This is pretty hilarious. Given how small the load can be to automatically contribute hashes to a pool for ___coin, I expect more of these in the future, but smarter. Runs for 5 seconds per minute on ten million devices for six months? That's no joke with some of the hardware out there.
It's this close to a victimless crime (that is, unless the victim gets their CPU/GPU fried, as has happened with these nets before). But what about apps that use spare cycles while you're plugged in, or above 75% battery, or between hours x and y, to mine dogecoins for charity? People would voluntarily submit to that!
It's the disdain for the user. Take their data, use their CPUs, whatever. Users are dumb, they won't notice, and hey, the app's free anyway.
Back in the day, the software on my "Personal Computer" was my friend. It was all wonderful things to have and to learn about.
Looking at my smartphone that's right here on my table, it's shiny, but I've long felt a distinct lack of control over the thing. And now this: Hello - any of you apps mining anything right now in there?
That would be strange, given that the only Google-produced code on my Android-running phone comes from AOSP and has had plenty of eyes (and network sniffers, and firewalls, etc) on it to weed out any such mining.
If you run Google applications (on Android or on iOS or elsewhere) you send data to Google. If you don't want to send data to Google, don't run Google applications. The same goes for Apple applications which phone home to Apple, Microsoft applications to Microsoft, etc.
Android works fine without Google applications ('gapps'). It does not need the Google Services Framework to survive. You don't need the (horribly named) 'play store'. Nor Gmail, Google Maps, Google+, etc. This is one of the big differences between Android and the other bigger players in this field - you have a choice.
That depends heavily on the user. I love my smartphone (now have a Note 3, last phone was a Note) but large-screen portable web browsing and built-in GPS/Navigation are the draw for me, not hundreds of apps. I have few installed.
Electricity and bandwidth are both resources that most people have to pay for, I would consider this theft and not a "victimless crime".
The severity of financial impact on the victim is irrelevant. If I steal tiny amounts of money ~0.01c from large amounts of people and accrued significant wealth from it, is it fine? Is it a "victimless crime" because the amount is so small?
You seem to mean "negligible", which is a different meaning than "irrelevant"; the point that was being made is that even if it were a "negligible" amount, the crime is not "victimless", hence the amount of the theft is "irrelevant": the point you seem to be making is that it might be a non-"negligible" amount, which is probably true, but at this point in the thread unrelated, and in fact according to the post you are responding to, "irrelevant" ;P.
I agree, its theft. If I borrow your bicycle all the time without you knowing it may be innocent enough, but it still causes wear and tear on the bicycle. I am thieving bicycle time from you that you paid for. If I had simply asked for it, you couldn't blame me, but alas I took it without your consent.
[edit]
Do either of these apps explicitly state that they will access/use device in this way?
Someone cuts down trees from land they don't own to haul them away for lumber? That's clear theft to me.
Removing furniture that you don't own from a cohabited dwelling and storing it without telling the owner the location? That's clear theft to me.
Someone finds lost goods that they then keep for themselves without attempting to return them to the rightful owner? I can see that being something other than theft.
Seriously? An app that does what it says isn't stealing from you. An app that runs up your electricity bill and damages your phone without disclosing its behavior is clearly a different matter.
We're not talking about damaging the phone now. As for electricity, lousy developers steal it as well. What's the difference if the stealthy app does what it says and is reasonable about mining? The cost for user is negligible.
Edit: Just a note, I'm not saying this is OK for apps to do, but to call it a theft is ridiculous.
> As for electricity, lousy developers steal it as well. What's the difference if the stealthy app does what it says and is reasonable about mining?
I can think of at least two differences. First, the developer profits from one but not the other. Second, the developer intended one but not the other.
We evaluate the morality of accidental waste differently from that of deliberate taking for personal gain.
> We evaluate the morality of accidental waste differently from that of deliberate taking for personal gain.
On the other hand, if you look at this from another perspective, inefficient software wasting power means no one gains. If the same power was being used for mining, then someone gains. If I were forced to choose between these two alternatives, I would definitely pick the latter.
If I make a mistake at doing my taxes and accidentally pay $1,000 less than I should is that the same as knowingly gaming the system so that I have to pay $1,000 less?
Here's a story from 2004 about a school IT tech who installed SETI@home on the school machines. The increased electricity bill caused some consternation and he lost his job.
I did that on some university servers around 1999. We had a few Alphas dedicated to batch processing, and I set up S@H to run on them.
One catch was that the duration of batch jobs was limited to 12 hours, so I couldn't just fire and forget. I ended up scripting it so that when the job ended, it automatically resubmitted itself to the batch queue.
It took about a day before I got a surprisingly friendly e-mail from the sysadmin asking me to please stop.
I'm inclined to believe that things like this could just be an alternative to ads. Ads take up CPU, battery life and bandwidth too (although a relatively small amount compared to coin mining). Alternative income source, I guess.
Taking that further, I would much rather be used as a fractional miner than provide unhindered, across the board access to personal transportable data and per device usage from the device.
Providing a user with means to throttle or govern the mining seems appropriate even if not explicit. If I am trying to use my device put the virtual mining crew on break and dont check back for at least 20 minutes.
Secondly, exclusive mining rights. Only one app per device, but each developer can ask for a share of the haul. Having more mining apps competing for time will work in no ones favor. As the device owner I should inherently be entitled to a significant share.
An auditible mining client would be valuable. I could certainly see this as something that could eventually fit neatly somewhere between an optional and encouraged part of an AOSP deployment.
It will frequently be the case that it would be cheaper for the user to simply buy whatever credits are being mined with their resources (which means that many of them won't knowingly run miners).
Today, perhaps and most likely in all but a few cases. That doesn't preclude a shift or evolution of platforms to more efficiently provide that capability as a built in.
This is alarmingly similar to the ESEA situation where ESEA (a premium membership gaming community) discreetly built a bitcoin miner into their anti-cheat client [1], fried some users' graphics cards and were found out then fined $1MM. [2]
This could be an interesting model to do out in the open. Rather than covertly mine cryptocurrency, say that the app is free if you contribute hashes to a pool, or you can buy the premium version that doesn't.
Almost like the "slow" version vs the "fast" version of an app.
The idea of sharing computation cycles certainly did, however, converting those computation cycles into currency so it can fuel other "real" work is most definitely a by-product of bitcoin.
I've been working on an idea similar to this for a few months. Instead of limiting this to crypto currency mining (a fair application, FWIW), why not approach this with the idea that people plugging in their phones every night could easily constitute the largest distributed supercomputer ever built? Everyone has the same nightly ritual: Wake up, use phone/tablet/device, plug in at night. Once it's plugged in, your phone charges to 100% after a few hours, and then essentially sits there for x hours effectively doing nothing (that's a little sensationalist, but it highlights my point). Folding@Home, et al have done this before, but the silver bullet here is that no one turns off their phone when it charges at night - perhaps to maintain the off chance they receive a random 4 AM phone call.
Now if you can combine this with an SDK (say... something Javascript based) that makes it easy to write/deploy compute jobs/"apps", you have a real distributed computing platform. You can also maintain security by using a similar proof-of-work scheme that bitcoin uses to prevent fraudulent mining.
The real challenge here is incentivizing people to run your app. Here's my sign up form for an early private beta for anyone who is interested.
I thought of this as well, but more along the lines of protein folding. I think finding a cure for one of those diseases would be more than enough for most people to justify the power consumption.
Folding@Home, and the BOINC network over at Berkeley have done a great job at this already. http://boinc.berkeley.edu
There's still an immense opportunity to tap unused cycles if you give people another reason to donate their device time. Unfortunately, altruistic purposes don't always appeal to the masses :-)
I could see it being used for protein folding, but I don't think cryptocurrency mining is an application. By running your app, I'm consuming extra electricity for which I would have to pay. How would you compensate me for that?
The basic crux of how the app works is similar to how regular bitcoin miners work. As you run the app, the app runs compute jobs (known as Stynts) which generates proof-of-work (that it did something) and sends it up to our servers. The more you run the app, the more proof-of-work you generate. You get rewarded via virtual currency (we assign to you) when you successfully run a Stynt which can then be exchanged for real goods.
Of course, the amount you get compensated should feel valuable and commensurate to the "effort" your device expended for this to be worthwhile. It largely boils down to user expectations, but given economics of scale, I'm confident that we can have more than a 1:1 ROI of effort to reward.
Errr.... I know that phone chargers draw some power even when the phone isn't charging, but surely it's orders of magnitude less than what they draw when the attached device is running at full capacity.
Not to mention how hot the damn things could get.
So it's going to cost me electricity and probably shorten the life of my phone - why would I sign up?
The app actually monitors the battery temperature (exposed on all Android phones) and throttles down when it exceeds a certain threshold.
The charging circuitry on some phones (not all) actually disengages the battery from the charging circuit path once 100% AC power is reached. In other words your phone's CPU runs off of AC power (and not via the battery) once 100% charge is reached.
Why you would sign up is where it gets interesting - the app works via a similar incentivization scheme as how bitcoin miners work - the more you run the app (mine) the likelier you stumble upon a valid proof of work, and you get rewarded by virtual currency.
These schemes mostly just convert electricity to cryptocurrency. The electricity is almost always more expensive than the value, but the app authors aren't paying the bill.
If you're plugging in your 5W charger for less than half the day, the limit is maybe $2/year/user, assuming you can get away with it for a year...
I think what surprises me most about this situation is that even though the supposed offending apps, Songs in particular has been downloaded and installed between one and five million times but only possibly generated the author a few thousand Dogecoin. Seems like a big risk for a few dollars, wouldn't advertisements be more profitable option?
That's putting a value of zero on being fined (or worse). I don't think the risk is non-zero. Just takes one zealous AG to file a case against you (even if you're out of jurisdiction, there's a non-zero chance you might end up passing through at some point).
Yes, that's definitely true. I don't know what kind of vetting is performed for free apps on the Play Store, but for all we know, couldn't it be someone pseudonymous in a non-extradition country uploading via Tor?
I wonder how viable doing this openly would be as a free-to-play business model? Being upfront with the user: "we're not going to show you any ads and you won't have to pay anything for extra content, but we'll be using a tiny proportion of your CPU time to mine cryptocurrency to pay for the development costs of this app."
It was done secretly in the recent past, and apparently while it lasted (weeks, i think?) it brought in something like $6k. It helps that most gamers have fairly powerful graphics cards.
If you mapped bitcoins mined to microtransaction currency (for in-game rewards) most players would love it.
Not sure if this is what you're referring to, but this was done last year in secret by ESEA, a US gaming league (primarily Counter-Strike) [1].
They claim the value was almost USD$4,000 over about two weeks, although we don't really know how many users were affected and for how long. This doesn't seem like an extraordinary amount, though, especially if we're talking about using mobile phones instead of high-end gaming PCs.
Careful.. The New Jersey DA is trying to go after an MIT student for simply exploring the freemium mining concept at a hackathon. He got MIT and the EFF to back him, but there are probably others looking to make an example out of someone.
Yep, at RPI we had a research project doing something a bit similar by tying bitcoin transactions to the HTTP protocol itself to enable on-the-fly payments with an alternative of on-the-fly mining.
RPI lawyers told us to stop after we asked for counsel due to money transmitter laws. A few months later the MIT kid got hit with a subpoena. Bullet dodged for us but I really hope he pulls through with a win.
This is the thing that worries me the most about Bitcoin and other cryptocurrencies--because I want them to succeed--there are myriad laws surrounding money transfers, especially electronically. There are tax implications, as well. There are also huge trade agreements internationally--and even intranationally--that come into play, as well. Banks and credit card companies currently handle most of the legality of these things, but with cryptocurrencies, there are no banks--these are essentially cash transactions.
I expect more and more folks will start to "discover" the real legal implications of some of these types of applications. I'm sure we'll see some story or what have you, and we'll all cry foul, even though the laws have been in place for many years and we mostly (albeit somewhat unknowingly) abide by them.
I also expect that folks will "discover" why we have central banks for currencies, and why Alexander Hamilton was a Smart Guy.
While cryptocurrencies are new, the problems they'll face aren't--in fact, we've solved these problems mostly in developed countries. They still exist pretty readily in developing countries, though. What happens when we start selling securities based around cryptocurrencies, such as derivatives? If you think the SEC will allow Americans to buy, sell, and even discuss securities openly, you are out of your mind.
What about money laundering? When/if you ever work for a bank or an investment firm in the US, you'll take some training around money laundering (there are even tests at the end). The SEC (allegedly) holds these firms responsible for spotting, reporting, and stopping money laundering schemes. What happens when money laundering happens over an exchange? How will that be handled?
Sorry for the long-windedness...your anecdote just got me thinking.
wait... forget invite only - anyone could download.
Your rank would depend upon how early you became a member and how often you leave the app running. The mining load would increase/decrease depending upon how many users are running the app at the time.
I wonder if the new mobile GPU's are any good at mining scrypt-based currencies. It's possible that this could be fairly profitable. I don't think that long term this is going to replace ads though. Cryptocurrencies are too volatile at this point and I'd wager that ads are going to continue being much more profitable.
I had this as a day dream a month ago. Though it would work as in-app currency that I would give to the users and the servers / aws bill would be subsidized by the collective micromining.
This is why the permissions model needs to be improved - not just to deny/grant normal ones, but also to stop apps from unexpectedly running in the background.
Scrypt based coins (like doge) won't get hashrates nearly that high. For example, a GTX670 pulls in ~300kh/s while mining doge. 1.3mh/s would make the Galaxy faster than the current highest end graphics card[1]. A Raspberry Pi pulls in just under half a kilohash/sec[2]. So your number is probably about 1000x higher than it should be, based on the number for the Pi. $17/hour is a lot less attractive.
For a F2P app, the cost of doing this is basically 0 and the revenue will continue to increase as long as the app keeps getting popular. Doesn't matter if the revenue is small, it's still more revenue from your F2P app.
It's this close to a victimless crime (that is, unless the victim gets their CPU/GPU fried, as has happened with these nets before). But what about apps that use spare cycles while you're plugged in, or above 75% battery, or between hours x and y, to mine dogecoins for charity? People would voluntarily submit to that!