Cologne 12.03.2019

Crypto Mining As Potential Revenue Stream to Finance Websites and Apps

Crypto mining has the potential to establish itself as a new, alternative business model for the financing of online services in the Internet. However, frequent criminal abuse of the process has brought it into disrepute. The eco Association has therefore produced recommendations for encouraging the permissible use of crypto mining, in the whitepaper “Legitimate Use of Crypto Mining”. Co-author and Leader of the eco Competence Groups Email and Anti-Abuse, Patrick Koetter, explains how website owners may be able to benefit from a new revenue stream, as an alternative to online advertising.

Patrick, how can crypto mining be used legitimately to finance a website?

Many website owners make their content available online without charging a subscription to visitors. This means that when an Internet user visits a website with their browser, they are using resources from the person or organization that runs this website. Now, if the website owner  doesn’t have a shop or or another possibility to earn from this website, it’s likely that they don’t have any good way to refinance the investment made at the time of building and programming it. In this case, many website owners use online advertising to refinance their efforts. But advertising on websites is something that many people don’t like. I’m one of them! So the idea is to look at whether there is another model to generate revenues when you have people visiting your website.

And this is where crypto mining comes in. Crypto mining basically works by having computers doing calculations, and then trading the results for crypto currency. The idea behind financing a website using crypto mining is that if you visit my website with your browser or your smartphone, you agree to have your device do some calculations, and hand over the results to me – I get to trade the results from your device for cryptocurrency, and that’s the way I earn money. And this is a legitimate usage of crypto mining.

Is this already being done legitimately, or is this more of a hypothetical business model?

It’s already being done, but as we wrote in our whitepaper, “Legitimate Use of Crypto Mining”, the majority of crypto mining currently is illegitimate. You’re not asked if you agree to have your device do all the calculations. The code is simply pushed onto your machine, and it is forced to do the calculation and hand over the results. We call this abusive behavior “crypto jacking”. You’re not asked, you’re not part of the deal. That’s not a legitimate use of crypto mining, and unfortunately that’s taking place much too often at the moment.

So if a website owner want to use crypto mining to refinance their website, it would be a question of properly informing the users that that’s happening. Is there anything else that needs to be taken into consideration?

In the crypto mining whitepaper, we have included a list of things that we think that should be required. The list is quite kind of long, but some of the major points are that, firstly, it needs to be an opt-in and not an opt-out. So people have to consent instead of disallowing crypto mining. Then, this opt-in has to be clearly visible. It must comply with web accessibility guidelines, so visually impaired people or people who are impaired in any other way must be both informed and able to choose whether to consent to the use of crypto mining.

And there must also be a way to end the contract at any time. The situation must be avoided that a visitor has consented, and then realizes that the processing is really putting a lot of load on their machine, and chooses to end it, but can’t find out how to stop it. There must be a way to stop the crypto mining at any time. But there are more recommendations in the paper, such as how to minimize the risk of malware and other vulnerabilities, and the need to ensure that devices are not overloaded and damaged.

If I, as a user, go into a crypto mining contract with a website owner, does my machine only engage in crypto mining when I’m on the website?

On a website, yes, because the browser needs to be in contact with the website. But it’s different for smartphones. They can be online all the time. They can run the app constantly, even in background, and you don’t even notice. And now that the majority of devices on the Internet are smartphones, this has become a far more interesting market.

And how can I protect my devices from crypto jacking?

The most obvious thing to do is download apps only from trusted app stores. This doesn’t necessarily mean they need to be from Google or from Apple, but any trusted app store. You might also want to consider using a virus scanner or malware scanner on your device. Anti-virus engine manufacturers have an interest in their antivirus scanner being able to detect crypto jacking and prohibit it. It’s a new market for anti-virus engines.

Would that also detect and block a legitimate crypto mining contract that a user has with a website?

I’m not aware of any mechanism out there today that helps to detect a legitimate contract. So there could well be a conflict there between a virus protection system and the legitimate use of crypto mining to refinance an asset. It might be that the website owner needs to come to an agreement with the anti-virus engine producer that this is a legitimate use and should not be blocked by the software.

Improving Security of Communications – DANE & DNSSEC on stage at M3AAWG 1