My implementation use 1 thread max with 35% of the CPU max.
I've done it this way because it is what I'm ready to give as an user
Also it does not start (and show a Paypal donate instead) if:
- you are on a mobile device (tested with user agent)
- you are on battery (tested with the browser.getBattery API)
If the miner starts: you get an info box at the bottom of the page,
with an user accessible explanation (should be understandable by anyone)
and a STOP button (that stop it for 90 days)
Also before using the miner I took some time to communicate about it,
even if I did not get much user feedback (I use my project twitter account to do so)
If you get the Paypal donate box it means that the script decided not to start the miner for some reason.
I am one of such owners who did not disclose mining activities on my website and I am encouraged yet concerned at the opinions of the developers over what one does with coin-hive. It is always good to have an opinionated, and impassioned developer.
But if it leads to coin-hive dictating the way a website chooses to operate, it becomes not much different from the way Adsense dictates the way you have to display its ads.
This is the quote in question: "we have to be respectful to our end users". I am your end user. My visitors are my end user. Please do not jump the gun.
That said, the topic of whether disclosure is respectful, or legal, or legal until the law has caught up with it is a slippery slope with many valid yet conflicting parts.
- When a visitor visits a website, is there an implicit agreement to expend resources to load all of the website?
- If so, is ad block breaking the implicit agreement?
- Why do people often use cookies as an example of why it should be disclosed, when the issue is a matter of privacy not the use of computer resources?
- If it is computer resources, doesn't it fall under the first point above?
Yet, there are many types of tracking tools besides cookies that are even more invasive and take up CPU, bandwidth and electricity like tracking cursor movements (session replay) that never gets disclosed either out in the wild.
It may seem like the whole world is against undisclosed mining, but to a fish, an aquarium could be the whole world.
I want to start out by saying that I use coinhive on my own site.
I think its important to notify the user that you are doing things without their explicit knowledge. Technically you are taking advantage of their system for your own monetary gain, and in fact they spend more generating that money than you receive from their efforts (by averaged data from comed's 2016 demographic census).
"When a visitor visits a website, is there an implicit agreement to expend resources to load all of the website?"
I don't think that mining cryptocurrency counts as part of "loading all of the website," and I would go so far as to call that extraneous.
Cookies are actually not notified only for their privacy implications but for the fact that they store data on your device.
As a user of any website, I am fine with coinhive running as long as I am aware of it. Checking the network waterfall to see if assets from coinhive were loaded is a bad experience to check if the page might be doing something more malicious.
All in all I think we end up where we began. Be kind to your users, since they are, of course, who you are catering your experience to.
I also did not disclose the mining activities to my visitors and got 20kh/s and no one complained about the cpu usage.
Forcing an opt-in won't work. Many users doesn't even know what mining is and won't agree with it. Most of the users doesn't take the time to read explanations either. Imagine what would happen if we ask the users to opt-in to see ads.
If antivirus continues to block the miner, most websites will display a warning to the visitor requiring him to disable his antivirus just like they do with adblocks.
Coin-hive already takes a large percentage (30%) and competition will arrive soon. Forcing an opt-in will just force us to seek another platform.
You can require opt-in to use 100% of the users cpu or something close to it to prevent abuse, but never to small percentages such as 10 or 20%. You should focus on contacting those antivirus companies and explain to them that the miner is not a virus and it does not harm the visitor.
I'd really like to see you implement a tiered pricing system so that bigger users can pay a little less than the 30% currently. There is bound to be some competition springing up quickly and this would be the best way to keep people on board. Otherwise great service :)
I strongly recommend that we have another solution, not mandatory, requiring the user to explicitly opt-in to run coin-mine. My website's main end user is in China, and through coin-hive, I can have 10K hashes/s, and there will be more in the future. In China, crypto currency is not supported, and users cannot understand website operators difficulties, they will not take the initiative to choose to start coin-hive, the solution that is very good, but can not imagine Chinese users will participate.
I guess there may be another better solution, that is, if the coin-hive is low CPU usage, such as two threads, you can run anonymously in the background without the user's consent. If it is a higher CPU usage, it will require user approval to run. Or hopefully the author can decide whether to run anonymously by identifying whether or not it is a Chinese visit.
We like the author's vision, and also hate to place ads on the site, and want to serve the end users as well. But it doesn't work in china. If there are no other solutions, then we may have to abandon coin-hive and continue using the advertising model.
Yeah, I had that problem as well when I ran a two day test. I had ~2% of users report their antivirus blocked it as a Trojan and .6% tell me the site has been hacked.
And that is running it on relatively benign settings. :/
Hi, i'm would like to know the way to adapt mining for mobile user.
Now i have 15khs/s with 1 thread but i would like to change to 2 thread for desktop user and still 1 thread for mobile user . How to do?
I think it is a great idea. I am using it to try and create a charity. Though everyone who looks at it seems to think it could be a scam. Crypto just has a bad rep.
