Opera 50 Web Browser Will Offer Anti-Bitcoin Cryptocurrency Mining Feature

BrianFagioli writes: The upcoming version 50 of the Opera web browser will offer an integrated anti-Bitcoin mining feature. Besides Bitcoin, it will also block the mining of other cryptocurrencies such as Litecoin and Ethereum. If you aren't aware, some websites are hijacking user computers to mine for cryptocurrencies. This is not only a potential violation of trust, but it can negatively impact the computer's performance too. Mining is also a huge waste of electricity. Opera 50 will offer an optional setting that, when enabled, blocks this nonsense.

All well and good

[DaMattster]

But it still has to be able to detect that the code is even there. It's going to be a cat and mouse game similar to anti-virus and anti-malware. It will need definition updates in order to detect and block the code. The authors of this bitcoin mining software will just alter and tweak it a little bit. It's a moving target.

Re:All well and good

[theweatherelectric]

But it still has to be able to detect that the code is even there.

It's just a block list. Specifically, this block list. You can make use of the NoCoin block list in, for example, uBlock Origin.

Opera isn't doing anything particularly special here and it's a shame that they don't give the block list author any credit in the blog post (though they do in the comment section and in opera://about/credits in Opera 50 beta itself).

Re: All well and good

Maybe they can detect continous high cpu usage.

Re: All well and good

[Opportunist]

Great idea, that should also take care of some of the more obnoxious Javascript atrocities.

Re: All well and good

Best way to do that is to disable the bloody thing by default.

Sucking down as much scripted content from dubious sources and running it on your computer automatically is... not smart.

At all.

Re:All well and good

On Firefox, I installed NoMiner - Block Coin Miners. Under the options tab for it, there is a window of the sites to block. From the hosts file you mentioned above, I changed it to the NoMiner format. In the options tab, go to the list of sites, add a comma at the end of "*://cdn.cloudcoins.co/javascript/cloudcoins.min.js*" (which is the last hostname on the list) then add this:

    "*://*.cnhv.co/*",
    "*://*.coin-hive.com/*",
    "*://*.coinhive.com/*",
    "*://*.gus.host/*",
    "*://*.load.jsecoin.com/*",
    "*://*.miner.pr0gramm.com/*",
    "*://*.minemytraffic.com/*",
    "*://*.ppoi.org/*",
    "*://*.projectpoi.com/*",
    "*://*.crypto-loot.com/*",
    "*://*.coinerra.com/*",
    "*://*.coin-have.com/*",
    "*://*.minero.pw/*",
    "*://*.minero-proxy-01.now.sh/*",
    "*://*.minero-proxy-02.now.sh/*",
    "*://*.minero-proxy-03.now.sh/*",
    "*://*.api.inwemo.com/*",
    "*://*.rocks.io/*",
    "*://*.adminer.com/*",
    "*://*.ad-miner.com/*",
    "*://*.jsccnn.com/*",
    "*://*.jscdndel.com/*",
    "*://*.coinhiveproxy.com/*",
    "*://*.coinblind.com/*",
    "*://*.coinnebula.com/*",
    "*://*.monerominer.rocks/*",
    "*://*.cdn.cloudcoins.co/*",
    "*://*.coinlab.biz/*",
    "*://*.go.megabanners.cf/*",
    "*://*.baiduccdn1.com/*",
    "*://*.cryptoloot.pro/*",
    "*://*.crypto.csgocpu.com/*",
    "*://*.noblock.pro/*",
    "*://*.azvjudwr.info/*",
    "*://*.jroqvbvw.info/*",
    "*://*.jyhfuqoh.info/*",
    "*://*.kdowqlpt.info/*",
    "*://*.xbasfbno.info/*",
    "*://*.1beb2a44.space/*",
    "*://*.300ca0d0.space/*",
    "*://*.310ca263.space/*",
    "*://*.320ca3f6.space/*",
    "*://*.330ca589.space/*",
    "*://*.340ca71c.space/*",
    "*://*.360caa42.space/*",
    "*://*.370cabd5.space/*",
    "*://*.3c0cb3b4.space/*",
    "*://*.3d0cb547.space/*"

Note no , at the end of the last line above. The next line will just be ]. That will add the hosts from the hosts file to your NoMiner blocked sites.

Re: All well and good

[d225]

I wonder if that ddos prevention by cloudlfare style web code will begin mining haha

Re: All well and good

I donâ(TM)t mind the idea of websites mining bitcoin in the background if it provides a way to support the content creators without having ads.

