That's really disingenuous. The software does exactly what it says on the cover and the documentation, no more and no less. And it causes no harm of any sort, but uses lots of power as designed. The malware classification comes because some sites used it without user's permission, which CoinHive fixed via the authedmine.com domain - that only allows the miner to be use with explicit and temporary user consent.
But the software is clearly a hot avenue for hackers. And trying to legitimize this kind of thing also makes the foray into "cryptojacking" more enticing.
If legit sites start doing this, users will get used to it and hackers will bring in more cash.
CoinHive didn't fix this, as far as I understand. They simply published an alternative miner. As recently as a week ago, many UK and US gov sites were cryptojacked using the CoinHive software: https://motherboard.vice.com/en_us/article/bj5m4v/cryptocurr...
They don't even seem to be trying to root out malicious users:
>The team don’t specifically track domains, so if a user’s email address is not, for example, “contact@website.com,” Coinhive often don’t know where or how the service is being used, though.
CoinHive has assumed that all instances of sites directly using the CoinHive software have been or are going to be blocked, and so have deprecated direct use of the CoinHive JS. Authedmine.com is now the official way to do things, and it operates only with consent.
Why make that assumption and leave users without blockers out to dry?
Why not just halt all payouts to the old software and only pay out to versions which are using the Authedmine.com version?
Why not do KYC on people who have a very high likelihood of using your software to violate the law?
Salon is the kind of magazine which will call (justly) for corporate responsibility in all sorts of industries, but when it comes to software makers just totally not doing the basic, easy things when it comes to respecting web security, they'll pay them.
But isn't it a dangerous road where we hold the makers of software responsible for nefarious uses? Paypal does a lot of this kind of fraud detection and prevention, and we all lambast them for it.
Halting payouts to those using the old software leaves legitimate users out to dry as well - whatever they do, someone is going to be miffed. I assume there will be a point in the future when they do refuse service to all the old API endpoints, but they can't rush that.
