×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bitcoin Miners Bundled With PUPs In Legitimate Applications Backed By EULA

timothy posted about 5 months ago | from the informed-consent-it-ain't dept.

Bitcoin 194

hypnosec writes "Bitcoin miners are being integrated with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. These miners surreptitiously carry out Bitcoin mining operations on the user's system consuming valuable CPU time without explicitly asking for user's consent. Malwarebytes, the company which found evidence of these miners, first came across such an instance of a Bitcoin miner when one of the users of its software requested for assistance on November 22 through a forum post. The user revealed that 'jh1d.exe' was taking up over 50 percent of the CPU resource and even after manual deletion the executable was re-appearing. Malwarebytes dug deeper into this and found traces of a miner 'jhProtominer,' a popular mining software that runs via the command line". However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

194 comments

Free Software (5, Insightful)

Anonymous Coward | about 5 months ago | (#45562571)

This is why you should use free software from a reputable source, such as Debian GNU/Linux.

Re:Free Software (5, Insightful)

Runaway1956 (1322357) | about 5 months ago | (#45562851)

Agreed - but you can't convince the unwashed masses. It's great having a "trusted repository" from which to pull almost all your applications. It's even better that you can browse the source code before compiling, to be halfway sure that the software does what it claims, and nothing "extra".

Admittedly, I'm not qualified to really examine all that source code, but I can and do browse through it from time to time.

Re:Free Software (0)

Anonymous Coward | about 5 months ago | (#45563315)

Honestly I wonder if this could be like "Folding@Home" and have the potential to donate a few (just a tiny few) CPU cycles to FOSS. Obviously the amount should be tiny and optional or configurable. But it seems like a potential way for FOSS devs to get some money for their work. In a sense it is not radically different from adware or something like Ubuntu with Amazon's search.

How soon before websites try using the CPU of visitors to mine bitcoin? Would that be possible?

Re:Free Software (4, Informative)

khellendros1984 (792761) | about 5 months ago | (#45563357)

How soon before websites try using the CPU of visitors to mine bitcoin? Would that be possible?

It's been done [bitcoinplus.com]. Link goes to a Javascript-based bitcoin miner that you can embed in a webpage.

Incorrect (5, Insightful)

Frosty Piss (770223) | about 5 months ago | (#45562575)

Bitcoin miners are being integrated with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. ... However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves

Incorrect.

Software that includes "PUPs" from the original software producer is not "legitimate". Any company with a EULA such as the one described is not a "legitimate" software company.

Re:Incorrect - remove that OS (-1)

Anonymous Coward | about 5 months ago | (#45562701)

and replace it with ANY Unix platform, the creators of the original system cannot be trusted.

Idiot. (-1)

Anonymous Coward | about 5 months ago | (#45562737)

Fucking Troll Boi. Go back to masturbating to your pedophile anime.

Re:Incorrect (4, Insightful)

mysidia (191772) | about 5 months ago | (#45562729)

Software that includes "PUPs" from the original software producer is not "legitimate". Any company with a EULA such as the one described is not a "legitimate" software company.

I agree with you about it not being "legitimate"; HOWEVER, certain major vendors have a conflicting opinion; including the operators of sites such as Download.com and Sourcforge.net.

The trouble is; they're able to hide behind the EULA, and if they are aggressive --- they can sue and win against anyone calling their software malware, since the behavior is "disclosed" as expected operation of the software.

Unfortunately; we ultimately need some prescriptive guidelines for consumer software.

And probably a regulatory regime... including certification marks; example a "SafeSoftware" seal for publishers, similar to the idea behind TRUSTe ---- if the software isn't digitally signed by a vendor holding a SafeSoftware seal; then perhaps, your browser should warn you before releasing the file to the Downloads folder

Then we could use something like an FDA, as it were, to regulate the labelling and safety of software sold to consumers, or provided as a free download.

Re:Incorrect (0)

Anonymous Coward | about 5 months ago | (#45562799)

Not worth it.

Re:Incorrect (4, Insightful)

AlphaWolf_HK (692722) | about 5 months ago | (#45562801)

Then we could use something like an FDA, as it were, to regulate the labelling and safety of software sold to consumers, or provided as a free download.

Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.

Re:Incorrect (1)

BenEnglishAtHome (449670) | about 5 months ago | (#45562917)

Yes, because I would just love having to go through regulatory channels ...

No one would ever require that from small producers. After all, if you have just a couple of cows and want to sell a little raw milk and some craft cheese from your small farm, no one would ever interfere with that. That would be silly.

Oh. ... Wait. ...

Re:Incorrect (1)

mysidia (191772) | about 5 months ago | (#45563085)

Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.

I would say you should be exempt, providing -- (1) You don't generate any significant revenue from the software, from your users, for you, or any third party --- OR substantially all revenue generated was obtained from selling upfront licenses, less than $10,000, AND (2) You don't partner with a distributor who generates significant revenue from distributing or providing any of your software.

In that case; downloading your software should just come with a disclaimer, that it has not been audited and inspected for safety.

Re:Incorrect (0)

Anonymous Coward | about 5 months ago | (#45563189)

Stop trying to figure out how to tell people what to do. Regulate yourself. Leave the rest of us alone.

Re:Incorrect (-1)

Anonymous Coward | about 5 months ago | (#45563225)

Fuck off you communist piece of trash.

Given the fact that you admit you're incapable of maintaining your own computer and choosing your own software, what makes you think you're capable of deciding how the government should control everyone?

Re:Incorrect (1)

fatphil (181876) | about 5 months ago | (#45563775)

> downloading your software should just come with a disclaimer, that it has not been audited and inspected

Or ... come with (an offer of) source?

Re:Incorrect (1)

Anonymous Coward | about 5 months ago | (#45563209)

Download.com is scumware wrapper and I warn everyone I know away from their links as they are virus loaded. I know they are not, but users understand the boogyman "VIRUS" word.

Any of these sites need to get a very bad rep created for them, any honest computer person will help spread the word about download.com as well as sorceforge as they are now owned by scumbags and are not to be trusted. Avoid them at all costs.

I got a one way ticket to North Korea for you (-1)

Anonymous Coward | about 5 months ago | (#45563295)

Hey send me a photocopy of your passport and your mailing address and I can hook you up. You see, there is a place for commie assholes such as yourself and Pyongyang is that one place on Earth where everything you do on a computer is meticulously regulated (you will see, provided your fellow regulating commie assholes allow you access to one). Say hello to Dear Leader for me.

Re:Incorrect (3, Informative)

dkf (304284) | about 5 months ago | (#45563441)

The trouble is; they're able to hide behind the EULA, and if they are aggressive --- they can sue and win against anyone calling their software malware, since the behavior is "disclosed" as expected operation of the software.

They might be able to claim that, but it doesn't mean that courts would necessarily agree. Consumers typically have greater legal protections than companies precisely because they are usually so much less skilled in contract law. This applies in many areas of commerce; for someone to say that computer software should be exempt from this principle is entirely unrealistic.

Re:Incorrect (4, Insightful)

johndoe42 (179131) | about 5 months ago | (#45563759)

Or we could finally fix the law and declare EULAs to be unenforceable. Unilateral contracts like EULAs are out of control.

Re:Incorrect (1)

Anonymous Coward | about 5 months ago | (#45563851)

No. We don't need federal regulation. Why do you think the masses have become so 'brainless'? Big Daddy G is looking out for them. What needed to happen has happened. Someone noticed and the word is out.

This could be the future of all software being free. Instead of having in-app ads, you have bitcoin miners. Make your bitcoin miner too aggressive, people will drop your product because it's too resource intensive.

Re:Incorrect (1)

gl4ss (559668) | about 5 months ago | (#45562755)

http://www.thefreedictionary.com/legitimate [thefreedictionary.com]

dunno what's so hard about the word.

Re:Incorrect (0)

Frosty Piss (770223) | about 5 months ago | (#45562787)

And, Mr. Troll, what is the common interpretation of the word "incorrect" when used in context?

Do you also lecture people on There, Their, and They're?

Re:Incorrect (1)

Runaway1956 (1322357) | about 5 months ago | (#45562869)

Doesn't matter what the law says. If anything from any source is using my computer for any purpose which was hidden, disguised, or obfuscated from me, then it is an illegitimate use. Full disclosure, with explicit permission, or it's illegitimate.

