Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Am I understanding this right, that websites can now run a crypto miner in the background when I visit them?


Already a thing, it's just been CPU based and now can be GPU based. Firefox (and probably other browsers) have systems to attempt to block them. https://blog.mozilla.org/futurereleases/2019/04/09/protectio...

The people sneaking this shit into webpages don't care if it burns $1 of electricity and destroys your battery to generate $0.0000001 of Monero because all of those costs are paid by someone else.


Is there a toggle extension like I have for JS?


I'm keeping an eye out too. I've seen a few vulnerabilities mentioned already for this tech. This site (https://hacks.mozilla.org/2020/04/experimental-webgpu-in-fir...) suggests that setting the options “dom.webgpu.enabled = true” and “gfx.webrender.all = true” to false (where needed) could prevent it from running. I'm also guessing it's use will depend on javascript which I block by default.


No. Crypto miners have always been possible and WebGPU does not make them faster than they would be in WebGL 2 which has been available for a long time already.


I’m not up to date on the latest mining algorithms but is it true that they’re all embarrassingly parallel to the point the WebGPU makes no difference? Fast inter-thread communication is the big addition here.


I guess it depends on the specific cryptocurrency. I don't think the big ones would benefit. Maybe some niche ones could see some kind of benefit, but making mining somewhat more efficient isn't going to change the incentives for drive by miners that much because efficiency doesn't matter when it's someone else's electricity you're wasting.


Browsers really need to put direct GPU access behind a permission prompt, just like they have for webcam or mic access.


always has been


Yup, though you’ll probably notice your fans spin up (or coil whine if it’s my PC).


We'll also have to start measuring websites by how much power they consume.


If you're using Chrome Canary with the "Unsafe WebGPU" flag turned on, yes. And it'll be a lot faster/more power hungry than before. Otherwise, nothing beyond the normal CPU based miners have been enabled.

Adaptation is the cost of progress. Browser vendors will almost certainly implement a way to prevent unauthorized use of such hardware (either by prompt like webcams or automatic detection) before this stuff becomes publicly available.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: