Stanislas ๐Ÿ‘จโ€๐Ÿ’ป is a user on mstdn.io. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Stanislas ๐Ÿ‘จโ€๐Ÿ’ป @angristan

mastodon.host is using a Javascript miner.

Well I'm glad to have my own instance.

mstdn.io/media/k3y3N4iEdFCHP6U

ยท Web ยท 105 ยท 33

@angristan Just open the page dev console and it spits out some stats

it seems to mine on every public page, I hope it doesn't do it the logged-in interface...

also, using a miner is not 100% wrong, it's another kind of economic model.

I personally think it's cancer as fuck though.

@angristan Yeah but the administrator don't say it so for me is 100% wrong. You don't prevent your users (idk if the admin say it in a toot but thats should be on the homepage).

@angristan It did it on the logged in interface nonstop. Mining is ok, but then do it as a captcha for 10 seconds to verify a user at register or login while explaining the purpuse of it. Doing it in a sneaky nonstop way is considered malware.

@angristan It's a kind of botnet, I most certainly consider it malicious and absolutely wrong.

@angristan For the record, I see nothing wrong with running a miner for a website that is *provided to me for free*, on three conditions:
1. it is clearly communicated to all your users how and why are you doing this;
2. there is a very visible and accessible opt-out setting;
3. it is not set up to use all of the users' processing power.

I absolutely get the incentive behind the move. Running a server costs money. Attention needed to be an admin of a moderately popular website also has value.

@angristan It's not like they need my personal information for this. And it's not like they're putting my machine or myself at any significant risk. All they're asking of me - is crunch a couple of (thousands of) hashes, which I'm very able to do, not like there's any significant work involved.

However mastodon.host admin did not provide any notification nor they have given an opt-out. This is a dick move.

I wouldn't however overdramaticize this. It's a viable model if done right.

@drequivalent @angristan I thought you were talking about 4chan until I expanded the thread. inafter every web page tries to start mining with mountains of obfuscated bullshit. #NoScript
@drequivalent @angristan I was talking mostly about 4chan. I'm not familiar with this mastodon miner site. Your criteria would make it more reasonable: being upfront, allowing opt-in / opt-out etc

@angristan Oh yes, and of course, in this case there should be no context ad banners on the site, because fuck ad networks and fuck trackers. But I thought it would be obvious by this time.

@angristan
Et du coup, c'est actif mรชme sur la version mobile ?
Parce que รงa pompe pas mal sur ton PC qui est quand mรชme puissant, donc je n'imagine mรชme pas sur des PC moins puissants ou sur des appareils mobiles.

@angristan any economic model that abuses your computer's resources is theft. This includes ads (cpu+bandwidth) and mining (cpu)

Especially because it has negative effects on your hardware and especially your battery. These things cost tangible money. They're harming your equipment by their asshattery.

@feld @angristan a very nice model to make money would be to ask users to engage in machine learning on a voluntary basis - I think it could be a viable business model for a company (AI training and paying people for providing humans to exercise the machine) - same thing as Google reCaptcha does but as a platform.

I could help distinguish a few cats & dogs for a site I like to read articles on before being granted access.

@angristan Guy also runs that annoying federation bot. Rude and shady af.

@angristan Avast throw me an Alert when I reach the homepage ๐Ÿ˜„

@angristan I would have zero problem with that if it was clearly stated on the About page and was being done with user consent. It would be an interesting way to cover operational costs.

It's not.

Personally I would love to see cryptocurrency mining as a payment option to replace ads, and also as a replacement for CAPTCHAs which also happens to make the site a little money and pays the admin to clean up after any spambots that decide it's worth it to do the mining to create accounts.

But my main problem with ads is the lack of consent. People should be given a choice BEFORE they have to see the ad or do any mining. Preferably even before they click the link but that requires new tech.

@seanl i see it already, a shady admin potentially putting shit malware running on a shit server, just what the end user needs to know. Way to destroy the confidence level of the community. Totally not cool, and a dumb shady decision

@dewb Yeah doing it without consent is not at all OK. At least ads are inherently transparent since you have to see them for them to be worth anything. I only support mining as a (voluntary) option for services that already feel the need to have ads or require subscription fees.

@dewb Everyone looking at a web site has a CPU and the electricity to power it. Not everyone has a credit card or even bank account or wants to look at ads. And even if they are OK with ads, a lot of smaller sites struggle to even make enough money off of ads, especially if the demographic they target isn't that desirable to advertisers.

@dewb In a way, mining of ASIC-resistant cryptocurrencies is the most democratic payment option aside from being purely donation-funded (which is by far my preferred model).

@seanl oh I understand that fully, however once the damage has already been done it's hard to win back the trust, across potentially all severs. Even if there are good servers with trusty admins that communicate with their community everytime a change is about to go live.

@seanl the end user isnt necessarily going to be educated enough to understand the technology involved. In fact, they'd probably be fearful ๐Ÿ˜ฉ I'm bummed