CBS's Showtime caught mining crypto-coins in viewers' web browsers • The Register Forums

Monday 25th September 2017 21:00 GMT John Brown (no body)

BOFH?

Some BOFH after a little on the side maybe?

7 0 Reply
1. Tuesday 26th September 2017 07:18 GMT Marco Fontani
  
  Re: BOFH?
  
  If I were to wager a guess, I'd say a marketing plod with the ability to push JS changes (via analytics, tag manager, you-name-it) to production without proper review.
  
  2 0 Reply
Monday 25th September 2017 21:06 GMT Anonymous Coward

Block them!

Block the bastards!

5 0 Reply
Monday 25th September 2017 21:49 GMT Doctor Syntax

Yet another reason to avoid sites that don't work when Javascript is blocked.

31 1 Reply
1. Monday 25th September 2017 22:17 GMT Lost In Clouds of Data
  
  JavaScript?
  
  Which, in this day and age, seems like nearly every single one of them...
  
  7 0 Reply
2. Tuesday 26th September 2017 09:50 GMT Zippy's Sausage Factory
  
  That's why I clung to NCSA Mosaic as long as I could. And I browsed with JavaScript switched off pretty much until a couple of years ago.
  
  Even though I use jQuery at work all the time, I still think it's lousy design if the site doesn't work without it.
  
  2 0 Reply
3. Tuesday 26th September 2017 11:45 GMT streaky
  
  Yet another reason to avoid sites that don't work when Javascript is blocked.
  
  If I was a site owner who was using this tech (I actually feel like I was partly responsible for it due to very early experiments with it a bunch of years ago mining bitcoins years before the current incarnations) - it doesn't seem like it would matter if a percentage of your visitors disable js to stop it working. The aim of the game is going to be the percentage of visitors that don't prevent it running doing some work in a small transaction to cover your costs and in return not get obtrusive ads. In the end I considered it ethically sketchy to just throw it at users but it's a choice - publishers could offer people the option to live in an ad-free environment or not have to pay cash to get through a paywall and it could work for everybody. Could.
  
  4 0 Reply
  1. Tuesday 26th September 2017 20:04 GMT Suricou Raven
    
    Or, more cynically, they could serve up both the miner and the ads.
    
    1 0 Reply
Monday 25th September 2017 22:40 GMT Fruit and Nutcase

Whoever gave them the idea?

"Reg now behind invisible HTML5 Bitcoin paywall"

https://www.theregister.co.uk/2017/04/01/invisible_bitcoin_paywall/

32 0 Reply
1. Monday 25th September 2017 23:14 GMT Nick Kew
  
  Re: Whoever gave them the idea?
  
  Damn you for getting in first with that reference (have an upvote)!
  
  I was going to ask if they were licensing the Reg code.
  
  7 0 Reply
2. Tuesday 26th September 2017 00:52 GMT veti
  
  Re: Whoever gave them the idea?
  
  Thank you, I knew I'd seen this story somewhere before.
  
  Alas that you didn't really patent it...
  
  4 0 Reply
Tuesday 26th September 2017 00:46 GMT Fatman

JS and Ad blockers

And the clueless wonder why I am so paranoid about blocking ads and limiting javascript.

Fucking numpties!

20 0 Reply
Tuesday 26th September 2017 04:10 GMT td97402

Yes, CBS Would Do This

I don’t know why the author thinks that CBS itself wouldn’t be likely to pull this kind of shenanigans. CBSI, a.k.a. CBS Interactive, a subsidiary of CBS, runs a little website called download.com. You remember download.com. They’re the people who would wrap 13 or so pieces of adware, junkware, spyware, etc. around shareware downloads that would then pollute the computers of clueless users.

27 0 Reply
1. Tuesday 26th September 2017 06:54 GMT Pascal Monett
  
  Don't worry, download.com still does. And it is still in business.
  
  Thank God for NoScript.
  
  6 0 Reply
  1. Tuesday 26th September 2017 14:22 GMT cybersaur
    
    god didn't write NoScript
    
    Thank Giorgio Maone for NoScript.
    
    8 0 Reply
  2. Monday 2nd October 2017 08:01 GMT anonymous boring coward
    
    I don't see how NoScript (which I use) can help with downloaded shareware that has been polluted with Trojan junk?
    
    0 0 Reply
Tuesday 26th September 2017 05:32 GMT Anonymous Coward

Sprung

Sprung real bad!

0 0 Reply
Tuesday 26th September 2017 07:57 GMT Potemkine!

"We take the security of our browser agent extremely seriously"

ROTFL! I love this running joke.

+1 for Mr Monett - NoScript rulz! ^^

6 0 Reply
Tuesday 26th September 2017 08:33 GMT Anonymous Coward

Coin Hive's pitch is

"this script could allowed publishers to pull annoying ads from their website – which is something that could become more important as browsers increasingly block ads."

utter bollocks, read:

this script could allowed publishers to retain ads AND make them extra, mined cash

btw, is there a firefox extension to block mining yet? ;)

9 0 Reply
1. Tuesday 26th September 2017 13:26 GMT TRT
  
  Re: Coin Hive's pitch is
  
  I thought this would be caught by bog-standard XSS defences.
  
  0 0 Reply
2. Tuesday 26th September 2017 13:27 GMT Loyal Commenter
  
  Re: Coin Hive's pitch is
  
  Noscript.
  
