Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

Graham Cluley

Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

We’re all getting pretty used to visiting news media websites, only to be told that they’d like us to turn our ad blocking software off.

Of course, we don’t want to turn off our ad blockers. After all, we don’t want to have our computers infected by malware spread via rogue ads, and we don’t want to be tracked online by advertisers, and we find an ad-filled internet generally unattractive and slow.

Increasingly websites are giving us a choice – if you don’t want to turn off your ad blocker (very sensible of you) then how about buying a subscription to the site instead?

The Salon website, however, has taken a different route as you can see if you visit its website today.

Salon website

Here’s a closer look.

Salon cryptomining dialog

Yup, Salon is giving you a choice. If you don’t want to disable your ad blocker, maybe you’ll feel comfortable letting it run code from Coinhive which will gobble up your computer’s resources to mine some Monero cryptocurrency.

It’s an alternative way for Salon to pay its costs, and – quite frankly – may turn out to be more attractive to some people than taking the risk of allowing ads to appear.

Cryptomining is *hot* right now. Just in the last few days we’ve seen US and UK government websites hijacked by a poisoned plugin that used Coinhive code to mine cryptocurrency, and reports of Android apps in the official Google Play store that mined Monero behind users’ backs.

You’d be wrong to think, however, that Salon’s cryptocurrency-mining activity won’t have any impact on your computer. Just take a look at this in the FAQ:

Why are my fans turning on?
Any time that your computer is turned on, its central processing unit (CPU) is being used to some extent. More intensive computing processes use more computing power; for instance, having many applications open or using processor-intensive programs like Adobe Photoshop will heat up your computer, as its processor has more current running through it. Most computers have fans that automatically turn on to dissipate heat when more processing power is used — regardless of the cause. And indeed, some users report that the slight rise in computing power activates their computer’s cooling fans.

Noisy fans screeching into action when you visit the Salon website? I doubt anyone will be much of a fan of that. (Sorry.)

My guess is that we’ll see more and more mainstream media websites toy with the idea of mining cryptocurrencies while ad-blocking users read their articles.

Whether it’s something that will prove popular in the long term, however, remains to be seen.

Hat-tip: Financial Times. Umm, yes, it’s behind a paywall.

For further discussion of this issue be sure to check out this episode of the “Smashing Security” podcast:

Smashing Security #065: 'Cryptominomania, Poppy, and your Amazon Alexa'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies”

  1. Plus, you're allowing someone to run software on your computer. As a general rule, security folks warn that this is not a good idea.

  2. It's not really 'software' as an application, it's plain Javascript. The problem is that Javascript is becoming a true programming language in and of itself, connected to the internet.
    https://blog.mozilla.org/blog/2017/11/13/webassembly-in-browsers/

    ActiveX all over again?

    This is what sans.org has to say about this issue:
    "There's a bigger issue than cryptocurrency mining at play here. We need to ask ourselves if we are okay with running assembly-like language in a JavaScript virtual machine. This technology, WebAssembly, can be used for all sorts of malicious purposes. I was originally worried about attack surface (WebAssembly is relatively complex), but now I see that malicious parties will continue to find malicious uses for the technology. This may simply be a feature that nobody needs and can be done away with."

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES