False positives for crypto mining

[shigutso]

https://coinhive.com/and https://cnhv.co/ should not be in the Unified hosts list because it's not malware neither adware.

Please don't be like Easy List.

[welcome[bot]]

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

[ScriptTiger]

@StevenBlack, have you taken a look at EasyList? At first glance its structure would seem different, but there are also some strong similarities, as well, to your repo in various places.

@vitorgatti, out of curiosity and for clarification, you would not like this list to be like EasyList in what way? I don't personally have any experience with it, so I am genuinely curious of your thoughts on it. And is this issue at all related to your other recent issues related to your own pool (https://github.com/Snipa22/nodejs-pool/issues/139, https://github.com/Snipa22/nodejs-pool/issues/199, https://github.com/monero-project/monero/issues/2855)? Steven will also want to know how you have verified your listed domains no longer contain mining scripts. And thanks in advance, I hope you understand we just like the list to be as efficient as possible, which requires us to be thorough in some aspects.

[ScriptTiger]

@vitorgatti, are the below snippets accurate for the domains you have listed?

https://coinhive.com/: Coinhive offers a JavaScript miner for the Monero Blockchain (Why Monero?) that you can embed in your website. Your users run the miner directly in their Browser and mine XMR for you in turn for an ad-free experience, in-game currency or whatever incentives you can come up with. grant video streaming time; offer files ...

https://cnhv.co/: Proof of Work Shortlinks. If you have an URL you'd like to forward your users to, you can create a cnhv.co shortlink to it. The user has to solves a number of hashes (adjustable by you) and is automatically forwarded to the target URL afterwards. Example: cnhv.co/6bk (this just forwards to the Monero article on Wikipedia).

If they are accurate, these are not false positives according to this repository's current mission statement. If you would like to rebuttal this, can you please contain a link to your current website implementing these scripts which clearly contains or links to a proper terms of use making your users aware of crypto mining occurring on your website and your current policy regarding it? I am sure you can understand our reluctance to allow domains that contain crypto mining scripts since the vast majority of people who implement them don't come with a terms of use or end-user agreement or any kind of policy or opt-in/opt-out features, which encroaches legalities in many jurisdictions. Google Ads are 100% legal and legitimate, and this repository still chooses to block them because that is part of the mission statement. I hope you can understand our position and I do look forward to hearing your feedback.

[shigutso]

@ScriptTiger CoinHive is not adware nor malware.

Definition of malware (from Google): software that is intended to damage or disable computers and computer systems.

Definition of adware (from Google): software that automatically displays or downloads advertising material (often unwanted) when a user is online.

CoinHive or crypto mining has nothing to do with that.

[shigutso]

EasyList blocked crypto mining websites:

https://github.com/easylist/easylist/issues/710

Do your research before just clicking my username and checking my bug reports :P

[shigutso]

I may also note that crypto mining websites can be blocked by @StevenBlack hosts list, but in a different session, not the main (adware+malware), because crypto mining has nothing to do with that.

[ScriptTiger]

I'm not sure if you understood what I was saying as to the legality issue, but I appreciate your quick response. Governing bodies such as the EU have been leading the way in several Internet privacy laws, digital rights, etc., and crypto mining has been found to be in violation on several counts. It is not inherently illegal, however it is often abused and made to become illegal because it does not come with the proper documentation (terms, policies, etc.). Scripts loaded onto one's digital device are a form of software which consume resources (network resources, memory resources, etc.) to carry out their tasks, but often users are unaware of these tasks being conducted due to lack of documentation. This is still not a false positive under the mission statement of this repository, but Steven will have the final word of review on the matter.

I do understand, of course, that crypto mining can be an easy replacement for ads so that the mining can work in the background and earn revenue while the users don't have to experience ads. However, another common abuse is using crypto mining in conjunction with ads, which then also violates Internet-specific authorities such as Google because it violates their specific terms of use which specify how many ads can be placed per page, which other ad services can be used in conjunction with their service, and they also have extensive rules on documentation and policy placement, etc. Obviously violating Google's policies will result in being dropped from search results, ad listings, etc.

I am not sure if you were aware of these things, but I do invite you to also do your research before replying with material that has already been refuted.

[ScriptTiger]

I think another important note would be that the consensus of this community is simply that they wish to include them, as can be seen by the frequent issues and PRs made to add more to the list. Since this is a consumer-run project, there is nothing more to be said beyond we do as the consumers want in order to maintain a product of as high a value as possible to them. Even if the legalities can be argued, this point never can be. I would also invite you to dig through the issues and PRs of this repository, both closed and open, for further reading on the matter.

[ScriptTiger]

For your own personal use, I would recommend using the "whitelist" file in the root directory of this repository, That way you can continue to use our list, but you will not block the domains you need to remain open for your own uses. I think this is the best solution for you in this case and I truly hope it helps you.

[ScriptTiger]

For supplemental reading, I invite you to research any major anti-virus, including but not limited to AVG, Avast, Windows Defender, etc. They all consider crypto miners to be viruses, a form of Trojan to be specific. As they are often not documented, when you visit a website for one purpose and a crypto mining process is running in the background against your knowledge, it would seem as though the website had brought you there under false pretenses from the start in many cases (usually websites of low quality content such as illegal online movie streaming, pornography, cloned news content, torrents, content mills, etc.), qualifying it as a Trojan.

So as well as aligning with consumer demands, we also align with professional and industry standards. Perhaps you could provide us with an official response from the customer support sections of any of those reputable organizations that might go against this.

[StevenBlack]

Hey @ScriptTiger can you please not strafe people who post issues here?

I come to this issue and, like other recent issues, I have to re-live this lengthy and noisy thread involving you and the OP, just to get a bearing on what's going on.

How about, by default, we don't browbeat people who post issues here. Can we do that?

I'm sorry @vitorgatti – I'm going to close and lock this issue right now. Can you please re-post it so we can have a fresh re-start? May I ask you, however, to make your case? Please don't just say such and such websites aren't malware or adware. Explain why, and provide a rationale if you can. Make your case. Thank you, and see you at the top of a new issue.