A / N: This is to remain in U. Do not move, do not retitle, don’t even bother to tag it since I am using this Discourse server as a means of making a post I was trying to share on my Facebook since Facebook is being super crappy.
#It’s not your money
###Introduction
Caffeinate yourself for another long-winded tech post, this one is a bit on the wild side and might explain why your computer (including smartphones) had been feeling sluggish recently. I’ve intended to type this for several days but kind of forgot about it with other crap I do on my PC.
###Cryptocurrency basics (from somebody who doesn’t bother with it)
For those of you who don’t know what Bitcoin or related cryptocurrencies are, this is something that might be hard to wrap your head around but for those that understand what it is, then what I will say after the brief introduction to the topic should frighten you into doing everything you can to clamp a vice grip on what your connection to the Internet allows.
Let’s do a little catching up. Super-simplified, but this is basically what happened so far;
- Bitcoin was created and its blockchain is established
- Bitcoin becomes stupidly popular and somehow gains monetary value for exchange
- Exchange services came into the fold, willing to take your Bitcoin for money
- Other “Altcoins” became established under various names
- MORE “Altcoins” become established
- EVEN MORE “Altcoins” become established
The above is confusing enough for someone who knows not what cryptocurrency is, and it sounds like something on par with stock scams of early 2k. So here’s what the basic premise of cryptocoins are; They are solved problems in cryptographic form. basically, “Math money.” For those looking to make a little bit of it, you can either buy these solved problems (usually valued at fractions of a coin) or have the computer solve problems received using your central processor or graphics processor (collectively, performing a task known as “Mining”) which then are added to the cryptocurrency’s ledger and becomes part of its blockchain.
There are better explanations than that, but I was taking a “60 seconds” approach, and it certainly wouldn’t pass any flame challenges. So now you have a brief understanding of what is involved, let’s talk about how your processor or co-processors can be used without your knowledge:
###The birth and misuse of crowdmining
There exists a recently-newsworthy service known as Coinhive which allows website administrators to leverage this service for the small fee of about a third of the cryptocoin you receive. To enroll, simply configure a script they supply so that other people who visit your website and consent to their machine being used can utilize their processors to mine for you.
Problem is, consent isn’t necessarily mandatory to include. There are no “Consent ledgers” or penalties for making others mine without your consent. And this is why you’ve seen recent media discuss a topic called cryptojacking. No matter the reputation, no matter the service, nobody was safe from the greed that ensued when website administrators learned they could make some side money by making your machine do the mining for them.
These websites never asked, these websites never even mentioned the idea becaue the majority of you, the people reading this wouldn’t exactly understand what was going on unless you have this special knowledge of what the concepts of cryptocurrency are. And so because of that, you might have been hoodwinked into giving people money without your consent, due to your processor being utilized to mine an altcoin known as Monero, which doesn’t need as much intensive processing power to solve the problems given for your computer to crush.
…Except, more processor cycles require more electricity to maintain, and produces more heat which sucks down the battery on your smartphone. More websites you visit with this JavaScript (Livescript for you old folks) are open in your browser, the slower your machine may act. And the more these services are used, the more data needs to be transferred. So in a way, it IS your money, but it’s being spent for someone else’s gain. The worse-case scenario for someone who was using Google Chrome at the time the stories were coming into fruition would be this;
- Use of the SafeBrowse extension
- Use of Showtime Anytime for watching movies
- Use of The Pirate Bay for taking stuff for free
Since all of this stuff was using Coinhive or similar services, that would be multiple instances of the service probably pegging your processor at 100%.
###Preventing the service(s) from using your machine
So now you know, what can you do about it? There are several options;
- Open your hosts file (usually in /etc, for Windows %systemroot%\system32\drivers\etc) and redirect coinhive.com and coin-hive.com to 127.0.0.1 or 0.0.0.0
- Block the same addresses in a firewall; ANY firewall, either supplied with your system, from a third-party or through your network gateway
- Use an alternative browser like Mozilla Firefox or Google Chrome and install the No Coin extension
- Use an ad / script blocking utility with import functionality and add the NoCoin filter from Adblock Plus’ subscriptions page
1 and 2 assume no other addresses which will use your machine for cryptomining will exist, or if they do you are vigilent and add their addresses immediately.
3 and 4 require you either change browsers or install a compatible software for your existing browser, and put your faith in a blacklist which may have limited success.
Ideally, a competent firewall will intercept actions and allow to whitelist every address you acquire access to. Even better, a competent system firewall should modify your hosts file for you, or a competent gateway allows for easy configuration through a similar interactive approach; imagine a router with software a network administrator can use to observe and manually flag which addresses can be accessed. But because we don’t live in a perfect world, you’ll simply have to take it on faith other people hate this as much as you do, and are willing to do the heavy lifting for you.