Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com)

Posted by msmash on from the beware dept.

Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.

51 of 362 comments (clear)

  1. Executable documents... by GenP · · Score: 5, Insightful

    Even more reason to disable Javascript.

    1. Re:Executable documents... by DickBreath · · Score: 4, Interesting

      I don't want to have to disable Javascript.

      That would be bad.

      What I want to have to enable Javascript. If I feel like it. If it seems like I'm missing out on something.

      Does slashdot stress out ad blockers or what? Why not have ads that don't require Javascript? If the ads are too many then I just won't come back.

      What if browsers severely limited the amount of execution time Javascript had to set up event handlers on controls in a business application. Then also severely limit the execution time of those event handlers -- exclusive of the time it takes for an event handler to make a limited number of ajax calls to the page's originating server. Would this idea limit the bitcoin mining abuse, while not constraining real applications?

      --

      I'll see your senator, and I'll raise you two judges.
  2. Autocorrect typo? by Hartree · · Score: 4, Informative

    I suspect the submitter meant "rife" rather than "ripe".

    Of course, since "ripe" can mean "stinky", maybe it fits.

    1. Re:Autocorrect typo? by gnick · · Score: 5, Funny

      For all intensive porpoises, they both fit.

      --
      He's getting rather old, but he's a good mouse.
    2. Re:Autocorrect typo? by Anonymous Coward · · Score: 5, Funny

      I hole-hardedly agree, but allow me to play doubles advocate here for a moment. For all intensive purposes I think you are wrong. In an age where false morals are a diamond dozen, true virtues are a blessing in the skies. We often put our false morality on a petal stool like a bunch of pre-Madonnas, but you all seem to be taking something very valuable for granite. So I ask of you to mustard up all the strength you can because it is a doggy dog world out there. Although there is some merit to what you are saying it seems like you have a huge ship on your shoulder. In your argument you seem to throw everything in but the kids Nsync, and even though you are having a feel day with this I am here to bring you back into reality. I have a sick sense when it comes to these types of things. It is almost spooky, because I cannot turn a blonde eye to these glaring flaws in your rhetoric. I have zero taller ants when it comes to people spouting out hate in the name of moral righteousness. You just need to remember what comes around is all around, and when supply and command fails you will be the first to go. Make my words, when you get down to brass stacks it doesn't take rocket appliances to get two birds stoned at once. It's clear who makes the pants in this relationship, and sometimes you just have to swallow your prize and accept the facts. You might have to come to this conclusion through denial and error but I swear on my mother's mating name that when you put the petal to the medal you will pass with flying carpets like it’s a peach of cake.

    3. Re:Autocorrect typo? by Thud457 · · Score: 3, Funny

      who would win in a fight? two intensive porpoises or an escape goat?

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    4. Re:Autocorrect typo? by gnick · · Score: 5, Funny

      Would they be fighting with bear hands?

      --
      He's getting rather old, but he's a good mouse.
    5. Re:Autocorrect typo? by DickBreath · · Score: 4, Funny

      Your never going too get you're weigh on this.
      Their are just two many people out they're using there words wrong too get to upset.
      Sew don't loose you're cool about it.
      You can sea mini common examples that exist of incorrect usage.
      People pick the write words two use according too there porpoises.
      But you'd have two be a fool to begin or end a sentence with the word "but".
      And only an idiot would begin or end a sentence with "and".
      And a preposition is a very bad word too end a sentence with.
      Anyway, you should never use the word anyway.
      Only on weakdays ending in "y" you should utilize the word "use" whenever you would use the word "utilize".
      And relax on the weakened.

      --

      I'll see your senator, and I'll raise you two judges.
  3. Possible fix by Anonymous Coward · · Score: 5, Interesting

    Is there a way that someone could write a browser plugin that returns wrong/garbage results to the crypto mining command and control server, rendering entire massive calculation trees wrong and useless and destroying their scheme?

    Ideally a way to enable/disable per site so that sites that ask permission can be granted on a case-by-case basis.

