Using Javascript Crypto Miners To Monetise?

Is it smart... or just plain wrong?

Perrin Carrell - January 8th 2018

Let’s have a debate.

Here’s the premise: websites have been using snippets of JavaScript to tap into their users’ computing power and mine bitcoins (and other cryptocurrency). Some people see it as a good alternative to intrusive ads. Others are pissed off…

Before we talk about why they’re pissed off and which side is right, I want to establish why we -- as site builders and internet marketers -- should even be talking about it.

Here’s why it’s important...

More...

One of the tactics we like to talk about a lot here is the idea of a revenue “stack,” which is essentially finding lots of different ways to to generate incremental revenue from your website.

And there are a lot of revenue models you can add to a revenue stack. Our biggest blog post ever outlines 37 of them.

In general, the more revenue models you can stack without significantly impacting user experience, the more profitable your business will be.

Something we don’t often talk about, though, is that there are costs associated with every revenue source in your stack. Some might include:

  • Learning curve
  • Tech costs
  • hashtag
    Ad costs
  • ​User experience
  • hashtag
    Site performance
  • hashtag
    New content
  • hashtag
    Time and energy
  • hashtag
    Etc.

Some revenue sources (e.g. CPM ads) have very low costs, while others, like affiliate revenue, have very high costs (i.e. lots of new content). The decision to add new revenue sources, then, is often just a business-101-style cost-benefit analysis.

Cryptominter monetization is a different and significantly more nuanced decision because the costs associated with them are totally unique:

  1. your users’ computing power
  2. public backlash, and -- potentially
  3. ethical costs.

And that’s how I want to frame our debate.

There are already lots of good discussions about cryptominer monetization on the consumer side. I want to look at it from the webmaster side to see if we can work out if it’s worth it (or even ethical) for us to use them.

I know lots of you are bitcoin nerds. I am decidedly not. I’ve been learning about cryptocurrency over the last several months. On the off chance there are other folks new to cryptocurrency out there, let’s just knock out some quick definitions to better establish context.

What is cryptomining?

Quick disclaimer: this is going to be a very rudimentary definition and won’t include all the fancy science and math that makes up these systems (again, I’m not an expert). We’re mostly just trying to get a basic understanding here.

To understand mining, we need to understand a couple of other things. First, the currency itself.

Bitcoin and other cryptocurrencies (I’m going to talk about Bitcoin here, since it’s the first and easiest example) are fully digital currencies.

They are decentralized, which means they work with any central bank, government, agency, or single administrator. They also exist on peer-to-peer networks, which means they can be transferred between owners.

We call these currencies cryptocurrencies because they use cryptography as a way to make sure transactions are secure and identities are verified, which makes it nearly impossible to counterfeit.

Bitcoin was created in 2009 and is the the first cryptocurrency. There are now more than 1,100 cryptocurrencies, although Andre Antonopoulos, a cryptocurrency advocate and teaching fellow for the M.S. Digital Currencies at the University of Nicosia, said on a podcast that only about 100 of those are viable. There’s a list of other top currencies here.

We also need to understand something called the blockchain.

The blockchain is a ledger that records every single -- yes, every single -- bitcoin transaction. It’s also public. When a bitcoin transaction occurs, it’s broadcast to every “node” on the bitcoin network. These notes each record the transaction and add it to their own copy of the blockchain. Verifying the transaction across many different nodes is one of the things that makes bitcoin tough to counterfeit.

Every transaction in the blockchain is protected by cryptography. And that’s where miners come in…

Miners solve cryptographic problems that are assigned to each new group of transactions (a block, hence the name blockchain).

There’s a lot to this process, but the important part to understand is that they do this with computing power, which costs money.

As miners solve problems, they are rewarded with a certain amount of bitcoin, creating a financial incentive to mine.

And people have really taken advantage of this. Here’s a picture of one of the largest Bitcoin mines in the world, a mine in SanShangLiang industrial park in China.

