from the whoops-a-daisy dept
The mining software was first noticed by a Twitter user who discovered the Coinhive miner buried early on in the source code:
— SkensNet (@skensnet) September 23, 2017
Users weren’t alerted that this was happening, and visitors reportedly found the mining software utilized up to 80% of a visiting user’s CPU cycles. Such miners can also notably drain battery life for visitors on mobile devices. And as of this writing, Showtime has been completely unwilling to confirm that this occurred, much less explain how the code appeared. The company has refused to respond to numerous requests for comment from a myriad of websites, Techdirt included. The code appeared in the evening of September 23, and had disappeared by the next Monday morning.
It seems relatively unlikely that executives or developers at Showtime thought it would be a good idea to hijack the browsers of potential customers to mine cryptocurrency, leading many to believe that Showtime’s servers were likely hacked by somebody looking to covertly make a little extra money:
That said, it’s not impossible that Showtime was running an experiment. Cryptocurrency miners have been making headlines in recent weeks after The Pirate Bay was caught also covertly using Coinhive to hijack visitor browsers to make extra bank. Coinhive only just launched September 14, advertising itself as a creative alternative to the traditional advertising model. But after users over at the Pirate Bay subreddit discovered the practice and began to complain, the website was forced to pull the software from its code and issued a relatively flimsy mea culpa:
Except covertly hijacking a browser with glorified malware obviously isn’t a great way of “keeping a site running,” especially if websites running to embrace Coinhive refuse to let users opt out — much less inform them this is even happening. Not surprisingly, the recent rise in such stealth cryptocurrency miners has resulted in Adblock Plus moving to help block such hijacks. Malwarebytes analyst Jérôme Segura warns in a blog post that some websites appear unsurprisingly intent on “pushing the limits towards a really bad user experience”:
“Gaming and video sites typically are more resource intensive, so it seems to make little sense to run a miner at the same time without having a noted impact. Having said that, many people who consume copyrighted content are perhaps less likely to complain about an under par user experience. The question at this point is: How far can publishers push the limits towards a really bad user experience? You may be surprised that for many, this is not really a problem at all and that double dipping is, in fact, a fairly common practice.”
Again, there are creative alternatives to advertising, and then there’s just being an asshole. Hijacking a visitor’s browser, CPU and electricity to mine cryptocurrency without informing them — or letting them opt out — sits firmly in the latter category.