  2 0 Reply
Tuesday 26th September 2017 08:45 GMT Andy 97

<Scooby Doo villan voice>

"And I would have gotten away with it too.. if if wasn't for you meddling kids!"

4 0 Reply
1. Tuesday 26th September 2017 09:01 GMT eldakka
  
  "And I would have gotten away with it too.. if if wasn't for you meddling ~~kids~~script-kiddies!"
  
  7 0 Reply
Tuesday 26th September 2017 09:16 GMT Hyram

"So someone left mining code in our website, but there's no clue as to the culprit."

"Looks that way."

"I guess we're going to have to (•_•) (-•_•)>⌐■-■ (⌐■_■) dig for clues."

4 0 Reply
Tuesday 26th September 2017 09:37 GMT TrumpSlurp the Troll

An option for SETI@home?

Just remembered donating spare CPU cycles back in the day.

Which makes me wonder if there is any mileage in running a miner on behalf of a charity using spare CPU cycles, or if it would be more cost efficient (due to the cost of the electricity) to just donate direct

8 0 Reply
1. Tuesday 26th September 2017 09:51 GMT Zippy's Sausage Factory
  
  Re: An option for SETI@home?
  
  That's a damn fine idea if ever I heard one. Have an upvote.
  
  2 0 Reply
2. Tuesday 26th September 2017 12:59 GMT Anonymous Coward
  
  Re: An option for SETI@home?
  
  I pay almost $0.17/kWh for electricity. I set up a box with a GTX 1070 and 1060 and successfully mined about $2.50 worth of Zcash with $5.00 worth of electricity. It was an interesting experiment, I wanted to see firsthand...
  
  6 0 Reply
  1. Tuesday 26th September 2017 13:31 GMT Loyal Commenter
    
    Re: An option for SETI@home?
    
    I mined about 0.1 bitcoin a couple of years ago, as an experiment, when it's value was about £200 a coin. I stopped running the hardware when the pool payouts dropped to less than one in 3 months due to the increased network hash rate. The cost of the hardware and electricity (IIRC, about £200 for the USB miners and a RaspPi) are now just about paid for if Bitcoin's value stays above £3k or so.
    
    0 0 Reply
  2. Tuesday 26th September 2017 13:55 GMT Anonymous Coward
    
    Re: An option for SETI@home?
    
    Were you comparing the cost of electricity of the computer on vs off, or "on with mining" vs "on but dle (not mining)"?
    
    Because I have some PCs that are on anyway and might as well be mining.
    
    ps SETI@Home still exists, along with many other projects on the BOINC platform you can donate your CPU/GPU time to many good causes, and some silly ones too.
    
    1 0 Reply
    1. Monday 2nd October 2017 08:07 GMT anonymous boring coward
      
      Re: An option for SETI@home?
      
      You do know that a hard working CPU uses a lot more energy than an idling one, right?
      
      0 0 Reply
  3. Monday 2nd October 2017 08:06 GMT anonymous boring coward
    
    Re: An option for SETI@home?
    
    It's a "super good idea" to create money (which usually is a cheap piece of paper or metal, if it even exists physically at all), by using precious energy. Especially with global warming happening. Not.
    
    0 0 Reply
Tuesday 26th September 2017 15:26 GMT hellwig

Xfinity might be doing this too

So I usually play Netflix or something in the background while I game (Farming Simulator 17, hit me up Merkel).

When I decided to watch something on my computer off my DVR, the performance was heavily impacted. Not sure why Netflix can stream HD content to my PC and run fine but Xfinity cant stream HD content in the same house and I run into framerate issues. But now I wonder if I wasn't mining crypto-currency for some disgruntled IT folks the whole time.

0 0 Reply
Tuesday 26th September 2017 15:30 GMT chivo243

my 0.0002 bitcoins

Inside job. Somewhere along the line, someone with approved access dropped this little nugget.

4 0 Reply
Tuesday 26th September 2017 15:54 GMT Restricted Access

Life continues to imitate art

The IRL Youtube streamer Ice Poseidon recently got a lot of flak from his viewers when a developer for one of Ice's apps/projects did a similar thing. Ice claims it was the dev going rogue but some still believe Ice wanted it to squeeze out a few extra dimes from the viewers, others think it was done for the "content" i.e. a bit of drama to spice up the stream.

0 0 Reply
Tuesday 26th September 2017 18:41 GMT euterpe

Curious on how much this slows down your Computer?

You can test it out here:

WhatIsMyHashRate.com

You may or may not see any performance degradation depending on your CPU.

1 0 Reply
Tuesday 26th September 2017 21:14 GMT fidodogbreath

Nice try, though

Coin Hive's pitch is that this script could allowed publishers to pull annoying ads from their website – which is something that could become more important as browsers increasingly block ads.

That's not much of a pitch, since any ad blocker can also filter scripts. There's already at least one filter list for crypto mining.

1 0 Reply
Friday 13th October 2017 14:24 GMT Andy 97

Get ready for more of this kind of thing, legitimately.

As soon as publishers estimate the real cost of ad-blocking technology, they'll need to recover the cash from somewhere.

0 0 Reply
Wednesday 22nd November 2017 20:53 GMT Mauriceje

The site http://www.elephonestore.com does this to, Elephone is an phone brand and my cpu gets 100% when javascript enabled

0 0 Reply