Truth in Web Mining: Measuring the Profitability and Cost of Cryptominers as a Web Monetization Model

The recent advances of web-based cryptomining libraries along with the whopping market value of cryptocoins have convinced an increasing number of publishers to switch to web mining as a source of monetization for their websites. The conditions could not be better nowadays: the inevitable arms race between adblockers and advertisers is at its peak with publishers caught in the crossfire. But, can cryptomining be the next primary monetization model in the post advertising era of free Internet? In this paper, we respond to this exact question. In particular, we compare the profitability of cryptomining and advertising to assess the most advantageous option for a content provider. In addition, we measure the costs imposed to the user in each case with regards to power consumption, resources utilization, network traffic, device temperature and user experience. Our results show that cryptomining can surpass the profitability of advertising under specific circumstances, however users need to sustain a significant cost on their devices.

READ FULL TEXT VIEW PDF

Authors

page 1

page 2

page 3

page 4

02/06/2020

adPerf: Characterizing the Performance of Third-party Ads

Monetizing websites and web apps through online advertising is widesprea...
12/10/2018

On legitimate mining of cryptocurrency in the browser - a feasibility study

Cryptocurrency mining in the browser has the potential to provide a new ...
10/30/2020

Do Users Care about Ad's Performance Costs? Exploring the Effects of the Performance Costs of In-App Ads on User Experience

Context: In-app advertising is the primary source of revenue for many mo...
01/31/2022

Privacy Limitations Of Interest-based Advertising On The Web: A Post-mortem Empirical Analysis Of Google's FLoC

In 2020, Google announced they would disable third-party cookies in the ...
01/31/2018

Advertising in the IoT Era: Vision and Challenges

The Internet of Things (IoT) extends the idea of interconnecting compute...
12/29/2018

Cross-Device Tracking: Systematic Method to Detect and Measure CDT

Online advertising, the backbone of the free Web, has transformed the ma...
05/26/2018

Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask

User data is the primary input of digital advertising, the fuel of free ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Digital advertising is today the dominant monetization model for web publishers. During the last decade, it has become the driving force of the web, leading to the provision and support of new web services and applications [37, 93]. Indicatively, digital advertising, which is continuously growing with an unprecedented rate, reached total revenues of $209 billion in 2017 [47].

However, in the recent years, either due to the roaring privacy implications of targeted advertising [79, 94, 15] or the irritation dodgy ads may cause [39], a growing number of users (615 million devices – 30% growth since last year [25]) decided to abdicate from receiving ads by adopting all-out approaches (like deploying ad-blocking mechanisms [18, 100, 71] or ad-stripping browsers [19, 14, 35]). This increasing ad-blocking trend made some major web publishers, after seeing their income to significantly shrink (total losses of $22 billion [61]), to deploy ad-blocker detection techniques [60, 67, 45] and deny serving content to ad-blocking users [88, 58, 86, 23]. Such aggressive actions from both sides escalated an inevitable arms race between the ad-ecosystem on the one side, and the ad-blockers and privacy advocates on the other side [62, 67, 11].

It is of no doubt that in such a dispute, publishers were trapped in the crossfire being unable to effectively monetize their services. To that end, it did not take long for some of them to look for effective and reliable alternative schemes to support their websites. Some of these schemes include paid website versions, user compensation (e.g., Basic Attention Token [7]) and cryptomining. Especially the latter, given its privacy protecting nature (no user tracking and personal data collection required, thus making cryptocurrency mining GDPR compliant) and the frenetic increase of the market value of cryprocoins, gains an ever increasing popularity.

Of course, in-browser based mining is not a new idea. The compatibility of Javascript miners with all modern browsers gave motivation for web mining attempts since the very early days of Bitcoin, back in 2011 [64]. To that end, web miners “borrow” spare CPU cycles of the visiting users’ devices for performing their Proof-of-Work (PoW) computations [87] for as long as the user is browsing the website’s content. However, the increased mining difficulty of Bitcoin was the primary factor that led such approaches to failure. Yet, the rapid growth of Bitcoin lured several initiatives to construct their own derivatives (more than 1638 nowadays [44]) providing specific extra features e.g., transaction speed, proof-of-stake. One of the provided features: mining speed, became the growth factor for some coins (Monero [82, 22] grew from 13$ to 300$ within 2017 [38]) and worked as catalyst a for the incarnation of web cryptomining [50].

Indeed, since the release of the first JavaScript miner (i.e., September 2017) by Coinhive [20], we observe a rapidly increasing [29, 3, 32] number of content providers deploying web-based cryptomining libraries in their websites, monetizing their content either by using both ads and web-mining or by fully replacing ads (e.g. PirateBay [28]). So the important question that arises at this point is the following: Can web-mining become the next business model of the post ad-supported era of Internet?

There are numerous opinions about this subject [12, 83, 49], but it is apparent that in order to accurately respond to such a question we first need to investigate all aspects of both advertising and web-mining. These aspects include, first of all, the profitability that cryptominers provide to publishers and also the costs that users have to sustain from the utilization of their resources: let us not forget that the unsustainable costs [72, 42] of advertising made ad-blocking popular.

In this study, we aim to address exactly that; we conduct the first full-scale analysis of the profitability and costs of web-mining, in an attempt to shed light in the newly emerged technology of in-browser cryptomining and explore if it can replace ads on the web. Specifically, in this study we estimate the possible revenues for the different monetization strategies: advertising and web-mining, aiming to determine under what circumstances a miner-supported website can surpass the profits from digital advertising.

Additionally, we collect a large dataset of miner- and ad- supported websites and by designing and developing WebTestbench, a sensor-based testbed, we measure the resource utilization of both models in an attempt to compare their imposed user-side costs. In particular, WebTestbench is capable of measuring (i) the utilization of mining regarding system resources such as CPU and main memory, (ii) the degradation of the user experience due to the increased mining workload, (iii) the energy consumption and how this affects battery-operated devices (e.g., laptops, tablets, smartphones), (iv) system temperature and how overheating affects the user’s device and (v) network and how this can affect a possible mobile dataplan.

To summarize, in this paper we make the following contributions:

  1. We conduct the first study on the profitability of web-based cryptocurrency mining, questioning the ability of mining to become a reliable monetization method for future web services. Our results show that for the average duration of a website visit, ads are 5.5x more profitable than cryptomining. However, a miner-supported website can produce higher revenues if the visitor remains in the website for longer than 5.3 minutes.

  2. We design a methodology to assess the resource utilization patterns of ad- and miner- supported websites on the visitor’s device. We implement our approach in WebTestbench framework and we investigate what costs these utilization patterns impose on the visitor’s side with regards to the user experience, the system’s temperature, and energy consumption and battery autonomy.

  3. We collect a large dataset of around 200K ad- and miner-supported websites that include different web-mining libraries and cryprocurrencies. We use this dataset as input for the WebTestbench framework and we compare the resource utilization and costs of the two web monetization models. Our results show that while browsing a miner-supported website, the visitor’s CPU gets utilized 59 times more than while visiting an ad-supported website, thus increasing the temperature (52.8%) and power consumption (2x) of her device.

2 Background

2.1 Web-based cryptocurrency mining

Web-based mining is a method of cryptocurrency mining that happens inside a browser, using a mining script delivered through a website. The idea of in-browser cryptocurrency mining gained popularity since the very early days of cryptocurrency (i.e., Bitcoin), back in 2011. Indeed, the popularity of web applications and the wide compatibility of JavaScript based miners with all modern browsers and platforms drew the attention of the developers of BitcoinPlus [64]. However, the increased mining difficulty of Bitcoin not only made web-based mining unprofitable but, practically, infeasible.

