[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #24054 [- Select a component]: Prevent Tor Browser from being used as a Javascript Miner
#24054: Prevent Tor Browser from being used as a Javascript Miner
--------------------------------------+--------------------
Reporter: naif | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------
It happened that some bad-exit-relays where injecting javascript in order
to force browsers to start mining with stuff like https://coinhive.com/ .
This ticket is to implement mitigation strategies within Tor Browser to
avoid that from happening again, as a specific "anti-javascript-mining-
defense-and-warning" approach .
Tor Browser should detect if there's a piece of Javascript probably-likely
being a crypto miner injected (To be analysed the best way to do it, like
hooking up an enormous amount of CPU resources using webcrypto API or
similar).
If it detect such a condition, it should put on hold the processing-
execution of the code, and trigger a warning to the user about what's
happening, including showing from where the JS code triggering the CPU
load has been loaded, and asking the end-user if he really wish the CPU
hogging process to continue or just be stopped.
The idea should be discussed and refined, but it could be a preventive
approach to just avoid people doing the nasty JS-mining-code-injection-
hacks because it would become unproductive.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24054>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs