[tbb-bugs] #24054 [Applications/Tor Browser]: Prevent Tor Browser from being used as a Javascript Miner
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 30 21:15:04 UTC 2017
#24054: Prevent Tor Browser from being used as a Javascript Miner
--------------------------------------+---------------------------
Reporter: naif | Owner: tbb-team
Type: enhancement | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: not a bug
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+---------------------------
Comment (by cypherpunks-refugee):
Replying to
[https://trac.torproject.org/projects/tor/ticket/24054#comment:7 gk]:
> Replying to
[https://trac.torproject.org/projects/tor/ticket/24054#comment:4
cypherpunks]:
> > > This is part of #17569
> >
> > It's not. And I advise against adding uBlock or uMatrix.
> Indeed. (see our current design document in that regard: section 5. No
filters in
https://www.torproject.org/projects/torbrowser/design/#philosophy)
That document says that Tor Browser should provide a "general [solution]
that prevent[s] tracking by all third parties (the solution being: first
party isolation, antifingerprinting...etc), rather than [through blocking]
a list of specific URLs or hosts", how does that imply that blocking some
URLs or hosts *for non-privacy related reasons* (usability, but mainly
performance and security) should be avoided? Am I interpreting the
document correctly?
Also you're going to work next year on a Tor Browser build for mobile on
Android, at that point it would be difficult to argue against blocking a
certain set of URLs despite the performance gains and in view of
ameliorating battery usage.
Replying to
[https://trac.torproject.org/projects/tor/ticket/24054#comment:9 meejah]:
> It's not the "JS cryptocurrency mining" that's the problem
You're mostly correct in those paragraphs but it's indeed a problem on its
own if I use the Medium security setting (where performance optimizations
such as JIT are disabled) and that website that serves that JS crypto
miner starts using - without my consent - 100% of my CPU core, starts
draining my laptop battery, and lags my browser. What if I use Orfox on a
smartphone (with less CPU horsepower) with Medium security setting and I
happen on such site? This can definitely become a deterrent for people to
use the medium security setting (or the high one with JS enabled). In
fact, even with JS optimizations enabled this can be a problem with older
hardware, as well as smartphones. (Off-topic: there are consent based JS
miners such as https://authedmine.com/ that aren't blocked by adblockers)
------
(had to use a separate account since a troll was editing my comment to
delete its content and introduce ableist slurs in it)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24054#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list