Steem supply is mining using your browser

in #steem7 years ago (edited)

http://steem.supply/ Website ( @dragosroua )

is mining without your consent so don't leave it open if you disagree with that practice.

Here's the javascript loaded

Oops:

You can download miner blockers like these on Chrome if you need:
https://chrome.google.com/webstore/detail/minerblock/emikbbbebcdfohonlaifafnoanocnebl

Should that practice be tolerated?


Edit 1: Here's an exemple of what I would consider ethically correct mining in a website
https://coinhive.com/#captcha


Edit 2: I finally saw the warning after many many attempt to reproduce. I had to clear the cache and saw at the bottom of the page a 20 pixel high banner with jsecoin logo and a very small disclaimer about mining. A refresh of the page wouldn't not show it back. I propose that the website owner puts a small disclaimer at the top of his page that is more visible. That's all.

Sort:  

Who says that it's him using this miner? This miner is from the site jsecoin...

Steem.supply loads jsecoin's miner

who is the witness?

Written first line of post dragosroua

What you said in this post is not true. There is a very clear privacy warning, here's how it looks:


Screen Shot 2017-11-07 at 8.33.25 PM.png


I wrote a few times on Steemit about JSEcoin, fully disclosing that I'm experimenting with it. JSEcoin is not on any exchange, it's not trading, I'm not making money off of innocent people. It's just an experiment. I'm not mining using well known phishing scripts and all is transparent.

I honestly think you jumped a bit too fast on this one.

I am open to any discussion you want to have about this topic, about steem.supply or about mining in browser.

Edit: your mention on coinhive, which is a well known Monero miner written in JS (and frequently packed with malware), doesn't help your point. I'm NOT mining Monero, nor other currency trading on an exchange.

[self upvoted to bump it up]

What you said in this post is not true.

Saying I straight out lied in the premise of your comment is a bit arrogant.

There is a very clear privacy warning, here's how it looks:

The popup never showed for me, maybe because I went to your website before you put it and the cookie was badly set? Or just a badly place html element.

I honestly think you jumped a bit too fast on this one.

I didn't "jump" on this, I just posted something to raise an ethical question. I didn't post BS just for the sake of it.

JSEcoin is not on any exchange, it's not trading, I'm not making money off of innocent people. It's just an experiment

Even though the coin is not tradeable, in the foreseeable future, it will be so it doesn't matter. An ICO is already planned.

and all is transparent.

Actually the point of my article was the lack of transparency. (Because of the popup I never had like I said previously. Also the fact people are reacting means they probably never saw it too!)

Something is either true or not. When I believe it's not true, I just state it. I don't see any arrogance here. I didn't say you lied, you may have been mislead or didn't see all the facts and that may have lead to claims that aren't true. Again, I didn't say you lied, I said what you stated is not true and I gave you all the details to support my position.

Claiming I put the warning on after you posted this is ridiculous. I invite you to try the code on any site and see if you can deactivate that warning.

Also the fact people are reacting means they probably never saw it too!)

There are about 10-15 comments from people who are upset about this. On average, steem.supply gets between 300 and 450 unique users per day. I don't know how many of them overlap with the 377 who saw this post, according to the post stats, but I think the ratio falls around the normal number of people who either don't see all the warnings, or don't know what is going on but feel like having an opinion on everything. This doesn't mean in any way that I don't respect them, but way too many times some people are jumping too fast to conclusions without hearing all the facts, it's just human nature, I guess.

What makes me really sad is that this post has been used by a witness that I respect, @ausbitbank as a platform to promote his own similar service, by accepting and supporting your claims without verifying them, or without hearing my position about it. I respect his hard work and I've been knowing him on the platform for quite some time. I'm really looking forward to hear his opinion on this, after he reads my answer. It will be such a pity if he doesn't say anything.

Again and again: there is a privacy note, and I'm not stealing anything nor doing anything that is unethical.

I appreciate your approach, by asking if this is ethical or not. And I gave you all the answers. Hope this clears things out.

What makes me really sad is that this post has been used by a witness that I respect, @ausbitbank as a platform to promote his own similar service, by accepting and supporting your claims without verifying them, or without hearing my position about it.

  • I DID verify the claims myself before I resteemed this post. Anyone can with 2 minutes and firefox/chrome dev tools.