Re:Incorrect (2)

gl4ss (559668) | about 5 months ago | (#45563103)

there was full disclosure via text of eula and explicit permission given when pressing yes to it. problem of course being that people don't read the things(nobody does). but even if it had a blinking fullscreen dialog that spelled out that they will use your computers cpu and your electricity to make money people would still press yes, if it was a necessary step for installing software that they for some reason or another wanted to install. most addware addons nowadays are quite clear in the installers what they will do(install a fucking browser toolbar) but still people install them by the millons.

I do agree with that it's not nice for them to do it, but calling it illegitimate implies that it's unlawful...

good news is that it's bundled with software one doesn't want in the first place.

Re:Incorrect (0)

Anonymous Coward | about 5 months ago | (#45562899)

dunno what's so hard about the word.

https://en.wiktionary.org/wiki/douchebag

From a guy who doesn't know where the Shift key is, you sure come off sounding like a douchebag.

Re:Incorrect (0)

Anonymous Coward | about 5 months ago | (#45562859)

With THAT exact wording, are there ANY 'legitimate' software companies in existence?

Cause I sure as hell haven't found them.

Re:Incorrect (0)

Anonymous Coward | about 5 months ago | (#45563639)

You mean like Oracle's Java which demands to throw on a toolbar every time there is a bug fix?

"potentially unwanted programs" (5, Insightful)

Anonymous Coward | about 5 months ago | (#45562581)

Is "potentially unwanted programs" the new politicaly correct term for malware? It's OK to call it malware, even if the user technically-allegedly-probablynot signed an EULA allowing it.

If it runs an unauthorized bitcoin miner, stealing your cycles and electricity, it's malware. No exceptions.

Re:"potentially unwanted programs" (2)

retchdog (1319261) | about 5 months ago | (#45562653)

As i understand it, there was some concern about something like this [slashdot.org] happening to anti-malware organizations. So, call it "pups" instead. Everyone knows, or will soon know, what you really mean, but it's technically hard to argue that it's slander.

Re:"potentially unwanted programs" (3, Insightful)

Linsaran (728833) | about 5 months ago | (#45562713)

Potentially Unwanted Programs are not quite malware, though in many cases I'd argue are worse. PUPs are generally stuff like 'WOMG Awesome Toolbar', 'Internet Coupon Printer 3000', "Free smilies wacky mouse pointers' and Java.

They're legitimate in the sense that they won't exploit vulnerabilities in your system to install themselves, or (generally) ignore (or interfere with) attempts to remove them from your computer. They might even propose to have some sort of functionality that a user could want. The reality is that the functionality they generally offer is limited at best, and may even be inferior to the native functionality of the computer. They often slow your machine down, eating up your CPU cycles, opening up your computer to additional vulnerabilities, stealing your personal information to sell to advertisers, and generally speaking are not really useful to or needed by the people who have them installed on their computers.

Re:"potentially unwanted programs" (0)

Anonymous Coward | about 5 months ago | (#45562945)

I don't know if I would put Java in the same group as out-and-out malware. Some people can install and use Java in a secure way and some people can't be bothered. I don't want to give up the advantages of the Java language just because some people can't figure it out.

Re:"potentially unwanted programs" (1)

HiThere (15173) | about 5 months ago | (#45562969)

Adding Java to the list *was* a bit over the top. It does have actual advantages in many situations. So far. Oracle, however, seems bent on fixing that problem.

Re: "potentially unwanted programs" (1)

DigiShaman (671371) | about 5 months ago | (#45563475)

Other than the Ask Toolbar that rides along with it. That, and it's a vector for malware.

Re:"potentially unwanted programs" (0)

Anonymous Coward | about 5 months ago | (#45563605)

the advantages of the Java language

What? What does Java do that a piece of Python\Perl\Ruby\Lisp script can't do, other than be easily closed-sourced and open a bunch of attack vectors in the browser?

Re:"potentially unwanted programs" (0)

Anonymous Coward | about 5 months ago | (#45562955)

" The reality is that the functionality they generally offer is limited at best, and may even be inferior to the native functionality of the computer."

So in other words... they're apps.

Re:"potentially unwanted programs" (1)

dkf (304284) | about 5 months ago | (#45563545)

Potentially Unwanted Programs are not quite malware, though in many cases I'd argue are worse. PUPs are generally stuff like 'WOMG Awesome Toolbar', 'Internet Coupon Printer 3000', "Free smilies wacky mouse pointers' and Java.

