Steem supply is mining using your browser

in steem •  11 months ago

http://steem.supply/ Website ( @dragosroua )

is mining without your consent so don't leave it open if you disagree with that practice.

Here's the javascript loaded

Oops:

You can download miner blockers like these on Chrome if you need:
https://chrome.google.com/webstore/detail/minerblock/emikbbbebcdfohonlaifafnoanocnebl

Should that practice be tolerated?


Edit 1: Here's an exemple of what I would consider ethically correct mining in a website
https://coinhive.com/#captcha


Edit 2: I finally saw the warning after many many attempt to reproduce. I had to clear the cache and saw at the bottom of the page a 20 pixel high banner with jsecoin logo and a very small disclaimer about mining. A refresh of the page wouldn't not show it back. I propose that the website owner puts a small disclaimer at the top of his page that is more visible. That's all.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Who says that it's him using this miner? This miner is from the site jsecoin...

·

Steem.supply loads jsecoin's miner

who is the witness?

·

Written first line of post dragosroua

What you said in this post is not true. There is a very clear privacy warning, here's how it looks:


Screen Shot 2017-11-07 at 8.33.25 PM.png


I wrote a few times on Steemit about JSEcoin, fully disclosing that I'm experimenting with it. JSEcoin is not on any exchange, it's not trading, I'm not making money off of innocent people. It's just an experiment. I'm not mining using well known phishing scripts and all is transparent.

I honestly think you jumped a bit too fast on this one.

I am open to any discussion you want to have about this topic, about steem.supply or about mining in browser.

Edit: your mention on coinhive, which is a well known Monero miner written in JS (and frequently packed with malware), doesn't help your point. I'm NOT mining Monero, nor other currency trading on an exchange.

[self upvoted to bump it up]

·

What you said in this post is not true.

Saying I straight out lied in the premise of your comment is a bit arrogant.

There is a very clear privacy warning, here's how it looks:

The popup never showed for me, maybe because I went to your website before you put it and the cookie was badly set? Or just a badly place html element.

I honestly think you jumped a bit too fast on this one.

I didn't "jump" on this, I just posted something to raise an ethical question. I didn't post BS just for the sake of it.

JSEcoin is not on any exchange, it's not trading, I'm not making money off of innocent people. It's just an experiment

Even though the coin is not tradeable, in the foreseeable future, it will be so it doesn't matter. An ICO is already planned.

and all is transparent.

Actually the point of my article was the lack of transparency. (Because of the popup I never had like I said previously. Also the fact people are reacting means they probably never saw it too!)

·
·

Something is either true or not. When I believe it's not true, I just state it. I don't see any arrogance here. I didn't say you lied, you may have been mislead or didn't see all the facts and that may have lead to claims that aren't true. Again, I didn't say you lied, I said what you stated is not true and I gave you all the details to support my position.

Claiming I put the warning on after you posted this is ridiculous. I invite you to try the code on any site and see if you can deactivate that warning.

Also the fact people are reacting means they probably never saw it too!)

There are about 10-15 comments from people who are upset about this. On average, steem.supply gets between 300 and 450 unique users per day. I don't know how many of them overlap with the 377 who saw this post, according to the post stats, but I think the ratio falls around the normal number of people who either don't see all the warnings, or don't know what is going on but feel like having an opinion on everything. This doesn't mean in any way that I don't respect them, but way too many times some people are jumping too fast to conclusions without hearing all the facts, it's just human nature, I guess.

What makes me really sad is that this post has been used by a witness that I respect, @ausbitbank as a platform to promote his own similar service, by accepting and supporting your claims without verifying them, or without hearing my position about it. I respect his hard work and I've been knowing him on the platform for quite some time. I'm really looking forward to hear his opinion on this, after he reads my answer. It will be such a pity if he doesn't say anything.

Again and again: there is a privacy note, and I'm not stealing anything nor doing anything that is unethical.

I appreciate your approach, by asking if this is ethical or not. And I gave you all the answers. Hope this clears things out.

·
·
·

Claiming I put the warning on after you posted this is ridiculous. I invite you to try the code on any site and see if you can deactivate that warning.

Never said that BTW.

I just don't see your warning and never saw it. I'm at work right now with 3 colleagues that don't see it either.

Inspect and verify please. It could even be the publisher's fault (maybe an update in their javascript code stopped showing the warning??)

·
·
·
·

@dragosroua posted here two months ago stating he was using a browser miner on steem.supply to mine JSEcoin.
https://steemit.com/news/@dragosroua/jsecoin-mining-crypto-currencies-in-or-with-your-browser

·
·
·
·
·

Thank you!

