[tor-bugs] #24054 [- Select a component]: Prevent Tor Browser from being used as a Javascript Miner
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 30 08:15:42 UTC 2017
#24054: Prevent Tor Browser from being used as a Javascript Miner
--------------------------------------+--------------------
Reporter: naif | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------
It happened that some bad-exit-relays where injecting javascript in order
to force browsers to start mining with stuff like https://coinhive.com/ .
This ticket is to implement mitigation strategies within Tor Browser to
avoid that from happening again, as a specific "anti-javascript-mining-
defense-and-warning" approach .
Tor Browser should detect if there's a piece of Javascript probably-likely
being a crypto miner injected (To be analysed the best way to do it, like
hooking up an enormous amount of CPU resources using webcrypto API or
similar).
If it detect such a condition, it should put on hold the processing-
execution of the code, and trigger a warning to the user about what's
happening, including showing from where the JS code triggering the CPU
load has been loaded, and asking the end-user if he really wish the CPU
hogging process to continue or just be stopped.
The idea should be discussed and refined, but it could be a preventive
approach to just avoid people doing the nasty JS-mining-code-injection-
hacks because it would become unproductive.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24054>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list