Few years later, the rise of alternative cryptocoins (altcoins) that provide distributed mining, increased mining speed and ASIC (Application-Specific Integrated Circuit) resistance, made distributed CPU (i.e, x86, x86-64, ARM) based mining effective [1, 82], even when using commodity hardware. As a consequence, all these new altcoins, such as Electroneum, Sumokoin, Bytecoin and Monero, not only revived the concept of in-browser cryptomining but also opened new funding avenues for web publishers.

The motivation behind this new business model is simple: users visit a website and pay for the received content indirectly by mining cryptocurrency coins, without being polluted with (possibly annoying [39]) ads. Furthermore, publishers do not have to bother collecting behavioral data, including trackers [2] or user fingerprinting libraries [66] to get higher prices [73] for their ad-slots. As a consequence, users get a cleaner, faster, and potentially less risky [89, 102] website.

2.2 Monero crypto-coin

Monero, is the most popular altcoin for web-mining at the moment, growing from 13$ to 300$ within 2017 

[38]. It is based on the CryptoNight Proof-of-Work (PoW) hash algorithm [27], which comes from the CryptoNote protocol. The motivation behind the development of Monero was to provide decentralization and privacy by obscuring the sender, recipient and amount of every transaction made. Although Monero is ASIC resistant, and thus can be mined with both CPUs and GPUs, due to the design restrictions of web browsers, all contemporary mining libraries are limited in CPU-only mining.

2.3 How does web mining work?

The large growth of web-based cryptocurrency mining started with the release of Coinhive’s JavaScript implementation of a Monero miner in September 2017 [20]. This JavaScript-based miner, which computes hashes as a Proof-of-Work, could be easily included in any website for enabling publishers to utilize visiting users’ CPUs as a way to monetize the visits to their websites.

As a result, upon visiting a miner-supported website, the user along with the website’s necessary content (i.e., HTML, JavaScript  CSS) receives a mining library, too. Usually these mining libraries are provided by third parties, which we will refer to as Mining Service Providers (MSP), who are responsible for maintaining the source code, controlling the synchronization of computations, collecting the computed hashes and sharing the profits with the publishers.

Upon rendering, a miner establishes a persistent connection using HTML5’s WebSocket API [55] with a remote third-party server, which is typically operated by the MSP (e.g., coinhive.com), in order to communicate with the service/mining pool. Through this channel the miner receives periodically proof-of-work tasks and reports the successfully computed hashes.

Coinhive (like similar projects e.g., CryptoLoot, JSEcoin) leverage the capabilities of modern web browsers and the advances of JavaScript in order to make efficient mining through parallelization. Hence, these mining libraries typically use multiple threads on the visitor’s system, through the utilization of HTML5’s Web Workers API [59]. Furthermore, apart from performing computations in multiple threads, the use of web workers enables background processing. This way, the heavy mining process running on the background does not intervene with the core functionality of the website, which can be rendered unhampered in the user’s display. In addition, typically mining libraries include code written in web assembly [98], for running all the necessary complex mathematic functions nearly as fast as native machine code.

2.4 Cryptojacking

Of course the increasing growth of web-based miners does not create opportunities only for legitimate publishers, but cyber-attackers as well. Soon after the release of the first mining library from Coinhive in 2017, numerous incidents have been reported [63] of attackers injecting mining code snippets in websites with increased audience. As a result, the browsers of unaware visitors are forced to mine cryptocoins, thus abusing the system’s resources. This so-called Drive-by Mining or cryptojacking takes place either by compromising embedded third party libraries or by delivering malicious mining code through the ad ecosystem [40]. For example, the compromisation of a single screen reader third party (i.e., Browsealoud [70]) resulted in infecting more than 4000 websites that were using it. Victims of cryptojacking have been popular and prestigious websites like the official webpage of Cristiano Ronaldo [51], the websites of CBS Showtime [54] and PolitiFact [36], and the UK’s Information Commissioner’s Office [52], Student Loans Company and National Health Service websites [41].

Of course, the notion of cryptojacking does not only include compromised websites but also websites that use web mining as a method for monetization but abstain from informing the users about the existence of cryptominers. Indeed, contrary to the digital advertising were visitors can identify (in most of the cases [57]) the ad-impressions, in web mining it is not easy for the visitors to perceive the existence of an included miner. Consequently, web cryptojacking is a malicious action that abuses the user’s processing power and includes any web-mining attempt without the user’s consent irrespectively whether the mining code has been legitimately deployed by the publisher of the website or a malicious actor that hijacked the website.

All the recently reported cases of cryptojacking, inevitably contributed towards giving a bad reputation to a possibly viable monetization method for web publishers. As a consequence, we see a mine blocking movement rising, similar to the ad-blocking trend, where blocking extensions following an all-out model, block any detected mining library even if this requests the permission of the user in order to start mining.

Figure 1: Cryptomining market share per third party library in our dataset. As seen, Coinhive owns the dominant share (69%) when JSEcoin follows with 13%.

3 Data collection and analysis

In order to gather the necessary data for our study, we first collect several coin-blocking blacklists [103] including the ones used by the 5 most popular mine-blocking browser plugins: Coin-Blocker [13], No Mining [68], MinerBlock [10], noMiner [48] and CoinBlock [9]. By merging these blacklists we compose a list that contain 3610 unique entries of mining libraries and keywords. Then we use each of these entries to query PublicWWW’s [78] dataset of the top 3 million pre-crawled landing pages, and we find 107511 mine-including domains. It should be noted that the domains we collected that perform mining, are ranked in the range from 1353 to 960540 in the Alexa rank of popular websites, and that the majority of them are based in the USA, Russia and Brazil.

The mining websites we collected, include more than 27 different third party miners, such as Coinhive111https://coinhive.com/, CryptoLoot222https://crypto-loot.com/ and CoinHave333https://coin-have.com/. In Figure 1, we present the portion of websites in our dataset that use each one of these third party mining libraries. As can be seen, besides the large variety of mining libraries, there is a monopolistic phenomenon in the market of cryptominers, with Coinhive owning the dominant share (69%), when from the rest of its competitors only JSEcoin miner surpassing 10%. Furthermore, our dataset includes 2 different cryptocoins such as Monero [82] and JSECoin [6].

Apart from these miner-supported websites, we also collected an equal number of ad-supported ones, which are among the same popularity ranking range. We process each of these domains and by using the blacklist of Ghostery open-source adblocker, we enumerated all ad-slots in the landing page. The average number of ad-slots per website was 3.4. Finally, Table 1 summarizes the contents of our dataset.

3.1 WebTestbench framework for utilization analysis

To measure the costs that each domain in our dataset imposes on the user, we designed and developed WebTestbench: a web measuring testbed. A high-level overview of the architecture of WebTestbench is presented in Figure 2. The WebTestbench framework follows an extensible modular design, and consists of several measuring components that work in a plug-and-play manner. Each such plug-in component is able to monitor usage patterns in different system resources (e.g., memory, CPU, etc.). The main components of our platform, as can be seen in Figure 2, currently include:

Type Amount
Blacklist entries 3610
Miner-supported websites 107511
Ad-supported websites 100000
Unique third-party miners 27
Crypto-coins Monero, JSEcoin
Table 1: Summary of our dataset
  1. crawler component, which runs the browser (i.e., Google Chrome) in a headless mode. The crawling is responsible of stopping and purging any state after a website probe (e.g., set cookies, cache, local storage, registered service workers, etc.), and listening to the commands of the main controller (i.e., next visiting website, time interval, etc.).

  2. main controller, which takes as input a list of domains and the visiting time per website. It is responsible of scheduling the execution of the monitoring components and the results printer.

  3. monitoring platform, which is responsible for the per time interval execution of the monitoring modules. This platform was build in order to be easily expandable in case of future additional modules.

  4. results printer, that dumps in a local database the monitoring results.

Figure 2: High level overview of our web measuring testbed. A Chrome-based platform fetches each website for a specific time when the different components measure its resources for behavioral analysis.

For the scope of this analysis, we developed 6 different modules to measure the utilization that miners perform in 6 different system resources:

  1. memory activity (physical and virtual), by using the psrecord utility [80] and attaching to the crawling browser tab’s pid.

  2. CPU utilization per core, by using the dedicated linux tool process status (ps [90]).

  3. system temperature (overall and per core), by leveraging the Linux monitoring sensors (lm_sensors[81]).

  4. network traffic, by capturing (i) the network packets through tcpdump and (ii) the HTTP requests in the application layer along with their metadata (e.g., timing, initiator, transferred bytes, type, status code), in pcap and HAR files respectively.

  5. process interference, to infer the degradation of user experience caused by the heavy CPU utilization of mining processes. Specifically, this module consists of a CPU intensive benchmarking that includes multi-threaded MD5 hash calculations.

  6. energy consumption, by installing in our machine an external Phidget21 power sensing package [76, 75]. Phidget enable us to accurately measure the energy consumption of the 3 ATX power-supply lines (+12.0a, +12.0b +5.0, +3.3 Volts). The 12.0 Va line powers the processor, the 5.0V line powers the memory, and the 3.3V line powers the rest of the peripherals on the motherboard.

The source code of WebTestbench along with the developed monitoring modules are provided open source444WebTestbench source: https://github.com/panpap/ webTestbench.

Methodology: In order to explore the different resource utilization patterns for miner- and ad- supported websites, we load our domain dataset in WebTestbench and we fetch each landing page for a certain amount of time. During this period the network monitoring module captures all outgoing HTTP(S) requests of the analyzed website. Additionally, the modules responsible for measuring the energy consumption, the CPU and memory utilization and the temperature report the sensor values in a per second interval. By the end of this first phase, WebTestbench erases any existing browser state and re-fetches the same site. This time, the only simultaneously running process is the interference measuring module which reports its progress at the end of the second phase.

4 Analysis

In this section, we aim to explore the profitability of the cryptomining web monetization model for the publishers, and to compare it with the current dominant monetization model of the web: digital advertising. Towards that direction, we assess the costs imposed on the user side in an attempt to determine the overheads a website’s visitor sustains while visiting a miner-supported website. For the following experiments, we use a Linux desktop equipped with a Hyper-Threading Quad-core Intel I7-3770 operating at 3.90 GHz, with 8 MB SmartCache, 8 GB RAM and an Intel 82567 1GbE network interface.

4.1 Profitability of publishers

In the first set of experiments, we set out to explore the profitability of cryptominers and compare it to the current digital advertising model. Thereby, in the first experiment we simulate the monthly profit of the two strategies for a website of moderate popularity: 100,000 visitors/month. Studies [65] have measured the average duration of a website visit being around 1 minute. For this experiment, we use the popular Monero mining library of Coinhive which currently provides a rate of 0.0001468/1M hashes. This means that the publisher gets 0.0001468 Monero (XMR) (at the time of the experiment: 1 Monero=205 USD) per 1 million successfully calculated hashes. Apart from the visit duration, the amount of total calculated hashes of a publisher depends on the computation power of the visitors’ devices. Thus, in this experiment, in order to cover a wider range of CPU hashrate capabilities [26], we use 4 different levels of computation rates (Dual-core (3.50GHz) with Hyper-Threading: 50 Hash/sec, Quad-core (3.30GHz): 100 Hash/sec, Quad-core (4.00GHz) with Hyper-Threading: 200 Hash/sec and Octa-core (4.3GHz) 300 Hash/sec).

Figure 3: Estimation of monthly profit for the different monetization methods for a website with 100K visitors and average visit duration of 1 minute. Even for visitors with powerful devices (300Hashes/sec), a publisher gains more revenue by including 3 ads in its website.

Apart from the profit from cryptomining, in this experiment we also compute the monthly revenue of the same website in the case of following the traditional advertising model. The most popular medium for personalized ad-buying nowadays [91, 31] is the programmatic instantaneous auctions. In this model, advertisers bid in real time auctions for each available ad-slot of a publisher’s inventory based on how well the visitor’s interests match their advertised product. As described in Section 3, the average number of ad-slots in an ad-supported website is 3 and the median charge price per ad impression as measured in previous studies [73] is 1 CPM. As can be seen in Figure 3, for the average duration of a user’s visit, the publisher even when achieving an average computation rate from visitors of as high as 300Hash/sec, gains 5.5x more revenue when using ads instead of cryptomining. Our simulation results are verified by the real world experiment of M. Cornet [24].

Figure 4: Revenue per visitor for a website running in a background tab. In order for a publisher to gain higher profit from mining than using ads (3 ad-slots), a visitor must keep his tab open for duration minutes (depending on the their device).

It is apparent thus, that even with visitors equipped with powerful devices, time matters for a miner-supported website. Indeed, recent studies [3] show that the majority of miner-supported websites provide content that can keep the visitor on the website for a long time. Such content includes TV, video or movie streaming, flash games, etc. Of course in cryptomining, the user does not need to interact with the website’s content per se. As a consequence, there are numerous deceiving methods (e.g., pop-unders [92]) currently in use, aiming to allow the embedded miner to work in the background for as long as possible.

In the next experiment, we set out to identify the minimum time the publisher’s website needs to remain open in the background in a visitor’s browser tab in order to gain profit higher than when using ads. In Figure 4 we simulate the revenue per visitor for a website running in the background and we use the same hash-rate levels as above. As shown, the miner-using publisher, in order to produce revenues higher than when ads are delivered, must keep its website open in a user’s browser for duration longer than 5.3 minutes in the case of a user equipped with a high performance device (300Hash/sec), or longer than 33,1 minutes in case of a low performance device of 50Hash/sec!

4.2 Costs imposed on the user side

After estimating the revenues of a publisher for the different monetization methods, it is time to measure the costs each of this method imposes on the user.

4.2.1 CPU and Memory Utilization

In the first set of experiments, we explore the average CPU and memory utilization of mining supported websites. Note at this point, that the intense of mining is tunable. The majority of mining libraries allow the publishers to fine tune the number of threads and the throttling of their included miner. In this experiment we fetch each website in our two subsets for 3 minutes using WebTestbench and we extract the distribution of its CPU utilization through time. In Table 2 we report the average values for the median, the 10th and 90th percentiles. As we see, the median miner-supported website utilizes the visitor’s CPU up to 59 times more than an ad-supported website.

Type Perc. Median Perc.
Advertising 3.33% 9.71% 17.19%
Mining 560.11% 574.01% 580.71%
Table 2: Distribution of the average CPU Utilization for the different monetization methods. The median miner-supported website utilizes 59x more the user’s CPU than the median ad-supported website.
Figure 5: Distribution of average real and virtual memory utilization through time. Miner-supported websites although reserve (3.59x) larger chunks of virtual memory, require 1.7x more MBytes of real memory than ad-supported websites.