·
·
·
·

Here's their answer. If you want to contribute to the discussion, feel free to post on their forums:
Screen Shot 2017-11-08 at 10.45.41 AM.png)

·
·
·
·

The popup never showed for me, maybe because I went to your website before you put it and the cookie was badly set? Or just a badly place html element.

Ok, I will contact them, they're quite responsive. Will also publish a post about this tomorrow (it's evening here now).

·
·
·
·
·

I don't see the popup either, but I've got a blocker running by default, so would only see it if I bother to go look at what my blocker has blocked (which I tend not to do with no reason). Having a manual link to the disclosure notice may be a possibly solution so that the information is easily accessible to anyone, even if they're running a blocker, so they can't just say 'but it didn't show for me'.

·
·
·
·
·
·

I was pondering that too and I may add it.

·
·
·

What makes me really sad is that this post has been used by a witness that I respect, @ausbitbank as a platform to promote his own similar service, by accepting and supporting your claims without verifying them, or without hearing my position about it.

  • I DID verify the claims myself before I resteemed this post. Anyone can with 2 minutes and firefox/chrome dev tools.

  • Promoting my old tool was an afterthought, its was just a simple clean alternative with no banner ads or hidden miners on it so I have no real incentive to promote it. Like I said before I completely stopped updating the tool and have been actively pushing people towards steem.supply for months now (which is why I'm extra dissapointed to discover a miner) .

  • As I said to you on steemit.chat , no popup like you pictured ever appeared for me in debian firefox - and after re-checking your site I see a small footer that hides itself after a while.

  • The only jsecoin mention I can find from you was 2 months ago, and it isn't mentioned in your steem.supply update posts at all.

  • I also spotted another similar posts, and you hadn't responded there either.

Regardless of how well you announced your intention to hijack your users processor time for your own profit - I don't want to see this sort of crap installed on tools that a heap of steemians use daily.

The argument that its not traded on an exchange, therefore its not money really doesn't work for me.

·
·
·
·

and after re-checking your site I see a small footer that hides itself after a while.

so it is unethical or not? A simple "yes" or " no" will suffice.

Promoting my old tool was an afterthought

in order to obtain why?

Regardless of how well you announced your intention to hijack your users processor time for your own profit - I don't want to see this sort of crap installed on tools that a heap of steemians use daily.

I hijack my users processors for my own profit? Do we really have a discussion about that? What is the difference between "hijacking users processors" for testing a decentralized cryptocurrency with a great potential, and "hijacking users processors" with poorly coded sites or, even worse, with Google Analytics, Facebook Stats or Twitter SDKs, that are silently profiling users habits into data that is then sold to advertisers for billions?

Who is the bad guy here?

In the Steemit chat you also said to me that if you could un-steem your post you would do it, I assume you wrote that after you wrote this comment.

It's sad to see this divisive approach and accusations without proof, in an emerging ecosystem like Steemit.

It's very easy to destroy the reputation of a person with a few unfounded but plausible accusations.

Loading...
·
·

This is old, but just thought I would say that the dude/dudette has every right to defend themselves after someone does inaccurate reporting and doesn't do their homework. You clearly didn't bother to learn about JSECoin before writing at all. Its a very respectable project for anyone that just bothers to glance at their site.

Second, while it is true that browser mining should ideally be consented to before happening, website owners often find getting over the hump of the newness of this concept is difficult and prefer subtle ways of pointing it out. People are naturally easy to scare away and its hard to get good traffic.

Lastly, browser mining has gotten an unfair reputation as cryptojacking. Sure, wifi hacking methods or other forms of hacking is uncool, but browser mining in itself is a perfectly fine way to monetize the internet. Steem should be doing this! I want steem browser mining to be embedded in my sites, but Monero ain't bad, a lot more money in it at the moment.

·

I think you should make a full post expanding your reply here in as much detail as possible. Otherwise all there is is a chain of speculation. My 2 cents.

·
·

Thanks for the suggestion, I'll do it in the next few days.

·
·

Agree with this suggestion - i am not a tech geek at all but I always trusted you to the fullest @dragosroua - as you are a good boy. Sure a dedicated post will help to wipe out speculations.

·

Updated my post (edit 2)

·
·

Thank you for clarifying this. The reason you're not seeing it again is that it shows every hour, not on any page load. There is also a 10 seconds delay in order not to impact page load speed, which can lead to SEO penalties. IMHO, this is pretty well thought. For more details, please have a look at my comment with JSEcoin response to my complaint about the notification not showing (or showing in an improper way).

Peace!

·
·
·

Still, the placement is bad and the 2 seconds delay for display is tricky. That banner is not enough imho

·

I never saw that popup either.

