This is not for the faint of heart, but you should at least be aware that Big Tech has foisted upon us yet one more way they can seize control of our computers at their whims.
We’ve already seen how JScript (AKA EcmaScript) has been used to seize control of web browsers and engage in all manner of evil. For example, websites can read contents of your browser cache and even your computer file system. They can also force your web browser to perform various computational services for them, because most web browsers come pre-configured to surrender that control. The problem is not the use of JScript, but that the protocol itself is riddled with security holes and we cannot convince the faceless bureaucrats who control this stuff to close those holes. This is the “industry standard” and you have no say. I’ve discussed on this blog various ways to avoid surrendering that control, simply because no one out there is doing a darned thing to protect you from criminals who can also craft JScripts that will harm you.
Well now comes yet another protocol with the same nasty power over your browser: Web Assembly (WASM). A recent survey of sites noted that, so far, very few sites are using it. Yet, of those few sites already using it, half are up to no good. These WASM modules are used for crypto-currency mining with your computer resources. Just what we need: a whole new class of malware!
Thanks to the Open Source community, there is a defense from this abuse. But it’s not simple. Since I tend to use Mozilla-based browsers for most surfing, it’s easy to turn it off and forget about it. Pale Moon browser has it disabled by default, by the way. Chrome-based browsers require a commandline switch, which should indicate to you how Google is involved in promoting this kind of abuse. On Windows, for example, you have to add that switch to the icon properties for launching the application.
And people wonder why I am such a curmudgeon to accept the hassle of preferring browsers that are “crippled” — I still use Links2 for most of my surfing, and Lynx or Elinks for some of it. All those bells and whistles are just another way to prey on you.
Hat tip to Slashdot and the community of commentators there.