Remember Coinhive, one of the most negative faces of crypto currencies to ever grace the world wide web? The platform, which allowed for websites (or malicious players) to inject web pages' code with cryptocurrency mining algorithms that hijacked visitors' CPUs to mine the privacy-focused Monero cryptocurrency has announced they are shuttering their doors (and services) on the 8th of March. The company cites changes to Monero's rewards and has rates declines following some hard forks, as well as overall crypto market value being down, with Monero having deprecated some 85% since the website put its code up for grabs.

For companies and/or users that used Coinhive's code to mine Monero with other users' systems - usually, without their consent or knowledge - have until April to withdraw any earnings they have amassed. After that, it's all gone. It's quite obvious that this was only one of the first manifestations of wrongly-designed cryptomining, but then again, some users will always take advantage of these sorts of tools.

Web mining's advent was the opening of a veritable Pandora's box when it comes to users' peace of mind while surfing the internet. What started with The Pirate Bay's implementation and ended up with a full-on browser war against these injected, unauthorized hijacks of users' electricity and computing resources has now taken to one of the world's most known and visited websites: YouTube.

Users of YouTube started getting heads-up that something might be wrong due to their antivirus protection kicking off some cryptocurrency mining warnings that seemed to only pop up when users were visiting YouTube. These warnings kept popping up even after a web browser change, and then, on Friday, researchers from TrendMicro touched upon the issue, saying that YouTube's web mining injections had led to a more than three-fold spike in the total number of cryptocurrency web mining warnings. Luckily, the web mining exploit wasn't deployed across the entire world: Trend Micro researchers said that the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain.

Cryptojacking is a new phenomenon, which was popularized by ThePirateBay embedding its website with a Javascript-based crypto-currency miner. It quickly sprung up the debate on whether crypto-currency miners hidden into web-pages could become the revenue model of the future, replacing online advertising or paid subscriptions. Some commentators argue that it's fine as long as users are made sufficiently aware that a website is embedding a miner, and is presented with a choice between ads and the miner. Others were steadfast against the idea as heavy Internet browsing (across multiple tabs), could bring down computers to a crawl, and have a more than tangible impact on electricity bills.

According to an ArsTechnica report, there could be at least 2,500 websites out there, with embedded crypto-currency miners that are hidden from the users. Willem de Groot, an independent cybersecurity researcher told the publication that he estimates JS miners may have proliferated to 2,496 websites, and its adoption is on the rise. Some dishonest websites embed miners as a revenue source in addition to ads and sponsored content. At the heart of the controversy is Coinhive. This company sells easy-to-integrate crypto-currency miners that can be embedded into websites as a revenue source. The company is on a marketing overdrive, writing to siteops and bloggers to spread their miners.

This here is an issue that this editor has been fearing for a while, and that we here at TPU have called our users' attention to in the past. It's bad enough when websites willingly implement web mining scripts absent of users' consent or simple knowledge. Opt-in mining as a contribution to a website's revenue would be the best way to go around the issue; however, absent that, a simple opt-out capability wouldn't be much worse. But if stealth usage of a site viewers' computing resources is bad, what then can be said when the site managers themselves are unaware of the implementation of a web miner?

This is what happened with Politifact, the US politics fact-checking website, which is but one of hundreds of the world's top traffic websites that have seen the stealth introduction of these web mining scripts - against the will of the site managers. In the meantime, Politifact has brought down the offending code and has vowed to investigate, but this opens up Pandora's box, really. Generally speaking, these JavaScript apps are running code hosted on another server that the end user - and sometimes even the site hosts - can't inspect or don't expect to have to inspect. And this is easier to do than one would imagine; there's a lack of protection against JavaScript routines like this one. And where there's potential for profit, there's abuse; and that's what we're seeing. It also doesn't help that injecting the necessary JavaScript into the front page of a website is much easier than a full blown hack into a website's databases; and once the code has been shoehorned into a website's code, it runs itself, hijacking users' CPU cycles and putting the resulting Monero coins into a designated wallet.

We've previously covered The Pirate Bay's usage of a web-based miner on users' machines without their knowledge or consent. We've even done a pretty extensive editorial on whether or not this could be the revenue model of the future. At the time, we came away with the conclusion that the problem isn't with the technology per se, but with the fact it's implemented by humans (and most problems do have their root cause in us humans after all, don't they?).

This seems to be such a case, since The Pirate Bay has now resumed their web-based mining activities with no Opt-out or, better yet, opt-in business model. Now, however, the code isn't being run in the site's core code, but is instead embedded on an advertisement script (yes, advertisements are still running parallel on The Pirate Bay). The most popular adblockers should be enough to stop this miner from ever running, anyway, but yes, there are still users who surf the web absent of any ad-blocking capabilities - and these should see some added processing spikes on their CPUs.

We here at TPU wrote an extensive editorial on the issue of web mining possibly becoming the revenue model of the future. The Pirate Bay may not have been the first site to adopt Coinhive's javascript code for mining purposes when users access its pages, but it was the highest-profile one to be caught, since the performance hogging was enough that users started seeing diminished responsiveness on their systems when visiting the torrent site. On that editorial piece, we talked about the issues of web mining, and compared it to the advent of ad-based revenue models for websites. A piece of our argument revolved around human nature and the pursuit of higher and higher revenue, in a system that would typically reward abuse with higher amounts of mining-generated money - and how users, browsers, and ad-blocking would evolve to also block these mining efforts.

Well, Adblock Plus has gone and done it, adding a filter for Coinhive-based web mining, filtering the mining script. This will likely ignite a cat and mouse game between web mining providers, users, and the browsers and extensions we use to protect ourselves, but it isn't something we hadn't mentioned before. The Adblock Plus extension is available for Chrome, Firefox, and Android. Look after the break for instructions on how to add these filters to your Adblock Plus-enabled browser of choice.

It has come into the limelight that popular torrenting website The Pirate Bay (TPB) has been running additional code on their site, which helped enable them to make use of a visitor's CPU in mining Monero (XMR, a cryptocurrency with added layers of anonymity when compared to Bitcoin). Now, I realize Torrenting (in particular, of copyright-protected material) is in itself a subject open to heated debate - but let's leave that discussion for another day. Today, I thought I'd focus on this mining act itself, on how TPB was secretly using your computing resources to stealthily mine cryptocurrency which they could then turn into additional revenue.

That this was done without the users' consent is clearly wrong. We as users are entitled to know what to expect from our system and from its usage of our resources - as seldom as we can claim that ability nowadays. That a site we are visiting is using our computing resources to generate additional revenue than the one it obtains from ads without, at the very least, being forthcoming about it (with the increased electricity costs that implies, however small) can be considered, at a minimum, distasteful. However, the discussion becomes much more interesting if we wonder what would have happened if users had, in fact, been warned. What does this mean for the future of web browsing, for revenue models - and for those pesky, flashy, little (or not so little) ads?To our forum-lurkers: this article is marked as an Editorial