    1. Re:Possible fix by ohnocitizen · · Score: 2

      Just use the "No Coin" extension.

    2. Re:Possible fix by unrtst · · Score: 2

      AFAICT, these sort of extensions are just blocking based on a URL list. They can play the cat and mouse game of moving them around and renaming scripts all day every day. IMO, we need an extension that detects those sort of code profiles and provides the option of killing off that code.

      If one of these extensions does more than a simple blacklist, please let me know - I haven't found one.

  4. Is there a way to request them to stop ads? by guruevi · · Score: 4, Interesting

    No? Then this is the same discussion we had decades ago about ads and it will end up in the same way.

    If you go to a site, then you give it explicit permission to use resources on your computer. Whether that resource is doing stuff on the Internet (AJAX) or doing stuff on your computer (mining).

    A user can control your computer though, they can limit the amount of cycles a website or browser gets to spend, block JavaScript, block whatever resource they want. In the end, the user is letting them do this and once sites see that it's costing them more money than it profits (when people stop visiting the "slow website") they'll learn.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  5. I get it, kind of by a.e.brownlee.iv · · Score: 3, Interesting

    You don't want things loading in your browser session that are doing things you don't want them to do.
    But couldn't this be said about any code on a website? When you go to the page, you're loading whatever JS, Flash, etc that is on their site. You're the one going there, it isn't anything malicious.
    What's the difference between this stuff, and say someone using uncompressed images that suck your bandwidth excessively? Is the only difference, that they may be profiting from this slightly? If so, why is that bad, when most sites need to show you some ad, sell you something, etc to be profitable?

    1. Re:I get it, kind of by ctilsie242 · · Score: 4, Insightful

      I can see this becoming worse, especially with encrypted media extensions that obfuscate the presence of a mining tool under the guide of DRM.

    2. Re:I get it, kind of by vux984 · · Score: 2

      What's the difference between this stuff, and say someone using uncompressed images that suck your bandwidth excessively?

      100% CPU utilization (GPU utlitization too if they can do it) will drain laptop and mobile batteries fast and heat the up. This is the antithesis of the direction things should go.

      There is no way mining makes practical sense as a ubiquitous means to pay for web content. It would render the web practically unusable.

      Second, as an ecnomic model it is incredibly inefficient. For every dollar you spend in electricity for their miner... how much money do they make from it. Not a tiny fraction. I'd rather just give them a dollar now and then rather than spend 500$ on electricity while suffering from a permanently hot phone or laptop that gets 1hr because its running full tilt anytime i try and use it.

      I expect we'll see default browser settings to start to heavily throttle CPU usage by tab/site; in addition to other mining counter-measures.

    3. Re:I get it, kind of by PingSpike · · Score: 2

      There is no way mining makes practical sense as a ubiquitous means to pay for web content. It would render the web practically unusable.

      I'd argue the web is already practically unusable if you turn your ad blocker off. On my tablet slashdot throws a giant pop over on the main page that covers roughly 2/3 of the screen. And then it loads video ads that have roughly a 30% of locking up my web browser. I can't imagine this being much worse, although it might end up harder to block.

    4. Re: I get it, kind of by JohnFen · · Score: 2

      This is about knowledge and consent.

      The issue isn't bitcoin mining as such. The issue is doing it without the knowledge and consent of the user.

  6. Ripe? by Luthair · · Score: 2

    More like rife.

  7. Yep by LeftCoastThinker · · Score: 4, Interesting

    I believe the word the author was looking for is "rife" as in filled with/replete with.

    Just another reason that add blockers like uBlock Origin are mandatory. I also browse with a JS dynamic switch so I can kill JS with a button press for obnoxious sites.

    --
    If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
  8. I wish sites would just come out and say it by Kjella · · Score: 5, Interesting

    "As an alternative to ads, we are testing out in-browser cryptocurrency mining as a means to fund our website. If you prefer our ad-supported version, click here" and see how many would actively choose ads. I mean if this is a functioning micro-transaction system I think it's got much less downsides than almost every other possible alternative, particularly that you don't need any kind of payment info or personal data. If it's any kind of site where you have an account you could have like points and build up a sort of credit you'd "pay" with to read articles and so on.