In the same way, we measure the utilization of the visitors main memory and in Figure 5 we plot the average values for both real and virtual memory activity. As expected, miners do not utilize memory as heavy as CPU. In particular, we see that on average the miner-supported websites require 1.7x more space in real memory than the ad-supported websites.

Component Type Percentile Median Percentile
CPU & Network adapter Advertising 31.88 Watt 32.39 Watt 34.17 Watt
Mining 63.35 Watt 67.60 Watt 71.22 Watt
Main Memory Advertising 4.37 Watt 4.46 Watt 5.35 Watt
Mining 4.76 Watt 4.99 Watt 5.67 Watt
Table 3: Distribution of the average consumption of power for the different monetization methods. The median miner-supported website forces the user’s device to consume more power than the median ad-supported website: 2.08x and 1.14x more power for the CPU and the memory component, respectively.
Figure 6: Distribution of the total transmitted volume of bytes per website for a visit duration of 3 minutes. The median miner-generated traffic volume is 3.4x larger than the median ad-generated. In 20% of the websites the difference reduces significantly (less than 2x).

4.2.2 Network Activity

Next, we measure the network utilization of the average mining-supported website. As discussed in Section 2, a mining library needs to periodically communicate with a remote third party server (i.e., the MSP’s server) in order to report the calculated hashes but also to obtain the next PoW. This communication in the vast majority of the libraries in our dataset takes place through a special persistent channel that allows bidirectional communication. To assess the network activity of web miners, we use the network capturing module of WebTestbench and we monitor the traffic of each (ad- and miner-supported) website for 3 minutes.

Based on the detected third-party mining library, we isolate the web socket communication between its in-browser mining module and the remote MSP server. In order to compare this PoW-related communication of miners with the corresponding ad-related traffic of ad-supported websites, we utilize the open-source blacklist of the Disconnect browser extension555Disconnect: https://disconnect.me/ to isolate all advertising related content. In Figure 6, we plot the distribution of the total transmitted volume of bytes per website for the visit duration of 3 minutes. Although the web socket communication of miners consists of small packets of 186 Bytes on average, we see that in total the median PoW-related communication of miner-supported websites transmitted 22.8 KBytes, when the median ad-traffic volume of ad-supported websites was 6.7 KBytes. This means that the median miner-generated traffic volume is 3.4x larger than the median ad-generated. In this experiment, we see that the network utilization patterns depend not only on the throttling of the miner but also on the different implementations. For example, while using the same portion of CPU, the miner of coinhive.com transmits on average 0.6 packets/sec, webmine.cz: 2.2 packets/sec, cryptoloot.com: 4.7 packets/sec and jsecoin.com: 1.3 packets/sec.

In Figure 7 we plot the distribution of the average data transfer rate per miner-supported website in our dataset. As shown, the median communication between the miner and the MSP has a transfer rate of 1 Kbit per second (or 146 Bytes/sec). As in the previous experiment, the rate highly depends on the mining library, with some of them reaching up to 14 Kbit per second. At this point, recall that the PoW-related communication between the in-browser miner and the MSP holds for as long as the miner is running, and as we saw in Figure 4 a miner must run for longer than 5.3 minutes in order to produce revenues higher than ads. This means that for the median case, the total volume of bytes transferred will exceed 46 KBytes.

In the case of a user that browses through a cellular (4G) network666Considering the average prices per byte in USA and Europe [34, 99, 5], the monetary cost imposed is 0.000219$ per minute on average, while browsing a miner-supported website. On the other hand, a publisher including a coinhive miner in its website from the same user earns 0.000409$ per minute (considering that the user provides an average hash rate of 227Hash/sec as in [24]). Hence, we see that cellular users, among other costs while visiting miner-related websites, pay a monetization cost that is only 53% less than the revenue of the publisher.

Figure 7: Distribution of the transmitted bit rate per miner-supported website in our dataset. The median in-browser miner communicates with its remote MSP by transmitting 1.168 bits per second.

4.2.3 Power Efficiency

Of course the intensive resource utilization of cryptominers affects also the power consumption of the visitor’s device, which has a direct impact on its battery autonomy. In the next experiment, we measure the power consumed by (i) main memory and (ii) CPU and network adapter components of the user’s device while visiting miner- and ad- supported websites for a 3 minute duration. In Table 3, we report the average median, 10th and 90th percentile values for all websites in our dataset. As we can see, there is a slightly increased (1.14x more than ad-supported websites) consumption of the memory component in miner-supported websites. However, we see that the heavy computation load of cryptominers significantly increases the CPUs and network adapters consumption, making miner-supported websites consume 2.08x more energy than ad-supported websites! This means that a laptop able to support 7 hours of consecutive traditional ad supported browsing, would support 3.36 hours of mining-supported browsing.

Figure 8: Distribution of average temperatures per system’s core. When the visited website includes miner, the average temperature of the cores may reach up to 52.8% higher ( Celsius) than when with ads.

4.2.4 System Temperature

The increased electricity powering of the visitor’s system results to an increased thermal radiation. During the above experiment, we measure the distribution of the per-core temperatures while visiting each website in our dataset for 3 minutes. In Figure 8 we present the average results for the percentiles: 10th, 25th, 50th, 75th, 90th. As we can observe, the core temperatures for miner-supported websites are constantly above the optimal range of Celsius [77, 53]. In particular, the visitor’s system operates for most of the time in the range of Celsius while visiting ad-supported websites. When the visited website includes miner, the average temperature of the cores reaches up to 52.8% higher, in the range of Celsius, when in 10% of the cases it may reach higher than Celsius.

To that end, with regards to the costs imposed to the user, high temperatures may lead to degraded system performance and poor user experience. Apart from that, constantly running a commodity device (such as a mobile phone, laptop or desktop PC) at high temperatures, without a proper cooling mechanism, may significantly decrease the hardware’s lifespan in the long term or even cause physical damage by thermal expansion.

4.2.5 Effects on Parallel Running Applications

It is apparent that the heavy utilization of the visitor’s CPU is capable of affecting the overall user’s experience not only in the visited website, but in parallel processes and browser tabs, too. Indeed, for as long as the browser tab of a mining-supported website is open, the multi-threaded computations of the embedded miner leaves limited processing power for the rest of the running applications. To make matters worse, as part of a PC’s own cooling system, the motherboard in case of increased temperatures may instruct the CPU component to slow down (in the case of overheating, motherboard may force the whole system to turn off without warning) [8].

Figure 9: Impact of background running miner- and ad-supported websites to a user’s process. When the majority of ad-supported websites have negligible effect in other processes, the median embedded miner in our dataset through its heavy CPU utilization may cause a performance degradation of higher than 46% to a parallel running process.

To assess how these factors may affect parallel running processes in the visitor’s device, in the next experiment, we use the interference measuring module of WebTestbench and we measure the performance overhead caused by background running miners. This module, introduces computation workloads to the system to emulate a parallel running process of the user. Specifically, WebTestbench fetches each website in our dataset for the average visit duration (i.e., 1 minute), in parallel conducts multi-threaded MD5 hash calculations, and in the end reports the number of successful calculated hashes. In order to test the performance of the user’s parallel process in different computation intensity levels, we visit each website using 3 setups for the MD5 process, utilizing in parallel 1, 2, and 4 cores of the CPU. In addition, we run the MD5 process alone for 1 minute to measure the maximum completed operations.

In Figure 9, we plot the distribution of the portion of completed operations per website. As expected, we can clearly observe that when there is a miner-supported website running in the user’s browser, the performance of the user’s processes that run in parallel is severely affected. In particular, we see that the median miner-supported website forces the parallel process (depending on its computation intensity) to run in 54%, 50% or even 43% of its optimal performance, thus causing an overall performance degradation that ranges from 46% to 57%! Additionally, we see a 39% of miners greedily utilizing all the system’s CPU resources causing a performance reduction of 67% to the parallel process.