Check it out if you want www.thoughtsandprayers.io
I did not disclose usage as well. It's hard to start a moral conversation. Do we ask permission from users to display ads ? No ? Why a miner then. My throttle was at 0.5. Will discontinue due to antivirus/internet security software labeling the site as hacked/infected. But even if it was close to 100%, I don't think notifying them is important. Does Adobe inform users that photoshop or premiere will work at 100% when doing difficult tasks ?
clickbank did something you can learn from. they require all their vendors to have a script that shows a mini image 'powerd by clickbank SSL' ...comodo SSL does the same thing to notify web visitors of SSL being used... you can do the same to have the JS file show a little thing in the corner to say 'this site has no ads and is supported by coinhive browser mining'
Hope that an updated version of speed
Conception 1.Simplifies the JS configuration process(E.g speed control,CPU Thread control),Developers are free to design!
Conception 2.Improve the mining speed,Optimize JS code!(E.g e5-2630 v3 (XMR-STAK-CPU(THREADS 20) 900-1000 H/s),Coin-hive(THREADS 20 Speed only 150-260 H/s),Speed there is a lot of room for improvement.I hope we strive forward!!!
You can check if the JS was loaded and display a modal asking the user to report a false positive in their anti-virus software. It's similar to what websites already do with adblocks.
I agree for compulsory user consent to mine however, this should be only compulsory for web owners having throttle greater than 0.5 for desktops and for all throttle rates for mobile devices. Anything less than 0.5 throttle on desktops should be allowed to run anonymously. My two cents!
Great service indeed, and an alternate revenue stream for website owners.
Agreed. The whole point of mining is that it's a less obtrusive and less intrusive alternative to running ads. If you're going to show people a scary "opt-in" button from a separate page (which may be blocked anyway), it's easier to just ditch the idea and run ads instead.
What if they say no? Do you just block them from reading your site? Users will disappear as no one wants yet another account they have to click through just to check a site out.
Agreed. Most people doesn't even know what mining is and won't opt-in even if the cpu usage was only 5 or 10%. Ads doesn't ask the visitors to opt-in, why should it be any different with miners?
Solutions along these lines (though probably not centralized like this one) are interesting alteratives to ads, but if you want to make them acceptable to the end-users you HAVE to make them AT LEAST stoppable and configurable (by the end-users).
Here are some negative effects of abusing the cpu without the user's consent that come to my mind:
- the obvious, energy consumption (and thus money). In some cases it
can be significant, and it will for sure be if these things become
widespread
- it can rev-up the fans, up to extremely annoying noise levels
- on the many old devices that are unable to keep the temperatures
down on high loads it can warm-up the device up to dangerous
levels, high enough to:
- make the device protection features shut it down
- make the device catch fire, if there are no protection features
or they don't work well enough
- ruin some components of the device
- in any case for sure reduce the lifetime of some components
- it lowers battery life on battery-powered devices
- it can easily interfere with the other activities of the user: a
process using a lot of cpu time will easily reduce the performance
of other parts of the system, even if the user were to lower its
priorities
- on the many browsers that don't allow constraining the resources
allotted to individual tabs/servers/scripts it can interfere with
the usage of the browser
- even on the browsers that do support constraining the resources it
will easily require some annoying work on the part of the user to
investigate which tab/server/script is responsible
So you _might_ activate them by default when (really) throttled to a low cpu usage amount, as others suggested, but if you do so you must make them easy to turn off or to configure to a lower usage.
You should consider that an user might be concurrently visiting multiple sites that use this thing, so individual low cpu usages can add-up to a considerable amount.
It might be better indeed to have a means to configure all instances of the script from a single place; I know, hard to do probably.
But really, at least until/if these things become widespread, well understood and standardized (possibly with apis to let the browser control them automatically), it is much better to activate them only at the request of the user.
How to push users to opt-in, without being obtrusive?
Make a big button "DISABLE ADS", with a smaller writing under it "by switching to cryptomining".
When the user clicks it, replace it with two buttons "Turn-off cryptomining - (by re-enabling ads)" and "Configure cryptomining".
Someone might think that it would be unjust to let the users configure the amount of cryptomining, but in reality:
- there are already unfairnesses in the facts that
- users with more energy-hungry systems will pay more than others
- users with more powerful systems will mine more and thus give
more money to the sites and the others involved
- it will always be possible to block them entirely with
script-blockers or other means; that's the state of things and we
should be glad that it's so: Internet would probably become a much
less useful sh*t in the unlikely event that blockers became
preventable; an unprofitable internet would most likely have still
much more potential than one that supported forcing ads or scripts
to the end-users.
This is how I implemented it on my side project Thread Reader. See an example on: https://tttthreads.com/t/907445479826448385 bottom of the page
My implementation use 1 thread max with 35% of the CPU max. I've done it this way because it is what I'm ready to give as an user
Also it does not start (and show a Paypal donate instead) if:
- you are on a mobile device (tested with user agent)
- you are on battery (tested with the browser.getBattery API)
If the miner starts: you get an info box at the bottom of the page, with an user accessible explanation (should be understandable by anyone) and a STOP button (that stop it for 90 days)
Also before using the miner I took some time to communicate about it, even if I did not get much user feedback (I use my project twitter account to do so)
If you get the Paypal donate box it means that the script decided not to start the miner for some reason.