AdGuard fights stealth cryptocurrency mining on websites

[Matsuda]

 

The news broke recently that more and more websites make money by mining cryptocurrencies on their visitors’ computers. A person browses a site, unaware that their CPU is loaded more than normally, working on a task they didn’t put.

The device slows down, making its owner less happy and productive.On the other hand, this type of mining can let websites earn money without selling ads. 

The Pirate Bay, that had been recently caught mining cryptocurrencies on the visitors’ computers, shows the type of ads that annoy people a lot. A part of its audience might be ready and willing to lend some of their computer power in order to support the website and get rid of the ads.

One of the tools that now gain popularity for enabling mining on a website is Coinhive. They provide a JavaScript miner for the cryptocurrency called Monero.

We at AdGuard taught our desktop apps to detect the Coinhive miner on websites and ask users whether they would allow it to use their computer.






We believe that it is not right to simply block it, but warning the user and asking for his or her consent is necessary. We work at detecting other mining tools as well. So if you notice any websites that use your device for mining without warning you and asking for permission, please report us.

 

Source

[BioHazard]

Way to go aguard 

[UmbraEmsisoft]

This is a good company. i beta test their products.

[steven36]

Quote

We believe that it is not right to simply block it, but warning the user and asking for his or her consent is necessary. We work at detecting other mining tools as well. So if you notice any websites that use your device for mining without warning you and asking for permission, please report us.

 

 

Quote

 

gorhill commented 9 days ago • edited

Apparently, pirate-bay is doing it now too: https://betanews.com/2017/09/16/pirate-bay-secret-bitcoin-miner/ Anything that abusively auto-opt-in users deserve to be blocked by default. Now the problem I am having is, in which filter lists does this go? Given this previous issue, and the one here, maybe it's time to create a new filter lists for anti-users auto opt-in abusive behavior. Name? "Dark patterns"?

 

Most any ad blocker has  a disable  per page if you want too support sites for coin mining or ads but if  they don't ask my permission i'm blocking it  and don't need popups telling me do i want allow it or not only one site i seen so far offered a way  to opt out of it  and they have coin miner free domain if you don't agree too it.        Quote   gorhill commented 6 days ago • edited And no, I'm not here to shit-talk or attack anyone personally. Users can easily opt-in to the respectful implementation (disabling uBO for the site/page), they can't easily opt-out of the abusive implementation -- hence the only safe approach is to block known miners by default. As in, if there's perhaps a website that does both, but I only want the miner to run and not the ads to show? Having ads served along with the miner kind of defeat the rationale of having the miner, which is being marketed as a way to monetize without resorting to ads. In any case, you are free to design your web sites as you wish, and users of uBO are free to opt-in to whatever you serve them. Talk to your users, they are the one making the decision, uBO is just a tool they use to get back the ability to decide.   https://github.com/uBlockOrigin/uAssets/issues/690?_pjax=%23js-repo-pjax-container It's  not open too debate   with me  and already there is a list you can block them with.   NoCoin adblock list https://github.com/hoshsadiq/adblock-nocoin-list Already uBlock  list  is blocking it  and others are too

 

 

[dcs18]

Quote

We at AdGuard taught our desktop apps to detect the Coinhive miner on websites and ask users whether they would allow it to use their computer.

We believe that it is not right to simply block it, but warning the user and asking for his or her consent is necessary.

Asking . . . . . . . is such a waste of time (not to mention the extra click/s) — have set my Adguard to block, without asking.

[Undertaker]

This site shows the warning too:-

https://torrent.cd/

[dcs18]

22 minutes ago, Undertaker said:

This site shows the warning too:-

https://torrent.cd/

My Adguard is blocking dozens of xmlhttprequest and websocket non-stop requests, without any prompt.

[Undertaker]

5 minutes ago, dcs18 said:

My Adguard is blocking dozens of xmlhttprequest and websocket non-stop requests, without any prompt.

Yes, I know you use very strict blocking rules. But that's not for me, I already told you the reason in our chat back sometime.

[dcs18]

6 minutes ago, Undertaker said:

12 minutes ago, dcs18 said:

My Adguard is blocking dozens of xmlhttprequest and websocket non-stop requests, without any prompt.

Yes, I know you use very strict blocking rules. But that's not for me, I already told you the reason in our chat back sometime.