What, like Windows 8 which came with all those Metro apps (which I've never seen a user actually want)?

Re:"potentially unwanted programs" (1)

mrbluze (1034940) | about 5 months ago | (#45563135)

Is "potentially unwanted programs" the new politicaly correct term for malware? It's OK to call it malware, even if the user technically-allegedly-probablynot signed an EULA allowing it.

If it runs an unauthorized bitcoin miner, stealing your cycles and electricity, it's malware. No exceptions.

I love Bitcoin, it's so honest, so fair, so real, so future-proof.

Re:"potentially unwanted programs" (2)

N1AK (864906) | about 5 months ago | (#45563237)

If you say when it tells you that it can install a bitcoin miner than it isn't running an unauthorised miner. We can argue all day about the idea that EULAs should mean anything, and we'd probably agree, but the EULA tells users this is what they'll do so it's not unauthorised.

I'm sure the people offering programs with a bitcoin miner would be perfectly happy to provide a version without a miner that costs $1 or something equally nominal (it's not like a typical home pc is getting much from mining these days anyway). Unfortunately people are tight and stupid. They'll pirate the paid for version rather than pay a $1 or they'll find a 'free' alternative instead (which includes a miner).

Re:"potentially unwanted programs" (0)

Anonymous Coward | about 5 months ago | (#45563405)

But can it be considered unauthorized if including it's use is IN the EULA you agree to? Since you agreed (most likely without reading), doesn't that make it authorized?

This shouldn't need to be said but.. (0, Insightful)

Anonymous Coward | about 5 months ago | (#45562585)

End users need to learn to be responsible for their own systems. Then again, it's not like Microsoft has made it easy to identify running processes, what launched them and what they are communicating with, so perhaps not all blame belongs to the end user.

One Word: CNet (5, Interesting)

Frosty Piss (770223) | about 5 months ago | (#45562645)

End users need to learn to be responsible for their own systems.

True to a certain extent. But think about downloads from CNet.

Isn't CNet a trustworthy source? No? It certainly LOOKS like a trustworthy source. It's not a warez site, right?

But of course most /. folks know otherwise, we know that CNet is one the major sources of malware.

Also, please remember that not everyone who uses a computer is an "IT pro". This should not be necessary to avoid shit like this crap.

Re:One Word: CNet (0)

Anonymous Coward | about 5 months ago | (#45563205)

Nonsense. Before you drive a car on the road where you could kill someone, you usually do a bit of training. I'm not saying people should have to get licenses to use the Internet or computers, but they have only themselves to blame if they go in blind and get burned.

Re:One Word: CNet (0)

Anonymous Coward | about 5 months ago | (#45563765)

we have saying about burning children, burning makes for great homework. work good for adults too.

Re:One Word: CNet (1)

penix1 (722987) | about 5 months ago | (#45563333)

Also, please remember that not everyone who uses a computer is an "IT pro". This should not be necessary to avoid shit like this crap.

And there is the problem. People pay hundreds or thousands for a computer and still want to treat it as an appliance like their toaster. Why should I give a shit about their safety if they don't give a shit about it? The real question is when are people going to take responsibility for their own actions? Install crapware and get infested with shit like this. It is that simple. It all comes down to greed. Greed on the part of the producers of shit like this and greed on the part of the user trying to get a free lunch when no such thing exists.

Re:One Word: CNet (1)

pspahn (1175617) | about 5 months ago | (#45563763)

I don't really understand the thought mechanism that allows my 60 year old father to somehow install all these browser toolbars and related debaucherous software, but I know for damn sure it's got nothing to do with "being greedy".

Maybe if you took a look in the mirror every time a lay-user asked you a question you simply rolled your eyes to and gave a smart-ass response, you might see that the problem isn't always with the user. Sometimes the heart of the problem lies in the "experts" being unwilling or incapable of educating the non-expert user base.

In my experience, "computer geeks" are notoriously bad at feeling empathy.

