|
|
|
|
|
|
by derefr
2538 days ago
|
|
|
Crypto-mining scripts are mostly silent; if your computer doesn’t have a loud fan to spin up, you’re hardly able to even tell one is running other than on its eventual impact on battery life. As such, they’re a favoured tool of script-kiddies who deface websites. They take over a site, and then drop a crypto-miner onto the site to make themselves money, otherwise leaving everything intact. Sometimes even the site owner doesn’t notice anything has changed for quite a while. Meanwhile, an unaffiliated third party is now making money off of their website on the backs of their users. |
|
|
This is being used by anybody who can sneak a javaascipt into your page or an iFrame that you embed, which has become too easy to do. When it comes down to it, IMO, site owners are responsible for what ads and scripts they allow to be served via their page, but I think I'm in the minority on that opinion.
Ad networks (the more reputable ones anyway) are playing a cat and mouse game of allowing a Turing complete js environment and trying to prevent its use for doing particular pieces of math. I'm glad Firefox is joining in as well, but I'd be happier if we didn't have this problem to begin with.