    --
    Live today, because you never know what tomorrow brings
    1. Re:I wish sites would just come out and say it by DontBeAMoran · · Score: 2

      Monero is not viable on GPU? You do know there's Monero mining software for both AMD and NVIDIA, right?

      --
      #DeleteFacebook
  9. Disable Web Workers by Luthair · · Score: 3, Interesting

    I presume these are using web workers as they don't lockup the UI? How many legitimate uses of web workers are there, couldn't we just disable them?

    Maybe w3c should drop them from the browser spec entirely.

  10. What is the alternative though by monkeyxpress · · Score: 4, Insightful

    Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it. Is anyone looking forward to going back to having to support Flash, Silverlight, java applets, and whatever new half-baked solution gets dreamed up by a bullying vendor.

    We are still heading towards a good place. It took a long time to beat down IE and its deliberate consensus killing behavior, and to nudge JS into a form that is sufficiently standardised and supported. We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there. Rather than rejecting JS outright, I think it is better to continue to find solutions to these sorts of problems. The web needs a common client side computing platform, and I don't see where any useful alternative is going to come from right now.

    1. Re:What is the alternative though by JohnFen · · Score: 5, Insightful

      Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it.

      I don't think that's anything close to a sufficient reason to accept the dangers associated with it. Javascript is not only a theoretical security problem, it's one that's very commonly exploited.

      All of the arguments that apply to getting rid of flash apply to getting rid of Javascript.

      We are still heading towards a good place.

      Maybe, but the evidence for this is weak.

      The web needs a common client side computing platform

      "Needs" is a very strong term. In my opinion, it's more of a "nice to have" than a "can't live without".

    2. Re: What is the alternative though by Anonymous Coward · · Score: 5, Funny

      So much this. It's enough to make me want to go buy meth just to reverse-engineer it back into cold medicine because it's fucking easier to acquire.

    3. Re: What is the alternative though by Anonymous Coward · · Score: 2, Informative

      Get a prescription. Insurance wonâ(TM)t pay for it, but you can get as many as the doctor wrote for, with no rescrictions.

      Source: Iâ(TM)m a pharamacist

    4. Re:What is the alternative though by phantomfive · · Score: 3, Interesting

      Javascript is not only a theoretical security problem, it's one that's very commonly exploited.

      What exploits are you talking about here?

      --
      "First they came for the slanderers and i said nothing."
    5. Re:What is the alternative though by JohnFen · · Score: 3, Insightful

      Well, we can start with secret in-browser bitcoin mining.

      But, on the more malicious side, there are bunches of traditional exploits that do things like code injection, privilege escalation, installation of virii, etc. Also, there are a number of data exfiltration exploits in the wild. You know all those online ads that spread malware? They're using javascript to do it.

      Javascript isn't as vulnerable as it used to be, but you can't think of it as safe, either.

    6. Re:What is the alternative though by phantomfive · · Score: 2, Insightful

      Oh, I dunno... Maybe... mining?

      If that's literally the worst exploit out there, then Javascript is the most secure platform and VM ever invented. The only antivirus we'll ever need is "close the browser window."

      --
      "First they came for the slanderers and i said nothing."
    7. Re:What is the alternative though by JohnFen · · Score: 4, Insightful

      No matter what language browsers used the issues would be the same given the browser environment.

      I agree, the fault isn't the precise language as such, the fault is the ability for webpages to push and execute code on your machine.

    8. Re:What is the alternative though by dfm3 · · Score: 2

      Remember back in the early 2000's, when you'd occasionally come across a website that was entirely contained within Flash? Remember how much we all despised those?

      Well, we're basically back to that point with Javascript. When I want to read a few paragraphs of text with maybe a picture or two, why should I download 2+ MB of javascript libraries just so that the images can fade in from the background as I scroll down, or drift across the page Ken Burns style as I read?

