Popular Chrome Extension Embedded A CPU-Draining Cryptocurrency Miner

An anonymous reader writes: SafeBrowse, a Chrome extension with more than 140,000 users, contains an embedded JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent. The additional code drives CPU usage through the roof, making users' computers sluggish and hard to use.

Looking at the SafeBrowse extension's source code, anyone can easily spot the embedded Coinhive JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is the same technology that The Pirate Bay experimented with as an alternative to showing ads on its site. The extension's author claims he was "hacked" and the code added without his knowledge.

Re:Though wrong in this case... good model?

[Hentes]

Miners are now migrating to ASIC based rigs because GPU arrays aren't cutting it anymore, how efficient do you think a Javascript based software that "doesn't peg your CPU" is going to be? It's a gigantic waste of electricity, nothing else.

Consider

[markdavis]

Like I said in one of the previous articles, I am not totally opposed to the concept, as long as it is done right. But there are things to consider:

1) Laptops: battery life is critical
2) Mobile: battery life is critical
3) Virtual: Does the guest really know the host is "idle" or expecting such a load?
4) Noise: I don't necessarily want my computer that is in my living room ramping up all CPU's and making lots of fan noise
5) Power: You might not think it uses more power, but it absolutely does. I see it on my UPS which tells me exactly how many watts my system is using based on CPU load.
6) Waste heat: And in the summer, I have to pay to remove that heat too through the A/C.
7) Work: Just because it is a computer you are using, doesn't mean it is YOUR computer or YOUR power. Do you have permission from the actual owner(s), not just the user?
8) Multiuser: Yep, there actually are still such systems, and CPU load matters in such environments.
9) Other tasks: I have other things going on sometimes that I want done in a timely manner and don't want anything competing for those CPU resources.
10) UPS: And even with a desktop or server, will it have control to stop the load when it is suddenly on battery because the mains were lost? Runtime/uptime might matter.
11) Wear: Believe it or not there is actually "wear" when a CPU operates, and the more it operates, the more wear. The fans have to spin up faster, the transistors create heat which degrades the chip, the thermal connections, puts stress on the board or socket or other components, pulls more power from the power supply, etc.

It could be a useful tool, but only if it explicitly allows a user to control every aspect of how and when CPU is used. Is the user is made aware of exactly what it is doing and why? Is there is a UI that allows the user to set amount of CPU, priority, perhaps how many cores or threads, and when it could be used? I doubt what I just listed is compatible with all the models that this new "panacea" of questionable "revenue" of side-line mining brings.

Donating "unused" CPU power is nothing new. I did it decades ago for various scientific research. But I also did it completely under my control and with full knowledge about the effects.