Showtime Uses Online Viewers' CPUs To Mine Cryptocurrency

By Nathaniel Mott
published

Bad news for Showtime customers: The company used Coinhive, a cryptocurrency mining tool, on several of its official websites. This allowed Showtime to use customers' devices to mine the Monero cryptocurrency, which it could then sell for a profit whenever it desired.

On its website, Coinhive's creators positioned the utility as a monetization platform that allows service operators to offer streaming videos, online games, and other services without requiring subscription fees or showing ads. The idea is that people can have their "free" content and privacy without putting companies out of business. Nothing is actually free—people are effectively renting out their CPUs—but it won't cost actual money.

Coinhive's presence on Showtime's websites was discovered by information security analyst Troy Mursch. We also confirmed the mining tool's presence on Showtime Anytime by viewing the source code of a cached version of the site from September 24. Mursch said Coinhive wasn't present in a version of the site cached on September 21, and it's since been removed, so it would appear Showtime didn't use the tool for long.

Still, it's not hard to see why someone would be upset about Showtime using Coinhive. These people thought they were just watching an episode of "Ray Donovan" when in actuality their CPUs were being used to mine cryptocurrency without their knowledge or consent. You might expect that from companies that offer free services, which have to make a buck somehow, but it's more surprising to see it from Showtime.

That's especially because Showtime doesn't offer free services. You have to sign up for a subscription to watch its programming. There are plenty of ways to sign up. You can subscribe via iTunes, Sling TV, cable television providers, and countless others—but none of them include "let Showtime use your computer to mine cryptocurrency." You were basically paying for the service twice by forking over your hard-earned money and sacrificing your CPU power.

That sacrifice isn't small, either. Mursch found that sitting idle on the Showtime Anytime used 60% of his CPU:

We sat idle on Showtime Anytime earlier this morning and found that it used less than 8% of our CPU, even though it was lumped in with the other tabs we had open in Firefox, which means there could be a substantial difference in the resources used by the site with and without Coinhive. This could, of course, also be caused by differences in the CPUs used as well as other factors. But the comparison is still worth making, if nothing else than for anecdotal purposes.

In the time since Mursch published his blog post, Showtime appears to have removed Coinhive from its websites. It's not clear if the company wanted to avoid more scrutiny, if it was merely testing Coinhive on its sites, or if the mining tool's disappearance is temporary. Coinhive is a simple JavaScript library; it wouldn't be all that hard for a company like Showtime to remove and then reintroduce the utility.

We've reached out to Showtime for more information about its Coinhive usage and will update this article if the company responds.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

8 Comments Comment from the forums
  • onlyroger
    Commas and editors are your friend.
    Reply
  • RomeoReject
    Ouch.

    If you're a free service (YouTube, generic TV site, etc), I can understand this. You need to make money somehow, and maybe using a bit of CPU when people are on the site is less intrusive than annoying ads.

    But a paid service? Now you're just being d-bags about it.
    Reply
  • rhuwyn
    Honestly, what probably happened is some douchbag IT guy or developer added it in there thinking it would never get caught and he would be able to use Showtimes entire audience to fund his retirement.
    Reply
  • USAFRet
    20213219 said:
    Ouch.

    If you're a free service (YouTube, generic TV site, etc), I can understand this. You need to make money somehow, and maybe using a bit of CPU when people are on the site is less intrusive than annoying ads.

    But a paid service? Now you're just being d-bags about it.

    No, not even for a free service.

    OK....only if there is a specific, large, popup that tells you it is doing this, and the possible implications.
    Not buried on screen 42 of a 128 page ToS.
    Reply
  • epobirs
    20214027 said:
    Honestly, what probably happened is some douchbag IT guy or developer added it in there thinking it would never get caught and he would be able to use Showtimes entire audience to fund his retirement.

    That was my immediate assumption. I remember when Folding@Home competition started, I heard of a number of IT guys getting in trouble for putting it on large numbers of machines under their administration. They thought it would go unnoticed if set to only run during idle moment but inevitably somebody would catch on and complain.
    Reply
  • cryoburner
    20214070 said:
    No, not even for a free service.

    OK....only if there is a specific, large, popup that tells you it is doing this, and the possible implications.
    Not buried on screen 42 of a 128 page ToS.

    A large popup would be "annoying and intrusive" though. The idea here is to not bother the site's users, while still profiting from their visit. I would probably rather encounter something like that than a big, autoplaying video ad that pops up on every page, using system resource for something annoying that gets in the way. So long as the script were light on resource use, it might not be bad. I would want to see at least a small logo on the page indicating that such software was being used though. Maybe there could be a play/pause button at the top of the page to allow a user to pause the mining script if desired.

    The alternative is to use ads to pay for free site services, but if the majority of a site's target audience is using ad-blocking software, then they need to look for some other means to stay in business.
    Reply
  • USAFRet
    20214290 said:
    20214070 said:
    No, not even for a free service.

    OK....only if there is a specific, large, popup that tells you it is doing this, and the possible implications.
    Not buried on screen 42 of a 128 page ToS.

    A large popup would be "annoying and intrusive" though. The idea here is to not bother the site's users, while still profiting from their visit. I would probably rather encounter something like that than a big, autoplaying video ad that pops up on every page, using system resource for something annoying that gets in the way. So long as the script were light on resource use, it might not be bad. I would want to see at least a small logo on the page indicating that such software was being used though. Maybe there could be a play/pause button at the top of the page to allow a user to pause the mining script if desired.

    The alternative is to use ads to pay for free site services, but if the majority of a site's target audience is using ad-blocking software, then they need to look for some other means to stay in business.

    Going to a website and using a service does not give them free license to use your PC for "whatever", without notification.
    Behind the scenes mining, a torrent node, free WiFi for the neighborhood...

    If you tell me about it and I agree, maybe.
    But just doing it behind the scenes? No.

    And for a service I am already paying for? Not a chance.
    Reply
  • sykozis
    This could actually come back to bite Showtime. They have no legal right, implied or otherwise, to utilize the hardware of website viewers. By doing so, without notification, they could face legal consequences if enough affected website visitors were to decide they deserve a piece of that mining money....
    Reply