      With more and more sites these days, you get nothing unless you enable javascript. Just like in the days when Flash was abused, I now have to waste precious bandwidth and put myself at a security risk just so that some designer can try to impress me with their presentation.

    9. Re:What is the alternative though by Mikkeles · · Score: 2

      Escaping a VM is a failure in the hypervisor (hardware or software).

      --
      Great minds think alike; fools seldom differ.
    10. Re:What is the alternative though by OrangeTide · · Score: 4, Informative

      Someone was nice enough to collect a list of JavaScript vulnerabilities. And I also found a list of Proof of Concepts and many of them are for JavaScript and browser. And includes a nice paragraph description for each.

      I can't prove the earlier post's claim that "[the problem of JavaScript security is] one that's very commonly exploited."
      But it does seem that there are many well known security issues with popular implementations of JavaScript.

      --
      “Common sense is not so common.” — Voltaire
  11. Alternative to advertising? by Okian+Warrior · · Score: 5, Interesting

    Even more reason to disable Javascript.

    While I agree with that sentiment, I have to wonder why this is such a big deal?

    Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible.

    We've always wanted a way to monetize visiting a site, could this be a way to do it?

    Suppose we had a service where people could submit computationally intensive problems which can be broken down into smaller computational units. Such as "folding at home" or "seti at home".

    The answers to some of those problems could be valuable, so we could imagine research institutions paying money to use the system to solve those problems, and pay out based on the amount of computation a website brings in.

    This is proportional to the number of users who view the website, and for how long. This could be a user-friendly alternative to advertising.

    In fact, one can imagine the *government* paying money to use the system as a make-work program: it would encourage people to make better, more meaningful websites overall. Would the sociological benefit outweigh the extra costs?

    (Assuming that people don't game the system, but it seems reasonable that we could learn all the gaming techniques over time and avoid them. Sort of how we deal with advertizing clicks currently.)

    I don't see what the problem here is, and look at it as an opportunity.

    Could this be a user-friendly way to monetize a website, as an alternative to advertising?

    1. Re: Alternative to advertising? by Monster_user · · Score: 5, Insightful

      CPU cycles equals wear and tear, slower performance, and likely more bandwidth consumption.

      While you may not be affected, plenty of people are and will be.

      Those on metered connections, or who have to pay overages for data.
      Those running on mobile devices who need as much battery life as they can squeeze out of their devices.
      Those who are at the lower end of the financial spectrum, who have to watch their wattage and struggle to replace their aging machines, and struggle to provide air conditioning and such to their homes.

      Its kind of like the penny. For so many people it isn't even worth picking up, but for so many other people a penny is a big deal. My biggest concern would be battery life.

    2. Re:Alternative to advertising? by link-error · · Score: 3, Informative

      The problems are that sometimes, I'll leave a webpage up for a day or two in a separate tab because I want to come back to dig deeper into something, but don't want to create a longer lived bookmark. Sometimes, I see a CPU getting chewed up by the browser and I had assumed up to this point it was a bug in the browser or accidental looping javascript error, and I have to start killing off tabs until I find the offending page. Probably miners all along.

      --
      -Unresolved symbol? Byte me!
    3. Re:Alternative to advertising? by Anonymous Coward · · Score: 2, Insightful

      Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible

      It is absolutely inevitable that if this practice becomes accepted, people will start trying to steal a greater and greater proportion of your CPU resources. Consider how restrained internet advertisers are with their adverts, then apply the same level of restraint to mining scripts. It will be taken right up to the point where it is barely tolerable, if not further. And since I mentioned advertisers, how about a double-whammy, because ads laden with mining code are coming, absolutely guaranteed.

      In theory, I actually agree with you. I'd accept doing a small amount of mining as a micro-payment in lieu of ads to support websites I visit. I just have zero faith that it won't be abused left, right and center to the detriment of my browsing experience.

