back to article Mining apps? We're cool so long as they admit to it, says Canonical

Canonical has responded to last week's discovery that its Snap store carried apps containing embedded crypto-currency miners, by pledging to introduce a “verified developer” program. When users complained that apps by Nicholas Tomb included the mining code, they were pulled from the Ubuntu Snap store, with Canonical promising …

  1. Jason Hindle Bronze badge


    "The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself."

    Hmmm... This statement deserves a little scrutiny. If you're using my resources for personal gain, without my knowledge of consent, then I think there's a pretty strong argument for unethical behaviour.

    1. fandom Silver badge

      Re: Unethical?

      Could that be the reason why they added "by itself"?

  2. ShelLuser

    At the risk of being cynical but...

    "Canonical wrote “we are working on the ability to flag specific publishers as verified. The details of that will be announced soon, but the basic idea is that it’ll be easier for users to identify that the person or organisation publishing the snap are who they claim to be.”.

    So the thing I fail to understand: when was identity ever an issue? It looks to me as if the identity of the user had little to do with all this but mostly the act of them trying to "borrow" resources from your environment. It's not the user but the product which was the problem.

    How much extra money would the developers have to cough up for them to be verified I wonder? Is this Canonical's own way of trying to gather up some extra cash without too much extra effort being involved?

    I mean.. The way I read all this they're basically saying that: "Verified users will be more trustworthy than non-verified users", which I think can create very dangerous precedences. But mostly: so if my application informs the user somewhere at the bottom of page 6 in small print that there will also be crypto mining involved, would that be counted as informing the audience? Because technically I did, wouldn't you agree?

    Why not plan for a rule to plain out ban any behavior of this kind?

  3. revenant

    Not even a slap on the wrist, then?

    It seems he will get away with a "Naughty, naughty. Don't do it again." from Canonical, having claimed he didn't realise it was wrong.

    It was malware, and I wonder if Canonical are bending over backwards to resolve this without acknowledging that serious fact.

  4. TrumpSlurp the Troll Silver badge

    Crypto mining in general

    From my limited understanding, to be cost effective you have to have masses of specialist equipment designed for crypto mining. If you just mine in your own home then the value of the coins mined is less than the cost of electricity. This is the weak point in the arguement that allowing mining pays "free" software developers for their effort. It is more cost effective to pay them directly than to pay the electricity supplier a cut as, effectively, a currency converter.

    The alternative to using your own electricity is to use someone else's. Hence mining on other people's computers.

    I was just wondering about all the places where electricity comes included in the package. Hotels, some trains, airports, camp sites, some coffee shops. You could, presumably, if you frequent these places carry a small mining rig around with you and plug it in at every opportunity. Road warriors could mine almost full time. However I have no idea how long it would take to recover the cost of the rig. I assume that the big win with distributed mining code is that the sum of all the inefficient parts makes up for the inefficiencies.

    Edit: P.S. I just thought of another way; build a rig into your EV and mine whilst charging at free charging points. You could pull a lot of power without anyone noticing.

    1. Multivac

      Re: Crypto mining in general

      If you want to mine bitcoin you'll need an ASIC, but some crypto's are ASIC resistant, ethereum is supposed to be one of these and they do it by using an algorithm that requires a lot of memory which takes up a lot of chip space.

      Blockchain is finding more and more uses, a US healthcare provider is using it to store patient data and it lends itself to tamper proof accounting systems very well. They can use their own systems to build the blockchain but at some point it's going to be simpler to farm this out and if they can create a coin/token for their blockchain it's conceivable that instead of popup adds on your smart phone app you can rent out your processing power instead.

    2. MonkeyCee Silver badge

      Re: Crypto mining in general

      "From my limited understanding, to be cost effective you have to have masses of specialist equipment designed for crypto mining."

      You don't need masses. It's like anything else, you can have one miner or a thousand, just depending on what scale you're going for.

      Depending on the base algorithm of the currency you want to mine, there will be a set of equipment that is profitable. For Bitcoin, the algo is SHA-256 and you'll need the latest generation of custom ASICs to be competitive. For Monero the algo is cryptonite which is profitable on multi-core CPUs from the last 2-3 generations (Xeons, i7 and Ryzen) and on GPUs. Etherium uses equihash, and you need a GPU for that.