To understand mining, we need to understand a couple of other things. First, the currency itself. Bitcoin and other cryptocurrencies (I’m going to talk about Bitcoin here, since it’s the first and easiest example) are fully digital currencies. They are decentralized, which means they work with any central bank, government, agency, or single administrator. They also exist on peer-to-peer networks, which means they can be transferred between owners.  We call these currencies cryptocurrencies because they use cryptography as a way to make sure transactions are secure and identities are verified, which makes it nearly impossible to counterfeit.  Bitcoin was created in 2009 and is the the first cryptocurrency. There are now more than 1,100 cryptocurrencies, although Andre Antonopoulos, a cryptocurrency advocate and teaching fellow for the M.S. Digital Currencies at the University of Nicosia, said on a podcast that only about 100 of those are viable. There’s a list of other top currencies here. We also need to understand something called the blockchain.  The blockchain is a ledger that records every single -- yes, every single -- bitcoin transaction. It’s also public. When a bitcoin transaction occurs, it’s broadcast to every “node” on the bitcoin network. These notes each record the transaction and add it to their own copy of the blockchain. Verifying the transaction across many different nodes is one of the things that makes bitcoin tough to counterfeit. Every transaction in the blockchain is protected by cryptography. And that’s where miners come in… Miners solve cryptographic problems that are assigned to each new group of transactions (a block, hence the name blockchain).  There’s a lot to this process, but the important part to understand is that they do this with computing power, which costs money. As miners solve problems, they are rewarded with a certain amount of bitcoin, creating a financial incentive to mine. And people have really taken advantage of this. Here’s a picture of one of the largest Bitcoin mines in the world, a mine in SanShangLiang industrial park in China.

Source: Quartz

By far the biggest problem with mining, however, is that it can be difficult to make more money than you spend on electricity to run your mining machines (GPUs are usually more efficient at mining than CPUs).

So, if you wanted to mine Bitcoin, your ROI would be measured against what you were spending on electricity.

That’s where someone came up with the brilliant (evil?) idea…

Reminder: We were just using Bitcoin as an example, since it’s easiest and most familiar. It’s just one cryptocurrency, but most cryptocurrencies operate similarly (i.e. they have a blockchain that miners maintain, etc.).

How are websites monetizing with cryptomining?

Alright, so imagine you’re a miner.

You’ve got this great rig full of a bunch of power-hungry GPUs. You’re mining the hell out of some cryptocurrency. But there’s just one problem…

Your power bill is through the roof.

You wouldn’t be alone.

Lots of people have this problem; in fact, miners have been having this problem basically since mining started. And where there’s a problem, there’s usually some enterprising wanker willing to start a business to solve it.

Enter CoinHive.

CoinHive is a cryptominer for webmasters, and they developed a novel solution (to my knowledge, they were the first to do it) to the cryptomining power consumption problem: a JavaScript-based miner that you can run in your browser. It works like this.

You install a bit of JavaScript on your website. When a user comes to your website, the JavaScript fires, and the miner begins to run directly in  their browser, using their computing power instead of yours.

Ethical concerns aside, it’s a pretty innovative solution.

And people started taking notice, including some big players. One of the first major sites to run CoinHive was The Pirate Bay.

Pirate Bay borrows visitor CPUs to mine virtual coins Headline

The Pirate Bay has expressed its distaste for ads before and has, in fact, worked toward ad-free solutions in the past, like a program created with AdBlock to allow users to pay $5 for ad-free experiences.

It‘s also what The Pirate Bay has cited when asked about its cryptominers (quote from ZDNet):

Pirate Bay quote about cryptominers

In other words, it appears to have been mostly a UX move, which seems innocent enough, right?

I mean, maybe.

But they weren’t the only site to start monetizing with cryptominers. They even popped up on massive sites, like UFC.com and Showtime.com -- only they didn’t do so as a replacement to ads; they seemed to be putting it in as part of their revenue stack.

So we’ve got these massive sites running JavaScript based miners to hijack user computing power to mine cryptocurrency. Some sites are using it as part of their revenue stack, while others are testing it as an alternative to ads.

