#24054: Prevent Tor Browser from being used as a Javascript Miner --------------------------------------+-------------------- Reporter: naif | Owner: (none) Type: enhancement | Status: new Priority: Medium | Milestone: Component: - Select a component | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------+-------------------- It happened that some bad-exit-relays where injecting javascript in order to force browsers to start mining with stuff like https://coinhive.com/ .
This ticket is to implement mitigation strategies within Tor Browser to avoid that from happening again, as a specific "anti-javascript-mining- defense-and-warning" approach . Tor Browser should detect if there's a piece of Javascript probably-likely being a crypto miner injected (To be analysed the best way to do it, like hooking up an enormous amount of CPU resources using webcrypto API or similar). If it detect such a condition, it should put on hold the processing- execution of the code, and trigger a warning to the user about what's happening, including showing from where the JS code triggering the CPU load has been loaded, and asking the end-user if he really wish the CPU hogging process to continue or just be stopped. The idea should be discussed and refined, but it could be a preventive approach to just avoid people doing the nasty JS-mining-code-injection- hacks because it would become unproductive. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24054> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs