Does UNICEF Australia's use of web mining legitimise the activity?
UNICEF Australia has recently embarked upon a bold experiment to use web-based cryptocurrrency mining as a way to raise funds for its humanitarian missions.
To do this, UNICEF Australia has put together a dedicated webpage that features a copy of the authorised mining version (authedmine) of the now infamous Coinhive browser mining script. The site is hosted on a dedicated domain separate from the main UNICEF homepage on www.thehopepage.org. The site itself is nicely built and very clear about its purpose.
Visitors to the site see a clear message explaining how the website uses the processing power of the computer to generate funds for UNICEF.
Clicking on Start Donating button leads to another page where the user specifies how much CPU power they wish to dedicate to the mining.
A sensible range of between 20% and 80% is allowed so that users are not left with unresponsive machines as they go about their business. A lower percentage allows the process to remain unobtrusive and visitors may choose to leave it running in the background for longer.
After a percentage is selected, the user clicks on Confirm and then the mining process starts as a new page is loaded. This new page displays a slideshow and has a widget that shows how many hashes have been generated and the hash rate of the mining process as well as how long the mining has been running for.
While the site demonstrates a really good implementation and use case for web-mining, some of the details are less impressive. Despite all the polish, there's a nagging question in the back of my mind...
Is this for real?
Anybody who’s been around on the web and in particular in cryptospace for a while should already be aware that not everything should be taken at face value. In the digital world, just about everything can be easily faked and with so many different scams of every type doing the rounds, you really have to take great care and question everything.
When I look at this website, it seems to look legit, it ticks all the right boxes, has the right logos and messaging. It looks and feels legit, but is it?
The answer to that question is actually quite hard to find. You won’t find any mention of this crypto-mining initiative on the official UNICEF Australia website (at least there’s none at the time of writing this.) There’s a link back to the UNICEF Australia website but any website can link to another one. Same way any website can rob text and logos and images from another website too. So the content doesn’t prove anything. A WHOIS lookup of the domain does not tell you that it is owned by UNICEF.
You can’t tell anything by looking at the mining scripts or the account details. Coinhive actually mines Monero (XMR) one of the most private of cryptocurrencies so good luck trying to find out who owns a particular wallet or address.
So after some searching, the only official reference to this activity I can find is a tweet on the official UNCIEF Australia Twitter verified account.
We're excited to launch The Hopepage. This innovative website allows you to easily donate some of your computer processing power to generate #cryptocurrency and fund life-saving aid for children in crisis. #UNICEF #ForEveryChild https://t.co/rPXCnTcahy
— UNICEF Australia (@unicefaustralia) April 29, 2018
So that’s wonderful, it says so on a the UNICEF verified Twitter account, therefore it must be legit then right?
Well, yes perhaps it is, but we know that verified Twitter accounts aren’t always what they are cracked up to be. There are many instances of fake verified Twitter accounts as various people have found out to their cost in the past.
The morale of the story is...
While I think that it is fantastic news that UNICEF Australia has chosen to try out web-mining as a way to raise funds and in doing so raises awareness of web-mining as a form of legitimate fund raising instead of the usual associations with malicious actors and cybercriminals. They really could have done better to link up and promote it better on their main website and add it as one of the donation options on their Donate drop down menu. They could even integrate the web-mining option right there onto their official home page rather than a separate domain which visitors can’t really tell if it’s genuine or not.
If web-mining is done properly and by respected users such as UNICEF for the right reasons, it would really help a lot to bring web-mining in from the cold.
Web-mining has its merits and deserves a chance to succeed, it just needs to be applied correctly.
Web-mining has a real bad image problem
In case you are not familiar with Coinhive (where have you been?), it is the supplier of web infrastructure (scripts) to allow websites to have site visitors mine Monero while the user is browsing the site. This is done as a form of payment for the content that the user is accessing and is touted as a much needed alternative to the often intrusive ads and various user tracking mechanisms used to facilitate it. The revenue is divided up between Coinhive and the site hosting the scripts. It sounds like a reasonable trade, the user gives up a some CPU cycles to earn crypto for the website owners so they don’t have to bombard visitors with ads and potentially other nasties to keep the lights on in their business.
In practice, the Coinhive browser mining script was widely abused and as a result received A LOT of bad press. It quickly become the bane of many websites and users ever since it burst onto the scene in late summer of 2017. It found its way onto many different high traffic websites including the Showtime website as well as infecting widely used web scripts such as BrowseAloud which resulted in many government website around the world pushing the Coinhive scripts to unsuspecting users. In many instances, the scripts were placed there without permission, either outside hackers planted the scripts or insiders planted them in order to mine cryptocurrency for personal enrichment.
Part of the problem is that, the original Coinhive scripts can be run without a user interface and also without seeking the users’ permission first. This deadly combination made it a favourite way for malicious actors to use and abuse it to mine tonnes of Monero during the white hot cryptocurrency boom of late 2017 when Monero prices reached over $400 apiece.
What are your thoughts on this?
Thanks for reading and feel free to share your thoughts on this development and web-mining in general. Please upvote/resteem if you enjoyed this post.