Is it smart... or just plain wrong?
Perrin Carrell - January 8th 2018
Let’s have a debate.
Before we talk about why they’re pissed off and which side is right, I want to establish why we -- as site builders and internet marketers -- should even be talking about it.
Here’s why it’s important...
One of the tactics we like to talk about a lot here is the idea of a revenue “stack,” which is essentially finding lots of different ways to to generate incremental revenue from your website.
And there are a lot of revenue models you can add to a revenue stack. Our biggest blog post ever outlines 37 of them.
In general, the more revenue models you can stack without significantly impacting user experience, the more profitable your business will be.
Something we don’t often talk about, though, is that there are costs associated with every revenue source in your stack. Some might include:
Some revenue sources (e.g. CPM ads) have very low costs, while others, like affiliate revenue, have very high costs (i.e. lots of new content). The decision to add new revenue sources, then, is often just a business-101-style cost-benefit analysis.
Cryptominter monetization is a different and significantly more nuanced decision because the costs associated with them are totally unique:
- your users’ computing power
- public backlash, and -- potentially
- ethical costs.
And that’s how I want to frame our debate.
There are already lots of good discussions about cryptominer monetization on the consumer side. I want to look at it from the webmaster side to see if we can work out if it’s worth it (or even ethical) for us to use them.
I know lots of you are bitcoin nerds. I am decidedly not. I’ve been learning about cryptocurrency over the last several months. On the off chance there are other folks new to cryptocurrency out there, let’s just knock out some quick definitions to better establish context.
What is cryptomining?
Quick disclaimer: this is going to be a very rudimentary definition and won’t include all the fancy science and math that makes up these systems (again, I’m not an expert). We’re mostly just trying to get a basic understanding here.
To understand mining, we need to understand a couple of other things. First, the currency itself.
Bitcoin and other cryptocurrencies (I’m going to talk about Bitcoin here, since it’s the first and easiest example) are fully digital currencies.
They are decentralized, which means they work with any central bank, government, agency, or single administrator. They also exist on peer-to-peer networks, which means they can be transferred between owners.
We call these currencies cryptocurrencies because they use cryptography as a way to make sure transactions are secure and identities are verified, which makes it nearly impossible to counterfeit.
Bitcoin was created in 2009 and is the the first cryptocurrency. There are now more than 1,100 cryptocurrencies, although Andre Antonopoulos, a cryptocurrency advocate and teaching fellow for the M.S. Digital Currencies at the University of Nicosia, said on a podcast that only about 100 of those are viable. There’s a list of other top currencies here.
We also need to understand something called the blockchain.
The blockchain is a ledger that records every single -- yes, every single -- bitcoin transaction. It’s also public. When a bitcoin transaction occurs, it’s broadcast to every “node” on the bitcoin network. These notes each record the transaction and add it to their own copy of the blockchain. Verifying the transaction across many different nodes is one of the things that makes bitcoin tough to counterfeit.
Every transaction in the blockchain is protected by cryptography. And that’s where miners come in…
Miners solve cryptographic problems that are assigned to each new group of transactions (a block, hence the name blockchain).
There’s a lot to this process, but the important part to understand is that they do this with computing power, which costs money.
As miners solve problems, they are rewarded with a certain amount of bitcoin, creating a financial incentive to mine.
And people have really taken advantage of this. Here’s a picture of one of the largest Bitcoin mines in the world, a mine in SanShangLiang industrial park in China.
By far the biggest problem with mining, however, is that it can be difficult to make more money than you spend on electricity to run your mining machines (GPUs are usually more efficient at mining than CPUs).
So, if you wanted to mine Bitcoin, your ROI would be measured against what you were spending on electricity.
That’s where someone came up with the brilliant (evil?) idea…
Reminder: We were just using Bitcoin as an example, since it’s easiest and most familiar. It’s just one cryptocurrency, but most cryptocurrencies operate similarly (i.e. they have a blockchain that miners maintain, etc.).
How are websites monetizing with cryptomining?
Alright, so imagine you’re a miner.
You’ve got this great rig full of a bunch of power-hungry GPUs. You’re mining the hell out of some cryptocurrency. But there’s just one problem…
Your power bill is through the roof.
You wouldn’t be alone.
Lots of people have this problem; in fact, miners have been having this problem basically since mining started. And where there’s a problem, there’s usually some enterprising wanker willing to start a business to solve it.
Ethical concerns aside, it’s a pretty innovative solution.
And people started taking notice, including some big players. One of the first major sites to run CoinHive was The Pirate Bay.
