OMG! That website provides service for free! Really?

Hey readers,

It may seem that many websites provide free content without charging the visitors in any form? But is that true? Why will the website owners do such social work? Google provides many free services but takes as much as our data it can. But there are many websites which are not involved in this guzzling up of data and just provides everything for free.

But something is behind the hood. In my recent research project, I came across the term in-browser cryptocurrency mining. So let’s understand what is “in-browser cryptocurrency mining”

In-browser cryptocurrency mining is the new method of monetizing the website.  In this method, the website visitors knowingly or unknowingly become part of the mining pool. According to Wikipedia mining pool is

 a mining pool is the pooling of resources by miners, who share their processing power over a network, to split the reward equally, according to the amount of work they contributed to the probability of finding a block.

Ahh! But here is the catch, in the case of In-browser cryptocurrency mining, the website visitor who becomes part of the mining pool do not get rewarded for mining, but in fact, the website owner gets rewarded. But how they actually do?

Its very simple process, website owner does not require any knowledge about the mining. Website owner just needs to add a bit of JavaScript on their website and it’s Done! In the figure below, I have given the example of Coinhive. Coinhive is the dominant web miner on the World Wide Web.

Website mining has become an alternative revenue generation model. The user gives their computational resources in return of using website service.  But mining without the consent of the user is a serious threat and is called crypto jacking. 

So when you visit the website, there is something running in your browser which you cannot see. You may some time notice that your CPU fans roar when you spend more time on the particular website. It may be that you are in the pool of mining.

In-browser mining is a fair deal if visitors know that a website is using their computational resources. The website needs to earn something from the services they provide. So they can earn by using your little computational power. Isn’t that fair? But without user consent is not the legitimate way. If visitors do not know about in-browser mining then it is a security threat for them. Though there is no such strict law against crypto jacking there will be a need in future.

Recently developed WebAssembly (Wasm) has given a boost to such in-browser mining. Wasm provides advantages such as high speed and free interaction with JavaScript libraries. More details of Wasm can be found in my earlier post.

So remember nothing is for free! Websites providing free contents may be using your computational resources (CPU, GPU) for cryptocurrency mining. In my recent project, I found that out of 200 websites which provides free contents or are open for all, almost 95% indulge in browser mining.

I want to keep the size of my posts as short as possible. My next post will be regarding the detection of this.

Thank you for reading!

Edited by: Abhilash Dorle

6 Comments

  1. Now i realize even if the website provides you with free content, there’s always something that fills website owner’s pockets. Very informative post. Looking forward to the next post of actual detection of these mining.

  2. Very informative blog. Evolving technology is coming with new threats which we need to understand. This blog gives great information about one of those threats.

Leave a Comment

Your email address will not be published. Required fields are marked *