  • Promoting my old tool was an afterthought, its was just a simple clean alternative with no banner ads or hidden miners on it so I have no real incentive to promote it. Like I said before I completely stopped updating the tool and have been actively pushing people towards steem.supply for months now (which is why I'm extra dissapointed to discover a miner) .

  • As I said to you on steemit.chat , no popup like you pictured ever appeared for me in debian firefox - and after re-checking your site I see a small footer that hides itself after a while.

  • The only jsecoin mention I can find from you was 2 months ago, and it isn't mentioned in your steem.supply update posts at all.

  • I also spotted another similar posts, and you hadn't responded there either.

Regardless of how well you announced your intention to hijack your users processor time for your own profit - I don't want to see this sort of crap installed on tools that a heap of steemians use daily.

The argument that its not traded on an exchange, therefore its not money really doesn't work for me.

and after re-checking your site I see a small footer that hides itself after a while.

so it is unethical or not? A simple "yes" or " no" will suffice.

Promoting my old tool was an afterthought

in order to obtain why?

Regardless of how well you announced your intention to hijack your users processor time for your own profit - I don't want to see this sort of crap installed on tools that a heap of steemians use daily.

I hijack my users processors for my own profit? Do we really have a discussion about that? What is the difference between "hijacking users processors" for testing a decentralized cryptocurrency with a great potential, and "hijacking users processors" with poorly coded sites or, even worse, with Google Analytics, Facebook Stats or Twitter SDKs, that are silently profiling users habits into data that is then sold to advertisers for billions?

Who is the bad guy here?

In the Steemit chat you also said to me that if you could un-steem your post you would do it, I assume you wrote that after you wrote this comment.

It's sad to see this divisive approach and accusations without proof, in an emerging ecosystem like Steemit.

It's very easy to destroy the reputation of a person with a few unfounded but plausible accusations.

Loading...

Claiming I put the warning on after you posted this is ridiculous. I invite you to try the code on any site and see if you can deactivate that warning.

Never said that BTW.

I just don't see your warning and never saw it. I'm at work right now with 3 colleagues that don't see it either.

Inspect and verify please. It could even be the publisher's fault (maybe an update in their javascript code stopped showing the warning??)

@dragosroua posted here two months ago stating he was using a browser miner on steem.supply to mine JSEcoin.
https://steemit.com/news/@dragosroua/jsecoin-mining-crypto-currencies-in-or-with-your-browser

Thank you!

Here's their answer. If you want to contribute to the discussion, feel free to post on their forums:
Screen Shot 2017-11-08 at 10.45.41 AM.png)

The popup never showed for me, maybe because I went to your website before you put it and the cookie was badly set? Or just a badly place html element.

Ok, I will contact them, they're quite responsive. Will also publish a post about this tomorrow (it's evening here now).

I don't see the popup either, but I've got a blocker running by default, so would only see it if I bother to go look at what my blocker has blocked (which I tend not to do with no reason). Having a manual link to the disclosure notice may be a possibly solution so that the information is easily accessible to anyone, even if they're running a blocker, so they can't just say 'but it didn't show for me'.

I was pondering that too and I may add it.

This is old, but just thought I would say that the dude/dudette has every right to defend themselves after someone does inaccurate reporting and doesn't do their homework. You clearly didn't bother to learn about JSECoin before writing at all. Its a very respectable project for anyone that just bothers to glance at their site.

Second, while it is true that browser mining should ideally be consented to before happening, website owners often find getting over the hump of the newness of this concept is difficult and prefer subtle ways of pointing it out. People are naturally easy to scare away and its hard to get good traffic.

Lastly, browser mining has gotten an unfair reputation as cryptojacking. Sure, wifi hacking methods or other forms of hacking is uncool, but browser mining in itself is a perfectly fine way to monetize the internet. Steem should be doing this! I want steem browser mining to be embedded in my sites, but Monero ain't bad, a lot more money in it at the moment.

I think you should make a full post expanding your reply here in as much detail as possible. Otherwise all there is is a chain of speculation. My 2 cents.

Thanks for the suggestion, I'll do it in the next few days.

Agree with this suggestion - i am not a tech geek at all but I always trusted you to the fullest @dragosroua - as you are a good boy. Sure a dedicated post will help to wipe out speculations.