      Your costs are the hardware, power, network and labour. Hence why running your code on someone else's power is pretty good deal (for you), since you only pay for the labour then.

      If you're running a rig yourself, then whether it's profitable or not typically come down to how much power costs, and whether the waste heat is useful.

      I've got a few rigs that are still profitable, and a couple that are break even but are used as space heaters. For the latter, it's a case of either buying a heater for ~30 euro and paying ~50 cents per day to heat the room, or paying ~600 euro (probably closer to 700 these days) and nothing per day for heating.

      "I was just wondering about all the places where electricity comes included in the package."

      I would imagine that there is a reasonable use policy for those things. If you exceed that, then you'll get booted off, and possibly prosecuted. A small mining rig is a bit of a contradiction too :) you can squeeze a single card miner into a small form factor, but that will be a bit obvious on the train. Maybe a gaming laptop, but those GPUs are not going to take sustained load without wrecking the fans. While replacing the fans on a normal GPU is maybe 20 minutes work, laptop ones are a bit more of a bugger.

      Personally I'm loathe to move a rig once it's running. Once it's set up and running I don't really want to touch it unless it needs a cleaning or I'm decommissioning it. Passive income and all that.

      For example a "cheap" 4 card miner with the case closed weighs in at 22Kg and draws 750W, produces roughly 6-10 euro per 24 hours. So assuming you could sneak it into your coffee shop and stay there for 8 hours without arousing suspicion, you could just about afford a cup of coffee. That's a rig that'll set you back maybe 2200-2500 euro or so.

  5. Tigra 07 Silver badge

    "Tomb, the post says, promised to play nice in future"

    And we're to believe him? Prosecute him.

    1. Anonymous Coward
      Anonymous Coward

      RE: And we're to believe him? Prosecute him.

      "And we're to believe him? Prosecute him."

      For what?

      He may have buried the crypto-mining acceptance deep in his Ts and Cs, but he did nothing illegal. As far as the law is concerned he had permission from the user, plus the act of mining is not illegal.

  6. TVU Silver badge

    "Tomb, the post says, promised to play nice in future"

    It is safe to say that after this incident, I will not be going near any of Nicolas Tomb's apps - ever.

  7. GnuTzu Bronze badge

    Truth in Labeling

    Other commenters have effectively already covered the ethical argument.

    But, the fact that manufacturers and marketers (not to mention politicians and lobbyists) get away with, and keep getting away with, so much misrepresentation, misdirection, misleading packaging, and outright lying may very well be the reason our culture might be brainwashed into thinking products aren't obligated to certain levels of disclosure and transparency. Caveat emptor is, after all, a very old expression.

    But, that begs the question, do we really know the boundaries between little white lies, defensive social lying by an individual, and massive organizational deception. If we could just get that pinned down a little better, we might actually get to roll back some of the special protections that companies and agencies enjoy.

    1. Anonymous Coward
      Anonymous Coward

      Re: Truth in Labeling

      Other commenters have effectively already covered the ethical argument.

      I don't think commenters have yet effectively covered the ethical issue.

      Users are using the developer's software without paying for the the developer time. Are the users being unethical for not paying or is the developer being unethical for making the users pay? Everything free on the internet took developer's time to make, which meant it costed them real time and money. Even linux mint cost money and they are being 'nice' by taking donation, taking dev support and putting ads on their website.

      As much as I hate annoying ads as the guy next to me, I do think a middle ground of not being too extreme while still pay for the developer would be the fairer approach when users do not want to pay the developer directly. And yes that would mean looking for a middle ground for mining coins as long as it isn't overreaching. If coin mining ended up being abused in an overreaching extreme way, then yes ban those f*cker for crossing the line.

      1. GIRZiM

        Re: Truth in Labeling

        Users are using the developer's software without paying for the the developer time

        It's the dev's choice to make it available for 'free' - no-one holds a gun to their head and says "you may not charge anyone."

        Where the problem lies is in the dev not making it crystal clear to the user before installation what else the software would do in the background - the average, non-technical, user can not make an informed decision whether to install the app based upon some technical jargon/legalese buried in point H.1.iii (c) on page 36 of the EULA/Ts&Cs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019