The problem, of course, was, again, that no one was telling their users.b

The public reaction was immediate…

Backlash

Because almost all sites who started to monetize with cryptominers neglected to tell their users about it, the backlash was pretty severe.

Just take a look at some of these headlines.


Code

Showtime websites secretly mined user CPU for cryptocurrency Headline

Showtimes Websites May Have Used Your CPU to Mine Cryptocoin While You Binged on Twin Peaks Headline

Coin Hive Again Enters Spotlights as UFC Site Caught Mining Coins Using Visitors Computers Headline

Your Browser Could Be Mining Cryptocurrency For a Stranger Hedline

Starbucks WiFi Hijacked People Laptops to Mine Cryptocurrency Headline

Pirate Bay is Mining Cryptocurrency Again, No Opt Out Headline

...and I could go on.

There are hundreds and hundreds of these. If you’re seeing the same thing I’m seeing, the rhetoric should be clear: people were monstrously pissed off.

People apparently thought the mining was so suspicious, they thought these websites may have even been hacked. 

Showtime Websites Used to Mine Monero, Unclear If Hack or an Experiment Headline

When Reddit, a community notoriously ruthless with shady internet practices, saw that the UFC was using the JavaScript miner, a post calling the organization out garnered tens of thousands of upvotes, over 1,200 comments,  and a wave of user-driven investigation

UFC Using PCs to Cryptomine Reddit Discussion

One Redditor broke down exactly why the community has (or should) have a problem with it.

UFC Using PCs to Cryptomine Redditor Reply

This (along with other public backlash) eventually prompted an official response from the UFC.

Cryptomining UFC Official Statement

Reddit still wasn’t happy…

Reddit Reply to Cryptoming UFC Official Statement

These was the trend for most sites on the receiving end of the internet’s outrage: people weren’t necessarily angry that sites were mining; rather, people appeared to be angry because sites were mining without user consent.

Were they hacked?

It’s unclear.

The Pirate Bay certainly wasn’t.  They wrote a blog post clarifying their position: that they were testing ad-free monetization alternatives.

Pirate Bay Testing Monero Javascript Post Excerpt

The UFC’s statement from above doesn’t help much; the statement would be characteristically vague for either of the two scenarios that seem likely: they were embarrassed by the backlash or they were embarrassed because they were hacked.

Showtime released a similarly vague statement, but we have a few more clues based on information reported by The Telegraph, who contacted CoinHive for a statement.

They reported: “The outfit did confirm to us, however, that the email address used to set up the account was a personal one, and was not an official CBS email address, further suggesting malicious activity.”

This makes it seem as if it is likely they were hacked.

In all honesty, though, we’re marketers. These are huge, profit-hungry companies. I think we can all identify with the allure of yet another way to monetize a website. Just because of that, for my money, I’d say it would take considerably more evidence to convince me any of those folks were hacked.

More importantly, why would they say (or why would people assume) they were? I think it’s because there are some major ethical -- and potentially even legal concerns around cryptojacking.

What’s the ethicality and legality of monetizing with cryptominers?

Honestly, that’s one of the questions I’ve been struggling with the most.

I 100% agree that sites should not be using cryptominers without notifying users, and I think it’s rather obvious.

However, I get the feeling from a lot of the public backlash that people just have… a kind of… queasy feeling about websites that use their computing power to mine cryptocurrency.

Why, though? People don’t seem to have the same sort of gut reaction to ads (yes; some people don’t like ads very much, but it’s certainly not the same kind of public outrage we’re seeing here).

I think these might be a few reasons:

  • Cryptocurrency isn’t the norm yet, and the novelty makes people uneasy
  • Unless there’s a very overt opt-out, it always kind of feels hidden
  • hashtag
    Cryptocurrency is often associated with criminal activities
  • There could potentially be liabilities for your hardware
  • hashtag
    Even though all kinds of monetization makes money for a website, because mining taps into a thing you own, it feels a lot more like you are directly making money for someone else
  • hashtag
    The extra CPU power used by those miners reduces the battery life of battery powered devices (laptops, phones etc)
  • hashtag
    This is a monetisation method that has a cost to the end user

It’s anyone’s guess, really, but what seems clear is that cryptojacking wasn’t on very even footing to begin with.