Moreover, in this figure we plot the interference that ad-supported websites impose to a parallel process. As expected, the impact is minimal and practically only processes with full CPU utilization are affected, facing a performance degradation of less than 10% for the majority of such websites. This slight performance degradation is caused by the JavaScript code responsible for ad serving, user tracking, analytics, etc., deprives scheduling time quantums from the parallel process.

It is of no doubt, that such severe performance degradation when the user is visiting a mining-supported website can cause glitches, or even crushes in other, parallel, CPU utilizing applications (like movie playback, video calling, file compression, video games, etc.), thus ravaging the user’s experience. Of course, this performance degradation does not only affect parallel running applications of the user but also mining operations from other open browsing tabs.

Indeed, a miner can achieve full utilization when the user has visited the miner-supported . However, when the user opens a second miner-supported the maximum utilization for both, as well as the revenues for and , drop to a half. It is easy thus to anticipate, that the scalability of cryptomining is limited since the more websites rely on web-mining for funding, the less revenues will be for their publishers. While this monetization model has that apparent drawback, in digital advertising each ad-supported website is totally independent from any parallel open browser tabs.

5 Discussion

5.1 User awareness

The lack of adequate policies and directives regarding the proper use of cryptomining, has raised a big controversy regarding the lack of transparency in miner-supported websites. Many miner-supported websites do not inform the user about the existence of a miner, neither ask for the visitor’s consent to utilize their system’s resources for cryptocurrency mining.

In one of the first law cases about web-based cryptocurrency mining, the Attorney General John J. Hoffman stated that “no website should tap into a person’s computer processing power without clearly notifying the person and giving them the chance to opt out” [46]. As a consequence, whenever a user visits a website and she is not aware about the background web-mining procedure, irrespectively whether the mining code has been legitimately deployed by the publisher or a malicious actor that hijacked the website, this is considered as a cryptojacking attempt.

5.2 Web-miner detection

The emergence of web-mining, and especially the many reported cases of cryptojacking, pushed towards considering web-mining by default as a malicious operation. To that regard, many major Antivirus vendors consider web-mining as potential malware, and recently launched software products [4, 74] and browser extensions, such as NoCoin and minerBlock [95] for detecting and blocking in-browser miners. The vast majority of these approaches are mainly based on detecting outgoing requests to third parties that provide JavaScript mining APIs (e.g., Coinhive) and mining pools.

Moreover, most major browser vendors have started incorporating detections mechanisms to prevent the web-mining. Opera has incorporated NoCoin in its built-in ad blocker mechanism to detect and block mining scripts [56], and recently also incorporated this feature to the mobile versions of its browsers [96]. Chrome and Firefox are moving towards that direction, with the former removing from the Chrome Web Store all extensions that perform mining [97] and implementing a throttling mechanism that will limit CPU utilization for JavaScript code running in the background [17]. Similarly, Firefox is investigating mechanisms for throttling background JavaScript execution [16].

However, even though these approaches currently seem to manage reducing the extend of web-mining and cryptojacking, they are not very robust against determined publishers/attackers, especially the ones based on the use of blacklists for detecting domains associated to miners. Recently we have seen miners that try to avoid detection by only utilizing a percentage of the users’ CPU processing power and by employing cloud-based proxy servers to handle all communication with the MSP’s server [84]. Also, in many cases the mining code is highly obfuscated [85]

to prevent pattern matching tools from detecting snippets of such suspicious code.

5.3 User consent

In order to avoid criticism, and also avoid being blocked by Antivirus and mining blocking tools, Coinhive, which is promoted as a service that enables publishers to monetize their websites in a legitimate and clean way, provided the“AuthedMine” JavaScript mining implementation. This new mining service requires user’s explicit consent to start running mining while visiting the website [21]. Essentially, this approach shows an attempt towards fighting cryptojacking and “legitimizing” Coinhive’s mining service, as it prevents in-browser mining without the user’s knowledge and consent.

Even though this approach is a step towards the right direction, it does not solve the problem of cryptojacking in its entirety. New mechanisms need to be designed and implemented by the browser vendors for detecting the existence of mining scripts, even if they are obfuscated, and informing the users about them. The provision of such efficient mechanisms, and the willingness of publishers to only adopt legitimate mining services that inform the user and require her consent for performing mining, can signal the emergence of a new monetization paradigm in the web.

5.4 Letting the users choose

Since both digital advertising and web-mining impose a hidden cost on the user, each one in a different way, a new paradigm could be to inform the user about these costs in each case and give them the option to choose which of the two monetization schemes is more suitable for them. In the case of advertising the main cost to the user is related to the lack of privacy, while the cost of web-based mining is associated with higher energy consumption (and battery drainage, device overheating etc). It seems that a viable option for web publishers would be to inform the users about these costs, and provide two different versions of their website (i.e., one that serve ads and one that uses cryptoming), thus allowing the user to choose between the two schemes.

6 Related Work

The advances of JavaScript, which provide developers with parallel execution of their operations, and the development of more lightweight altcoins like Monero and Litecoin, enabled browser-based miners to grow. As a result, content providers can deploy miner-supported websites without affecting the user experience.

Eskandari et al. [32], in one of the first web mining related studies, analyzes the existing in-browser mining approaches and their profitability. In particular, the authors measured the growth of cryptomining during the last years by looking for mining libraries in Internet archive services. In addition, they collected a set 33K websites by querying for popular mining projects the Censys.io BigQuery dataset, and they studied the CPU utilization of the included miners.

AdGuard Research, which produces an ad-blocking software, in [3] analyze the Alexa top 100,000 websites for cryptocurrency mining scripts in an attempt to measure the adoption of cryptominers in the web. The analysis revealed 220 of these websites using crypto-mining scripts with their aggregated audience being around 500 million people. The content of these hosting websites were usually content that could keep the user on the website for long and specifically movie/video/tv streaming (22.27%), file sharing (17.73%), Adult (10%) and News & Media (7.73%) with the majority of them based in the U.S., India, Russia, and Brazil.

This rapid growth of web miners along with the frenzy increase of the cryptocurrency values, caused a serious debate over the Internet regarding the ability of cryptomining to become an alternative to the current ad-supported model of Internet [12, 83]. In accordance with this debate, in this study, we compare the profitability of ad and cryptomining supported Internet services, and we also measure the cost of cryptomining for the visitors. Of course, the advertising ecosystem also imposes costs on the user side. Gui et al. in [42] measure the cost of mobile advertisements to the mobile application developer by performing an empirical analysis of 21 apps. The authors consider several types of costs: (i) app performance, (ii) energy consumption, (iii) network usage, (iv) maintenance effort for ad-related code and (v) the users’ feedback from app reviews. Their results show that apps with ads consume on average 48% more CPU time, 16% more energy and 79% more network data. In addition, they found that the presence of ads in the apps affected the users’ overall opinion leading to reduced ratings for the app.

Papadopoulos et al. in [72], analyze a year-long dataset with weblogs of volunteering users in an attempt to measure hidden costs of personalized advertising like the imposed monetary cost and privacy loss. Authors compare their findings with the cost paid by the advertisers to deliver their impressions, and show that users pay more money to receive ads than what advertisers pay to deliver them. In addition, the authors used the leaked cookies from Cookie Synchronization to measure the anonymity loss of users. Results show that a handful of third parties can learn up to 10% of the total unique userIDs of the median user across an entire year.

