The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
Even more reason to disable Javascript.
Flag. These. As. Malware. Let's see how these smarty pants website owners and advertisers react when their users start avoiding the site because they are getting anti-malware alerts and get demoted in search engine results
CPU cycles equals wear and tear, slower performance, and likely more bandwidth consumption.
While you may not be affected, plenty of people are and will be.
Those on metered connections, or who have to pay overages for data.
Those running on mobile devices who need as much battery life as they can squeeze out of their devices.
Those who are at the lower end of the financial spectrum, who have to watch their wattage and struggle to replace their aging machines, and struggle to provide air conditioning and such to their homes.
Its kind of like the penny. For so many people it isn't even worth picking up, but for so many other people a penny is a big deal. My biggest concern would be battery life.
Mining to your own account in Javascript is stupid. It's incredibly inefficient (ie. it wastes lots more electricity than you will ever see in return). If you're going to mine it then mine it natively. The only reason it works for them is because it's not their electricity.
There is no way in hell the revenue from mining can match ads. This whole mining in the browser thing is just for illegitimate uses (ie. malware).
Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it.
I don't think that's anything close to a sufficient reason to accept the dangers associated with it. Javascript is not only a theoretical security problem, it's one that's very commonly exploited.
All of the arguments that apply to getting rid of flash apply to getting rid of Javascript.
We are still heading towards a good place.
Maybe, but the evidence for this is weak.
The web needs a common client side computing platform
"Needs" is a very strong term. In my opinion, it's more of a "nice to have" than a "can't live without".