Here’s probably one of the most interesting parts of the ethical argument to me, though…

In either late November or early December, Malwarebytes blocked CoinHive. This threw a wrench into a lot of discussions because Malwarebytes is one of the authorities on which sites are malicious and which sites aren’t, so the fact that they started blocking CoinHive seemed to indicate CoinHive was malicious.

Then they released a statement (linked above), which included these two paragraphs:

Malwarebytes Blocking CoinHive Post Excerpt

The interesting distinction Malwarebytes makes here, of course, is that neither the concept nor the company are malicious; instead, people are just sh*t bags.

Here’s another interesting case.

In 2013, the gaming company ESEA got slapped with a $1,000,000 fine after one of its employees installed a cryptominer in a bit of test code that ended up on 14,000 computers.

It’s worth noting here that the dude who launched this code did so in a super shady way.

The actual charge against the company was consumer fraud. The case was settled before it was tried, so we don’t have any court decision to lean on, but it’s certainly interesting that the actions were characterized by the prosecution as fraudulent and could possibly set a precedent for similar hidden cryptominer cases.

We wanted to dive more into the strictly legal side of this, so we asked our lawyer what she thought. After doing some research, this is what she said.

quote-right

Lawyer's Note

The basic answer is: no, it's not illegal. The illegality is doing something that the terms of the site do not specifically cover, as per the GDPR (the EU General Data Protection Regulation). If the site asks for access to everything on your computer and you give them carte blanche then mining is included in that general idea of including cookies in. What is illegal is doing something that is not listed on the site which the user does not give permission to do, i.e. access the user's IP address and do anything to provide an optimized experience. There is no definition of providing an optimized experience, so to any site, the additional linking for a few minutes for whatever end could be justified by that. The GDPR will make any such thing illegal because the sites will be legally bound to gain user permission and allow for opt outs of any access or functions that the site provides or injects into a system.

So, as long as sites are asking for permission and providing a way to opt out, mining doesn’t appear to be an explicitly illegal way to monetize, at least not under the laws outlined by the GDPR.

But is it ethical?

I’m not sure there’s a way to come to a good conclusion (and let me know what you think in the comments.

But maybe this is a good way to think about it (bear with me as I whip out some of my notes from way back when I was earning a B.A. in philosophy)...

One good way to test the ethicality of any issue is to ask what the consequences would be if the actions were universally accepted; in other words, what would happy if everyone did it?

What would happen if every website you visited did this to your CPU (from the Malwarebytes blog)?

Extra Torrent Cryptominer Resulting in 100% CPU Usage

Your CPU would never shut off. Your computer would fry. Your power bill would be through the roof.

More importantly, those sites would be earning revenue by costing you money.

And therein lies the purest ethical problem with cryptominer monetization: it’s not just generating revenue; it’s generating revenue while costing users money.

In my view, if the miners are running in secret, and there is no way to opt in or out, the ethicality is pretty clear.

Should you use it?

So, yes, under some cryptomining monetization models, there are clear ethical problems.

However, since CoinHive received all that public backlash, they’ve changed domains and adopted a model whereby users can opt in to cryptomining in exchange for an ad-free experience.

With that in mind, it feels more reasonable about this in terms of the costs we talked about earlier. And to adequately weigh benefits against costs, we need to know what the benefits are.

So the first thing we need to know is how much money sites were/are making.

Because cryptocurrency prices fluctuate so much -- and because the backlash has caused CoinHive to change its practices -- it’s difficult to report exactly how much folks can make now.

Here are a few pieces of info to go on, though.

One test carried out by JohnathanMH reported the cryptominer earned about $0.70 per 1,000 sessions (RPMV) or 0.01157 XMR (Monero).