·

Just to say, I didn't have the popup neither. And you know, the warning you show here is not clear : it says your website is making money with crypto mining. It doesn't make it clear that you are mining crypto with the cpu of people who browse your website.
If you are not aware of this type of mining, you just don't understand that your browser is mining for someone else.
It can be misleading imo.

I am very disappointed.

·

Honestly if a website made it known that the were going to do it, and they didn't use so much cpu that my computer was freezing up, I'd be completely fine with free sites using some cpu to mine for them.

·

Me too that's why I denounced it. Especially coming from a witness you can give your vote to.

·

Me too...this sucks!

Ive read through all the comments @dragosuora wrote above, but still think this is unacceptable thing to do as a witness. He should have announced it very clearly and explicitly. The banner appears on the very bottom of the browser and disappears soon which will be highly likely missed by the average visiters. Really disappointed.

·

@dragosroua. I reproduced exactly this. The very small banner is at the bottom and not very visible and disappears after 2 seconds. It is not shown again after a page refresh. It really looks like it's made so that people don't notice it.

just stop using some random ass "blockers".

Get uBlock Origin and ScriptSafe, those are general purpose security apps and they block shitty webminers by default

·

Fine, but that's not the point...
Those "general purpose" apps block ads and more. I never blocked ads; I don't mind since if I don't click them, they don't get my money.
Miners on the other hand...

·
·

then you have much more to fear than a simple miner.

·
·
·

It's not about fear... it's about lack of transparency.

·
·
·

The issue here is that we are talking about a witness. As such transparency and critical thinking matter.

·
·
·
·

without a doubt a scandal, but doesn't mean you should use questionable extensions. they weaken your security

RESTEEMED. This is unacceptable.

·

So disappointed, he had no necessity in doing that! Sometimes people acts in a strange way... how can someone think that no one will discover that?

Thanks for noticing!

How can I find out if sites I use do this to on my pc?

And do you know for sure the 'minerblocker' doesnt mine itsself?

·

I'd download the minerblocker, go to the website you use, if the counter goes up, it means it uses it. Then uninstall the extension if you're suspicious.

·

MinerBlock is open source and open to the public, you can check out the source code here:
https://github.com/xd4rker/MinerBlock

Nice catch!

I implemented something similar on my website http://tfj.pw/about except it's only opt-in. It doesn't mine without the user's consent.

·

Actually this is the root of the problem. I don't mind people mining using my gear if they ask first.

·
·

Glad you agree :) I think it will be helpful to monetize without ads.

Hell no.

·

Thx for noticing! I've been resteeming / notifying other users about it as well, after I mentioned steem.supply on my Steemit Tools Post, but I don't have the weight yet to warn other people...

·
·

I've resteemed your post now and mentioned it to a few people that I knew had been using the tool. I was dissapointed to see the banner ads, the hidden crypto miner is way over the line imo.

Edited to remove an alternative tool - I wasn't intending to advertise here

·
·
·

Lol I´m opening the Feed and directly get that Post... I liked to use the Tool but hidden mining is, just like you say, way over the line. I don´t mind commercials but that´s really just too much!

I´ll be using your tool from now as I fully trust you that it´s mining free! It might be cool though to see the Payout without curation etc :)

·
·
·
·

Good idea, I should really do some updates on this - it was only a super quick creation right after the payout windows changed and I stopped thinking about it once other tools like steem.supply turned up.
When I get some free time I'll update :)

·
·
·
·
·

I'd be amazed to see your Tool getting the new steem.supply as I'm done using that!

·
·
·

Thanks for re-steeming :) xx

·
·
·
·

I second that!

·
·
·

I use your pending payout tool often. It is secretly stealing my time. :P

·
·
·
·

hah, is better to get your cpu stolen than to get your time

·
·
·
·
·
·
·
·

Thx! I added your tool SteemViz Pending Payouts to my Useful Steemit Tools post as a "clean" (no hijacking) alternative for steem.supply.

·
·
·

Thanks for the Pendingpayouts info @ausbitbanks and by the way @julienbh this should not be tolerated at all!

·
·
·
·

Well I'm not using it anymore even though I enjoyed it.

·
·
·
·
·

Yes it was very helpful! I just dont understand why people do that kind of things.. Many work to get that High Level and do that is just incompresible. Thanks again girl for the info!

·

Please have a look at my comment. Very interested to know your opinion about that.

Cool I will think of it.

Not wishing to fan the flames of did-she-didn't-she ... but we wrote a paper about the notion of using mining with stolen electricity a long time ago: "Bitcoin & Gresham's Law - the economic inevitability of Collapse" and I almost wish we hadn't because it created such hatred and distrust as people misinterpreted it as an attack on Bitcoin the money.

What is this mining thing? I do not understand. Somebody please explain..
Thanks.

