Should websites mine cryptocurrency on your computer while you use them ?

Ajouter à mon PDF personnalisé

A first look at browser-based Cryptojacking

Recently, there has been a trend in websites using their viewers’ computers to mine cryptocurrency as an alternative source of revenue; often without their consent. This form browser-based cryptocurrency mining raises important ethical questions. Cryptocurrency Mining uses computer resources to solve particular computational puzzles, the solution to which provides some monetary value. Mining cryptocurrencies with programs that run inside a web browser started in the early days of Bitcoin. Their use was overshadowed by the relative efficiency of mining programs running natively, making use of Graphics Processors and purposebuilt processors. Monero is a more recently developed cryptocurrency alternative to Bitcoin. Mining Monero requires different resources to Bitcoin, it uses more system memory and less processor, which is less suited to using GPU processing. Browser-based mining is consequently better suited to mining Monero. Developed in 2017, Coinhive is a service that allows webpage developers to easily insert Monero mining into their webpages.

Eskandari, Leoutsarakos, Mursch, and Clark surveyed the circumstances that gave rise to browser-based cryptocurrency mining and measured the prevalence and profitability such mining using Coinhive.

They analysed the top million sites in the Zmap database and matched that against the PublicWWW database and found in the Fall of 2017, at least 30 000 websites with Coinhive’s Javascript code in the body of their page. It is possible that some of these sites may have had the code inserted into their page without their consent. The researchers found that browser-based mining through Javascript was typically configured to use around 25% of a user’s CPU, with this figure at times reaching up to 100% of a computer’s processing power. At the time of the study, Coinhive was being deployed on about 11 000 parked or ‘cybersquatted’ domains.

The researchers used Google Analytics to determine how many people visited these websites in a 3-month period. They then used Coinhive’s dashboard to show that the parked domains had accumulated 105 580 user sessions for an average of 24 seconds per session. In total, the amount of revenue earned through these domains during this period was valued at a total of $7.69 USD.

This practice presents ethical questions as depending on how the mining is implemented, as it may use a persons’ resources without their knowledge, consent or without certainty that the person understands the exchange they have consented to.

The researchers offer two forms of mitigation in terms of protecting users from non-consensual browser-based mining. The first is quite simply for cryptocurrency mining developers to obtain implicit or explicit user consent before using people’s computer resources. The other is for browser developers to intervene in cryptocurrency mining to prevent mining, or to promote mining as an income alternative to online ads. It is also important to assess who is mining and whether they have obtained the consent of the website owner and visitors before mining, which may be beginning vector points in any ethical assessments of browser-based mining.

There is a need for more discussion as to what it means to obtain user consent in browser-based cryptomining.