Re: All well and good

I don't mind ads if they provide a way to support the content creators without mining bitcoin on my dime.

Ads use about 0.00000001% of my electricity. You can't say the same about mining. And leaving a browser open means continuous mining. Multiple tabs open? Multiple miners.

A thousand ads wouldn't waste the resources of one miner and you want multiple miners?

You're like a crackhead when it comes to logic.

Re:All well and good

[theweatherelectric]

On Firefox, I installed NoMiner - Block Coin Miners.

Why? You could just use uBlock Origin with the NoCoin block list. What does NoMiner do for you that uBlock Origin doesn't?

Javascript?

[SurenEnfiajyan]

Can javascript be used for mining? But I guess it would be slow.

Re:Javascript?

Imagine: 50 4-core CPUs mining your Monero.
Imagine: 500 4-core CPUs mining your Monero.
And it doesn't cost you a bit.

Re:Javascript?

[fisted]

Hmm, can a turing-complete language calculate SHA1 hashes? Inquiring minds want to know.

Re:Javascript?

[SurenEnfiajyan]

Well, even GPU (which is orders of magnitude faster then running a native binary on a CPU) mining isn't practical today. Nowadays farms with special chips are used. Your website should be very popular and the users must stay long there to have a benefit. Besides that it would greatly degrade the user experience and browsers can give a warning.

Re:Javascript?

[SurenEnfiajyan]

The question is: is it really practical? Even GPU (which is orders of magnitude faster then an x86_84 binary with SSE) mining isn't practical today.

Re:Javascript?

That's only because you are paying for the time nd the energy

if the energy is paid for by others and the time is parallel over a large enough group of systems, then the efficiency doesn't matter for the person doing the mining.

Re:Javascript?

[Opportunist]

Why would the miner care whether your computer burns 1000x the energy required to mine his coins as long as you pay for the electricity?

Re:Javascript?

[Opportunist]

It needn't be practical. It's the spam problem: If the cost is zero, a nonzero profit, no matter how small, is reason enough to do it.

Re:Javascript?

[thaylin]

not all currencies use ASIC machines

Re:Javascript?

[SurenEnfiajyan]

Well, if doing so at the cost of user experience, then you can lose some users. https://bitcoin.stackexchange.... It's roughly $0.37 USD per day.

Re:Javascript?

Why should I care? If I get my movie, article or blog without having to see an ad, and he gets the money to keep going, why is this a problem for me?

Re: Javascript?

Because he used $35 of your electricity to make $5?

A little wasteful don't you think?

Re:Javascript?

> Nowadays farms with special chips are used
depends on the crypto, also irrelevant
> it would greatly degrade the user experience
yes stealing from people "degrades the user experience", but why would that stop a thief?

I've got a 3ghz CPU with many, many cores

I'll take a JS miner over shady ad networks every day of the week.

Re: I've got a 3ghz CPU with many, many cores

Unfortunately, the end result will be that you'll get both.

Full reporting to China.

Plus it already features full reporting of your browsing behavior to China.
What's not to like?

Don't care

[nospam007]

I'd prefer they'd mine bitcoin in the background any day over any ads or a gazillion trackers that follow me around.

Re:Don't care

I'd prefer they'd mine bitcoin in the background any day over any ads or a gazillion trackers

Why not both? Seriously, webdevs don’t see an either-or here but a both-and situation. So should you: block all of it.

Re: Don't care

[mapkinase]

Yeah.. That's the choice we are given.

Re:Don't care

I will take the ads and trackers any day of the week. TPB was completely unusable with the miners on it, while the ads are annoying they have far less impact on you than fucking miners.

Re:Don't care

Don't worry. You'll get all three!

Seriously

Screw all these people hating on js miners -- this is so much better than ads. Once the browsers implement proper throttling of idle tabs etc, there is no way you could argue this is not fair. You could design a decentralized internet this way. Loading a page costs a few milliseconds of mining etc.

Re:Seriously

[Opportunist]

I prefer ads. Mostly 'cause I got the blocker for them already in place.

Re:Seriously

What a convoluted method of paying for content. The 'free' website makes your computer mine cryptocurrency, for which you require electricity, which you are billed for by the electric company and pay. You are just the middleman here. How can that be efficient.

Re: Seriously

âoeBetter than.â No, youâ(TM)ll get both. Youâ(TM)ll get ads running competing cryptomining schemes in the background. There is no âoebetter,â only more shades of âoefuck you.â

Re: Seriously

brah dude fix your browser its spitting illegible shit all over the place.

