Recently I visited a website whilst browsing around and after a few minutes of reading I noticed my Mac's fans spinning up in an unusual flurry of activity for such a light task, so I decided to dig around under the hood to see what was going on and low and behold the Google Chrome Helper process was eating almost all 8 of my cores O_o. What was causing this? I only had one site open so I decided to restart the browser and open the same page again incase Google Chrome had a panic attack for no apparent reason, however the same symptoms occured, time to take a look under the hood...
Initially I was pretty angry to think that just by visiting a website I had opened my CPU up to unauthorised usage even if it is secured within the confines of my browser, and then I thought, what is the point when typically CPU mining is not worth bothering with in most currencies and a JS based miner must be even worst! I started looking into the script and found it was from coinhive.com so I moved over to the Coinhive website to try and find out more info. Turns out the JS miner mines Monero which instead of the usual hashing algorithms seen in other currencies utilises Cryptonight a much heavier algorithm which sees little benefit from GPU / ASIC mining.
Interestingly Coinhive has come up with some interesting use cases and ideas about why this may be useful for a site other than earning the publisher some additional revenue such as a proof of work captcha, a URL shortener which mines for a short period instead of showing an intersitial advert and of course incentivising your users to mine on your behalf whilst rewarding them with some bonus such as in game money, file downloads or ad free browsing.
It will be interesting to see how this mindset pans out, will the use cases end with in browser currency mining, or will we see other workloads being ran in clients browsers? Will we see this type of activity getting flagged as malicious? Is it really malicious or is it just frowned upon? Is it ok to ask users if they'd like to donate their CPU on a site rather than just stealing it? Is it really stealing it or is it fair if someone stumbles onto your slice of the internet that they contribute something back, a bit like taking a gift or bottle of wine when visiting a friend for dinner? All these questions and more remain to be answered with time.
If you'd like to give it a go yourself you'll need to grab a Monero wallet much like with any other crypto currency, I personally dislike online wallets and prefer to grab the client and have my wallet locally on a host I can (hopefully) keep control of. Then head on over to http://www.coinhive.com and sign up for an account and add their JS along with your API key to your website. When visiting your site you'll notice your hash count rise in the Coinhive dashboard as your browser mines. The mining happens very much in a pool like fashion and each user can provide a small amount of hashes during their visit. Once you reach 0.5 XMR you can transfer out to your wallet / exchange. Bear in mind this activity may be seen as frowned upon by some of your visitors and it may not go down too well!