    4. Re: Alternative to advertising? by dinfinity · · Score: 3, Interesting

      The obvious solution is to let clients limit CPU usage for JS per tab, especially inactive/invisible tabs.

      For instance, apart from whitelisted domains, every page switch gets 5 seconds of unlimited CPU usage for JS and is then throttled down to 1%. Added bonus is that it incentivizes efficiently coded JS in general whilst also protecting against JS mining and other JS CPU cycle stealing.

      One could imagine finegrained clientside control of how much CPU time a certain website may consume, combined with the website providing tangible rewards for the CPU cycles. A sort of Patreon service with CPU cycles, if you will.

  12. GOOD. by Gravis+Zero · · Score: 3, Insightful

    This is the endgame for javascript: executing unauthorized code on your computer. Now that it's becoming so entirely blatant, we may actually start seeing the general public getting protection from runaway javascript scripts.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:GOOD. by DontBeAMoran · · Score: 2

      45 years old programmer here.

      I'm still under the shock that code can appear magically out of thin air, without wires, at speeds thousands of times faster than loading from an audio tape.

      I'm still baffled that we have "web pages" with images that dozens if not hundred of times the maximum amount of RAM our 8-bit computers hard. I remember the first time I saw the power of EGA graphics in 320x200, 16 colours. It was the best computer graphics I had ever seen*.

      I'm still amazed that computers are fast enough to not only playback CD-quality music files, but they're compressed 11 times smaller and it only requires a tiny percentage of the processor power to do all that. I remember my first Sound Blaster, 8-bit mono at 11.025KHz was a miracle*.

      * and then a friend of mine showed me games on his Amiga 1000...

      And now I can buy a 32-bit microcontroller for less than $10 that's dozens/hundreds of times as powerful as my first desktop computer. We have smartphones more powerful than our desktop computers from a decade ago (and we use all this power watch Oww my ball! and send emojis because kids can't write anymore)

      And get off my artificial lawn!

      --
      #DeleteFacebook
  13. No such problem by Artem+S.+Tashkinov · · Score: 4, Interesting

    This "problem" is so exaggerated it's becoming annoying to hear about it again and again.

    First of all, most respectable websites will never do anything like that. Secondly, shady websites which do host mining JavaScript are not normally visited by most people and the ones who visit such websites usually leave them quite fast, which means bad scripts can only run for a very limited amount of time. Thirdly, we've always had websites which peddle malware and somehow they stopped being newsworthy years ago. All of a sudden, they are again in the news.

    Fourthly, we now have "good" websites which stress your CPU so much they can be considered "harmful". What about ad networks whose JS tax your CPU? Why aren't we talking about them?

    1. Re:No such problem by mjr167 · · Score: 3, Interesting

      Lincoln Caverns (a cave in central PA that gives tours) had one running on thier website when I went to check tour prices earlier this week. It's not just shady sites doing this, but legitimate businesss that you might actually want to do business with.

  14. Re:cryptocurrency-mining preferable to data-mining by tepples · · Score: 3, Interesting

    Last time I checked, websites weren't getting explicit consent for user data-mining either.

    Yes they are. Private Browsing in Firefox does two things related to data mining: it turns persistent cookies into session cookies, and it doesn't connect to third party tracking services. "Disable protection for this site".

    That assumes a website is not doing both ... in that case then fuck them all to hell.

    They'll do both, arguing that doing both has precedent. Magazines, newspapers, and multichannel pay television rely on combined revenue from ads and subscriptions because they can't pay their writers with one or the other alone.

  15. Flag them! by kurkosdr · · Score: 5, Insightful

    Flag. These. As. Malware. Let's see how these smarty pants website owners and advertisers react when their users start avoiding the site because they are getting anti-malware alerts and get demoted in search engine results

    1. Re:Flag them! by CoolCash · · Score: 2

      But its not malware. Malware is spread through malicious acts. If its fully disclosed up front, its just your choice to go there. I do like coinhive's capatcha alternative, I would rather mine for 20 seconds than to pick which image is a car or what a street sign is.

