[pcwalton]

> - unblockable advertising

Ad blockers primarily look at domains, so blocking will continue to be possible at the request level. They aren't interpreting or parsing JS to begin with.

> - stronger DRM

If sites were going to ship Web Assembly-based DRM, they would already be shipping Web Assembly along with the Emterpreter. Remember that wasm has a polyfill already. I haven't seen that happening, so I see no reason to believe it'll happen in the future.

> - Bitcoin mining that regular user can't detect

A regular user certainly would notice the 100% CPU consumption. And anyway, bitcoin mining in a WebGL shader would be more profitable than anything wasm-based.

Moreover, though, surreptitious bitcoin mining on consumer PCs would be ludicrously unprofitable no matter what. Here a Stack Overflow answer from last year that calculates how much a site with 2M daily visitors would make if they could all somehow run the fastest C implementation [1]. It was less than 50 cents a day back then, and in the meantime the hash rate has grown by nearly an order of magnitude [2]. Good luck.

[1]: https://bitcoin.stackexchange.com/a/42413

[2]: https://blockchain.info/charts/hash-rate?timespan=2years

[captainmuon]

You are right, but replace Bitcoin with the latest Fadcoin and it might get lucrative again.

One cool idea that is also gaining traction is in-browser proof of work to prevent DDOS attacks. Basically you have to perform a lengthy computation to get past the (fast, ultra-high bandwidth) firewall. Doesn't slow down the individual user much, but makes an attack much more difficult. I could imagine people using malicious JS to get these proof-of-work tokens.

But yeah, computing power in the cloud has become fairly cheap, it's really hard to see how criminals could benefit from secretly serving WebAssembly to people.

[ehnto]

I doubt a regular user would notice 100% CPU usage and even less certain that they would know what to do about it or what was causing it. Most OSes operate chrome just fine when another process is asking for 100% as well.

[bas]

Their fans running at max (or a very warm device) would let them know. This has been the experience among the non/less-technical users in my company.

[aluhut]

You must have been working with at least quite young people or something. My experience goes the other way. I've seen people who bought a new computer because their fans were running at max and the reason for that was that they were full with dust and dog hair.

[BenjiWiebe]

I "fixed" someone's computer that would regularly crash a few minutes after starting it by vacuuming the dust out. :)

[aluhut]

Pure magic!

[ehnto]

Right, they might notice it, but why would they care? They don't know that they should care, it is just a computer being a computer and it probably spins up the fans for other tasks too. They would be right to not care unless told otherwise, sys ops isn't their job.

I think it would be smart to educate people as part of a regular security briefing for non technical staff though. But if it's something that high of concern to your company maybe an automated CPU usage monitor could alert the team to anomalies.

[spc476]

They would care when their laptop shuts down. [1]

[1] I was running a test today when the program being tested ran into a very tight loop and the fan really kicked in. I was curious if it would finish and let it run for several minutes until all went quiet and the screen went dark. It had shutdown to prevent heat damage.

[witty_username]

That means the fans need to be cleaned of dust.

A laptop overheating from few minutes of 100% CPU is not normal.

[thegreatpl]

Unless it is a really crappy laptop.

[Houshalter]

Does battery usage not matter?

[ehnto]

Not for every device. Desktops aren't obsolete, some laptops never leave their desk and Chrome is a target for WebAssembly.

[flukus]

Regular users do notice things like that, they just can't articulate it. "I think my computers getting old" and "I think I have a virus" are common ways of trying to explain things like this.