Chrome browser users take heart: Google developers are rolling out a feature that neuters abusive ads that covertly leach your CPU resources, bandwidth, and electricity.
The move comes in response to a swarm of sites and ads first noticed in 2017 that surreptitiously use visitors’ computers to mine bitcoin and other cryptocurrencies. As the sites or ads display content, embedded code performs the resource-intensive calculations and deposits the mined currency in a developer-designated wallet. To conceal the scam, the code is often heavily obfuscated. The only signs something is amiss are whirring fans, drained batteries, and for those who pay close attention, increased consumption of network resources.
In a post published on Thursday, Chrome Project Manager Marshall Vale said that while the percentage of abusive ads is extremely low—somewhere around 0.3 percent—they account for 28 percent of CPU usage and 27 percent of network data.
“We have recently discovered that a fraction of a percent of ads consume a disproportionate share of device resources, such as battery and network data, without the user knowing about it,” Vale wrote. “These ads (such as those that mine cryptocurrency, are poorly programmed, or are unoptimized for network usage) can drain battery life, saturate already strained networks, and cost money.”
To curtail the practice, Chrome is limiting the resources a display ad can consume before a user interacts with it. If the limit is reached, the ad frame will navigate to an error page that informs the user the ad has consumed too many resources. A disabled ad will look something like this:
To arrive at the threshold for disabling an ad, Chrome developers measured a large sample of ads Chrome users encounter. Ads that use more CPU resources or network data than 99.9 percent of overall ads will be blocked. That translates to 4 megabytes of network data or 15 seconds of CPU usage in any 30-second period or 60 seconds of total CPU usage.
Chrome developers plan to experiment with the limits over the next few months and add them to the stable version of the browser by the end of August. The purpose of the delayed rollout is to give ad creators and tool providers time to incorporate the limits into their coding. Chrome users who want to turn the feature on sooner can enable the flag at chrome://flags/#enable-heavy-ad-intervention.
Firefox last year added a mechanism for blocking cryptojacking. It works by blocking known cryptojacking domains. The protection is useful, but the whack-a-mole approach is problematic because domains are trivial to change. Several antivirus providers have already provided the means for users to weed out ads that engage in so-called cryptojacking or similar types of abuse. Now, Chrome users have a native means to do the same thing.