every Coin Hive plug for WP imports the mining script (it has to) and, again, this is not necessarily a bad thing as long as the visitor is 1) made aware of this fact and 2) that an opt-in option is offered

there is no malware involved here, at least not with the Coin Hive script so far as i can tell, but AV companies are essentially labeling it as such and i think that’s because of unethical developers who run the script without asking – they’re giving this tech a bad name before it even gets rolling

HOWEVER, the way that every single one of the devs are implementing the Coin Hive miner in all of the WP plugs as of this writing is HIGHLY UNETHICAL in my opinion insomuch as they all are allowing the mining script to run WITHOUT even making the visitor aware, much less offering an opt-in solution

I agree. But I don’t point at the devs here, I point at the people who have installed this plugin without that action.

To make this a tl;dr the responsibility of disclosure is on two ends

1) Did the developer disclose what the plugin does and how it works?

2) Does the site running the plugin disclose what the SITE is doing?

The first one is absolutely our responsibility, and we’ve made sure everyone is. If we missed anyone, PLEASE email [email protected] with a link to the offending plugin.

The second one is not our responsibility or purview. While I can wish the plugin devs made it easier, it’s exactly the same as running ads on your site. Its your job to inform your visitors what your site is doing.

Also I’d watch out running these in general, some web hosts prohibit this sort of thing.