ads, no flashy colors grabbing my attention. But in the end, the issue, as always, isn't with the technology; it's with the people that implement it. Web mining is, in my view, unfeasible, because people who abuse the system will automatically profit more. Eventually, the abuse will be widespread and visible enough that users will get sick of those poor team players, and ad-blockers, browser developers (who have already implemented limits to how many computation resources a background tab can demand), and website operators will end up driving web mining the way of the ads. If only we could all be sensible and reasonable, right?
View at TechPowerUp Main Site
Last edited by a moderator: