Chrome Developer Discussion Highlights Difficulties Of Built-In Blocking Of Cryptocurrency Mining Malware

Image: jiangchun (via Bitcoin Forum)

Once you know hidden, browser-based cryptocurrency miners are a thing, grabbing an extension to block the behaviour isn't a problem. Unfortunately, for the likes of Google and Mozilla, there's no silver bullet for handling the general behaviour of sites that hijack your CPU (or even GPU) cycles for profit, as one ongoing discussion between Chromium developers shows.

A Chromium bug reported post back in September kicked things off, with users and official developers alike chipping in on the problem. Google's Ojan Vafai offered the following solution, which sounds pretty reasonable on the surface:

If a site is using more than XX% CPU for more than YY seconds, then we put the page into "battery saver mode" where we aggressively throttle tasks and show a toast allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely.

Sadly, there are a lot of web applications that max out CPU usage for long periods of time, as one user highlights a few comments later:

Please note that a class of web applications routinely uses lots of CPU. This class can roughly be described as:

- data processing and conversion (large 3D files, etc.)
- graphics intensive applications
- physics simulations
- scientific calculations/simulations
- games
- data conversion
- productivity tools dealing with large and/or complex data to be handled and processed.

The comment ends with "The bottom line is: It's a very bad idea" and the concerns are echoed by others as the discussion continues.

One point that's not even mentioned -- the mining software could be tweaked to limit or spread out its use of CPU / GPU resources, dodging any throttling attempts.

Until developers settle on a foolproof, lightweight way of stopping (or at least reducing the impact of) web-based miners, it looks like the extension route is the way to go.

[Chromium, via Bleeping Computer]