Re:One Word: CNet (0)

Anonymous Coward | about 5 months ago | (#45563815)

Our lack of empathy is easy to explain: First you shout at me for 10 years about how suck at soccer - then you expect me to fix your malware infested computer? HA!. *People* are bad at empathy, period - and zero education is given. If you want it so bad, take it. Besides, your dad is probably getting them from the usual porn sites, being old does not mean 'interest' goes away.

Re:One Word: CNet (1)

Bert64 (520050) | about 5 months ago | (#45563561)

This is exactly why walled gardens are taking off, traditional computers are simply not suitable for average users as they require users to know how to avoid malicious sites while working out which ones are not malicious, and all manner of other crap.

Winzip finally found a business model (1)

alen (225700) | about 5 months ago | (#45562613)

After all these years they figured out a way to make people pay for their software

Along with winrar

Re:Winzip finally found a business model (0)

Anonymous Coward | about 5 months ago | (#45563121)

Oracle is watching. Avoid the next java update.

Straight up theft (1)

jtownatpunk.net (245670) | about 5 months ago | (#45562617)

And that's a big bump in electrical use these days. Especially if they're getting GPUs involved. My gaming rig's power consumption roughly triples under load. Then it cranks out the heat so my AC kick in...

No Wose Than Flash With Norton (1)

Anonymous Coward | about 5 months ago | (#45562619)

This is no worse than Flash installing Norton antivirus when you update. Sure, you can opt out of installing Norton, but most inexperienced users end up installing it anyway.

Besides, a Bitcoin miner would probably use fewer system resources than Norton.

Re:No Wose Than Flash With Norton (0)

Anonymous Coward | about 5 months ago | (#45562757)

Amusingly reminds me of something that needs checking but I got lazy and used IE to update Flash recently on Win7 laptop because one or more of Firefox's addons, probably AdBlock+ blocked the Norton option from appearing and the then broken Flash install page kept kicking me over to another Adobe page. Tried IE just to see how it would react and there is the little Norton (or whatever malware addition offered with Flash at that time) BS checkbox and images, unchecked the box and hit the install, it then loads a successful completion page on Firefox once the install is complete, since Firefox is my default browser there. There is still no valid substitute for Firefox+NoScript functionality, except IceWeasel etc of course. Does NoScript threaten Google's profit margins? Chrome is useless without it. Google* gets dewhitelisted in my NoScript installs, along with MS and Yahoo nonsense etc.

10 words or less (0)

Anonymous Coward | about 5 months ago | (#45563001)

Could you reduce what you just said down to 10 words? Thanks.

Windows does that too (-1, Troll)

ruir (2709173) | about 5 months ago | (#45562627)

Finally we find out why this machines are all slow...they are collecting bitcoins for Bill Gates.

I found another one (1, Funny)

NoNonAlphaCharsHere (2201864) | about 5 months ago | (#45562663)

A potentially unwanted program that consumes over 50% of my CPU cycles: it's called Adobe Flash. Anybody know how to get rid of it?

Re:I found another one (0)

Anonymous Coward | about 5 months ago | (#45563645)

Got the same problem with a process called gtk-gnash.

Screw-U-Ware (0)

Anonymous Coward | about 5 months ago | (#45562667)

A new dimension in computing.

The really strange thing about this: (4, Interesting)

Dputiger (561114) | about 5 months ago | (#45562709)

Bitcoin mining on anything but ASICs is no longer profitable. Even on an R9 290X with an 80+ Platinum PSU, you're making maybe $1 - $2 a day. And the vast majority of people don't have anything like that equipment. CPU mining is so slow, you'll never complete any work before the block is finished. GPU mining is still fast enough to get some work done, provided you own an AMD GPU.

But Nvidia GPUs don't mine BTC for beans and most mining kernels will crash an NV card or lead to rampant slowdowns and random lockups. Even an AMD card needs a low priority miner to escape the kind of UI chokeup that immediately alerts someone to a problem in the system. This might have made sense in 2010, when CPUs could still mine, but these days the return on investment is going to be terrible -- and the performance hit is big enough that people *will* notice.

Re:The really strange thing about this: (2)

DingerX (847589) | about 5 months ago | (#45562735)

Who cares? If your freebie gets 100k installs, and only 1000 of them still work, you can probably count on $500/day, recoup your dev costs and make some money faster than you can say "Unconscionable".

