Opera 50 Web Browser Will Offer Anti-Bitcoin Cryptocurrency Mining Feature

BrianFagioli writes: The upcoming version 50 of the Opera web browser will offer an integrated anti-Bitcoin mining feature. Besides Bitcoin, it will also block the mining of other cryptocurrencies such as Litecoin and Ethereum. If you aren't aware, some websites are hijacking user computers to mine for cryptocurrencies. This is not only a potential violation of trust, but it can negatively impact the computer's performance too. Mining is also a huge waste of electricity. Opera 50 will offer an optional setting that, when enabled, blocks this nonsense.

All well and good

[DaMattster]

But it still has to be able to detect that the code is even there. It's going to be a cat and mouse game similar to anti-virus and anti-malware. It will need definition updates in order to detect and block the code. The authors of this bitcoin mining software will just alter and tweak it a little bit. It's a moving target.

Re:All well and good

[theweatherelectric]

But it still has to be able to detect that the code is even there.

It's just a block list. Specifically, this block list. You can make use of the NoCoin block list in, for example, uBlock Origin.

Opera isn't doing anything particularly special here and it's a shame that they don't give the block list author any credit in the blog post (though they do in the comment section and in opera://about/credits in Opera 50 beta itself).

Re: All well and good

Maybe they can detect continous high cpu usage.

Re: All well and good

[Opportunist]

Great idea, that should also take care of some of the more obnoxious Javascript atrocities.

Re: All well and good

Best way to do that is to disable the bloody thing by default.

Sucking down as much scripted content from dubious sources and running it on your computer automatically is... not smart.

At all.

Re: All well and good

[d225]

I wonder if that ddos prevention by cloudlfare style web code will begin mining haha

Re:All well and good

[theweatherelectric]

On Firefox, I installed NoMiner - Block Coin Miners.

Why? You could just use uBlock Origin with the NoCoin block list. What does NoMiner do for you that uBlock Origin doesn't?

I've got a 3ghz CPU with many, many cores

I'll take a JS miner over shady ad networks every day of the week.

Re: I've got a 3ghz CPU with many, many cores

Unfortunately, the end result will be that you'll get both.

Don't care

[nospam007]

I'd prefer they'd mine bitcoin in the background any day over any ads or a gazillion trackers that follow me around.

Re:Don't care

I'd prefer they'd mine bitcoin in the background any day over any ads or a gazillion trackers

Why not both? Seriously, webdevs don’t see an either-or here but a both-and situation. So should you: block all of it.

Re: Don't care

[mapkinase]

Yeah.. That's the choice we are given.

Re:Javascript?

[fisted]

Hmm, can a turing-complete language calculate SHA1 hashes? Inquiring minds want to know.

Hijacking? That's rich!

[Gravis+Zero]

Nothing about this is hijacking. Hijacking implies it's an unauthorized takeover when the fact is that it's simply Javascript is doing exactly what it was created to do: execute arbitrary instructions from a remote source. The only thing different is that this is annoying people enough that it threatens all the jerks that demand to execute Javascript.

Here's an idea: add basic animation and ad hoc relative source loading for CSS then completely do away with Javascript. Oh but the money people don't give a shit about what users want, it's all about what they want.

Be real, this is just the logical conclusion of Javascript.

Anti-Bitcoin Cryptocurrency Mining

[K.+S.+Kyosuke]

What are Anti-Bitcoins and why would I want to mine them in my browser?

Re:Javascript?

That's only because you are paying for the time nd the energy

if the energy is paid for by others and the time is parallel over a large enough group of systems, then the efficiency doesn't matter for the person doing the mining.

Re:Javascript?

[Opportunist]

Why would the miner care whether your computer burns 1000x the energy required to mine his coins as long as you pay for the electricity?

Re:Javascript?

[Opportunist]

It needn't be practical. It's the spam problem: If the cost is zero, a nonzero profit, no matter how small, is reason enough to do it.

Re:Seriously

[Opportunist]

I prefer ads. Mostly 'cause I got the blocker for them already in place.

Re:Seriously

What a convoluted method of paying for content. The 'free' website makes your computer mine cryptocurrency, for which you require electricity, which you are billed for by the electric company and pay. You are just the middleman here. How can that be efficient.

Re:Just wait until WebAssembly is forced on us.

[theweatherelectric]

Even if it could perhaps be disabled, it will likely be impossible to remove all traces of its code from one's system.