Re: Seriously

I'd prefer the miners vs the ads. Much less obtrusive and more direct payment to the site, whereas ads have dozens of hands in the pot so the profit is smaller and smaller.

But if you use uBlock Origin, it's already blocking most of the in-page miners.

Re:Seriously

People have this assumption that servers are replacing ads with mining software, this isn't the case. They're using both, so while spamming the user with Ads and popups, its also raping your cpu.

Re: Seriously

[Opportunist]

Well, with ads you instantly notice when your blocker is shit. With miners ... not so much.

We need a good version of Opera.

I use the proxy feature of Opera to access blocked sites, but most of my browsing is done through Waterfox, Opera needs to go back to Presto and lose the Chinese ownership before it can be a credible browser again. Opera like browsers like Vivaldi and Otter also need to innovate their own engines instead of just leeching off blink/webkit.

Brainfuck

Write it in Brainfuck. Calculating a SHA-1 hash should almost be as efficient in Brainfuck as cryptocurrency mining.

Re: Brainfuck

Brainfuck should become the standard web-scripting language enforced by W3C all browser devs. We'd have the old good HTML web back, and web-developers pursuing careers in selling snake oil.

Ugh, it's called, NO SCRIPT!

And believe me, Trump does not like it. He does not like it. Well, he says he likes it, but according to multiple WH staff, he goes into a tirade whenever the subject comes up.

He's going in early 2018 to get his tertiary syphilis treated. He doesn't know it yet.

Re: Ugh, it's called, NO SCRIPT!

Shut up Beavis, heh.. heh heh... heh... Trump in 2018 is gonna be cool.

DIY Cryptocurrency Mining

If you want mine your own crypto currency, you need a motherboard with 19 PCIe 1X slots to plug in 19 GPUs and a couple of 1200W PSUs.

Re:DIY Cryptocurrency Mining

and here is the same link without your shitty affiliate crap ;)

https://www.amazon.com/gp/product/B075KFPJ6M/

Re:DIY Cryptocurrency Mining

[Khyber]

Only 19? Someone doesn't know how to leverage a real motherboard. I can pop 36 in a triple-crossfire mobo using a 16x breakout down to individual 1x slots, then get the riser adapters. 1200W PSUs are the run of the mill cheap server PSUs, you want 2400W PSUs for any real power draw.

Sounds like you and your affiliate asshole friend need to go back to school and learn how to do real hardware builds.

Re: DIY Cryptocurrency Mining

He never went To school in the first place.

Way to be secure!

Browsers. First, they deliver an execution platform which sucks up every bit of crap out there and tries to execute it, then they try to "fix" it by disabling selected pieces of it based on whatever patterns.

What can possibly go wrong?

C'mon, folks. We are at least in the third iteration of this antipattern.

Me? I disable Javascript. Some pages (NASA, I'm looking at you!) show up as black (or white) holes. Most of them (Google groups, I'm looking at you) are uninteresting, anyway.

Hey, webpushers! Stuff your javascript up whatever of your cavities you choose to.

Hijacking? That's rich!

[Gravis+Zero]

Nothing about this is hijacking. Hijacking implies it's an unauthorized takeover when the fact is that it's simply Javascript is doing exactly what it was created to do: execute arbitrary instructions from a remote source. The only thing different is that this is annoying people enough that it threatens all the jerks that demand to execute Javascript.

Here's an idea: add basic animation and ad hoc relative source loading for CSS then completely do away with Javascript. Oh but the money people don't give a shit about what users want, it's all about what they want.

Be real, this is just the logical conclusion of Javascript.

Anti-Bitcoin Cryptocurrency Mining

[K.+S.+Kyosuke]

What are Anti-Bitcoins and why would I want to mine them in my browser?

Just wait until WebAssembly is forced on us.

Just wait until WebAssembly is forced down our throats, like has been done with so many other shitty web technologies.

Your browser will be running obscure bytecode that takes more work and effort to analyze than even obfuscated JavaScript code does.

WebAssembly supporters will usually start blabbering on about "sandboxing" at this point, but if there's one thing we should have learned about sandboxing is that it's never perfect. There's always some way that it ends up leaking, or is exploited, or suffers from bugs.

Frankly, I find it kind of sad that the same kinds of people who were screaming bloody murder about things like Java applets and Flash are now the same kinds of people who are pushing hard for WebAssembly.

At least with Java applets and Flash we could easily avoid them by just not installing the plugins that implemented that functionality. But WebAssembly? It'll be built in to our browsers, and we won't be able to easily remove it. Even if it could perhaps be disabled, it will likely be impossible to remove all traces of its code from one's system.

