It was a proof-of-concept and when I saw that it worked I started building a proper version of it. However, soon thereafter rogue actors started using Coinhive for malicious things and I'm now at a point where I don't feel like continuing on the game. I still think it's a cool concept and my game is very clearly opt-in where I explain what will happen when you press "Start mining".
It feels like "this is why we can't have nice things" is applicable here.
Maybe someone will come later with a idea to make this while preventing abuses (maybe browsers could built it in as a mean of payment?).
Can't it already do that? The demo miner on their website has controls for "CPU Usage Percentage" and "Number of cores used".
As your project did before, you could tie the mining with in game currency. If the underlying block chain is actively traded you could even scale the game currency with real currency in some way... 0.0001 cent is a gold coin for example. Payment that way would seem fairly above board, especially if you clearly tell the player about the taxing system -- this could then be your funding.
Soon (next month or so) the same team are releasing a multi-game coin as well: https://chimaera.io/
Can you expand on this? How are they using it maliciously in your game?
Also, did you get a sense for whether it's a viable alternative to ads?
I don't understand how this made you lose interest in your game. These malicious uses have nothing to do with you or your game...
This is where I think Coinhive ethically crosses the line; perhaps legally, too. The mining scripts should stop when contacting Coinhive and determining that the specified key/ID has been disabled due to complaints or fraud.
Reached for comment about this apparent conflict of interest, Coinhive replied with a highly technical response, claiming the organization is working on a fix to correct that conflict.
“We have developed Coinhive under the assumption that site keys are immutable,” Coinhive wrote in an email to KrebsOnSecurity. “This is evident by the fact that a site key can not be deleted by a user. This assumption greatly simplified our initial development. We can cache site keys on our WebSocket servers instead of reloading them from the database for every new client. We’re working on a mechanism [to] propagate the invalidation of a key to our WebSocket servers.”
also edit - we are working on a way for site owners to validate their site via a DNS entry or something, and only allow keys to mine on validated sites. We want to make this space less scummy!
Also good to see there is (i) more improvement possible, (ii) ongoing investigation and (iii) competition in this space. Keep it strong, ignore the haters.
I really don't get the problem though. Someone's website is hacked and points to coinhive, and we want coinhive to fix it? This is why we can't have nice things.
I've complained about krebs being an asshole before on HN and this pretty much confirms it.
What exactly did doxxing people contribute to this story?
Edit: This might actually be the final straw that breaks the camels back and pr0gramm will go down.
So thanks for that, Krebs. I wonder if Brian knows that Krebs means cancer in german. It's somehow fitting.
Yup, I pretty much predicted Gambs official statement.
They really don't like the doxxing. They posted an official statement and asked nicely to not post their private info on the website as everyone can google it now. And if shit get's out of hand with their private data in the public now they'll shut down the website.
Edit: Oh, they also said they've never banned anyone for posting the screenshot but asked them nicely to wait for the statement.
I found a github page that provides a proxy to the coinhive allowing the user to keep 100% of the profit, but it doesn't even link to the coinhive code that I could see. (https://github.com/cazala/coin-hive-stratum)
Also found this, https://jonathanmh.com/testing-coin-hive-crowd-source-monero.... Interesting but no source code.
My idea was to make an API-rate limiter, where a client has to submit a list of calculated hashes (PoW) with each request and so protect the API against bots, scrapers and other (D)DoS attacks. Bad idea, because the data that has to be transfered (in Headers) is going to huge, megabytes, if you want to make even a few cents on a million-hits-per-day API.
I’m shocked, and very surprised to hear that malware code is disseminated through innocent ads put out there by a user-loving, “do no evil” company. /s
Now, can we please finally conclude that an ad blocker in your browser is mandatory?
https://www.theverge.com/2018/2/14/17011266/google-chrome-ad...
https://translate.googleusercontent.com/translate_c?depth=1&...
If you are interested - leave an email on website :)
