Open
Bug 1480562
Opened 6 years ago
Updated 4 months ago
Add coin / cryptocurrency mining protection
Categories
(Firefox :: Protections UI, enhancement, P3)
Firefox
Protections UI
Tracking
()
NEW
People
(Reporter: jhirsch, Unassigned)
References
Details
Some websites are testing out coin mining as an alternative to ad-based revenue generation[1][2]. Users should be able to decide whether or not to let a particular site use their compute power and electricity, just as users are already able to decide whether or not to expose other monetizable resources (like third-party tracking scripts / ad scripts, or geolocation). There are some coin mining blockers already on AMO. The most popular one, No Coin, uses a blocklist[3]. However, discussion elsewhere [4] indicates that domain blocking alone may not work, since some mining implementations use random domains to load the JS. Another, more abusive variant is that some sites use a tiny pop-under to try to persistently mine coins, even after the user leaves the site[5]. [1] https://www.engadget.com/2017/12/15/as-online-ads-fail-sites-mine-cryptocurrency/ [2] https://www.salon.com/about/faq-what-happens-when-i-choose-to-suppress-ads-on-salon/ [3] https://github.com/keraf/NoCoin/blob/1e9454090b5a4c0154d6e74a32a6c864361006b2/src/js/background.js#L180 [4] https://github.com/jspenguin2017/uBlockProtector/issues/636#issuecomment-334321820 [5] https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
Comment 1•6 years ago
|
||
It's most likely that we will add protections against mining, but in form of a blocklist first (in which case it would be part of the "content blocking" umbrella and not use a permission prompt). Does that sound sufficient for resolving this bug or are you specifically interested in showing a doorhanger to users (and/or potentially blocking based on heuristics)?
Flags: needinfo?(jhirsch)
Reporter | ||
Comment 2•6 years ago
|
||
> Does that sound sufficient for resolving this bug or are you specifically interested in showing a doorhanger to users (and/or potentially blocking based on heuristics)? Feel free to handle the suggestions in this bug however you'd like :-) I will point out that domain blocking is fairly easy to subvert via proxies or self-hosted mining scripts, while heuristics like setting a crypto API budget or CPU budget (bug 1403109) per page / per domain would be hard to avoid. I could definitely see a variation on the slow-running script warning for such cases, which might well fall under the 'content blocking' umbrella.
Flags: needinfo?(jhirsch)
Updated•6 years ago
|
Component: Device Permissions → Tracking Protection
Priority: -- → P3
Summary: add a coin / cryptocurrency mining permission → Add coin / cryptocurrency mining protection
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•