Is your web browser mining bitcoin?

Is your web browser mining bitcoin?

Tom Lofts - 22 March 2018

You’re probably already familiar with some of the dangers of browsing the web including viruses, intrusive advertising and aggressive tracking but now there’s an additional worry – websites using your computing power to mine cryptocurrencies such as Bitcoin for their own benefit.

A brief history of Bitcoin

Bitcoin and other cryptocurrencies can be used to buy goods, exchanged for pounds/dollars and generally treated like any other currency with one significant difference – rather than being printed or issued by a bank, they are ‘mined’ by computers solving cryptographic puzzles.

A full explanation of this process is beyond the scope of this article, but the gist is that to solve these puzzles, a computer mining bitcoin has to run a large number of mathematical computations which require a lot of computing power in order to mine a single bitcoin. So much in fact, that Bitcoin mining is now out of most people’s reach and controlled by small groups of miners with access to specialised hardware and cheap electricity.

But there’s also an alternative way to achieve the computing power needed to mine Bitcoin – rather than using a few very powerful computers, it’s possible to achieve the same amount of computing power by combining large numbers of ordinary laptop and desktop computers – a network of thousands or tens of thousands of computers working together can compete with dedicated miners and make significant money for whoever controls them.

Bitcoin mining botnets

Previously the only way your computer would end up as part of such a network would be if your machine had been compromised by an attacker and used as part of a botnet - a large number of compromised machines controlled by an attacker without the knowledge of their owner. Botnets are typically used for sending spam, attacking websites and other similar activities, though some botnet owners have now realised it’s more lucrative to use the combined processing power of the machines in their botnet to mine Bitcoin – without having to worry about the effect on the machine’s owners.

As with other malware which might infect your computer, Bitcoin mining is likely to significantly slow it down. All its resources are being used for the bitcoin computations so there’s not much left to run your own programs. If your laptop is infected, you might also notice it heats up or the fans are running more – the increased work your laptop needs to do heats it up, and it may run the fans at full blast to try to cool itself down.

One thing you probably won’t see is the increased power usage from bitcoin mining, the increased work done by your computer draws extra power, so on battery power your laptop won’t last so long and when plugged in it will be using more electricity, but probably not so much you’ll notice on your next bill.

Web browsers mining Bitcoin

So hopefully, you’re keeping your computer patched, your software updated and careful not to run anything you download from the Internet. Normally this sort of basic computer hygiene is enough to keep malware off your machine and keep you out of Bitcoin mining botnets. So how can you end up mining Bitcoin without knowing? Because it can be done through a web browser.

Over the past ten years or so web browsers have transformed from simple tools able to display basic web pages, to fully featured application environments capable of running rich and complex web applications. While these features are great for creating new and innovative experiences on the web, it also makes it harder to ensure this new functionality is being used for the benefit of users, with malicious websites and attackers also able to use it for their own means.

In the case of Bitcoin, a version of the mining software has been written to run in web browsers, and so can be instructed to run on any computer visiting a page which contains this software. As with computers which are part of a botnet, the mining software will slow down your computer and use your electricity, but you don’t need to have your computer compromised – just visiting a webpage with mining software is enough. As soon as you visit such a page your computer will start mining Bitcoins and continue until you leave, and it will be the site owner rather than the botnet operator profiting instead.

Previously, bitcoin mining in browsers was limited to shadier websites with less respect for their users than most website operators, however with website operators looking for new ways to make money, the prevalence of this is only likely to increase.

As with many new technologies, it takes some time to determine what’s an acceptable balance between a website’s right to make money and user’s rights to their computing resources. Most of us would consider a website which uses a computer in this way without telling the owner unacceptable, but some websites are blurring this line by making it more explicit to the user. For example: users attempting to view Salon.com with ads disabled are given the following option ‘Block ads by allowing Salon to use your unused computing power’.
While Salon.com does provide some more information about what exactly happens if you agree to this message, whether users will read this or understand the implications remains to be seen.

Protecting your browser

Until the acceptability of browser based Bitcoin mining has been decided, users can prevent bitcoin miners from being run in their browser by the use of browser extensions or techniques which block this software.

Depending on your browser, there are a number of anti-Bitcoin mining extensions available, and a number of other generic blockers which will block adverts and tracking scripts along with bitcoin miners.

Whether you consider the use of Bitcoin miners acceptable or not, it’s worth keeping an eye on the speed of your computer and the sound of your fans – just in case you do stumble upon a Bitcoin miner in the future.

 

Tom Lofts,
OWA

 

OWA develops websites and web applications which don’t include Bitcoin miners – if you’re looking to have an application developed which puts users first please get in touch.