 

Spoiler

 

[vitorio]

14 hours ago, Matsuda said:

We at AdGuard taught our desktop apps to detect the Coinhive miner on websites and ask users whether they would allow it to use their computer.

 

That's the right way to go. High five to Adguard. 

[Undertaker]

Just now, dcs18 said:

 

  Reveal hidden contents

 

BTW I found out while trying to adapt the uBlock-Adguard transition thingy that, using ADG extension rather than the ADG program makes for a comfortable and easy transition.

[dcs18]

Easy transition from where to where?

[Undertaker]

Just now, dcs18 said:

Easy transition from where to where?

ublock to adguard and vice-versa.

uMatrix to adguard.

[dcs18]

I see — on a parallel note, my personal experience is that uMatrix Users would find Adguard more worth a transit than uBlock Users since those 2 ad. blockers employ almost identical filter syntax.

[Undertaker]

1 minute ago, dcs18 said:

I see — on a parallel note, my personal experience is that uMatrix Users would find Adguard more worth a transit than uBlock Users since those 2 ad. blockers employ almost identical filter syntax.

You ever tried going back to prev setup of uBlock or Umatrix?

Or have another profile with that setup?

How would you compare that combo with Adguard, now having used both(answer this only if you have gotten back to combo at some point after trying out Adguard program)?

[dcs18]

After embracing Adguard, have never gone back to the (uBlock + uMatrix) combination on my own systems which IMO is a truly sweet one.

 

That said, most of my Customers are still on the older (uBlock + uMatrix) combination as I'm yet to deploy Adguard on many client machines.

[Undertaker]

Just now, dcs18 said:

After embracing Adguard, have never gone back to the (uBlock + uMatrix) combination on my own systems which IMO is a truly sweet one.

 

That said, most of my Customers are still on the older (uBlock + uMatrix) combination as I'm yet to deploy Adguard on many client machines.

To truly embrace it, you should go back atleast once to the previous setting and you'll know why I was insisting you for Adguard.

For you customers, I would advise that once 6.2 reaches stable(later this week), you put them on a stable release channel. Don't put them on 6.1 stable because that doesn't support the $app modifier.

What about the ones that already have Adguard, they complained of anything?

[dcs18]

1 minute ago, Undertaker said:

For you customers, I would advise that once 6.2 reaches stable(later this week), you put them on a stable release channel. Don't put them on 6.1 stable because that doesn't support the $app modifier.

We always use the latest release regardless of whether stable or beta — an image of my own system is deployed and then customized for a less stringent user-case.

 

 

1 minute ago, Undertaker said:

What about the ones that already have Adguard, they complained of anything?

The few of those who've been beta-testing the Adguard deployment keep filing plenty of reports — Adguard does block much much more than any other ad. blocker that I've ever used.

[Undertaker]

2 minutes ago, dcs18 said:

The few of those who've been beta-testing the Adguard deployment keep filing plenty of reports — Adguard does block much much more than any other ad. blocker that I've ever used.

Try the extension thingy(that I just told above) for that stringent blocking rather than the Program and I think even if you copy the rules as it is, it will be already much much better.

[dcs18]

I've managed to get the extension semi-compliant with my Adguard program.

[Undertaker]

3 minutes ago, dcs18 said:

I've managed to get the extension semi-compliant with my Adguard program.

Using the extension in integration mode or as a standalone?

[dcs18]

The extension is on integration mode.

[Undertaker]

2 minutes ago, dcs18 said:

The extension is on integration mode.

Personally, I'm not a great fan of the integration mode.

So, I have always used it as a standalone extension in cohesion with the AG program.

[dcs18]

What advantages do you notice when using it as a standalone?

[Undertaker]

1 hour ago, dcs18 said:

What advantages do you notice when using it as a standalone?

In my last testing,

I noticed that if in integration mode, the rules which are presently only in addon are not applied.

You remember we discussing how it's blocking even the HTML in program, that doesn't happen in the extension(even with the same rule). So extension behaves better even in that strict rule situation.

For filtering I used the program, and for site specific(read uMatrix converted rules) I used the standalone extension.

 

p.s. Here, by standalone I don't mean the standalone version available at AG github page, I meant that the extension is running exclusive of the program.

Program does its own thing and extension does its own. This setup I tested in the beginning stages of our discussion about adblockers.