Unwanted cryptocurrency mining is just one small threat that's amplified by this WebAssembly nonsense that's being crammed down our throats and up our asses.

Re:Just wait until WebAssembly is forced on us.

[theweatherelectric]

Even if it could perhaps be disabled, it will likely be impossible to remove all traces of its code from one's system.

WebAssembly runs on the JavaScript VM in your browser just like JavaScript does now. You don't need to "remove all traces of its code" from your system, just clear your browse cache and any cached copies are gone. If you don't want to run WebAssembly (or JavaScript) then just use an extension like NoScript or uMatrix to block it.

Re: Just wait until WebAssembly is forced on us.

The gp obviously isn't talking about just blocking wasm. The gp is talking about totally disabling it. Those are two very different things but I don't think that you comprehend the difference. Your blocker extensions aren't a proper substitute for completely removing any and all support for wasm, like can be done for Flash and applets. Your suggestion is completely wrong and useless.

Re:Just wait until WebAssembly is forced on us.

Even if it could perhaps be disabled, it will likely be impossible to remove all traces of its code from one's system.

The big problem won't be a lack of ability to disable it. The big problem will be that since dumb people by the billions will run it by default just like they did for JS, the web will more and more be broken for those smart enough not to run it.

Re: Just wait until WebAssembly is forced on us.

Thereâ(TM) always the option to use open source browsers and completely remove the whole wasm code.

Itâ(TM)s a problem for sure but browsers like Waterfox seem to be moving toward exclusion of the worst ideas.

Re:Just wait until WebAssembly is forced on us.

Exactly this.

Except for one thing... Browsers need to start supporting user-controllable graylisting by script source within the VM, not as a third-party add-on.

Re:Just wait until WebAssembly is forced on us.

specifically blocking webassembly, afaik, is NOT in the feature set of either of those script blockers.

Note: Firefox has had thus for years

The blocking in Firefox blocks not only JS miners, but also anti-image-save scripts, back-button blockers, a mass amount of behavior tracking and surveillance code, things that display over the top of the text you want to read, auto-play audio and video, and a hundred other modern web annoyances.

It's called Noscript. Or if you prefer, uMatrix. Modern web is unusable without them

If failed investors jumped from skyscrapers

, do failed bitcoin investors jump off the roof of the marijuana dispensary?

Easy Poll

[talldean]

Would you rather have ads in your content or cryptocoin miners running in the background?

Assuming content costs money, both seem ways of making money on pages with content.

That said, it might make sense to limit the amount of the CPU that the browser can use; if we're designing webpages that need >1ghz octo-core processors, we're already doing something probably pretty wrong.

Re:Easy Poll

Would you rather have ads in your content or cryptocoin miners running in the background?

False dichotomy.

The answer is "neither". I had neither yesterday. I have neither today. I will have neither tomorrow.

Not of Javascript:

Of emscripten/asm.js

Anyone who thought it was a smart idea and convenient to use didn't understand the full perils of it, perils that those of us from the 90s remembered all too well from the plugins of that era (some of which remained until very recently, or even today, but haven't been actively used by anyone with an inkling of sense in going on 20 years.)

By making the scripting engine of a web browser provide features equivalent to a computer or operating system you are essentially allowing the exact same level of malware capability as an actual operating system allows. Combined with a cross-compiler that can convert any normal program into javascript, you have just eased the ability to port said malware from an architecture specific system to a platform agnostic browser engine. For the lazy malware writers, they can make fully network accessable malware inside the browser, to use your system for whatever purpose they need. For the dedicated ones, they now have an injection platform that should work similiarly on all architectures, with only architecture specific exploits tailed to gain application, user, or system level access to perform their more comprehensive infection.

Javascript itself was always a bad idea, but they have taken it to the next level with asm.js and emscripten.

Re:Not of Javascript:

[GuB-42]

There is nothing asm.js and emscripen do not that you regular JS can't do. asm.js is just a subset of JS that is particularly well optimized and emscripen is just a code translator.

Safety features built into Javascript like sandboxing and safe memory management stay intact. Malware designed to run natively won't work in a Javascript VM no matter how much emscripen and asm.js you use.

And of course malware is software, so tools that help software developers help malware developers, and also anti-malware developers. Nothing special here.

Already have this feature

[sound+vision]

NoScript blocks all cryptocurrency miners, as well as a bunch of other stuff. There's also uBlock if you want a little easier time of it, and don't mind trusting the block list maintainers.

