Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

It wants to use your computer’s resources to make them money.

Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

We're all getting pretty used to visiting news media websites, only to be told that they'd like us to turn our ad blocking software off.

Of course, we don't want to turn off our ad blockers. After all, we don't want to have our computers infected by malware spread via rogue ads, and we don't want to be tracked online by advertisers, and we find an ad-filled internet generally unattractive and slow.

Increasingly websites are giving us a choice - if you don't want to turn off your ad blocker (very sensible of you) then how about buying a subscription to the site instead?

The Salon website, however, has taken a different route as you can see if you visit its website today.

Salon website

Here's a closer look.

Salon cryptomining dialog

Yup, Salon is giving you a choice. If you don't want to disable your ad blocker, maybe you'll feel comfortable letting it run code from Coinhive which will gobble up your computer's resources to mine some Monero cryptocurrency.

It's an alternative way for Salon to pay its costs, and - quite frankly - may turn out to be more attractive to some people than taking the risk of allowing ads to appear.

Cryptomining is *hot* right now. Just in the last few days we've seen US and UK government websites hijacked by a poisoned plugin that used Coinhive code to mine cryptocurrency, and reports of Android apps in the official Google Play store that mined Monero behind users' backs.

You'd be wrong to think, however, that Salon's cryptocurrency-mining activity won't have any impact on your computer. Just take a look at this in the FAQ:

Why are my fans turning on?
Any time that your computer is turned on, its central processing unit (CPU) is being used to some extent. More intensive computing processes use more computing power; for instance, having many applications open or using processor-intensive programs like Adobe Photoshop will heat up your computer, as its processor has more current running through it. Most computers have fans that automatically turn on to dissipate heat when more processing power is used — regardless of the cause. And indeed, some users report that the slight rise in computing power activates their computer’s cooling fans.

Noisy fans screeching into action when you visit the Salon website? I doubt anyone will be much of a fan of that. (Sorry.)

My guess is that we'll see more and more mainstream media websites toy with the idea of mining cryptocurrencies while ad-blocking users read their articles.

Whether it's something that will prove popular in the long term, however, remains to be seen.

Hat-tip: Financial Times. Umm, yes, it's behind a paywall.

For further discussion of this issue be sure to check out this episode of the "Smashing Security" podcast:

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episodes:

, , , , ,

3 Responses

  1. drsolly

    February 13, 2018 at 10:18 pm #

    Plus, you're allowing someone to run software on your computer. As a general rule, security folks warn that this is not a good idea.

  2. BaliRob

    February 16, 2018 at 6:48 am #

    My reaction – even considering ditching my computer – nothing but headaches every day

  3. Theo

    February 16, 2018 at 8:13 am #

    It's not really 'software' as an application, it's plain Javascript. The problem is that Javascript is becoming a true programming language in and of itself, connected to the internet.
    https://blog.mozilla.org/blog/2017/11/13/webassembly-in-browsers/

    ActiveX all over again?

    This is what sans.org has to say about this issue:
    "There's a bigger issue than cryptocurrency mining at play here. We need to ask ourselves if we are okay with running assembly-like language in a JavaScript virtual machine. This technology, WebAssembly, can be used for all sorts of malicious purposes. I was originally worried about attack surface (WebAssembly is relatively complex), but now I see that malicious parties will continue to find malicious uses for the technology. This may simply be a feature that nobody needs and can be done away with."

Leave a Reply