At the beginning, cryptomining was used mostly by shady websites that could not find proper revenue from digital advertising or illegally as a payload of malwares. Indeed, Wyke [101], back in 2012, attempted to increase the awareness regarding the possibility of existing malwares delivering cryptomining payloads to infect user devices. Botnets are examples of such malwares, which adopted mining to directly monetize the computational ability of a compromised computer. Huang et al. [43] conducts a comprehensive study of existing Bitcoin mining malware, and presents the infrastructure and miner-bot orchestration mechanisms deployed in the wild.

The same advancements of contemporary browsers that boosted the growth of cryptomining as a model of web monetization, enabled also attackers to perform cryptojacking. Recent reports from cybersecurity agencies [33] aim to warn users about the emerging threat of cryptojacking. Indeed, there are numerous incidents already reported, where websites [54, 51] got infected (either though malvertising [89] or server compromisation) with mining malware that abused visitors’ devices. Dorsey, in [30], demonstrated his approach where by exploiting the ad ecosystem could widely deliver malware, which upon browser infection, could perform malicious computations like cryptomining on the user side.

7 Summary And Conclusion

Binded with the whopping values of cryptocoins, web-based cryptomining enjoys nowadays a steadily increasing adoption by service providers. More and more publishers choose web-miningfor monetizing their websites in an attempt to abandon the sinking boat of digital advertising. But can cryptomining become a reliable alternative for the next day of the free Internet?

To respond to this exact question, in this paper we estimate the monthly revenue a publisher may gain by using cryptominers to monetize its content, and we compare our results with the estimated revenue for the same publisher when using the traditional personalized advertising model. Then we compute the duration threshold for a website visit, after which a publisher can earn more revenue when using a cryptominer instead of ads.

After exploring the profitability for the side of the publisher, we measure the costs cryptominers impose on the side of the user. Specifically, we analyzed the utilization patterns of miner-supported websites in the visitor’s system resources like CPU, main memory and network. Then, we study the impact of these utilization patterns (i) on the visitor’s device by measuring the system’s power consumption and temperature, and also (ii) on the visitor’s experience while running other applications in parallel.

7.1 Lessons Learned

The findings of our analysis can be summarized as follows:

  • for the average duration of a website visit, a publisher gains 5.5x more revenue by including 3 ad impressions in its website than by including a cryptominer.

  • to produce higher revenues with a miner than with ads, user must keep her browser tab open on the background for duration longer than 5.3 minutes.

  • the median miner-supported website utilizes up to 59x more the visitor’s CPU and require 1.7x more space in real memory than ad-supported websites.

  • the transfer rate of the median miner-MSP communication is 1 Kbit per second. For a user over cellular network the monetary cost imposed is on average 0.000219$ per minute, when the publisher from the same user earns 0.000409$ per minute.

  • the median miner-generated traffic volume is 3.4x larger than the corresponding ad-generated.

  • a visit to a miner-supported website consumes on average 2.08x more energy than a visit to an ad-supported website.

  • a visitor’s system while visiting a miner-supported website operates in up to 52.8% higher temperatures than while visiting a website with ads.

  • web-miners severely affect parallel running processes. The median miner-supported website when running in the background may degrade even 57% the performance of parallel running applications, thus wrecking the user experience.

7.2 Can cryptomining become the next
monetization model for the web?

After completing our analysis, we are now ready to respond to our motivating question regarding the ability of cryptomining to become the next primary monetization model for the web. Cryptomining can indeed constitute a reliable source of income for specific categories of publishers, who can even increase their profits by providing content (movie/video streaming, flash games, etc.) that can keep the user on the website for a relatively longer time ( minutes).

What is more, in these days, where EU regulators [69] aim to reform the way user data are being collected and processed for targeted advertising, cryptomining provides a privacy-preserving monetization model that requires zero data from the users. However, in this study we see that the intensive resource utilization of current cryptomining libraries, imposes a significant cost on the user’s device, accelerating the deterioration of its hardware. To make matters worse, this utilization also limits the scalability of cryptomining, since the more websites adopting miners the less portion of resources each of them will acquire from a user with multiple open tabs. To conclude, cryptomining indeed has the potential to become a reliable alternative for some content providers, but it is not capable of replacing the current ad-driven monetization model of the web.

References

  • [1] Cpu coin list. http://cpucoinlist.com/.
  • [2] Whotracks.me: Monitoring the online tracking landscape at scale. https://arxiv.org/abs/1804.08959, 2018.
  • [3] AdGuard Research. Cryptocurrency mining affects over 500 million people. and they have no idea it is happening. https://adguard.com/en/blog/crypto-mining-fever/, 2017.
  • [4] P. Arntz. How to protect your computer from malicious cryptomining. https://blog.malwarebytes.com/101/2018/02/how-to-protect-your-computer-from-malicious-cryptomining/, 2018.
  • [5] AT&T. Create your mobile share advantage plan. https://www.att.com/shop/wireless/data-plans.html, 2018.
  • [6] J. Banchini, J. Sim, D. Mallett, and T. Howard. Jsecoin is a cryptocurrency mined by webmasters and built for everyone. Whitepaper, https://jsecoin.com/whitepaper.pdf.
  • [7] BAT team. Basic attention token. https://basicattentiontoken.org/.
  • [8] P. Bates. How heat affects your computer, and should you be worried? https://www.makeuseof.com/tag/how-heat-affects-your-computer-and-should-you-be-worried/.
  • [9] J. Bechsen. Coinblock. https://addons.mozilla.org/en-US/firefox/addon/coinblock/.
  • [10] I. Belkacim. Minerblock. https://github.com/xd4rker/MinerBlock.
  • [11] J. Bloomberg. Ad blocking battle drives disruptive innovation. https://www.forbes.com/sites/jasonbloomberg/ 2017/02/18/ad-blocking-battle-drives-disruptive-innovation/.
  • [12] V. Blue. As online ads fail, sites mine cryptocurrency. https://www.engadget.com/2017/12/15/as-online-ads-fail-sites-mine-cryptocurrency/, 2017.
  • [13] Brandon-T. Coin-blocker. https://github.com/Brandon-T/Coin-Blocker.
  • [14] Brave Software Inc. . Brave: A browser with your interests at heart. https://brave.com/, 2018.
  • [15] J. M. Carrascosa, J. Mikians, R. Cuevas, V. Erramilli, and N. Laoutaris. I always feel like somebody’s watching me: measuring online behavioural advertising. In Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies, page 13. ACM, 2015.
  • [16] C. Cimpanu. Firefox working on protection against in-browser cryptojacking scripts. https://www.bleepingcomputer.com/news/ software/firefox-working-on-protection-against-in-browser-cryptojacking-scripts/, 2018.
  • [17] C. Cimpanu. Tweak to chrome performance will indirectly stifle cryptojacking scripts. https://www.bleepingcomputer.com/news/security/ tweak-to-chrome-performance-will-indirectly-stifle-cryptojacking-scripts/, 2018.
  • [18] Cliqz GmbH. Ghostery makes the web cleaner, faster and safer! https://www.ghostery.com/blog/.
  • [19] Cliqz GmbH. Cliqz: The no-compromise browser. https://cliqz.com/en/, 2018.
  • [20] Coinhive. Monetize your business with your users’ cpu power. https://coinhive.com/#javascript-api.
  • [21] Coinhive. A note to adblock and antivirus vendors. https://authedmine.com/, 2018.
  • [22] CoinWarz. Monero network hashrate chart and graph. https://www.coinwarz.com/network-hashrate-charts/monero-network-hashrate-chart.
  • [23] D. Coldewey. Thousands of major sites are taking silent anti-ad-blocking measures. https://techcrunch.com/2017/12/27/thousands-of-major-sites-are-taking-silent-anti-ad-blocking-measures/.
  • [24] M. Cornet. Coinhive review: Embeddable javascript crypto miner - 3 days in. https://medium.com/@MaxenceCornet/coinhive-review-embeddable-javascript-crypto-miner-806f7024cde8, 2017.
  • [25] M. Cortland. 2017 adblock report. https://pagefair.com/blog/2017/adblockreport/.
  • [26] CryptoMining24.net. Cpu for monero. https://cryptomining24.net/cpu-for-monero/, 2017.
  • [27] CryptoNote Tech. Cryptonote technology: Egalitarian proof of work. https://cryptonote.org/inside.php#equal-proof-of-work.
  • [28] E. V. der Sar. The pirate bay website runs a cryptocurrency miner (updated). https://torrentfreak.com/the-pirate-bay-website-runs-a-cryptocurrency-miner-170916/.
  • [29] D. Desai, D. Gandhi, M. Sadique, and M. Ghule. Cryptomining is here to stay in the enterprise. https://www.zscaler.com/blogs/research/ cryptomining-here-stay-enterprise.
  • [30] B. Dorsey. Browser as botnet, or the coming war on your web browser. Radical Networks., 2018.
  • [31] eMarketer Podcast. emarketer releases new us programmatic ad spending figures. https://www.emarketer.com/Article/eMarketer-Releases-New-US-Programmatic-Ad-Spending-Figures/1016698, 2017.
  • [32] S. Eskandari, A. Leoutsarakos, T. Mursch, and J. Clark. A first look at browser-based cryptojacking. In Proceedings of IEEE Security & Privacy on the Blockchain, S&B 2018, 2018.
  • [33] European Union Agency for Network and Information Security (ENISA). Cryptojacking - cryptomining in the browser. https://www.enisa.europa.eu/publications/info-notes/cryptojacking-cryptomining-in-the-browser, 2017.
  • [34] FANDOM Lifestyle Community. Prepaid data sim card wiki - spain. http://prepaid-data-sim-card.wikia.com/wiki/Spain, 2017.
  • [35] K. Finley. Google’s new ad blocker changed the web before it even switched on. https://www.wired.com/story/google-chrome-ad-blocker-change-web/.
  • [36] B. Fung. Hackers have turned politifact’s website into a trap for your pc. https://www.washingtonpost.com/news/the-switch/wp/2017/10/13/hackers-have-turned-politifacts-website-into-a-trap-for-your-pc/, 2017.
  • [37] P. Gill, V. Erramilli, A. Chaintreau, B. Krishnamurthy, K. Papagiannaki, and P. Rodriguez. Follow the money: Understanding economics of online aggregation and advertising. In Proceedings of the 2013 Conference on Internet Measurement Conference, IMC ’13, 2013.
  • [38] Global Coin Report. Here’s how monero (xmr) gets to $1,000. https://globalcoinreport.com/heres-monero-xmr-gets-1000/, 2018.
  • [39] D. G. Goldstein, R. P. McAfee, and S. Suri. The cost of annoying ads. In Proceedings of the 22Nd International Conference on World Wide Web, WWW ’13, pages 459–470, New York, NY, USA, 2013. ACM.
  • [40] D. Goodin. Ad network uses advanced malware technique to conceal cpu-draining mining ads. https://arstechnica.com/information-technology/2018/02/ad-network-uses-advanced-malware-technique-to-conceal-cpu-draining-mining-ads/.
  • [41] P. Greenfield. Government websites hit by cryptocurrency mining malware. https://www.theguardian.com/technology/2018/ feb/11/government-websites-hit-by-cryptocurrency-mining-malware, 2018.
  • [42] J. Gui, S. Mcilroy, M. Nagappan, and W. G. J. Halfond. Truth in advertising: The hidden cost of mobile ads for software developers. In Proceedings of the 37th International Conference on Software Engineering - Volume 1, ICSE ’15, pages 100–110, Piscataway, NJ, USA, 2015. IEEE Press.
  • [43] D. Y. Huang, H. Dharmdasani, S. Meiklejohn, V. Dave, C. Grier, D. McCoy, S. Savage, N. Weaver, A. C. Snoeren, and K. Levchenko. Botcoin: Monetizing stolen cycles. In Proceedings of Annual NDSS, 2014.
  • [44] investing.com. All cryptocurrencies. https://www.investing.com/crypto/currencies, 2018.
  • [45] U. Iqbal, Z. Shafiq, and Z. Qian. The ad wars: retrospective measurement and analysis of anti-adblock filter lists. In Proceedings of the 2017 Internet Measurement Conference, pages 171–183. ACM, 2017.
  • [46] S. C. L. John Hoffman, Jeffrey S. Jacobson. New jersey division of consumer affairs obtains settlement with developer of bitcoin-mining software found to have accessed new jersey computers without users’ knowledge or consent. http://nj.gov/oag/newsreleases15/ pr20150526b.html, 2015.
  • [47] P. Kafka and R. Molla. Recode - 2017 was the year digital ad spending finally beat TV. https://www.recode.net/2017/12/4/16733460/ 2017-digital-ad-spend-advertising-beat-tv, 2017.
  • [48] R. Keramidas. No coin. https://github.com/keraf/NoCoin.
  • [49] H. Lau. Browser-based cryptocurrency mining makes unexpected return from the dead. https://www.symantec.com/blogs/threat-intelligence/browser-mining-cryptocurrency.
  • [50] J. Leyden. More and more websites are mining crypto-coins in your browser to pay their bills, line pockets. https://www.theregister.co.uk/2017/10/13/ crypto_mining/.
  • [51] J. Leyden. Real mad-quid: Murky cryptojacking menace that smacked ronaldo site grows. http://www.theregister.co.uk/2017/10/10/ cryptojacking/.
