Salon’s Monero mining project might be crazy like a fox


In the age of altcoins, at least one news site is taking a novel approach to making ends meet. Salon announced today that it would give readers a choice between turning off ad-blocking software or “allowing Salon to use your unused computing power” in order to access their content. If you say yes to the latter deal, Salon will then invite you to install Coinhive, a software plugin that mines the cryptocurrency known as Monero.

Salon explains its program, which it calls a beta, like so:

“… Like most media sites, ad-blockers cut deeply into our revenue and create a more one-sided relationship between reader and publisher.

We realize that specific technological developments now mean that it is not merely the reader’s eyeballs that have value to our site — it’s also your computer’s ability to make calculations, too. Indeed, your computer itself can help support our ability to pay our editors and journalists.”

The offering is a clever if controversial way to recoup lost ad revenue. It’s no secret that digital media companies are hurting, and crowdsourcing the process that generates some virtual currencies is certainly an innovative solution, though definitely an experimental one.

Still, running software like this, which is often inserted onto unsuspecting machines via malware, is a big ask from readers and it’s important that less technical readers know what they’re getting into. Salon sets this up as an opt-in process which is good, though it only mentions Coinhive’s name in the small opt-in box (“powered by Coinhive”) and not in its full FAQ page. Coinhive gets a bad rap because it can be used for illicit purposes, though the software is widely regarded as legitimate, as is the coin that it mines. Readers should have a chance to make up their own minds and be provided with all of the specifics.

While Bitcoin soaks up most of the spotlight, some virtual currency projects are specifically looking to reshuffle the stacked relationships between platforms and content creators. One called Steemit actually launched its own platform to pair with its coin, and users there built up a healthy, cryptocurrency-centric social network, upvoting one another and earning actual money in the process. Like Salon’s proposition, some other projects including Siacoin and MaidSafeCoin seek to pay people for spare computing cycles or hard drive space.

On the whole, Salon sounds surprisingly bullish on blockchain technology, announcing that it “[plans] to further use any learnings from this to help support the evolution and growth of blockchain technology, digital currencies and other ways to better service the value exchange between content and user contribution.”

Like publishers, plenty of internet users are waking up to the raw deal of modern day social media use and looking for novel ways to make a little passive income or otherwise get paid for the content they push out to the world. Blockchain projects that aren’t too busy overhyping ICO gains to actually build something cool could have a shot at democratizing the online content game.

While that might be idealistic, Salon sounds like it understands that emerging technologies offer some unique opportunities for anyone who isn’t afraid to rock the big blue boat. Since it’s clear that the model we have now isn’t working for anyone outside the high walls of tech’s major platforms, there’s no shame in that game.

Featured Image: hocus-focus/Getty Images

Cryptocurrency mining malware put UK and US government machines to work


Over the weekend, a little piece of malware was hard at work mining cryptocurrency on government computers. Security researcher Scott Helme first noticed the malware, which he believes was running on more than 4,000 sites, including the UK’s Information Commissioner’s Office (ico.org.uk) and the website for the American court system (uscourts.gov).

The malware leveraged the victims’ devices to generate the cryptocurrency Monero by performing complex, CPU-intensive calculations, a mathematical process known as “mining” that’s used to create some cryptocurrencies.

In order to get the crypto mining software onto unsuspecting computers, the hack targeted an accessibility plugin called Browsealoud that makes the web easier to use for people with dyslexia or low English comprehension. After compromising Browsealoud, the hackers altered the plugin’s code, injecting malicious Javascript in order to secretly run the mining software known as Coinhive on unsuspecting machines.

On Sunday, the UK’s National Cyber Security Centre issued a statement that it was “examining data involving incidents of malware being used to illegally mine cryptocurrency.”

In a report last month, cybersecurity firm CrowdStrike highlighted the rise of cryptocurrency mining, a relatively new flavor of attack.

“In recent months, CrowdStrike has noticed an uptick in cyberattacks focused on cryptocurrency-mining malware that takes advantage of available CPU cycles, without authorization, to make money,” the firm wrote, noting that it “expects to see much more” of this activity moving through 2018.

Still, as Helme points out, things could have been a lot worse. A similar hack could have compromised government credentials or stolen identities instead of mining Monero.

Featured Image: Bryce Durbin

Opera now protects you from cryptojacking attacks


Opera today launched version 50 of its desktop browser. Sadly, this release doesn’t come with a cake to celebrate this milestone (not even a tiny cupcake), but the newest release does include a new feature that makes sure that nobody can mine crytocurrencies in your browser.

While browsers and JavaScript aren’t exactly the most efficient way to mine coins, the sheer number of users who could be running these scripts makes up for that (and the fact that the attackers don’t have to pay for power also helps). For the most part, though, these sites mine coins like Monero that use very compute-heavy algorithms where CPUs are able to compete with what is traditionally a GPU-centric approach (reportedly, that’s also what North Korean hacking units occasionally use to mine coins on hijacked machines).

It’s worth noting that there are extensions for Chrome and Firefox that will perform the same service for users on those browsers. In Opera, this new cryptojacking feature is automatically enabled when you turn on the browser’s ad blocking tool.

“We are fans of cryptocurrencies but we simply don’t accept that websites are using people’s
computers to mine coins without their knowledge or consent,” said Krystian Kolondra, head of Desktop Browser at Opera. “With the new Opera 50, we want to kick off 2018 by providing people a simple way to regain control of their computers.”

How much does Opera love cryptocurrencies? Enough to build a currency converter for Bitcoin, Ethereum, Bitcoin Cash and Litecoin into its browser.

Other new features in Opera 50 include support for streaming videos to Chromecast and a built-in VR player that lets Oculus Rift users enjoy 360-degree videos in their headsets.