Tuesday was an interesting day in the history of cybersecurity and media technology.
In an effort to make money in the face of ad blockers, progressive news outlet Salon.com began to use opt-in cryptocurrency miners on readers’ computers. Using Coinhive, a piece of software that’s been described as the most prevalent malware currently online commonly used in attacks known as cryptojacking, the media group is now mining Monero. But Salon’s approach is clearly different. A big informational pop up window at Salon.com tells the user what’s going on and gives them their options: Turn on ads, pay a subscription or mine cryptocurrency for the website.
It’s a fascinating move from multiple perspectives. For media and its dwindling ad dollars, it’s a potential revenue stream. For security, it’s a novel tactic when ad blockers are recommended by cybersecurity experts as a defense against the persistent threat of malvertising. For cryptocurrency, it’s a potential significant legitimate use case when some retailers and big banks are cutting ties with the cryptocurrency world.
Salon’s techies are working on optimizing the solution so that, for instance, there isn’t a huge variance of CPU usage from computer to computer. Just one day in, it remains a work in progress, but money is being made.
We spoke with Jordan Hoffner, CEO of Salon Media Group, about the company’s new move.
CyberScoop: Can you tell me the thought process behind this, the inspiration for doing this and how it came to be?
Jordan Hoffner, CEO of Salon Media Group: We’ve been looking at broader solutions to make the media model more efficient and profitable because it’s not right now. At least not for us and probably not for a lot of other people. We started thinking about breaking it down, every scenario you could possibly imagine, social [networks], and then ad blocking came up.
What’s [ad blocking]’s growth rate, what’s the solution, what are potential things coming down the pike? You hear about Google and what they’re doing with Chrome and ad blocking. That’s scary for a media company. We had to figure out ways to combat that.
The first thing we came up with is what everybody else wants to be doing is a paid model which we’re doing, that launches in a couple of of weeks in the App Store. We’re excited about it, we think we have a good value proposition for that.
We wanted to avoid the hand-out support journalism approach. Maybe it’s doing okay for some folks but I find that overall you have to have a good value proposition for someone to pay you money.
Then we looked at this and said, maybe this is another opportunity. We went the route of the browser, we wanted to make it opt-in. We saw some media companies had tried to do this in more of an underhanded type of manner, which is not the principles of Salon at all. We wanted to be transparent and forthcoming and make it an opt-in solution, so that’s what we did.
We built some tech around it to make it more secure. It’s still a work in progress, but overall I haven’t heard any complaints from users about this so that’s good.
CyberScoop: Why Monero?
Hoffner: It’s just a starting point. We recognize there are a lot of [cryptocurrencies] out there, we want to be able to make sure whatever it is we’re doing can ultimately translate to dollars. We started here, whether we end here who knows? But you gotta start somewhere.
CyberScoop: On the topic of Coinhive, as a piece of software over the last few months has been used in not opt-in, nonconsensual ways much more widely. There is, in the cybersecurity community, a perception of it as malware if used in that way. Did that perception play into the thought process for you at all?
Hoffner: We thought hard about the risk. We had conversations with the folks there to try to understand their intent overall. A lot of things can be used in a way that the founders didn’t mean it to be used.
First and foremost, if there was any issue with malware or security, we’ll stop doing this and start again. It’s not worth it, it’s not our intention, all we’re trying to do is try to figure out a new paradigm for the media model which is under pressure.
We all have friends, families, trusted users who use this. We don’t want to hurt them in any way, shape or form. But we haven’t heard anything else that’s been bad about this. We’re doing everything we can to make sure it’s a stable environment and it’s used for what its purpose is.
We’ll see how it plays out. This might be the wrong solution. It might be the right solution. Ultimately, we’re trying to figure out what is the right solution.
CyberScoop: One of the bullet-points in the FAQ says “We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution and innovation.” There were reports on social media of readers’ CPU usage going up above 90 percent. I wasn’t able to verify that, but my own CPU usage went well above 50 percent.
I want to know, what is the computing limit? Is that accurate and is it working as intended?
Hoffner: We are making optimizations to make it smarter, we are actively doing it right now.
We’re seeing other users where it’s using three to five percent on a MacBook Pro. The point is the variance is very high and we want to figure out how to reduce the variance. That’s one of the optimizations we’re working on right now.
CyberScoop: With the informational pop up, when it informs you of what’s going on, you opt-in by clicking ‘learn more.’ Is that working as intended?
Hoffner: It’s a double opt-in, actually. You have to click on it twice to make sure it starts to mine. You click once and it doesn’t automatically start mining, you click again and it does. I think it was from the start.
[CyberScoop note: When we tested the website on Tuesday, the FAQ page immediately started the cryptocurrency mining. On Wednesday, that does not appear to be the case.]
We want to make sure people understand what they’re doing. This is about transparency and choice. This is not about pulling a fast one. We really care about our brand, we care about our user base. Part of is they understood what we’re trying to do. They can opt-in or they don’t have to, that’s fine, we’re giving them other ways.
We made a decision we have to stop giving away our content and having large windows of value creation being thrown out. It had to stop.
CyberScoop: I saw you said, correct me if I’m wrong, something like 25 percent of the audience uses ad blockers.
Hoffner: What I said was, roughly, the industry is at 30 percent and we are in line generally with what’s going on in the industry as a whole.
CyberScoop: In the cybersecurity world, when a lot of people talk about ad networks they talk about it as attack surface and the potential for malvertising and security issues. There are a lot of security people who recommend ad blockers as a security precaution instead of other reasons to use ad blockers. Do you have any thoughts on that view of ad blockers?
Hoffner: The software is there for a reason. Google is incorporating it into Chrome for a reason. The ad tech industry got out of hand a bit.
But what we’re seeing is backlash from the user base who are installing ad blockers. Clearly something is wrong.
I see it on my phone. I click on an article, sometimes it’s one of ours, and I see bad ads and I’m like ‘ugh! We don’t want this.’ This is terrible, I don’t want to win $1,000 from Comcast or whatever that ad is. Nobody wants that and it’s enough already.
Both Proctor and Gamble and Unilever say they’re pulling out some of their budget on advertising because it’s fraud issues or adjacent to bad content. I think we’re seeing the start of a correction here in the marketplace. We want to be part of the potential solution and not the problem.
As a user, an executive, a media person, I want to see improvements, we all do.
CyberScoop: Does this come close to making up the gap to the ads that aren’t shown?
Hoffner: We’re 72 hours in, I don’t think that’s a very fair question. But we are making something when we weren’t making anything. We’re focused on user adoption and safety. That is the area we as an industry and as a company need to focus on. If you get those things right, history suggests money tends to follow. We want to focus on this piece first. This whole exercise is about getting people to think about it a little differently. I think there’s value to that.
Maybe this opens the door. I’m glad we were the first ones to do it. The other part is we’re the first ones to really incorporate it into our stack.
CyberScoop: Do you see more media organizations doing this in the future?
Hoffner: I’d like to see standardization, that only helps everyone. A rising tide lifts all boats. I also think it will help the ad business be more in check in terms of all those things you suggested, malware and all that. That would be nice for everybody.
We can only control what we can control. We put our foot forward, we took a bold move. I guess that’s the only way to characterize it. I’m not sure if it’s a smart move, not sure if it’s a dumb move, but it’s a bold move. We’ll see what happens. Now that door is open. We wanted to see the possibility of creating something of new value here so we did.
The conversation has been edited for length and clarity.