  16. commentsubject by Falos · · Score: 5, Interesting

    It's parasitic and hidden, but to believe that an opt-in checkbox equates to being "in the clear" - hell, that op-tin being offered at all is supposed to be par for today's commercial atmosphere - is awfully naive.

    In fact, this "hidden" behavior? Is still transparent relative to the shit being done with various fingerprints/useragents, with the hundred different metrics possible on your phone. To say nothing of you unfortunate souls with accounts on facetweet and socnets.

    It's almost refreshingly simple. They're mooching your CPU, your electricity, but the intent is plain, the motives obvious. Compare it to the clusterfuck, the rat-king of trade-and-parcel done with your credit info/score/history/etc. We're oblivious to the amount of closed-door behavior going on around us, of how many databases end up hooking a single instance of you flashing your insurance card to get a painkiller or flu shot, or a scratch on the car.

    Again, it's unscrupulous, yes, but "shady"? Consider that word and apply it to the shady pickpocket who grabs your $20's and throws your wallet on the sidewalk, versus the shady cartels running our world, ISPs and Muh Big Pharma and all our good friends trashing the atmosphere/soil/rainforest/aquabeds/whatever without a moment's hesitation, global-scale behaviors behind purchased laws, behind NDAs, behind agreement named with so much obfuscating euphemism you think it benefits consumer proles. Go ask a stranger what "net neutrality" is.

    Christ, you can probably stop these scripts with a browser mod or two, or a greasemonkey. Five minutes of placement. While if you fuck with your registry and hosts file maybe you'll get (most of) win10's bullshit to stop showing up on wireshark.

    I'd probably prefer a silent miner (esp. if throttled to polite levels) over the butterfly dominoes from an ad watched by DoubleClick, with a facebook pixel watching. Submission is stupid about what he can hope for, naive, thinks an ad is just "Buy my book" and done. Thinks clicking "don't send me emails" is a win.

    Not an apologist, just mentioning perspective.

    1. Re:commentsubject by PingSpike · · Score: 2

      Yeah, the more I thought about this the more I realized its actually vastly superior to the status quo.

      The problem is it will almost certainly be done *in addition* to the status quo, not instead of.

  17. Re:Why disable? by Anonymous Coward · · Score: 5, Insightful

    Mining to your own account in Javascript is stupid. It's incredibly inefficient (ie. it wastes lots more electricity than you will ever see in return). If you're going to mine it then mine it natively. The only reason it works for them is because it's not their electricity.

    There is no way in hell the revenue from mining can match ads. This whole mining in the browser thing is just for illegitimate uses (ie. malware).

  18. Re: Why disable? by phantomfive · · Score: 4, Insightful

    The point (which you seemed to have missed) is that any vaguely legitimate website will be able to make more money selling ads than they will by mining bitcoin on their visitor's computers. (Note that as Bitcoin value increases, the effort required to mine increases as well.)

    Since you can make more money by selling ads than mining bitcoin in Javascript, the only ones who will do it are those who don't have the ability to sell ads.

    --
    "First they came for the slanderers and i said nothing."
  19. Re:Let's look at the actual numbers by krray · · Score: 2

    But I have 36 tabs open right now.
    Without fact checking your numbers...

    1) my computer would come to a crawl
    2) I walk away for a day and it'll cost me $15/day...

  20. Re:so... by DickBreath · · Score: 2

    Can you give an example?

    I'm sure there is one. But I can't think of any. I think that many web sites and applications use Javascript to briefly set up event handlers on controls. Those event handlers react to clicks and other user interactions, and spend very little time doing so.

    But I can't think of an example of a browser-side CPU intensive application.

    Actually, I CAN think of one that I would contrive. But it is a legit example. Suppose you had something that wanted a lot of CPU time, and people could contribute CPU time by doing nothing more than pointing a browser at a URL and letting it sit there -- contributing CPU time. But do you have a better example?

    --

    I'll see your senator, and I'll raise you two judges.