  • [52] N. Lomas. Cryptojacking attack hits 4,000 websites, including uk’s data watchdog. https://techcrunch.com/2018/02/12/ico-snafu/, 2018.
  • [53] J. Martin. What’s the best cpu temperature? https://www.techadvisor.co.uk/how-to/desktop-pc/cpu-temp-3498564/, 2018.
  • [54] K. McCarthy. Cbs’s showtime caught mining crypto-coins in viewers’ web browsers. http://www.theregister.co.uk/2017/09/25/ showtime_hit_with_coinmining_script/.
  • [55] MDN web docs. Websockets. https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API.
  • [56] K. Mielczarczyk. Opera 50 beta rc with cryptocurrency mining protection. https://blogs.opera.com/desktop/2017/12/opera-50-beta-rc-cryptocurrency-mining-protection/, 2017.
  • [57] C. Morran. Why do websites refuse to label sponsored content as “advertising”? https://consumerist.com/2015/06/11/why-do-websites-refuse-to-label-sponsored-content-as-advertising/.
  • [58] B. Morrissey. Forbes starts blocking ad-block users. https://digiday.com/media/forbes-ad-blocking/.
  • [59] Mozilla Developers. Web workers api. https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API.
  • [60] M. H. Mughees, Z. Qian, and Z. Shafiq. Detecting anti ad-blockers in the wild. Proceedings on Privacy Enhancing Technologies, 2017(3):130–146, 2017.
  • [61] M. H. Mughees, Z. Qian, Z. Shafiq, K. Dash, and P. Hui. A first look at ad-block detection: A new arms race on the web. CoRR, abs/1605.05841, 2016.
  • [62] A. Muller. Ad-mageddon! ad blocking, its impact, and what comes next. https://marketingland.com/ad-mageddon-perspectives-ad-blocking-impacts-comes-next-227090.
  • [63] T. Mursch. Cryptojacking: 2017 year-end review. https://badpackets.net/cryptojacking-2017-year-end-review/, 2017.
  • [64] D. Nadolny. Bitcoin plus miner. https://wordpress.org/plugins/bitcoin-plus-miner/.
  • [65] J. NIELSEN. How long do users stay on web pages? https://www.nngroup.com/articles/how-long-do-users-stay-on-web-pages/.
  • [66] N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Proceedings of the IEEE Symposium on SP ’13.
  • [67] R. Nithyanand, S. Khattak, M. Javed, N. Vallina-Rodriguez, M. Falahrastegar, J. E. Powles, E. D. Cristofaro, H. Haddadi, and S. J. Murdoch. Adblocking and counter blocking: A slice of the arms race. In 6th USENIX Workshop on Free and Open Communications on the Internet (FOCI 16), Austin, TX, 2016. USENIX Association.
  • [68] No Mining. Secure your browser with no mining. http://www.nomining.com/.
  • [69] Official Journal of the European Union. Directive 95/46/ec (general data protection regulation). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.
  • [70] P. Paganini. Thousands of websites worldwide hijacked by cryptocurrency mining code due browsealoud plugin hack. https://securityaffairs.co/wordpress/68966/ hacking/browsealoud-plugin-hack.html, 2018.
  • [71] E. P. Papadopoulos, M. Diamantaris, P. Papadopoulos, T. Petsas, S. Ioannidis, and E. P. Markatos. The long-standing privacy debate: Mobile websites vs mobile apps. In Proceedings of the 26th International Conference on World Wide Web, WWW’17, 2017.
  • [72] P. Papadopoulos, N. Kourtellis, and E. P. Markatos. The cost of digital advertisement: Comparing user and advertiser views. In Proceedings of the 27th International Conference on World Wide Web, WWW’18, 2018.
  • [73] P. Papadopoulos, N. Kourtellis, P. R. Rodriguez, and N. Laoutaris. If you are not paying for it, you are the product: How much do advertisers pay to reach you? In Proceedings of the 2017 Internet Measurement Conference, IMC ’17, 2017.
  • [74] A. Perekalin. How kaspersky lab products protect against miners. https://www.kaspersky.com/blog/web-miners-protection/20556/, 2018.
  • [75] Phidgets Inc. Phidget21 c api documentation. https://www.phidgets.com/documentation/web/ cdoc/index.html.
  • [76] Phidgets Inc. What is a phidget? https://www.phidgets.com/docs21/ What_is_a_Phidget.
  • [77] M. Pinola. How to test your computer’s cpu temperature. https://www.lifewire.com/how-can-i-test-laptop-temperature-2377618, 2018.
  • [78] PublicWWW. Source code search engine. https://publicwww.com/.
  • [79] A. Razaghpanah, R. Nithyanand, N. Vallina-Rodriguez, S. Sundaresan, M. Allman, C. Kreibich, and P. Gill. Apps, trackers, privacy, and regulators: A global study of the mobile tracking ecosystem. 2018.
  • [80] T. Robitaille. psrecord: Record the cpu and memory activity of a process. https://github.com/astrofrog/psrecord.
  • [81] G. Roeck. Overview of the lm-sensors package. https://github.com/groeck/lm-sensors.
  • [82] A. Rosic. What is monero? the ultimate beginners guide. https://blockgeeks.com/guides/monero/.
  • [83] K. Sedgwick. Mining Crypto In a Browser Is a Complete Waste of Time. https://news.bitcoin.com/mining-crypto-in-a-browser-is-a-complete-waste-of-time/, 2018.
  • [84] J. Segura. Malicious cryptomining and the blacklist conundrum. https://blog.malwarebytes.com/threat-analysis/2018/03/malicious-cryptomining-and-the-blacklist-conundrum/, 2018.
  • [85] D. Sinegubko. Malicious website cryptominers from github. https://blog.sucuri.net/2018/01/malicious-cryptominers-from-github-part-2.html, 2018.
  • [86] N. Smith. How publishers are turning up the heat in the ad-blocking war. https://www.theguardian.com/media-network/2016/sep/02/publishers-ad-block-users-hide-content.
  • [87] A. Tar. Proof-of-work, explained. https://cointelegraph.com/explained/proof-of-work-explained, 2018.
  • [88] The Editors of Wired. How wired is going to handle ad blocking. https://www.wired.com/how-wired-is-going-to-handle-ad-blocking/.
  • [89] The European Union Agency for Network and Information Security (ENISA). Malvertising. https://www.enisa.europa.eu/publications/info-notes/malvertising, 2016.
  • [90] The Linux Information Project. The ps command. http://www.linfo.org/ps.html.
  • [91] K. Tse. Understanding programmatic advertising: A brief look at its history. https://medium.com/wired-mesh/understanding-programmatic-advertising-a-brief-look-at-its-history-411dd5842304.
  • [92] L. Tung. Windows: This sneaky cryptominer hides behind taskbar even after you exit browser. https://www.zdnet.com/article/windows-this-sneaky-cryptominer-hides-behind-taskbar-even-after-you-exit-browser/, 2017.
  • [93] N. Vallina-Rodriguez, J. Shah, A. Finamore, Y. Grunenberger, K. Papagiannaki, H. Haddadi, and J. Crowcroft. Breaking for commercials: Characterizing mobile advertising. In Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC ’12, 2012.
  • [94] N. Vallina-Rodriguez, S. Sundaresan, A. Razaghpanah, R. Nithyanand, M. Allman, C. Kreibich, and P. Gill. Tracking the trackers: Towards understanding the mobile advertising and tracking ecosystem. arXiv preprint arXiv:1609.07190, 2016.
  • [95] A. Verma. 6 easy ways to block cryptocurrency mining in your web browser. https://fossbytes.com/block-cryptocurrency-mining-in-browser/, 2018.
  • [96] A. Viquez. Opera introduces bitcoin mining protection in all mobile browsers – here’s how we did it. https://blogs.opera.com/mobile/2018/01/opera-introduces-bitcoin-mining-protection-mobile-browsers/, 2018.
  • [97] J. Wagner. Protecting users from extension cryptojacking. https://blog.chromium.org/2018/04/protecting-users-from-extension-cryptojacking.html, 2018.
  • [98] M. web docs. Webassembly. https://developer.mozilla.org/en-US/docs/WebAssembly.
  • [99] WhistleOut Inc. Compare the best cell phone plans. https://www.whistleout.com/CellPhones, 2018.
  • [100] B. Williams. Adblock plus and (a little) more. https://adblockplus.org/blog/100-million-users-100-million-thank-yous.
  • [101] J. Wyke. The zeroaccess botnet: Mining and fraud for massive financial gain. Sophos Technical Paper, 2012.
  • [102] A. Zarras, A. Kapravelos, G. Stringhini, T. Holz, C. Kruegel, and G. Vigna. The dark alleys of madison avenue: Understanding malicious advertisements. In Proceedings of the 2014 Conference on Internet Measurement Conference, IMC ’14, pages 373–380, New York, NY, USA, 2014. ACM.
  • [103] ZeroDot1. Coinblockerlists. https://github.com/ZeroDot1/CoinBlockerLists.