The Pirate Bay has expressed its distaste for ads before and has, in fact, worked toward ad-free solutions in the past, like a program created with AdBlock to allow users to pay $5 for ad-free experiences.
It‘s also what The Pirate Bay has cited when asked about its cryptominers (quote from ZDNet):
In other words, it appears to have been mostly a UX move, which seems innocent enough, right?
I mean, maybe.
But they weren’t the only site to start monetizing with cryptominers. They even popped up on massive sites, like UFC.com and Showtime.com -- only they didn’t do so as a replacement to ads; they seemed to be putting it in as part of their revenue stack.
The problem, of course, was, again, that no one was telling their users.b
The public reaction was immediate…
Because almost all sites who started to monetize with cryptominers neglected to tell their users about it, the backlash was pretty severe.
Just take a look at some of these headlines.
...and I could go on.
There are hundreds and hundreds of these. If you’re seeing the same thing I’m seeing, the rhetoric should be clear: people were monstrously pissed off.
People apparently thought the mining was so suspicious, they thought these websites may have even been hacked.
One Redditor broke down exactly why the community has (or should) have a problem with it.
This (along with other public backlash) eventually prompted an official response from the UFC.
Reddit still wasn’t happy…
These was the trend for most sites on the receiving end of the internet’s outrage: people weren’t necessarily angry that sites were mining; rather, people appeared to be angry because sites were mining without user consent.
Were they hacked?
The Pirate Bay certainly wasn’t. They wrote a blog post clarifying their position: that they were testing ad-free monetization alternatives.
The UFC’s statement from above doesn’t help much; the statement would be characteristically vague for either of the two scenarios that seem likely: they were embarrassed by the backlash or they were embarrassed because they were hacked.
Showtime released a similarly vague statement, but we have a few more clues based on information reported by The Telegraph, who contacted CoinHive for a statement.
They reported: “The outfit did confirm to us, however, that the email address used to set up the account was a personal one, and was not an official CBS email address, further suggesting malicious activity.”
This makes it seem as if it is likely they were hacked.
In all honesty, though, we’re marketers. These are huge, profit-hungry companies. I think we can all identify with the allure of yet another way to monetize a website. Just because of that, for my money, I’d say it would take considerably more evidence to convince me any of those folks were hacked.
More importantly, why would they say (or why would people assume) they were? I think it’s because there are some major ethical -- and potentially even legal concerns around cryptojacking.
What’s the ethicality and legality of monetizing with cryptominers?
Honestly, that’s one of the questions I’ve been struggling with the most.
I 100% agree that sites should not be using cryptominers without notifying users, and I think it’s rather obvious.
However, I get the feeling from a lot of the public backlash that people just have… a kind of… queasy feeling about websites that use their computing power to mine cryptocurrency.
Why, though? People don’t seem to have the same sort of gut reaction to ads (yes; some people don’t like ads very much, but it’s certainly not the same kind of public outrage we’re seeing here).
I think these might be a few reasons:
It’s anyone’s guess, really, but what seems clear is that cryptojacking wasn’t on very even footing to begin with.
Here’s probably one of the most interesting parts of the ethical argument to me, though…
In either late November or early December, Malwarebytes blocked CoinHive. This threw a wrench into a lot of discussions because Malwarebytes is one of the authorities on which sites are malicious and which sites aren’t, so the fact that they started blocking CoinHive seemed to indicate CoinHive was malicious.
Then they released a statement (linked above), which included these two paragraphs:
The interesting distinction Malwarebytes makes here, of course, is that neither the concept nor the company are malicious; instead, people are just sh*t bags.
Here’s another interesting case.
In 2013, the gaming company ESEA got slapped with a $1,000,000 fine after one of its employees installed a cryptominer in a bit of test code that ended up on 14,000 computers.
It’s worth noting here that the dude who launched this code did so in a super shady way.
The actual charge against the company was consumer fraud. The case was settled before it was tried, so we don’t have any court decision to lean on, but it’s certainly interesting that the actions were characterized by the prosecution as fraudulent and could possibly set a precedent for similar hidden cryptominer cases.
We wanted to dive more into the strictly legal side of this, so we asked our lawyer what she thought. After doing some research, this is what she said.
The basic answer is: no, it's not illegal. The illegality is doing something that the terms of the site do not specifically cover, as per the GDPR (the EU General Data Protection Regulation). If the site asks for access to everything on your computer and you give them carte blanche then mining is included in that general idea of including cookies in. What is illegal is doing something that is not listed on the site which the user does not give permission to do, i.e. access the user's IP address and do anything to provide an optimized experience. There is no definition of providing an optimized experience, so to any site, the additional linking for a few minutes for whatever end could be justified by that. The GDPR will make any such thing illegal because the sites will be legally bound to gain user permission and allow for opt outs of any access or functions that the site provides or injects into a system.
