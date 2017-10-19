Please create an account to participate in the Slashdot moderation system

 


Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) 82

Posted by msmash from the brainstorming dept.
An anonymous reader writes: Google Chrome engineers are considering adding a special browser permission that will thwart the rising trend of in-browser cryptocurrency miners. Discussions on the topic of in-browser miners have been going on the Chromium project's bug tracker since mid-September when Coinhive, the first such service, launched. "Here's my current thinking," Ojan Vafai, a Chrome engineering working on the Chromium project, wrote in one of the recent bug reports. "If a site is using more than XX% CPU for more than YY seconds, then we put the page into 'battery saver mode' where we aggressively throttle tasks and show a toast [notification popup] allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely. I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds. I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions [...]. It only triggers when the page is doing a likely bad thing."

An earlier suggestion had Google create a blacklist and block the mining code at the browser level. That suggestion was shut down as being too impractical and something better left to extensions.

  • Why isn't this already standard? (Score:3)

    by Baron_Yam ( 643147 ) on Thursday October 19, 2017 @12:25PM (#55397217)

    Most web surfing involves text, images, and perhaps video in a well-defined box. Anything else is generally crap that doesn't benefit the surfer.

    I'd say rather than a percentage of total CPU utilization, they ought to be measuring against a percentage of the browser's CPU usage. Any non-whitelisted script that is taking more juice than it would take to render a straight text-and-image page can be throttled to zero, in my opinion.

    • > Anything else is generally crap that doesn't benefit the surfer

      Not always --there are valid use cases:

      * Notch prototyped Minecraft procedural textures [jsfiddle.net]
      * Us graphic geeks using WebGL "hang out" on shadertoy [shadertoy.com] (Warning: Space Audio)

      As long the default is opt-out and we need to whitelist our favorite sites, while being a minor inconvenience, that is the right way to do it.

  • Ad company defends business model (Score:2, Insightful)

    by Anonymous Coward

    Company threatened by emergence of a new model of online compensation uses control over existing infrastructure to severely limit its penetration into the market.

    Big surprise.

    • Re: (Score:1)

      by Anonymous Coward
      Ignoramus web forum poster can't tell the difference between ads and cryptocurrency mining, has no idea what he's talking about, makes snarky comment.
      Big surprise.

    • Re:Ad company defends business model (Score:4, Insightful)

      by Bruce Perens ( 3872 ) <bruce@perens.com> on Thursday October 19, 2017 @01:09PM (#55397623) Homepage Journal

      Company threatened by emergence of a new model of online compensation uses control over existing infrastructure to severely limit its penetration into the market.

      Not really. Running a miner is not a way that legitimate content sites recover their cost of operation. It's a way to grab some of the viewer's cycles for mining without their knowing it. If you want viewers to pay for use of your site in CPU cycles, design a protocol for that which will tell the user what they're paying, and allow them to pay it fairly or inform their decision to stay off your site.

      • >Running a miner is not a way that legitimate content sites recover their cost of operation

        You could make the exact same argument for third-party ads.

  • The problem with this method is half the web already acted like it was running a crypominer before these things even showed up.

  • Google should see this as a threat!!! (Score:3)

    by zippo01 ( 688802 ) on Thursday October 19, 2017 @12:42PM (#55397385)
    This would be a brilliant business strategy! No ads, clean uninterrupted browsing, they just get some CPU cycles from you. Most people wouldn't even notice the difference or the cost. I would do it not to have to look at ads. This could destroy googles hold on ads and the new revenue stream for the internet. They should just let the user know whats going on and BAM!
    • Then MS can tell that Edge is saving battery compared to Chrome as it does not support cryptocurrency mining.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      Not so great on battery powered devices though.

    • Re: (Score:2)

      by tepples ( 727027 )

      Most people wouldn't even notice the difference or the cost.

      Not even when the device's battery runs out twice as fast as it used to? Or were you operating under the assumption that "Most people" use a desktop PC as opposed to a laptop, tablet, or smartphone?

  • I've been manually accomplishing the same thing with Quick Javascript Switcher [google.com] to turn off JS on sites which abuse it, and The Great Suspender [google.com] to freeze background tabs.