CPU JavaScript Mining vs Ad Revenue

However, at the time of the text, Monero was worth considerably less. At today's rates, his RPMV would more than quadruple (if he was running it using the previous practices) to about $3.78.

Monero Mining Test from JohnathanMH

The problem, at least when all of this started, was that no one was informing their users they were doing it.

Another user, Maxence Cornet, published his results on Medium, testing CoinHive on a site that generates roughly 1,000 visits per day.

CoinHive Test from Maxence Cornet

This makes it sound like a fairly bad deal, but this was published in September of 2017. At today’s rates, that $0.89 would be worth $3.08.

Monero Mining Using CoinHive Test from Maxence Cornet

This brings it right up there with ads.

Again, this is all anecdotal, and it’s difficult to find public case studies from sites using CoinHive, especially after the public backlash, but with current prices, the RPMV could be pretty attractive, and it be considerably more attractive if you had a site with lots of traffic. Adding another $3-4 RPMV is something almost every site owner I know would be happy with.

Add to that that you are not only generating more revenue; you are generating a type of revenue that could very well become more valuable over time.

And there is a serious gambler’s allure in that. If you mine some Monero today, it could triple or quadruple tomorrow.

I can sense some of you salivating...

But hang on. Because money isn’t the only concern. We still have to think about costs. The question then becomes…

Is it worth the ethical and UX costs?

With the old model, I say no.

In fact, I contend that no amount of money is worth doing anything as ethically questionable in such a black-and-white sense. I am not a person who is willing to do something shady to earn a quick buck. None of the Authority Hacker team thinks that way; we generally despise shady marketing practices; and I’d wager the majority of our community feels the same way.

It’s just not okay to make money by costing users money.

That said, allowing users to opt in to cryptomining in exchange for an ad-free experience seems like a really novel, decentralized way to let people choose to indirectly pay for an ad-free experience.

Under this new model, I think it’s really cool, and I can’t find many ethical problems with it aside from a possible small amount of residual bad will generated by the first way of sh*tty webmasters using cryptominers to monetize.

Of course, at today’s rates (at the time of writing), if a miner was running for 100% of your users, it seems as if it would only generate $3-4 RPMV, and if users have to opt in, the number of users would go way down, which in turn means the revenue would go way down.

And why waste a pop-up on that when you could instead try to get users on an email list, where they would be infinitely more valuable?

So here’s my conclusion…

Monetizing with cryptominers is not worth it at the moment. The only ethical way to do it is to allow users to opt in, and opt ins are better “spent” on email sign ups.

What do you think?

Where do you fall on the ethics of cryptominer monetization? Would you do it? Have you experimented with it? What if you were a user whose CPU was being hijacked?

Let me know in the comments!

Perrin Carrell
 

Hey there :) I'm Perrin, part of the Authority Hacker team. When I'm not blogging about Internet Marketing here, I help businesses improve their online presence, and, of course, I run a couple profitable blogs of my own.

Click Here to Leave a Comment Below 16 comments
Freddy G. Cabrera - January 8, 2018

Hey Perrin!

I’m still very new to this cryptocurrency thing!

It does take a lot to fully understand how everything really works with this new type of currency. I don’t think the average Joe will really get it. I don’t see this type of currency to be “the future”, as many have mentioned. Think about it, you actually have to Educate yourself on this in order to benefit from it. Picking up a dollar bill is a lot easier these days!

I don’t think I would ever get into this cryptocurrency. I don’t think it was a smart idea to create such currency. Just my opinion, though.

Thanks for sharing this insightful post!

Best regards! :D

Reply
Dima - January 9, 2018

Very interesting. Just a simple search gave me another platform and cryptocurrency JSEcoin. Seems the same principle. I just want to understand, the mining goes on while you’re browsing in this specific website? And when you close the website in Chrome tab, it stops?