WebAssembly runs on the JavaScript VM in your browser just like JavaScript does now. You don't need to "remove all traces of its code" from your system, just clear your browse cache and any cached copies are gone. If you don't want to run WebAssembly (or JavaScript) then just use an extension like NoScript or uMatrix to block it.

Re:Javascript?

[thaylin]

not all currencies use ASIC machines

Re: Brainfuck

Brainfuck should become the standard web-scripting language enforced by W3C all browser devs. We'd have the old good HTML web back, and web-developers pursuing careers in selling snake oil.

Easy Poll

[talldean]

Would you rather have ads in your content or cryptocoin miners running in the background?

Assuming content costs money, both seem ways of making money on pages with content.

That said, it might make sense to limit the amount of the CPU that the browser can use; if we're designing webpages that need >1ghz octo-core processors, we're already doing something probably pretty wrong.

Re:Easy Poll

Would you rather have ads in your content or cryptocoin miners running in the background?

False dichotomy.

The answer is "neither". I had neither yesterday. I have neither today. I will have neither tomorrow.

Not of Javascript:

Of emscripten/asm.js

Anyone who thought it was a smart idea and convenient to use didn't understand the full perils of it, perils that those of us from the 90s remembered all too well from the plugins of that era (some of which remained until very recently, or even today, but haven't been actively used by anyone with an inkling of sense in going on 20 years.)

By making the scripting engine of a web browser provide features equivalent to a computer or operating system you are essentially allowing the exact same level of malware capability as an actual operating system allows. Combined with a cross-compiler that can convert any normal program into javascript, you have just eased the ability to port said malware from an architecture specific system to a platform agnostic browser engine. For the lazy malware writers, they can make fully network accessable malware inside the browser, to use your system for whatever purpose they need. For the dedicated ones, they now have an injection platform that should work similiarly on all architectures, with only architecture specific exploits tailed to gain application, user, or system level access to perform their more comprehensive infection.

Javascript itself was always a bad idea, but they have taken it to the next level with asm.js and emscripten.

Re:Not of Javascript:

[GuB-42]

There is nothing asm.js and emscripen do not that you regular JS can't do. asm.js is just a subset of JS that is particularly well optimized and emscripen is just a code translator.

Safety features built into Javascript like sandboxing and safe memory management stay intact. Malware designed to run natively won't work in a Javascript VM no matter how much emscripen and asm.js you use.

And of course malware is software, so tools that help software developers help malware developers, and also anti-malware developers. Nothing special here.

Already have this feature

[sound+vision]

NoScript blocks all cryptocurrency miners, as well as a bunch of other stuff. There's also uBlock if you want a little easier time of it, and don't mind trusting the block list maintainers.

Another angle

[nehumanuscrede]

How difficult would it be to limit how much CPU the browser has access to ?

Restricted to minimal CPU by default, allows you to whitelist sites that you trust.

Plausible ? Better way ?

Re:Another angle

[CrashNBrn]

Perhaps, but Flash was blamed for "outrageous CPU usage" for years, yet HTML'ified video pegs the CPU as bad or worse than Flash in its heyday.

Re:DIY Cryptocurrency Mining

[Khyber]

Only 19? Someone doesn't know how to leverage a real motherboard. I can pop 36 in a triple-crossfire mobo using a 16x breakout down to individual 1x slots, then get the riser adapters. 1200W PSUs are the run of the mill cheap server PSUs, you want 2400W PSUs for any real power draw.

Sounds like you and your affiliate asshole friend need to go back to school and learn how to do real hardware builds.

Re: Seriously

[Opportunist]

Well, with ads you instantly notice when your blocker is shit. With miners ... not so much.

Re:Hijacking? That's rich!

[maestroX]

Here's an idea: add basic animation and ad hoc relative source loading for CSS then completely do away with Javascript. Oh but the money people don't give a shit about what users want, it's all about what they want. Be real, this is just the logical conclusion of Javascript.

The money people want you to run and download only their certified (and rented) stuff. Running shared code is nothing new.

Re:Hijacking? That's rich!

[Actually,+I+do+RTFA]

CSS has very basic animation... but you might mean more than that.

Anti-Bitcoin value

[jep77]

What's the current value of anti-bitcoin anyway? I can't seem to find it anywhere. I've been looking into investing in cryptocurrency other than bitcoin and, with Opera practically endorsing this one, I'm even more interested. It must be really easy to mine right now though if Opera is making a feature for users to mine from the browser.