Opera browser now includes cryptojacking protection

Originally published at: https://boingboing.net/2018/01/01/opera-browser-now-includes-cry.html


Does anyone know of sites that are implementing this WITH permission?

I’d love to pay for content with compute power/electricity rather than my distraction and personal info. At least until micropayments finally happen (seems like ETA is never).

The apps Bail Bloc and Appolition have fascinating models for crowdfunding bail for poor folks using opt-in compute donation.

A gentle reminder: the best way to prevent arbitrary abuse in your browser is to just prevent arbitrary computing in your browser.

Most sites use javascript, but most sites are still consumed in a page-like way. You read, you look at a picture, and that’s it. All the underlying javascript is to help the publisher optimize his server load, his advertising, his bitcoin wallet.

Use NoScript, and deny webpages access to javascript until you find one that both 1) actually needs it to do it’s job, and 2) you actually care about enough to enable it. If you trust it and it’s a regular site, you can whitelist it. If it’s a mix of trusted originating site material and untrusted third party material, you can use ABE to whitelist on the good parts. And if it’s a random article on a farm site that insists it truly needs you to enable 15 different trackers to serve a page about the latest celebrity nonsense, do yourself a favor and just walk.


I’ve found a couple of sites that are frequently linked to for articles, but they won’t let you read anything from them without blanket whitelisting, and the permission to access their site expires in a month. Here, you can have some ice cream, but only if you provide the cone or cup, and you can never have free ice cream from us again.

I’ve mostly weeded those sites out of my online experience. Usually the warning page that prevents you from reading the article is a cheap CSS trick that can be overcome.

The worst sites instead tend to be simply over-built. For example, the Board Game Geek site is all based around dynamic lists, and everything on the page is constructed on the client-side javascript. The HTML itself doesn’t do anything accept act as frame from the javascript to start from. Terrible.

Admittedly, ABE is the necessary tool to learn if you want to start finely-dicing sites. Then it usually takes a bit of experimentation to determine you need to allow, say, the main site address, a CDN server address, Google for reCAPTCHA support, etc. But at least then you cut out the other fifteen servers. And you only go through that kind of work for something you interact with regularly, so the one-time effort isn’t that bad.


…or, you know, how every site is, or is going to be, built going forward - hate it all you want, and spend as much time as you want engineering your own personal “solution” to the “problem”, but it is the future. Static HTML and CSS is (long) dead.

On the internet, you’re only as free as everyone else wants to be. If everyone thinks it’s reasonable suggestion to enter your social security number once to gain access to kittens and porn, then eventually it will become a requirement. That’s why my solution is to remind other users, every chance I gets, that right now the internet is big enough that they don’t have to put up with shitty sites. Go somewhere else. Make it known why.

But for now, as an experiment, try disabling JavaScript: be amazed at how much of the web still works just fine. Most things are built in HTML. A lot of mutable content and action can be done in CSS. Anything that crosses servers is probably javascript these days. javascript remains the most negotiable part of the web, even if some developers consider it necessary. That’s why I allow javascript from origins that I trust. I call out BGG as being particularly awful b/c their site without javascript is four or five empty boxes. Everything, in the most literal sense, is javascript. And that’s just pointless.

(You are correct though that most of the governing principles of the internet are dead on the modern web: for example, failing gracefully.)


Nah, static HTML and CSS are still very much alive. But the fact remains is that much of the nonsense done with javascript need not be done. I say this as someone who’s been doing webapps for a few years. Frankly, 90% of what we do in JS is purely UI oriented and that much is through well known UI libraries. The rest of the AJAX calls are pretty much child’s play. They’re not novel enough to warrant additional JS to convolute the whole thing. If you don’t need a certain set of JS scripts to make your site run then ditch the JS. Less is often more.


Have you got any non-NoScript suggestions for a JS blocker? I hate the new interface so much I’ve disabled it.

This topic was automatically closed after 5 days. New replies are no longer allowed.