January, 4th 2018
Few weeks ago I started an experiment like a quick-and-dirty proof of concept around cryptocurrencies and web mining.
I choose Coinhive so as to see what it was possible to do with this tool.
I write here the results of my experiments and the tests I made of this API. Before that, let’s sum up the principles of blockchains and Monero ⛏
Note Coinhive is closed
I won’t write too much lines about blockchains and cryptocurrencies, because it’s not a really new concept (brought out in 2008 by Satoshi Nakamoto with Bitcoin), and I should both talk about concepts of cryptanarchism, cypherpunk and cryptography. So, let’s make it short. And if you understand french-written slidedecks, go here ;-D
Blockchains can be seen as distributed decentralized ledgers or databases. No one owns a unique instance of the base but a number of nodes linked each others through peer-to-peer network. This aspect is one of the biggest advantage of the technology, the other relies on the impossibility to corrupt the data stored inside it within “pages” of the ledger called blocks. Due to hash operations, the content of a block is unfalsifiable and sustainable, and if a block has been altered the following will be too and so on.
There are several types of hash operations called Proofs of Work: Equihash for Zcash, Ethash for Ethereum, Hashcash for Bitcoin or CryptoNight for Monero. There will be also Proof of Stake instead of Proof Of Work for Ethereum but not for today. This mathematical competition is made between each node in order to choose the one which will be able to build the new block. Thus the successful node earns tokens (e.g. Bitcoin, Ether, Zcash, Monero or Dogecoin) and can spend them (e.g. in exchange places like Kraken, Changelly or Coinbase). Blockchains are public, and some of them (e.g. Monero, Dash and Zcash) can hide their data like transactions, fees, amount of used tokens or owners. For some blockchains, instead of just exchanging tokens, it is possible to store programs and define decentralized applications (ÐApps) using Ethereum or EOS. Cryptocurrencies can be called with their acronyms: BTC, BCH, BTG, ETH, ETC, ZEC, XMR respectively for Bitcoin, BitcoinCash, Bitcoin Gold, Ether, Ether Classic, Zcash and Monero. Some of these altcoins are in limited quantity (at most 21.000.000 for BTC) or not (XMR, ETH). Finally, altcoins are volatile and mainly used for speculation. And sometimes, there are funny crashes (see below).
(╯°□°)╯︵ ┻━┻ Ok buddy, and Coinhive? Soon, but before let’s talk about its currency: Monero.
Monero is an opensource cryptocurrency launched in 2014. It is based on CryptoNote algorithm which protects privacy, contents and transactions. CryptoNote and the network in use, Kovri, obfuscate the data so as to make it quite impossible for an intruder to see what happens. Technologically Monero is quite awesome: Kovri is based on I2P’s specifications, encryption is everywhere, and several mechanisms like Ring Signatures (hiding senders), Ring Confidential Transactions (hiding amounts of XMR in transactions) and stealth addresses (protecting the receivers of the transactions) have been set up with the aim of protecting the blockchain. Yes, Monero is one of the most badass of cryptocurrencies. According to Bitinfocharts (on 01/03/2017) the USD value of 1 XMR was $379.65, the mining time to wait before a new block was around 2 minutes, the blockchain size was around 38 GB and the reward for the successful miner was around 5.5 XMR. Nice :)
(ノ`Д ́)ノ Please guy, don’t make another boring article about Monero, I want Coinhive! Ok, since we have introduced blockchains and Monero, let’s talk about Coinhive.
I won’t write a too big paragraph about the history of Coinhive.
I just say that this tool is quite well-known today because of its use with Pirate Bay portals, and the Showtime case.
The idea behind is to provide a new way of remuneration: because more and more people use ad-blockers, it may be quite tricky to use advertisements to monetize a web site or an app. So, if we can mine Monero when the users are visiting our product? That’s why Coinhive is here.
The formula for the payouts is quite simple, Coinhive keeps around 30% of the benefits, and the remaining 70% are for the developer:
(solved-hashes / global-difficulty) * block-reward * 0.7
First, proof of work captchas!
Coinhive is not just another miner for Monero, or a tool for pirates or whatever press-groups can say. The project offers a new kind of captcha using… Proof of Work!
Instead of having to write a not-so-readable keyword, or click on ugly cars with several pictures, this captcha system makes users (in fact their browsers) need to compute a defined number of hashes so as to submit a form. Spams are prevented, it is far less boring that old-school captchas, and it might make developers earn a bit of Monero. The use is quite simple: add a reference to a script in HTML, add a div with the amount of hashes and the data key, and that’s all. The div will be replaced by additional content within an iframe.
Second, proof of work shortlinks!
Coinhive provides a feature related to shortlinks. Instead of using GAFA’s or other well-knowns URL shortener (please, consider using Frama.link), it is possible for the developer to define a short link with which users have to solve a number of hashes before being automatically forwarded to the target URL. It is quite interesting so as to prevent spams, click-bots or too curious spies.
The use is very simple, add the short link in your text content, and when the user clicks on, a new page will be opened in its browser with the state of the process.
Third, Monero mining — the clean way
The last feature, and the more known, is about mining.
... and the clean-or-not way.
However it is not because there is no GUI that users cannot see the miner working. Indeed, if we look deeper with the task manager of the browser, we can see there is something quite busy on the web page. But no more details are available :-/
And a dashboard.
Finally Coinhive has a clean dashboard which sums up the hashrate (hashes/s), the total number of hashes and the pending payments. It lists also the “sites” you have defined (here “dwarf” defined for the demo in my web site). You can easily read that with this demo I’m not rich at all, and the XMR gain I may have will not refund the power supply costs. But who cares? It’s just for beauty of proofs of concepts :)
Thus, and it is the purpose of this article, I tried the mining feature of Coinhive. I made it in a quick-and-dirty way, hide it in a dedicated location in my web site, and here I am. I tried this feature with 2 smartphones and 2 laptops using Firefox as web browser. I used the same configuration: 4 threads and 100% of speed (i.e. 1.0 for the throttle). The tests duration was around 1 hour. I choose this duration so as to be closer of a use case where someone watches a video on a streaming platform or uses its favorite web application (social network, tool in the cloud, etc.). Below are the specifications of the devices.
I put below the resulting hashes of each device. I can say I made these tests with only the miner and no more application opened. The device have not been rooted, jailbreaked or overclocked. The miner in use was the UI miner.
I can say that if I want to make users of web projects mine Monero using Coinhive, I will make it possible if they are using computers and not smartphones. With computers there are higher hashrates and maybe they can make me earn Monero tokens if the hashes are successful. But with all the last flagships of OEMs, I think it might be interesting to mine with them. Look at the specifications of the iPhone X, the Samsung Galaxy S8 or the Huawei Mate 10, it could worth :)
The API of Coinhive is both really interesting and easy to use, and to my mind it is not a so bad example of what we can do with blockchains. Prevent spams, earn money for side projects or news-websites, monetize a web site even if users block advertisements, these are interesting ways of use. We can also integrate Coinhive to opensource projects or associations so as to help them to earn money and buy some supplies for examples.
Indeed malicious people and malwares can use the API to earn money silently, but I believe it is not a good reason at all to forbid this kind of tools.
Let’s see what will be the next cool features! ~=[,,_,,]:3