[mbi]

A friend of mine has written a very popular open-source JavaScript library and has been hosting a copy on his website. Turns out that a few high-volume news sites have started using the library, but instead of downloading a copy and serving it themselves, they've been hotlinking the one on his website.

As a result he is getting several million hits a day on his library's js file, directly from these website's pages.

We've been tempted to include a JavaScript miner in the library he is hosting, but we're unsure of the legal implications, i.e. would the fact that he's hosting the file on his website and that the other websites have simply hotlinked it, be a valid defense?

[0x4a42]

I did an experiment like this in 2011 on one of my websites. The sites was free to use for the end users but had a few ads (between 0 and up to 3 depending on the pages and sections).

I wanted to see if I could replace the ads with a bitcoins miner and get enough revenues to continue operating the service. FYI I was making about 900€ per month at the moment.

So I installed a JavaScript miner, removed the ads and waited. The result I got was unexpected: Avast Antivirus (very popular among my visitors) flagged the site and blocked it's access. I immediatly lost about hald of the traffic. I tried with a few other opensource miners and the sentence was the same every times: users locked out by zealous anti-virus and traffic cut off by (at least) half.

[marian0_]

Zealous antivirus? More like good antivirus...

[0x4a42]

Why do you think that? Compared to ads that are heavy on the user's network and CPU, track them, get them tons of unwated spams and other shaddy stuffs; why do you think giving some CPU power for a background miner is any worst?

When I did the experiment I thought it was a good deal for users.

[marian0_]

If you can't see the difference between showing an ad and mining bitcoin using your visitors' computers without their knowledge, you deserved to lose half your visitors.

[0x4a42]

Who said it was without their knowledge? It was clearly stated in my TOS and I even sent a newsletter about it.

Also I had a (sort of) premium plan that allowed to pay a small fee (2€/month to remove the ads and get some extra featues. When I made the BTC mining experiment they still had the option to choose between the free plan (BTC mining) or paying 2€ to get it removed.

[synicalx]

Hiding something in things you know people don't read doesn't mean it's suddenly an 'OK' thing to do.

[thisisit]

This is the likely end for any miner which run without user's consent. Most likely coin-hive the provider is soon going to find themselves on the list too.

[0x4a42]

>This is the likely end for any miner which run without user's consent.

Please, see my comment above.

[thisisit]

There are so many assumptions here: a. People reading ToS? Unfortunately people just gloss over. As for newsletter, only your subscribers might have got that. How do you know the avast thing dint happen from a non-subscriber who never bothered to read ToS? b. Did you have a popup or statement in the header stating the mining experiment? Something which clearly showed the user what you were doing? c. I surely would like to see an Ad which is as CPU or memory intensive as the JS miner. I can't speak for the one you used but the one in question here can spike up to 70-80% of my CPU without my consent. Most sites I visit like HN, WSJ, Bloomberg etc don't have that heavy ads.

[0x4a42]

>a. People reading ToS? Unfortunately people just gloss over.

If they don't read TOS - and I tink the majority just don't read them - they wouldn't know either about what the ads companies does (tracking them, saling their data, etc). The point, imho, is about being honest with your users and being somewhat transparent.

>As for newsletter, only your subscribers might have got that. How do you know the avast thing dint happen from a non-subscriber who never bothered to read ToS?

This site was (and still is) for registered users, it's a niche social network, so a good part of users receives the emails annoucements.

>b. Did you have a popup or statement in the header stating the mining experiment? Something which clearly showed the user what you were doing?

Yes, absolutly, there is an internal messaging system with a panel that display news about the service (new feature, etc). Registered users would get the notifications as soon as they logged. Unregistered visitors didn't have the bitcoins miner loaded at all.

>c. I surely would like to see an Ad which is as CPU or memory intensive as the JS miner. I can't speak for the one you used but the one in question here can spike up to 70-80% of my CPU without my consent. Most sites I visit like HN, WSJ, Bloomberg etc don't have that heavy ads.

Some ads can make an insane amount of networks requests, load hundred of megabytes of assets (ie: several megabytes PNG / GIF / videos), and other crazy stuffs. It can easily consume your cpu, ram, battery, internet data...

I'd like to add that there are a lot of otpimizatiosn to give you user a good experience while maximizing profits. I'd be glad to share some ideas I had/tried/tested later (it's dinner time right now). :)

[SolarNet]

It's your server. Change the terms ahead of time with like a two week notice.

[olala69]

There's a lot more interesting things you could do