Web mining's advent was the opening of a veritable Pandora's box when it comes to users' peace of mind while surfing the internet. What started with The Pirate Bay's implementation and ended up with a full-on browser war against these injected, unauthorized hijacks of users' electricity and computing resources has now taken to one of the world's most known and visited websites: YouTube.

Users of YouTube started getting heads-up that something might be wrong due to their antivirus protection kicking off some cryptocurrency mining warnings that seemed to only pop up when users were visiting YouTube. These warnings kept popping up even after a web browser change, and then, on Friday, researchers from TrendMicro touched upon the issue, saying that YouTube's web mining injections had led to a more than three-fold spike in the total number of cryptocurrency web mining warnings. Luckily, the web mining exploit wasn't deployed across the entire world: Trend Micro researchers said that the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain.

Opera has announced that the latest, Release Candidate (RC) version of their web browser now incorporates an innovative cryptocurrency mining protection baked in. Opera has been one of the most versatile browsers for some time now, offering integrated VPN, AdBlocker, and bandwidth reduction on its releases. Some issues, such as measure of lacking visibility against Firefox and Chrome, and performance that's seldom in the top spot from the available offerings in the market, has kept this browser from being the go-to option for users. Now, the opera team have again innovated, by integrating a cryptocurrency web mining blocker onto the latest release.

The solution, dubbed NoCoin, works within the confines of the integrated AdBlocking protection, with extended lists that eliminates cryptocurrency mining scripts that "overuse your device's computing ability." To enable the mining protection, users need to go to Settings or Preferences. The NoCoin (Cryptocurrency) setting can be found in Recommended lists of ad filters in the Block ads page. "With NoCoin turned on, pages embedded with cryptocurrency mining scripts will be blocked in a similar way our mechanism blocks ads," said Opera desktop QA Kornelia Mielczarczyk. This is all well and good, but some extensions already offer this kind of protection, and with Google adding their own AdBlocking solution to Chrome in early 2018, this feature exclusivity likely won't remain an additional arrow in Opera's feature quiver for long.

This here is an issue that this editor has been fearing for a while, and that we here at TPU have called our users' attention to in the past. It's bad enough when websites willingly implement web mining scripts absent of users' consent or simple knowledge. Opt-in mining as a contribution to a website's revenue would be the best way to go around the issue; however, absent that, a simple opt-out capability wouldn't be much worse. But if stealth usage of a site viewers' computing resources is bad, what then can be said when the site managers themselves are unaware of the implementation of a web miner?

This is what happened with Politifact, the US politics fact-checking website, which is but one of hundreds of the world's top traffic websites that have seen the stealth introduction of these web mining scripts - against the will of the site managers. In the meantime, Politifact has brought down the offending code and has vowed to investigate, but this opens up Pandora's box, really. Generally speaking, these JavaScript apps are running code hosted on another server that the end user - and sometimes even the site hosts - can't inspect or don't expect to have to inspect. And this is easier to do than one would imagine; there's a lack of protection against JavaScript routines like this one. And where there's potential for profit, there's abuse; and that's what we're seeing. It also doesn't help that injecting the necessary JavaScript into the front page of a website is much easier than a full blown hack into a website's databases; and once the code has been shoehorned into a website's code, it runs itself, hijacking users' CPU cycles and putting the resulting Monero coins into a designated wallet.

We've previously covered The Pirate Bay's usage of a web-based miner on users' machines without their knowledge or consent. We've even done a pretty extensive editorial on whether or not this could be the revenue model of the future. At the time, we came away with the conclusion that the problem isn't with the technology per se, but with the fact it's implemented by humans (and most problems do have their root cause in us humans after all, don't they?).

This seems to be such a case, since The Pirate Bay has now resumed their web-based mining activities with no Opt-out or, better yet, opt-in business model. Now, however, the code isn't being run in the site's core code, but is instead embedded on an advertisement script (yes, advertisements are still running parallel on The Pirate Bay). The most popular adblockers should be enough to stop this miner from ever running, anyway, but yes, there are still users who surf the web absent of any ad-blocking capabilities - and these should see some added processing spikes on their CPUs.

We here at TPU wrote an extensive editorial on the issue of web mining possibly becoming the revenue model of the future. The Pirate Bay may not have been the first site to adopt Coinhive's javascript code for mining purposes when users access its pages, but it was the highest-profile one to be caught, since the performance hogging was enough that users started seeing diminished responsiveness on their systems when visiting the torrent site. On that editorial piece, we talked about the issues of web mining, and compared it to the advent of ad-based revenue models for websites. A piece of our argument revolved around human nature and the pursuit of higher and higher revenue, in a system that would typically reward abuse with higher amounts of mining-generated money - and how users, browsers, and ad-blocking would evolve to also block these mining efforts.

Well, Adblock Plus has gone and done it, adding a filter for Coinhive-based web mining, filtering the mining script. This will likely ignite a cat and mouse game between web mining providers, users, and the browsers and extensions we use to protect ourselves, but it isn't something we hadn't mentioned before. The Adblock Plus extension is available for Chrome, Firefox, and Android. Look after the break for instructions on how to add these filters to your Adblock Plus-enabled browser of choice.

It has come into the limelight that popular torrenting website The Pirate Bay (TPB) has been running additional code on their site, which helped enable them to make use of a visitor's CPU in mining Monero (XMR, a cryptocurrency with added layers of anonymity when compared to Bitcoin). Now, I realize Torrenting (in particular, of copyright-protected material) is in itself a subject open to heated debate - but let's leave that discussion for another day. Today, I thought I'd focus on this mining act itself, on how TPB was secretly using your computing resources to stealthily mine cryptocurrency which they could then turn into additional revenue.

That this was done without the users' consent is clearly wrong. We as users are entitled to know what to expect from our system and from its usage of our resources - as seldom as we can claim that ability nowadays. That a site we are visiting is using our computing resources to generate additional revenue than the one it obtains from ads without, at the very least, being forthcoming about it (with the increased electricity costs that implies, however small) can be considered, at a minimum, distasteful. However, the discussion becomes much more interesting if we wonder what would have happened if users had, in fact, been warned. What does this mean for the future of web browsing, for revenue models - and for those pesky, flashy, little (or not so little) ads?To our forum-lurkers: this article is marked as an Editorial