Documentation » AuthedMine

A Non-Adblocked Miner

Shortly after the launch of Coinhive, several Adblockers have begun blocking our miner. This is unfortunate because we intended Coinhive to be an alternative to ads, precisely for users with adblockers.

However, we have to acknowledge that the decision to block Coinhive was understandable as it was possible to run the miner on a webpage without asking the visitor for consent or even informing them. Even some antiviruses now consider our JavaScript miner as a threat, which makes it difficult for website owners to use Coinhive at all.

We implemented AuthedMine as a solution to these problems. The JavaScript Miner, Simple UI and Captcha, when loaded from authedmine.com, will never start without asking for consent from the user or (for the Simple UI and the Captcha) letting them explicitly start mining through a click.

We realize this opt-in may be clunky and not fit all too well with your use case, but we strongly believe that being honest with the user will ultimately be beneficial - for users and website owners alike.

Neither the JavaScript files on authedmine.com nor the domain names are currently blocked by any adblockers or antiviruses. We will talk to adblock and antivirus vendors so it will hopefully stay this way.

Captcha and Simple UI

When loaded through authedmine.com the Simple UI and Captcha will work as before, with the exception of the autostart attribute.

The Captcha does not support the autostart at all anymore. The user will always need to click the Verify Me box for each new Captcha.

The Simple UI still has the data-autostart attribute, but the meaning has changed: For a new visitor on your website, the Simple UI will never automatically start. When the user eventually clicks the Start Mining button and data-autostart is true, the user's opt-in will be stored in a cookie. For the next page load, the Simple UI will start mining automatically.

This opt-in is revoked when the user clicks the pause button or when the browser sessions ends.

JavaScript API Opt-In Overlay

When loaded through authedmine.com the JavaScript API will ask the user for consent as soon as miner.start() is called. This is done in a popover window directly on your page. You will not be able to start the miner if the user cancels the opt-in.

If the user gives consent, an opt-in token is stored in a cookie on your website. If this token is not expired, the miner can start again without a further explicit opt-in.

To prevent misuse, the text in the opt-in screen can not be altered. We will offer translations of this screen for different languages in the future.

opt-in screen
Example of the opt-in screen

Opt-In Duration & Technical Details

For the Simple UI and the JavaScript API, the opt-in given by the user is only valid for their current browser session or at most 24h.

The opt-in is stored in a session cookie on your website. It includes a timestamp and a cryptographic token that ensures that it can not be altered. The cookie is first checked client side in JavaScript and (if not expired) is validated again upon connection to our pool servers. Our servers will refuse a connection from an invalid or expired opt-in token and will instruct our JavaScript API to show the opt-in screen again.

To prevent one opt-in token to be used with multiple clients, the token incorporates the user's current IP address. If the IP address changes, the user will have to opt-in again. The token also incorporates your site key so that it is only valid for one site.

The opt-in token itself is stateless - we do not store the token on our servers.

If you have any technical questions or remarks about the opt-in or if you found a bug in our implementation, please get in touch.

© 2017 coinhive