    I also keep Windows Task Manager's CPU graph in the notifications bar so I can see if my computer isn't dropping to idle. That's what originally led me to start using The Great Suspender. Although in my case it wasn't crytocurrency mining scripts, it was poor coding on Google's Photos and Drive websites which kept chewing up CPU cycles

  • Chrome is a browser. We live in an age where some people (notoriously Google) think browsers needs to run full fledged apps in a sense they must take advantage of modern processing power. That is just wrong - websites are nowadays supposed to be much more technically sophisticated, and yet, consequentially much LESS demanding with things like the quai-extinction of flash and the advent of HTML5. In any case, 100%, or even 20% is not uncommon on "harmless" websites and this would induce in many false positiv

  • Chrome will be the new IE6

    • Chrome will be the new IE6

      Yes! my css code will work, at last!

    • It already kind of is. On the desktop, Microsoft was actually their main competitor. But then Microsoft launched Edge and like most new Microsoft products it was a crushing blow to Microsoft:

      2 Years ago, MS still held an incredible 50% of desktop browser share:
      https://www.netmarketshare.com... [netmarketshare.com]

      Now, they are down to 20%
      https://www.netmarketshare.com... [netmarketshare.com]

      Despite being literally shoved into users faces, the introduction of Edge didn't draw users away from Chrome. No, it seemed to send IE users running to it inste

      • e've already seen Google start to flex their muscle a bit in the same way Microsoft did

        It's not desktop muscles they're flexing (yet). It's search. How fast websites render in Chrome (okay, according to rules that totally happen to randomly perfectly align with Chrome) influences pagerank

  • There's a documentation hub for a service out there that I noticed using 100% of one CPU core on my laptop, whenever I had a page open on it. Didn't matter whether the tab or Chrome window was foreground or not. I dug into it, and found a CSS spinner sitting underneath a Google translate button. I'm thinking the page designers wanted a spinner to show if that button took a while to load. But they designed it in CSS; it kept running forever, even after the button loaded; and it used 100% CPU. Having a built

  • How about blocking autoplay video? That shit is way worse than a miner.

    • There is an ext for that.

    • There is absolutely ZERO need for autoplay video if you're not an advertiser looking to force something into someone else's eyeballs.

      Every browser should, by default, put a placeholder in for video and require user interaction just to start loading it, never mind actually play it.

      Back when most video was Flash and Firefox was king of the alternate browsers, I used the FlashBlock extension and it was glorious.

  • This is exactly the kind of thing I told you was going to happen yesterday [slashdot.org] and yet, only +3 Insightful.

  • that kind of measurement system would mistakenly assume that all CPU intensive pages were a problem. that ain't the case. thus, tons of false positives requiring authorization and white-listing.

    • that kind of measurement system would mistakenly assume that all CPU intensive pages were a problem. that ain't the case. thus, tons of false positives requiring authorization and white-listing.

      Hardly, Crypto mining is a 100% of CPU continuously type of operation. I can watch my tv on youtube and barely break 10% CPU utilization... (Well, thread utilization which is even lower). I imagine if you are watching super HD/8k video it might take interesting percentage of a modern CPU, but nowhere near 100%, especially with GPU offload.

  • This is actually an excellent solution even for "valid" websites which misuse shady ad networks and contain otherwise bad JS code (for rendering/user interaction/ajax/etc). I just want these variables to be configurable, i.e. >=5 seconds of more than 70% 1 CPU core usage and the tab gets throttled.

  • The massive pegging of CPU is hardly new. There have always been terrible websites - many of them video ones - which for various reasons, such up as much CPU as they're able to, bringing the machine to a crawl. Most of them are video related, including flash (it was notorious), and - in its early days - YouTube. The worst are those that call functions of code you had to install natively.

    The problem is that most browsers give absolutely no indication that this is happening, leaving the user to wonder why hi

  • Let a hundred extensions bloom!

    Let extension developers deal with the problem.

    Once a great approach is identified, bake it in all browsers.

    A monolytic company (and specially one like google, which lives of adds) is not the best blace to come with a solution, let alone a great overall solution