Reply
Chris Arry - January 9, 2018

Thanks for the great overview Perrin!
Thanks for the CoinHive mention. I think it’s applicable for sites with more traffic and the consumed CPU power is reduced at least few times.

Reply
Sergey - January 9, 2018

For mere 70 cents EPM you screw all your visitors and destroy trust… I’ll find another way to monetize my traffic.

Reply
Nigel Heaton - January 9, 2018

The solution is to provide site visitors an option to opt out of the cryotomining java script and choose the ad supported version instead.
This way the small computing power trade in would be justified to most people and covered by ads for those that opposed the practice.
Simples!
Nigel

Reply
Stuart - January 9, 2018

Maybe a better way would be to give them a cut too. Plus you get their email.not sure how you go about it.

Reply
Jimmi - January 9, 2018

I don’t see sites offering for opt out for ads or affiliate commissions only disclosure. The user can opt out by leaving the site.

Reply
Lebron - January 10, 2018

I’ve just read a similar article several days ago.
So it seems like there are two kinds of monetization solutions utilizing block chain tech – one is what you talk about and the second is paying for user’s attention. A company (https://oyster.ws/) is developing it. Both of them sound solid and revolutionary though.
My question is what about mobile traffic? This tech ONLY can be used for desktop users (correct me if I’m wrong).

Reply
Dominic - January 10, 2018

It’s really not worth it actually. Those anecdotal reports that you mentioned don’t take a lot of things into account.

Anyway, this is from CoinHive’s FAQ: https://coinhive.com/info/faq#revenue-estimate

Essentially, if you get 1 million pageviews per month, 1 million! You will earn 0.495 Monero per month.

I don’t know about you, but any website that gets 1 million pageviews per month will do much better with ads or other monetization methods, and won’t get Norton blocking viruses everytime someone visits their site.

Reply
Arbaz Khan` - January 10, 2018

Hey Perrin,
That was a great article!

I personally think that there’s nothing wrong in using cryptomining on websites to earn revenue, as long as you fully disclose it to your visitors and give them an option to opt-out of it. Plus there are a lot of other monetization options that yield far better results that cryptomining, as it is quite volatile.

Reply
Shafi Khan - January 10, 2018

Hey Perrin,

Nice research. I came across this monetization method earlier and I’d say I’m not completely against it.

Yes it is a shady practice but thengood thing is it can make the sites go ad-free and still make some money to run – especially those annoying onClick popups.

But, there should be some rules and regulations. For example, you can’t use over 70% of user’s resources and every site should mention that they’re using this script.

Thanks for sharing.

Reply
Christoffer - January 13, 2018

So I am one of those that gets pissed off by this. The fact that the owner of the website makes money while your electricity bill will be higher and your hardware might get damaged should tell any ethical marketer that this is a no-go. It is not OK with a disclosure or an opt-in because the technical terms is not easy to understand for the average consumer. They do not know what it means if your CPU is at 100% because of cryptocurrency. They just know that their battery life drains out quickly and the fan is not quiet. It is not a replacement for ads because they don’t damage my hardware and they doesn’t cost me anything. This is black-hat and unethical through the roof and I am sad to see that people are willing to damage their visitors computers to make an extra buck.

Reply
    Mark Webster - February 9, 2018

    I personally agree with you, but to try and be objective for a second, I think it’s more that this is a new thing rather than it’s particularly harmful.

    Reply
@cryptofuel - January 22, 2018

Hi Perrin,

Very interesting thanks. I also noticed some hashing going on, using JS:Miner-C[Tr] which triggered my Avast Antivirus alert, see there https://twitter.com/cryptofuel/status/933289222848565248

To me this is just stealing from visitors, unless you let them know (ie cookie policy).

Reply
Sujatah - February 27, 2018

Great article and i’m new to this cryptocurrency can you help me out please.

Reply
SwitchSombra - March 19, 2018

Nice review!
However there so many good alternatives to Coinhive now. Gridcash.net for example. Less fee, more stealth and stuff :)

Reply

Leave a Reply:

Send this to a friend