Yeah, there is that. A EULA that crypto-tries to say "in exchange, you agree for us to take over your computer and use it to crank out money" is no good.

Re:The really strange thing about this: (1)

reikae (80981) | about 5 months ago | (#45563019)

It's profitable, but not as profitable as you think. One thousand Core i7 3930k CPUs mining (66 GH/s) nets around 40 euros per day (at 835â/BTC).

The number of installs is probably much higher than 1k, but on the other hand most CPUs won't be as fast as a 3930k and won't be running 24/7.

Re:The really strange thing about this: (1)

ArchieBunker (132337) | about 5 months ago | (#45563387)

That is still hardly worth it.

Re:The really strange thing about this: (0)

Anonymous Coward | about 5 months ago | (#45563707)

That is still hardly worth it.

Maybe where you live. In some parts of the world, 40 euros a day would allow you to live like a king.

Re:The really strange thing about this: (1)

ledow (319597) | about 5 months ago | (#45562797)

From what I see on the various online calculators for these sorts of things, the kind of ASICs you could afford are no longer profitable even now. You make a net loss on electricity even on the cheap, low-power USB device. You have to spend about $2000-3000 on a dedicated machine with dozens of ASICs in order to actually make any profit.

And when you project into the future for the difficulty changes, etc., you'll find they are barely profitable for a year or two.

CPU mining is worthless. Even with a whole bunch of computers running "for free", you won't make any money out of it.

GPU mining is uneconomical but you might make a few bitcoins before the difficulty changes again.

ASIC mining isn't really subject to the article's malicious use scenario, but even then in another couple of years you won't be able to make money.

The problem is that there's little where else go go. We're reaching the top of the curve for bitcoin mining, long before all the possible coins are "found".

This is one of the reasons that Bitcoin has seen massive jumps in price since the ASIC generation turned out to just kill off the predecessors, not actually make a bucket-load of profit.

Re:The really strange thing about this: (0)

tompaulco (629533) | about 5 months ago | (#45562965)

You must be looking at some strange calculators. ASIC devices are much more efficient on energy than even the most efficient GPUs. My GPU is just about breakeven at current prices and difficulties. The cheapest ASICs would make me a few hundred in profit. The biggest ASICs, some of which cost $1,000, use a few hundred watts of electricity and would presently yield $2,500 USD equivalent a month.
I haven't bought an ASIC and I haven't mined in awhile, but I pay attention, and it is definitely still very profitable with the latest technology.
All of the previous revolutions in mining made the previous generation unprofitable. ASICs made FPGA obsolete (well, maybe not quite yet). FPGA made GPU obsolete (not really, but ASIC sealed its fate). GPU made CPU obsolete (eventually).

Re:The really strange thing about this: (3, Interesting)

ledow (319597) | about 5 months ago | (#45563207)

http://mining.thegenesisblock.com/ [thegenesisblock.com]

Select the hardware, look at the cost (just underneath it), see how many actually make a profit (in blue on the right) after a few months, how many after an entire year, and how many never make one (profit in red and bracketed).

Quite a lot of the companies have NOTHING on there that generates profit at all (including the new USB ASIC miners, for instance, as I said).

The ones that do make a profit, you need a few thousand of dollars investment, hope the difficulty doesn't go up, and you might make a few hundred dollars for 6 months until they start to make a loss. The ones that make thousands of dollars cost over $10,000 in the first place.

And next year, you will be worse off again.

Not saying you can't make profit. Saying that when you take into account the hassle, the cost, the difficulty changes, and the risk, you'll be lucky to make more than your bank would have given you for the same amount of cash in a savings account. And at least that doesn't "devalue" over time.

Re: The really strange thing about this: (1)

DigiShaman (671371) | about 5 months ago | (#45563507)

Assuming the BT bubble doesn't pop anytime soon; eventually BT mining will only be profitable with large investment funds. Like say, financial institutions and banks.

So basically, nothing changes for the little guy. He/she will still get fucked. Fact of life!

Re:The really strange thing about this: (1)

tftp (111690) | about 5 months ago | (#45562995)

We're reaching the top of the curve for bitcoin mining, long before all the possible coins are "found".

