Avast Ye Scurvy Dog! How "Crypto Pirates" Are Hijacking Your Browser To Mine Monero

Over the past few years the cryptocurrency world has truly exploded. There are hundreds of crypto-based projects in the works and the applications for blockchain technology seems almost limitless. In this fast-moving world there is always an abundance of creativity that spurs new directions that we just don't see coming and that list now includes pirates... That's right! This year we have seen the first true "Crypto Pirates" hit the digital scene and they be after yer Monero matey!

The Curse Of The Javascript Miner

In-browser mining of cryptocurrency is a thing. It is a really real thing, and it has already been done by major websites like The Pirate Bay, UFC, & Showtime to name a few. These websites are using a javascript based snippet of code that is executed through your browser when you visit from your desktop, laptop, or mobile phone. This javascript code utilizes your CPU power to mine Monero in the background while you surf the website. In the above mentioned cases, these sites were doing this without telling the user and were essentially caught "red-handed". While many fine folks may have taken issue with something like this, I think that the very creative idea of using a small portion of a website visitors CPU power to mine cryptocurrency could turn out to be a great way to support your favorite websites without having to see a bunch of annoying ads. 

How You Got Jacked...

The code that is used is pretty straight forward and simple. Most of the sites that are utilizing it are using the services of Coinhive. Their entire business model revolves around the concept of in-browser CPU mining of Monero. How this is actually executed is a little more technical then I want to get into for this particular article, but my buddy Ray over at Hackerbits.com posted a very complete article that covers the technical side of Monero mining with your browser. Of course Coinhive is not the only game in town, there are a few other projects out there working on open source versions of a similar script which should be quite interesting to see the results of (see this Github & this Github.) 

Pirate? Or Permission?

No matter where you are on the internet these days, it seems that most major sites have piled in as MANY ads as they can fit on the screen. This is how most of your favorite sites can afford to pay the bills and keep the lights on (including The 'Stache!). At this point, I think a lot of people have either gotten used the ads and ignore them, they actually like the ads because they are relevant to their likes, or they hate ads with a passion and have an "ad-blocker" turned on so they never see them. While ads can be annoying, we can simply turn them off or choose not to click on them. When it comes to pirate style cryptojacking of your browser to make money from your visitors we have not been given a choice. These Crypto Pirates have the script running in the background and there may be no way to actually tell if you are being hijacked. 

What if, instead, you were just asked your permission?

Similar to when you first load many sites and they have a "pop-up" ad or ask you to join their sweet email list (like I do!), in-browser mining of Monero could be an optional method to support the websites you truly love. You could be presented with a pop-up option to turn on mining while you browser the site for that session or even have it setup so it remembers your default choice via cookies (mmmm coookie) for next time too. Personally, I think I would love to support a website that asked my permission first. It gives the user the choice, just like clicking on an ad does. 

A Shift In Advertising Piratetitude

While companies like Coinhive, and those that use their pirate-style in-browser mining script, may be considered as malicious (or so says Malwarebytes!), another cryptocurrency project has taken a whole new approach to advertising. Enter the Brave browser & BAT platform. These guys are basically a 1-2 punch to traditional advertising. The Brave browser is a privacy focused browser that has built in ad and tracking blockers that allow you to load websites much faster then normal by not loading ads or trackers. BAT or (Basic Attention Token) is a way to distribute micro-donations of cryptocurrency to the site owners as you browser their site in the Brave browser. If that seems a bit confusing, here is a good explanation from their site that sums up the relationship of the two: 

"BAT is a utility token for a new, blockchain-based digital advertising and services platform. Brave is a privacy-focused, secure web browser that blocks ads by default and provides surfing speeds up 7x faster than its competitors. Brave currently runs an experimental automated and anonymous micro-donation system for publishers called Brave Payments. The BAT platform will absorb the Brave Payments ledger, which will migrate from Bitcoin micropayments to BAT microdonations in the near future. The platform will further extend this work into advertising. Users have the choice of whether or not to opt-in to see ads, which use a separate open source component. When users opt-in to receive ads in the platform, ads will be privately matched to their interests and anonymously confirmed. Publishers are rewarded accordingly with tokens. The user remains anonymous to all parties. Users who opt-in will also get a share of BATs and can use them on premium products, donate them back to publishers, etc."

I think that this type of platform is a great step in the right direction, but it will certainly be a thorn in the sides of massive players like Facebook & Google that rely on selling your collected personal data to others. 

Mining The High Seas

Whether you think in-browser mining is a good thing or you feel taken advantage of, I think that mining through websites to support the publishers is only going to increase significantly in 2018. I personally don't agree with doing it in the background without telling the visitor fist, but if permission is asked and done in a way that limits the amount of CPU it could ever utilize it could be game changing for smaller sites like The CryptoStache.com and thousands of other applications. 

How would you feel if a site asked your permission BEFORE starting a mining script that runs in the background while you browser the site? Leave a comment, I really want to hear from my followers on this one!

The 'Stache Still Loves Pirates!

Check out my blog for more great content - https://www.cryptostache.com