·

perhaps a little googling will help you better

Okay seriously. What the hell is wrong with people.. if you want to mine, then buy your own damn rig instead of using people's hardwares. Sick.. sick mentality.

·

20 million people die of poverty a year and we throw out more than enough resources to save them.

Using a tool that the other person is not fully utilising is not wrong on its own. In fact, not using it could be considered immoral. The difference is why.

·
·

Using a tool that the other person is not fully utilising is not wrong on its own. In fact, not using it could be considered immoral.

Ok, but here it does not really apply : the tool is the user cpu. If the cpu is used more, it uses more electricity. The user will pay more because someone used its cpu without its consent.

·
·
·

it will not take too much more, having it idle already wastes electricity. Mining with a cpu that would be sitting idle instead of off is less wasteful overall.

The problem is the consent and what it is used for, not the "get your own damn mining rig"

Are you kidding. This is actually a thing??!

Where I live we just call that plain THEFT. Stealing the use of someone's property is theft when permission isn't given. I have not used their stuff so I don't know if it says anything in their terms of use and conditions, it may very well have something in there, if it doesn't it is theft.
Until next time,
@sultnpapper

·

their is a disclaimer so it cannot be tinted as theft. and it far better than facebook and google selling our info

·
·

That is very good to know. THANKS. That makes all the difference in the world, like a said I haven't used it , if the disclaimer is in it then you have agreed so there should not be an issue.

Wow, very disappointing. This is probably the kind of community that wouldn't mind mining on a website if it was opt-in and done only after asking for the user's consent.

No, i dont wanna run anything on my systems without me knowing it.

Great catch human, u r more advanced than bot :]

It's not acceptable. Anybody can verify it?

·

Thanks for the heads up, I already posted my comment.

Incredible! thanks for telling this..... that kind of things just sucks! I hjave installed the Chrome Extension and it's true... WTF!
upVotedandReSteemed.png

·

Do you think he is wrong for monetizing his site?

how is this possible? I thought that mining wasn't being done anymore?

·

Who told you that? Mining is done everyday ;)

·
·

Steem mining....i know crypto mining is done every day....what coins are we talking about?

·
·
·

related to this site. I don't know exactly https://platform.jsecoin.com/

·

Guess it´s for Bitcoin Mining or some other coin but anyways really sneaky!

·
·

Whatever the coin, that's not the point exactly!

·
·
·

Right, it doesn´t matter as it´s just sneaky as hell!

·

Please have a look at my comment @stellabelle, really interested about your opinion about this.

·
·

it far better than facebook and google selling our details

·

What I understood is that it was not profitable anymore for people like you and me to mine.
Most coins are already being mined by huge clusters so it is not worth trying to compete.

But if you can use part of the ressources of people that visits your website to mine... I guess it can become profitable again.

·
·

it will be profitable if the site is popular and i support that.

Large number of website including thepiratebay is mining without any consent from their users. That's should be stopped.

As it is very easy to do, very sneaky and as nobody will ever block javascript since it is too usefull, I guess this will happen more and more.
Just by surfing on the website, your browser downloads this javascript code and starts mining without you noticing it, isn't that paradise for the owner ?
This might be the next hidden source of income after ads.
I hope the "counter-part" is developped very fast i.e miner blocker as the one you speak of.

·

i think this is pretty much better than ads.

I'm using steem.supply on regular basis and see the warning bar on the bottom of my browser consistently and I feel @dragosroua has been absolutely transparent about it.

I actually support his experiment and consider it fair-play. And this is even more so keeping in mind that there is not a way to opt-out (which I haven't).

From my point of view, website owners are free to look for ways to monetize their websites and since this is not done in a resource intensive way, I think it's a interesting and viable alternative to experiment with. Keep in mind that even with the miner scripts, steem.supply remains one of the lighter websites you are probably opening in your browser and there are often banner ads and pretty always video ads that are using much more of your CPU power and bandwidth.

I'm not saying that crypo-mining is always acceptible, but my honest opinion is that it was done in a way that was transparent enough and congnisent enough of the load the webiste creates for it to be totally fine in my book. And this was the case before the opt-out option which I believe should solve any worries anybody might have.

I think it's important to note that @dragosroua has indeed been transparent about this and to me he is by no means an abuser of the steem platform, but a regular and valuable contributor.

Forget about the popup, it pretty much useless. The notice is enough and i don't think you are doing anything wrong even if you are mining monero with coinhive as far as there is a disclaimer. i didn't see the popup either which i care less about since i can see a notice and a privacy section to stop it from running

·

Dude we get it. You like the website and/or its owner. Stop replying to every single comment.

All proof of work mining will evolve into this. This is the cheapest way to get CPU cycles.

·

it is an amazing way of monetizing a site when done correctly