This means that at some point the remaining coins wouldn't be searched for. For that to be economical, each coin would have to cost a $1M or something. If that's not the case, there is no reason to bother. It's exactly as I don't walk the streets looking for lost coins, wallets, or jewelry. I guess I could get some revenue this way, but it makes no sense - there are better ways to make money.

ASIC mining isn't really subject to the article's malicious use scenario, but even then in another couple of years you won't be able to make money.

Miners, as I understand, are an essential part of BTC network. If nobody mines anymore, how will the network operate? There is nothing on the horizon, and the difficulty would make it prohibitive anyway.

Re:The really strange thing about this: (1)

reikae (80981) | about 5 months ago | (#45563047)

As I understand it, the miners also get a tiny fee for processed transactions. So maybe you'd walk the streets looking for loot if you got paid x amount every ten meters.

Re:The really strange thing about this: (1)

tftp (111690) | about 5 months ago | (#45563185)

From what I know, miners only get a fee from the blocks that THEY mined. Not from other miners' blocks. If true, this gives even more advantage to "early adopters" - not only they sit on mountains of nearly free BTC, they also collect rent on it. Those would be the only "miners" left (they won't be doing actual mining, probably.)

Re:The really strange thing about this: (1)

petermgreen (876956) | about 5 months ago | (#45563779)

When a transaction is included in a block any transaction fees in that transaction* go to the miner who included the transaction in the block. Where the bitcoins originally came from is irrelevent.

* Including transaction fees in your transaction is not mandatory but doing so increases the chance of it getting included in a block in a timely manner.

Re:The really strange thing about this: (1)

ledow (319597) | about 5 months ago | (#45563233)

You can pay a transaction fee to speed your transaction. It's assumed that when all the coins are mined, people will make money from this transaction fee instead.

But all coins aren't mined yet, so there's still a once-in-a-year/decade/whatever chance that you'll generate a whole coin, so people won't stop mining for a while yet. And a whole coin is worth several thousand at the moment. It won't be "profitable" but people will still be mining on the off-chance of a windfall, I suspect.

Re:The really strange thing about this: (1)

Bert64 (520050) | about 5 months ago | (#45563587)

You won't get to a situation where noone is mining at all, as those for who mining is no longer profitable stop mining the share of profits for those who remains will go up and the difficulty goes down. Eventually you will hit a plateau where the people with cheap electricity and the latest asics will make money and noone else will bother.

Re:The really strange thing about this: (1)

petermgreen (876956) | about 5 months ago | (#45563791)

If nobody mines anymore, how will the network operate? There is nothing on the horizon, and the difficulty would make it prohibitive anyway.

The difficulty is set to keep the rate at which miners successfully create blocks roughly constant. If miners stop mining and the total network hashrate drops then the difficulty will also drop.

Re:The really strange thing about this: (1)

gl4ss (559668) | about 5 months ago | (#45562811)

it's profitable.

it's just unprofitable if you have to pay for electricity or the machine investment. there is no investment in this method though. ..besides many of these machines do have gpu's.

Re: The really strange thing about this: (0)

Anonymous Coward | about 5 months ago | (#45563171)

That's the spamming business model. The cost is so low, that even minimal returns can add up. So what if the chances are low that a PC can contribute much. What about 1000 PCs? 1000000 PCs?

Re:The really strange thing about this: (0)

Anonymous Coward | about 5 months ago | (#45563227)

You are 100% wrong. Take all the ASIC's you can buy and I can out mine you in a heartbeat on PC's.. Because if I have 500,000 users computers out there all mining for me, you don't have enough cash to buy enough ASIC's to even get close to 1/10th my capacity.

Now scale that up on a popular app or a scumbag company like download.com bundling it on everything and your precious ASIC becomes a joke. A complete and utter joke.

Call me when an ASIC can match the power of 1.2 million computers that are compromised by a company like CNET or Sourceforge.

Re:The really strange thing about this: (2)

Bert64 (520050) | about 5 months ago | (#45563629)

Current generation ASICS are capable of hashing bitcoin faster than supercomputers, which consist of thousands of high end CPUs running 24/7...
Your network of compromised computers won't all be running 24/7, won't all be the latest processors and won't have exclusive use of the CPU...

Incidentally this article isn't talking about bitcoin, but about an alternative coin which works similarly to bitcoin but using a different proof of work algorithm, one that is designed to be less suited to GPU and ASIC implementation, while also being less popular and thus having less competition (and much lower value).

