Slash Boxes

SoylentNews is people

posted by Dopefish on Monday February 17 2014, @02:00PM   Printer-friendly
from the government-should-mind-their-own-business dept.
mattie_p writes "MIT students won a hackathon last November with a non-functioning demo of Tidbit. The concept is to replace web advertising revenue with a tiny amount of Bitcoin mining on the user's browser. Out of the blue, the students were hit by a subpoena from the New Jersey Attorney General demanding that the founders 'turn over sensitive information including source codes, hosting websites, and all of the Bitcoin wallet addresses associated with Tidbit.'

At first MIT council referred the students to legal assistance from the EFF, who quickly came to their defense. Now there is a petition going around requesting the MIT administration support the students directly. Parallels are being drawn to Aaron Swartz, possibly because one of the authors of the recent petition is Prof. Hal Ableson, although details of the two cases have very little in common.

MIT President Reif has now come out strongly in support of the students--and in favor of academic freedom from interference by government."
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by furiousoyster on Monday February 17 2014, @05:02PM

    by furiousoyster (594) on Monday February 17 2014, @05:02PM (#835)

    I don't think this is a very serious concern. Just as there are diminishing returns as a site increases the number of advertisements it pushes on visitors, so also will there be diminishing returns when a site increases the amount of computing power it consumes. When people reach their pain threshold, they'll take steps to limit the pain--either by going elsewhere or by blocking the mining script. It's up to site owners to find the sweet spot that is profitable without being intolerable to visitors. The slope may be slippery, but it's not endless.

    Isn't the real question here whether the pain of energy loss is worse than the pain of dealing with advertisements? I can imagine all kinds of circumstances when I'd prefer give to up CPU cycles/battery life than have my time or screen space wasted.

  • (Score: 2, Interesting) by cx on Monday February 17 2014, @06:00PM

    by cx (239) on Monday February 17 2014, @06:00PM (#904)

    I don't think this is a very serious concern.

    Respectfully, I disagree. We already have very limited capability to limit what particular site/application can do, without going to trouble of router/dns level control. There are also cases where denying behavior application/site doesn't really need breaks the functionality (my way or the highway). In other words, you are technically not in a position to say 'It is ok for you to mine bitcoins as I read your article, but only that. Don't send out spam, don't talk to random services, don't do ANYTHING else.'

    Situation where it is considered normal that every random site you visit runs random CPU-heavy code on your machine is not something I'd be looking forward to. Yes, it is already happening now that a stupid page requires 5 megs of js across 10 domains, and I actively avoid such sites; once everyone starts doing it I will not have such luxury.

    • (Score: 2, Funny) by weilawei on Monday February 17 2014, @07:56PM

      by weilawei (109) on Monday February 17 2014, @07:56PM (#1000)
      Perhaps it's time to incorporate mining ASICs into our general purpose computers? =P (Yeah, I know that game has come and gone with the rise of specialty hardware.) Hrm, Coincellerator Inside...
    • (Score: 1) by furiousoyster on Monday February 17 2014, @08:12PM

      by furiousoyster (594) on Monday February 17 2014, @08:12PM (#1026)

      I'm not sure I understand what you mean. The mining scripts under discussion use Javascript and are subject to exactly the same privileges and restrictions that already exist for Javascript in the browser. Tidbit doesn't change what a site can do with your computer at all. Or am I missing something?

      • (Score: 2, Interesting) by cx on Monday February 17 2014, @09:37PM

        by cx (239) on Monday February 17 2014, @09:37PM (#1099)

        Script mine_coins.js might do that at some point in time on a site A. However, that might change. Unless you inspect the script every time you load it, you won't know now, will you?

        So we have a script that does something which has to be communicated back to the site (otherwise how do they get the results of the work). But it might communicate it to another site (cause they use different domain for computation results processing, to 'streamline the process'). Tomorrow it will be upgraded to communicate with multiple other machines (in order to more efficiently process the workload, yadda, yadda). Call me paranoid but that spells botnet to me.

        Now security.
        First, it is easier to hide nefarious stuff in 5 (10? 50?) megs of math heavy code than in a two page straightforward DOM manipulation library.
        Second, even if we consider your machine is protected from rooting/snooping by whatever sandbox the browser of your choice implements, it doesn't protect the rest of the world from actions originating from your machine.
        Third, considering heavy CPU load normal when you browse the net is a great incentive for malicious people to replace legit scripts on servers you access with something else. Today every time my computer slows down for no obvious reason, I go through running processes to find the culprit and then check what that process(es) talk to. But if every site I visit ramps up my CPU load significantly, I will get used to it. Mining bitcoins? Participating in DDOS? Cracking passwords? I wouldn't know unless I check every time.