?) it’s handed a lightweight JavaScript proof-of-work challenge—solve this trivial SHA-256 puzzle before proceeding. [...] There’s no crypto mining, no wallet enrichment
Yet. Because Anubis is free software, and because its hash happens to be the same as the proof of work of the cryptocurrency Bitcoin, someone could modify Anubis to tie the SHA-256 puzzle to the Bitcoin block that a mining pool is working on.
no WASM blobs firing up your GPU
Until someone writes a browser extension to offload solving the hashcash to WebGPU.
Most users won’t know their machine is doing extra work unless they’re monitoring CPU spikes or poking around in dev tools.
Laptops tend to have an always-on CPU spike monitor: the exhaust fan. So do phones and tablets: they get warm. So do older, less expensive, or small-form-factor desktop computers: they get stuck on the interstitial for up to a minute.
Anubis is a fantastic tool, but I think we can strengthen it by baking in the principle of informed consent.
This already exists. Use an extension to make script-in-the-browser opt-in per domain, such as the Firefox extension "Javascript Control" by Erwan Ameil.