Re:The really strange thing about this: (1)

shutdown -p now (807394) | about 5 months ago | (#45563689)

Mining Bitcoins is unprofitable, yes. Mining some other coins (e.g. Litecoin) can still be profitable, even on a GPU. About $400/month with a high-end AMD at current difficulty.

Names please (1)

k2r (255754) | about 5 months ago | (#45562821)

Whenever I read something like this it makes me wonder what "plausible" software is the means of infection.
I may be naive but I can not imagine that any of the companies and individuals I install stuff of on my machines would be shady enough.

What stupid stuff from what shady source do I have to install to get a Bitcoin-Miner I didn't ask for?

Re:Names please (2)

k2r (255754) | about 5 months ago | (#45562863)

I should have understood the article, first.

From the article it seems to be
www.yourfreeproxy.net

Well, who would not want to install an application that redirects all of their network traffic though their servers FOR FREE?

Re:Names please (4, Insightful)

mr_jrt (676485) | about 5 months ago | (#45563067)

I should have understood the article, first.

From the article it seems to be
www.yourfreeproxy.net

Well, who would not want to install an application that redirects all of their network traffic though their servers FOR FREE?

Someone not very technical wanting to bypass their government's mandated filtering?

Could be worse.. (0)

Anonymous Coward | about 5 months ago | (#45562951)

At least they don't turn you into a Humancentipad

False advertising laws may come into play here (0)

Anonymous Coward | about 5 months ago | (#45562961)

In many countries advertising a product as "free" when you have fine print that says it's not free (hint: electricity costs money) is illegal.

Fair is Fair (1)

Murdoch5 (1563847) | about 5 months ago | (#45563021)

If the EULA mentions minning of any kind and you accept it without reading it then you can't complain. The reason you have the EULA presented to you is because you're meant to read it.

Re:Fair is Fair (1)

Jeremy Erwin (2054) | about 5 months ago | (#45563061)

My attorney bills $250/hour to read and analyse a EULA. Expensive, but worth it.

Re:Fair is Fair (0)

Anonymous Coward | about 5 months ago | (#45563133)

So, reading an EULA is actually work, and they expect us to do it for free???

Re:Fair is Fair (0)

Anonymous Coward | about 5 months ago | (#45563729)

How many hours, pray, have you invested in this EULA analysis?

Re:Fair is Fair (0)

Anonymous Coward | about 5 months ago | (#45563437)

The reason you have the EULA presented to you is because you're meant to read it.

I guess you never tried to read one than ? With "read" as in read-and-fully-understood ofcourse.

Although for most of us its quite doable to read the words in a EULA, and we might even speak the sentences they create without stuttering, understanding the meaning of those words and sentences, let alone the whole document, is a whole other matter.

Nope, as far as I can tell EULAs are not ment to be read by the users. Quite the opposite actually.

potentially? (0)

Anonymous Coward | about 5 months ago | (#45563113)

I think we just need to call it UP - unwanted programs. No potentially about it.

Doesn't Digsby do something like this? (1)

mrbene (1380531) | about 5 months ago | (#45563153)

Pretty sure that "free" chat client aggregater Digsby has been using CPU time on machines it's been installed on for ages - one of the reasons I don't recommend people use it.

It's in section 15 of their TOS [digsby.com].

Don't know if they've ever used this specifically for Bitcoin mining, but there's no reason they couldn't.

theft of electricity... (2)

AndroSyn (89960) | about 5 months ago | (#45563173)

Remember when all the crackers could be charged with was, "Theft of Electricity"? Now this is actual real theft of electricity.

Re:theft of electricity... (0)

Anonymous Coward | about 5 months ago | (#45563581)

They're rustlers pardner. Let's saddle up and get 'em. Yehaaa! Who's got the rope?

Add a checkbox at startup (0)

Anonymous Coward | about 5 months ago | (#45563669)

How do you want to pay for using this application?
[ ] advertisements shown within the application
[ ] participation in email campaigns
[ ] redirecting your network traffic for market analysis
[ ] solving captchas for us
[ ] by providing processing cycles
[ ] $

Seems fair to me. Just should be visible to the user and not hidden in some EULA.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...