Another angle

[nehumanuscrede]

How difficult would it be to limit how much CPU the browser has access to ?

Restricted to minimal CPU by default, allows you to whitelist sites that you trust.

Plausible ? Better way ?

Re:Another angle

I was the first to block cpu consumption in 2016 of a webkit process based on cpu over time and then force a hard kill. the kills complete in 400 milliseconds cleanly in ios and osx, and are detected for reaping in under a minute. I blocked the third day this ever appeared in the wild again in 2016, and did it to all my machines across many various cities and countries. killing the webkit process does NOT harm safari logic, but safari revisiting the tab again or re-presenting the killed item WILL RESTART IT and reload the page, and it then will quickly get rekilled. I used simple unix scripts as sudo to do this. I then ported it to ios and it works well inside iOS for webkits spawned from safari as well. NO HOST FILE MAINTENANCE for me. setting hash rate to 20% of a single cpu will evade detection for many minutes, but most of these javascript mining scripts (not all) try to eat up all cpu and are blatantly killable. most 2d and 3d games use far less than 100% cpu. so not too many false positives. USA litigation in 2015 attacks javascript mining within USA : http://nj.gov/oag/newsreleases... but of course I knew back then it would return and did return. but part of basic work if doing it via script is "ps -axww -o pid -o vsz -o rss -o %mem -o time -o etime -o sig -o sigmask -o wq -o command" then sent to filter for webkits identifier in 'command' then use dtrace or else other script stuff then organize relevant columns cpu time vs task lifespan and compute ratio, then kill the pid with a properly secure script that has in it "sudo kill -9 $1". one in 10 scripts try harder to stay alive within safari, but this method does stop them all , plus a watchdog can monitor lots of tiny under 1 minute iframe tasks and gate and kill and block and throttle based on other parameters. no one broswes at 0, so no one will read my words but you, and I wanted to say you and I are right, and host file method is wrong.

Re:Another angle

[CrashNBrn]

Perhaps, but Flash was blamed for "outrageous CPU usage" for years, yet HTML'ified video pegs the CPU as bad or worse than Flash in its heyday.

This is simple without Opera

Opera is now part of a Chinese consortium, non-open source, and therefore not to be trusted.

Firefox can easily do this with uBlock Origin with all of the non-language options ticked, as well as No Coin, Decentraleyes, and Privacy Badger.

Voluntary

I would be ok with mining if the sites had an opt-in/out option

Re:Hijacking? That's rich!

[maestroX]

Here's an idea: add basic animation and ad hoc relative source loading for CSS then completely do away with Javascript. Oh but the money people don't give a shit about what users want, it's all about what they want. Be real, this is just the logical conclusion of Javascript.

The money people want you to run and download only their certified (and rented) stuff. Running shared code is nothing new.

Re:Hijacking? That's rich!

[Actually,+I+do+RTFA]

CSS has very basic animation... but you might mean more than that.

Anti-Bitcoin value

[jep77]

What's the current value of anti-bitcoin anyway? I can't seem to find it anywhere. I've been looking into investing in cryptocurrency other than bitcoin and, with Opera practically endorsing this one, I'm even more interested. It must be really easy to mine right now though if Opera is making a feature for users to mine from the browser.

Re:Anti-Bitcoin value

>> What's the current value of [an] anti-bitcoin anyway?

If a Bitcoin comes in contact with an Anti-Bitcoin, the two cancel each other out and the value of the two coins have a combined value of zero.

Therefore, an Anti-Bitcoin exists with the same magnitude as a Bitcoin but with an opposite sign. If the current value of a Bitcoin is, for example, USD$10,000 then an anti-Bitcoin by definition would be -USD10,000 or ($10,000) expressed in current accounting parlance.

Bleeping computer & others use hosts files

"use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ BLEEPING COMPUTER

"block known Bitcoin mining domains. One of the better options to do that is to add these to the hosts file" https://www.ghacks.net/2017/09/22/how-to-block-bitcoin-mining-in-your-browser/ GHacks

APK

P.S.=> Accept NO substitute for APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ for more speed, security, reliability & anonymity online for FAR LESS resource use & complexity vs. "so-called security or speed 'solutions'" via operating in kernelmode speed (vs. slower usermode) & only 1 part you already NATIVELY have... apk

DIY Cryptocurrency Mining...

If you want mine your own cryptocurrency, you need a motherboard with 19 PCIe 1X slots to plug in 19 GPUs and a couple of 1200W PSUs.