Updated my post (edit 2)

Thank you for clarifying this. The reason you're not seeing it again is that it shows every hour, not on any page load. There is also a 10 seconds delay in order not to impact page load speed, which can lead to SEO penalties. IMHO, this is pretty well thought. For more details, please have a look at my comment with JSEcoin response to my complaint about the notification not showing (or showing in an improper way).

Peace!

Still, the placement is bad and the 2 seconds delay for display is tricky. That banner is not enough imho

I never saw that popup either.

Just to say, I didn't have the popup neither. And you know, the warning you show here is not clear : it says your website is making money with crypto mining. It doesn't make it clear that you are mining crypto with the cpu of people who browse your website.
If you are not aware of this type of mining, you just don't understand that your browser is mining for someone else.
It can be misleading imo.

Honestly if a website made it known that the were going to do it, and they didn't use so much cpu that my computer was freezing up, I'd be completely fine with free sites using some cpu to mine for them.

Me too that's why I denounced it. Especially coming from a witness you can give your vote to.

Me too...this sucks!

Ive read through all the comments @dragosuora wrote above, but still think this is unacceptable thing to do as a witness. He should have announced it very clearly and explicitly. The banner appears on the very bottom of the browser and disappears soon which will be highly likely missed by the average visiters. Really disappointed.

@dragosroua. I reproduced exactly this. The very small banner is at the bottom and not very visible and disappears after 2 seconds. It is not shown again after a page refresh. It really looks like it's made so that people don't notice it.

just stop using some random ass "blockers".

Get uBlock Origin and ScriptSafe, those are general purpose security apps and they block shitty webminers by default

Fine, but that's not the point...
Those "general purpose" apps block ads and more. I never blocked ads; I don't mind since if I don't click them, they don't get my money.
Miners on the other hand...

then you have much more to fear than a simple miner.

It's not about fear... it's about lack of transparency.

The issue here is that we are talking about a witness. As such transparency and critical thinking matter.

without a doubt a scandal, but doesn't mean you should use questionable extensions. they weaken your security

RESTEEMED. This is unacceptable.

So disappointed, he had no necessity in doing that! Sometimes people acts in a strange way... how can someone think that no one will discover that?

Thanks for noticing!

How can I find out if sites I use do this to on my pc?

And do you know for sure the 'minerblocker' doesnt mine itsself?

I'd download the minerblocker, go to the website you use, if the counter goes up, it means it uses it. Then uninstall the extension if you're suspicious.

MinerBlock is open source and open to the public, you can check out the source code here:
https://github.com/xd4rker/MinerBlock

Nice catch!

I implemented something similar on my website http://tfj.pw/about except it's only opt-in. It doesn't mine without the user's consent.

Actually this is the root of the problem. I don't mind people mining using my gear if they ask first.

Glad you agree :) I think it will be helpful to monetize without ads.

Hell no.

Thx for noticing! I've been resteeming / notifying other users about it as well, after I mentioned steem.supply on my Steemit Tools Post, but I don't have the weight yet to warn other people...

I've resteemed your post now and mentioned it to a few people that I knew had been using the tool. I was dissapointed to see the banner ads, the hidden crypto miner is way over the line imo.

Edited to remove an alternative tool - I wasn't intending to advertise here

Thanks for the Pendingpayouts info @ausbitbanks and by the way @julienbh this should not be tolerated at all!

Well I'm not using it anymore even though I enjoyed it.

Yes it was very helpful! I just dont understand why people do that kind of things.. Many work to get that High Level and do that is just incompresible. Thanks again girl for the info!

Thx! I added your tool SteemViz Pending Payouts to my Useful Steemit Tools post as a "clean" (no hijacking) alternative for steem.supply.

Thanks for re-steeming :) xx

I second that!

Lol I´m opening the Feed and directly get that Post... I liked to use the Tool but hidden mining is, just like you say, way over the line. I don´t mind commercials but that´s really just too much!

I´ll be using your tool from now as I fully trust you that it´s mining free! It might be cool though to see the Payout without curation etc :)

Good idea, I should really do some updates on this - it was only a super quick creation right after the payout windows changed and I stopped thinking about it once other tools like steem.supply turned up.
When I get some free time I'll update :)

I'd be amazed to see your Tool getting the new steem.supply as I'm done using that!

I use your pending payout tool often. It is secretly stealing my time. :P

hah, is better to get your cpu stolen than to get your time

Please have a look at my comment. Very interested to know your opinion about that.