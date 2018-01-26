Now Even YouTube Serves Ads With CPU-draining Cryptocurrency Miners (arstechnica.com) 52
YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported. From a report: Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube. On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain. The ads contain JavaScript that mines the digital coin known as Monero.
This crap needs to be regulated by the government (Score:1)
Because itâ(TM)s getting out of hand and they will fix everything.
Ad Blockers (Score:4, Insightful)
This is why I run an adblocker and a script blocker.
And why I refuse to visit sites that insist I turn it off.
Speaking of which, anyone know any WebExtensions that do anti-anti-adblock? The old one was XUL.
I just watch YT via youtube-dl or directly via mpv (which uses youtube-dl hook). Their new UI is too retardedly slow to even look at it.
You have to enable AdBlock first, OK?
Re:Good idea, actually (Score:4, Insightful)
"Unoccupied CPUs" were a waste back when a CPU used the same amount of power idling as working.
Today, giving my "unoccupied CPU" a task for your benefit is theft of my battery life (time until I need to recharge), battery lifetime (total number of cycles), electricity (both direct device usage and indirect cooling needs), and device lifetime (hotter devices fail sooner).
Now, if you'd like to offer me payment for these things you wish to consume, we can talk.
Then don't visit those sites. Parent was suggesting this would be a method of transferring value in exchange for your consumption of their service.
Right now we don't have that option. Because everyone who does this, does it without telling the user. Until it becomes a CHOICE, they can fuck off.
you list about four costs that probably add up to a penny or two per hour, particularly if the mining javascript has its intensity set below 40%, which was the default last time i checked.
you aren't being paid because the idea is YOU are paying a tiny microfee (in the form of an advertisement, or in this case a minor uptick in your cpu usage) for access to the content you are viewing.
i implemented a Monero JavaScript on a website i run, but it was an option that was DISABLED by default, and my users could v
How do you figure the cost of losing half your battery time? From what I've directly observed, having a few badly-behaved Web pages open can take me from six hours of battery life to two or three.
I've been known to pay for ad-free access to content, and I've been willing to accept ads as a way to compensate content providers. Ads are simply getting too expensive to accept now -- the electricity cost is small, but the costs in battery life, stability, and safety are just too high.
(And that's omitting the att
Now, if you'd like to offer me payment for these things you wish to consume, we can talk.
Were you able to see their content? You got paid. You're not going to get reimbursed for the power consumed by your TV or DVR while you're fast-forwarding through commercials either.
I don't like the miners either, but I understand that ads are the price of content. The alternative is paid content, which you're free to switch to.
There are lots of them that just keep running and eating up your resources even when you want to use them.
That's the problem with people secretly sticking their hands in your pocket, you have no idea how much they're going to take or how long they'll be doing it.
The very fact that they hid this from you is ALWAYS a bad sign.
It really depends.
Visiting from a desktop PC with adequate cooling? OK, I guess.
Using a laptop, tablet or mobile device? Bad, really bad.
Then it's a matter of how much mining is being performed and where. I assume most people leave a few tabs open, for example one with e-mail, one with news aggregator, a few community websites, maybe a couple social media tabs. If all of them cryptomine, you're in deep shit. Also if they mine while the tab is in the background, you're also in deep shit.
Re: (Score:3)
I don't know why this is the first time I'm realizing this, but "ads" that cryptomine seem like a great idea. Given the amount of web browsing that is just that, with an otherwise unoccupied CPU, I'd much rather the sites I visit be earning some money directly from my use than displaying crappy ads all over and splitting that income with the middlemen.
I would be fine with this in place of ads if a) it's fully disclosed b) it's opt-in, and c) it's set to consume no more than say 25% of my CPU.
Distributing such small chunks can't be worth it.. (Score:2)
Can the workloads really be broken down into such small chunks that running during a 15-30 second ad gets any useful work done? It seems coordinating breaking up and putting back together such small work parts would be more computational power than its worth.
Re: (Score:3)
At least Chrome limits background tabs to 1% of CPU [slashdot.org] and will, in future, pause javascript entirely in those pages.
Re: (Score:3)
Consider an algorithm such as Yescrypt (http://password-hashing.net/wiki/doku.php/yescrypt) which is a valid CPU cryptomining algorithm. My CPU (Broadwell i7 6800K) finds a share every 5 seconds with 11 threads running. I extrapolate a quad core CPU would find a share every 15-20 seconds. Those shares add up if the receiving wallet and mining pool are the same. This means wallet "iourthoesruithjvansoivrzupaweo" could have a swarm 10K workers mining for 30 seconds each on the same pool, and find 10K shares e
you can definitely break the workload into small chunks that only take a few seconds.
multiply all those small hashrates by tens of thousands of pageviews, and you start pulling in quite a respectable ROI. The hard part is finding a Monero pool that doesn't ban you for making tens of thousands of tiny connections.
Now's our chance! (Score:2)
your comment [pinimg.com]
Chrome has Extensions for that (Score:1)
One that comes to the top of my mind is Mineblock.
It specifically blocks cryptominers of all kinds, even ones that the usual script blockers and other antimalware stuff miss.
It's not the only one, and I'm sure that eventually the others will catch up to these types of extensions, but it's still relatively early days for this kind of infestation.
Keep up to date on whatever you use, and those leeches won't find you an easy meal.
Ad Blockers motherfucker! DO YOU GROK IT? (Score:2)
This is why I absolutely refuse to to surf without adblockers in place.
The whole online ads thing has been a shit-show since the word "go".
And they piss and moan about it, while taking ever greater liberties with computing resources THEY DO NOT OWN.
You can't even trust GOOGLE for chrissakes! And they're a browser vendor? How VERY convenient!
You wanna block me from viewing your content because I don't let you infect, destabilize, and take over my system?
Fine, I don't need to see your shit content that bad.
There are ads on YoutTube? (Score:2)
I repeatedly surprised (and appalled) when I visit a favorite site on a machine other than my own (the horror!!)
What proportion of crypto-miners are bots or ads? (Score:2)
I know dedicated mining operations are way more efficient, but botnets can get pretty large.
Are there any estimates on just what proportion of crypto-currencies are mined through illegitimate means?