Apps come bundled with secret Bitcoin mining programs, paper over the practice with EULAs

[Permalink]

I’m hardly surprised. Bitcoin seems to be very popular amongst glib sociopaths who don’t want anyone to be able to tell them what to do, while at the same time being really, really keen on controlling other people.

5 Likes

I’m really sorry the article didn’t name 'em so we can shame 'em.

3 Likes

It’d probably be possible to go after those folks for constructing an unauthorized botnet…

3 Likes

I haven’t mined bitcoins before, but I’ve done a decent amount of distributed computing stuff (like SETI). Is this thing set to eat 100% of your free cpu time? Wouldn’t you notice it or your computer whirling along, at least I do when I converting video. Just seems odd to make a botnet for something like this when standard cpus are so inefficient at mining bitcoins.

2 Likes

Yes, but they SIGNED A CONTRACT and that makes it perfectly OK.

If they didn’t know about the kidney thing or the lifetime of servitude thing you shouldn’t have downloaded those free emoticons. If you have a complaint you can apply for arbitration by submitting a form at the arbitration office in Roark’s Pustule, ND, on the clearly specified date noted on the arbitration agreement website.

9 Likes

Throw enough shit processors at a problem, you’ll eventually get results. Whilst malware is, as it says on the tin so to speak, a Bad Thing, I never fail to be impressed by people’s ingenuity. I wonder if it would be practical to use this for good - a distributed miner with a SETI/Folding vibe, where the proceeds go to charity? Part of Occupy’s Rolling Jubilee? That would be a splendidly shitty stick to poke in the eye The Man, doncha reckon?

If anyone is capable of constructing this, please feel free to use the idea & Make it So. I will settle for being mildly made Internet Famous, & having a good idea.

5 Likes

My thought would be that just mining for Bitcoins wouldn’t confirm any transactions with WBT nor would it increase the security of my computer. Their terms only cover software installed for specific purposes, since the mining software isn’t for those purposes it’s installation isn’t covered by those terms. The question would be whether it’d be more painful to bill them (electricity used, time spent diagnosing the situation) and file a small-claims case against them when they fail to pay, or get enough people to convince a DA to file CFAA charges against WBT.

3 Likes

I agree that it’s questionable whether this is covered by this EULA. I also don’t see how bitcoins created or acquired by mining are “rewards” or “fees.”

1 Like

There are already lots of do-useful-work-in-background systems for SETI and folding and so on, which are probably more valuable than the bitcoin search would be.

1 Like

Depending on your cooling you might not notice (my computer is more or less silent under CPU load, it’s the HDD that’s loud) if they properly deprioritized the mining task. Otherwise your computer might get a bit sluggish.

1 Like

Aye, I know. I just liked the idea. And rolling Jubilee is a nice bit of culture-jamming, IMO. Be good PR even if it didn’t raise much. And charities getting cash is more useful than looking for aliens to a lot of folks who probably wouldn’t care a fig for SETI’s efforts (which are sterling, for the record).

Granted. There’s a whole network of donate-your-CPU-cycles systems – IBM was backing the World Community Grid system at one point, helping to ensure that it implemented the “sandbox” security properly and was thus reasonably safe for the rest of your machine. The Grid supports a number of different projects (6 at the moment), and I suspect that most folks could find something they’d be willing to consider supporting.

(I was running that package on my previous machine. Haven’t tried installing it on this one yet. Should think about it, and get some measurements of how much power draw it would represent.)

The approach of doing something for profit donated to the charity rather than directly for the cause is an interesting one. I’m not sure I actually like it, but I’m not sure I dislike it either. But you’d be competing directly against systems like the one I’ve mentioned, and there isn’t enough new about it to excite folks. (As opposed to something like EyeWire, previously mentioned here on BB, where what’s different is that it’s crowdsourcing a task that requires human skills – and makes the task fun – rather than just being a background CPU absorber.)

Rolling Jubilee… I still want someone competent in not-for-profit finance to audit their books and tell us how efficient they are. I do like the idea, but I want more confidence that my money would mostly go to the folks who need it rather than to support/fundraising.

Not sure you wouldn’t draw enough crowd with the right cause though. Red Cross, for another example? Most folks who can afford donations most likely own at least one computer, and if offered as a way to make donations basically for ‘free’, and publicised to all members, it could be useful - again, I posit that many folks who might be drawn to donate to the Red Cross and own a PC don’t necessarily overlap with those who have installed SETI/Folding/Community Grid. And cash is certainly more useful for disaster relief and so forth than processor cycles. If coding didn’t induce regular nightmares of scrolling lines of gibberish, and I was actually any good at it, I’d have a go. If it turns out that you could build a distributed system that was actually useful enough to mine with, of course. Again, figuring that is outside of my performance envelope, sadly

You know these guys, even if it never made much money they’d do it anyway, just for the thrill of getting one over on the the rubes.

2 Likes

How many PUP users are out there? Would a bitcoin collective made out of PUP users actually work? There’s something ridiculous like 6 petahashes per second running on bitcoin. What would a background bitcoin miner manage? 100 MHashes per second? Then they’d need 100,000 users to have a decent chance of finding a bitcoin.

PUP means potentially unwanted program. Stuff that a user might have agreed to install (technically) when they installed something else but probably didn’t want. All those useless toolbars and things that change your default search engine. Based on the number of times I’ve seen “MySearch Toolbar” or “Search Conduit” installed on machines, I’d say they have huge user bases.

2 Likes

And throw enough shit processors that you’re not paying for and you’ll see results.

The issue with the specialised hardware systems that are now used is to make it cost effective to do it yourself. If you’re just stealing resources (power, hardware, cooling etc) from other people then it’s all profit.

2 Likes

It’s a brave new world now that money grows on processor cycles. Dad where does money come from? Your computer. Cool!

2 Likes

I remember back in the day when SWIM had to gather up zombie botnets through trojans and various other shady means, then use those compromised computers to sniff around for sensitive information, to then resell on the black market, and on and on.

Enter future.

Now we can just inject innocuous contractual terms so as to directly exchange “consenting” participants’ compute power for cash.

Convenience unparalleled!