So, as long as sites are asking for permission and providing a way to opt out, mining doesn’t appear to be an explicitly illegal way to monetize, at least not under the laws outlined by the GDPR.
But is it ethical?
I’m not sure there’s a way to come to a good conclusion (and let me know what you think in the comments.
But maybe this is a good way to think about it (bear with me as I whip out some of my notes from way back when I was earning a B.A. in philosophy)...
One good way to test the ethicality of any issue is to ask what the consequences would be if the actions were universally accepted; in other words, what would happy if everyone did it?
What would happen if every website you visited did this to your CPU (from the Malwarebytes blog)?
Your CPU would never shut off. Your computer would fry. Your power bill would be through the roof.
More importantly, those sites would be earning revenue by costing you money.
And therein lies the purest ethical problem with cryptominer monetization: it’s not just generating revenue; it’s generating revenue while costing users money.
In my view, if the miners are running in secret, and there is no way to opt in or out, the ethicality is pretty clear.
Should you use it?
So, yes, under some cryptomining monetization models, there are clear ethical problems.
However, since CoinHive received all that public backlash, they’ve changed domains and adopted a model whereby users can opt in to cryptomining in exchange for an ad-free experience.
With that in mind, it feels more reasonable about this in terms of the costs we talked about earlier. And to adequately weigh benefits against costs, we need to know what the benefits are.
So the first thing we need to know is how much money sites were/are making.
Because cryptocurrency prices fluctuate so much -- and because the backlash has caused CoinHive to change its practices -- it’s difficult to report exactly how much folks can make now.
Here are a few pieces of info to go on, though.
One test carried out by JohnathanMH reported the cryptominer earned about $0.70 per 1,000 sessions (RPMV) or 0.01157 XMR (Monero).
However, at the time of the text, Monero was worth considerably less. At today's rates, his RPMV would more than quadruple (if he was running it using the previous practices) to about $3.78.
The problem, at least when all of this started, was that no one was informing their users they were doing it.
Another user, Maxence Cornet, published his results on Medium, testing CoinHive on a site that generates roughly 1,000 visits per day.
This makes it sound like a fairly bad deal, but this was published in September of 2017. At today’s rates, that $0.89 would be worth $3.08.
This brings it right up there with ads.
Again, this is all anecdotal, and it’s difficult to find public case studies from sites using CoinHive, especially after the public backlash, but with current prices, the RPMV could be pretty attractive, and it be considerably more attractive if you had a site with lots of traffic. Adding another $3-4 RPMV is something almost every site owner I know would be happy with.
Add to that that you are not only generating more revenue; you are generating a type of revenue that could very well become more valuable over time.
And there is a serious gambler’s allure in that. If you mine some Monero today, it could triple or quadruple tomorrow.
I can sense some of you salivating...
But hang on. Because money isn’t the only concern. We still have to think about costs. The question then becomes…
Is it worth the ethical and UX costs?
With the old model, I say no.
In fact, I contend that no amount of money is worth doing anything as ethically questionable in such a black-and-white sense. I am not a person who is willing to do something shady to earn a quick buck. None of the Authority Hacker team thinks that way; we generally despise shady marketing practices; and I’d wager the majority of our community feels the same way.
It’s just not okay to make money by costing users money.
That said, allowing users to opt in to cryptomining in exchange for an ad-free experience seems like a really novel, decentralized way to let people choose to indirectly pay for an ad-free experience.
Under this new model, I think it’s really cool, and I can’t find many ethical problems with it aside from a possible small amount of residual bad will generated by the first way of sh*tty webmasters using cryptominers to monetize.
Of course, at today’s rates (at the time of writing), if a miner was running for 100% of your users, it seems as if it would only generate $3-4 RPMV, and if users have to opt in, the number of users would go way down, which in turn means the revenue would go way down.
And why waste a pop-up on that when you could instead try to get users on an email list, where they would be infinitely more valuable?
So here’s my conclusion…
Monetizing with cryptominers is not worth it at the moment. The only ethical way to do it is to allow users to opt in, and opt ins are better “spent” on email sign ups.
What do you think?
Where do you fall on the ethics of cryptominer monetization? Would you do it? Have you experimented with it? What if you were a user whose CPU was being hijacked?
Let me know in the comments!