The uTorrent Mining Scandal: Charity or Cash Grab?
Pinterest Stumbleupon Whatsapp
Advertisement

Some parts of the Internet are just inexplicably sketchy. It’s not clear to me why every piece of video conversion, screen capture, and video streaming software has to include malware, but they certainly all seem to. Torrent clients are among the worst offenders. There are many legitimate uses 8 Legal Uses For BitTorrent: You'd Be Surprised 8 Legal Uses For BitTorrent: You'd Be Surprised Like HTTP, which your browser uses to communicate with websites, BitTorrent is just a protocol. You could use your browser to download pirated content, just as you could use a BitTorrent client to download pirated... Read More for the bittorrent protocol, but it can still be difficult to find a torrent client that doesn’t try to bundle something nasty.

Recently, you may have heard that µTorrent has been secretly installing malware that mines Litecoins on your computer. You may also have heard the exact opposite, from µTorrent themselves.

In fact, µTorrent is claiming that the software being installed is actually part of a charitable enterpriseSo what’s actually going on here?

What is EpicScale, And What Does it do?

The software in question, called EpicScale, is one of the ‘partner offers’ bundled with the torrent client itself, which tries to convince you to install it while you’re clicking through an interminable list of installer options. The software is nominally intended to open up people’s idle CPUs for scientific research. To quote their website:

“Your computer sits idle waiting for you to come back to use it. Its incredible processing power goes unused. What if there was a way to harness that unused processing power to change the world? That is what we do at Epic Scale.”

For now, the plan seems to be to simply distribute a piece of Litecoin mining software, and then donate the proceeds to charity. Again from the site:

“We started with cryptocurrency mining as a way to advance the first mission. Today 100% of our profits go to charity because we are just starting out and want to make as big of an impact as we can. As our company grows our plan is to donate 75% of our profits to charity. “

I personally am skeptical about this effort, because Litecoin mining isn’t free – it costs the user in electricity and lost performance. And, since PCs are very inefficient at turning electricity into Litecoins (compared to the dedicated hardware in use by most miners) the user is losing far more money on extra electric bills than is being generated for charity. That’s the sort of trade-off – a large cost to the user, and a small benefit to the developer – that’s a lot more appealing if you’re a malware developer than a philanthropist.

What is a Litecoin Miner, And How Will it Affect my Computer?

To get into a little more detail, cryptocurrencies like Bitcoin and Litecoin work by maintaining a distributed ledger of all balances and transactions. These ledgers update when wallet holders make (cryptographically verifiable) statements to the network indicating that they’d like to move some of their money. In order to ensure that the ledgers don’t get out of sync (and aren’t being forged), a tool called ‘proof of work’ is used.

10479891436_c84959e314_z

In cryptocurrencies like Bitcoin, ‘miners’ compete to solve specific, difficult math problems related to the current state of the ledger. When a solution is found, the solution becomes a part of the ledger. The solution is called a ‘proof of work,’ because it proves that someone’s computer did a certain amount of math to generate it. When a client is trying to determine which ledger is the right one, it checks whether all of the proofs of work in the ledger are valid, and adds up the difficulty of all of them, to determine how much computational work was expended on it.  Whichever ledger has more work associated with it wins. This is a way of ensuring that the official ‘history’ of the network is decided by the pool of the greatest computer power, making it prohibitively expensive for any individual person to take over the network and rewrite its history. In return for their service, the network awards successful miners with both transaction fees and large rewards of freshly-generated Bitcoins.  For more information, check out our explanation of how BitCoin works How Does Bitcoin Work? How Does Bitcoin Work? About a year ago when the Bitcoin train was just starting to gather steam, a friend turned to me and asked, "So why can't you just copy a Bitcoin?" Read More .

In this case, the mining software for the Litecoin ledger is being distributed (allegedly without user consent), running in the background on users’ computers and sending the profits back to EpicScale. This has a number of side-effects, including increased electric bills, reduced computer performance, and potentially even shorter hardware lifespan due to increased heat. If the software were being installed without user consent, that would a huge problem. The question: is it?

User Complaints

Users are complaining that the software was installed despite their explicit opt-out, and that the software is difficult or impossible to uninstall.  The latter claim is implicitly backed up by just how much of the EpicScale website is devoted to people having trouble uninstalling the thing.

To try to figure out exactly what’s going on, I bit the bullet and installed µTorrent. Unfortunately, by the time I got to it, the software had already been updated to remove EpicScale entirely. It did, however, try to get me to install something else entirely.

Wajam

Huh. I wonder what ‘Wajam’ is?

Wajamisa

Gotcha.

Other sites have attempted to verify the forced installation of EpicScale, and haven’t had any luck reproducing the issue. TrustedReviews, the site that originally broke the scandal, has concluded that forced installation complaints are probably due to users simply hitting the wrong button, which sounds like the simplest explanation to me.

However, this doesn’t let µTorrent off the hook. Not even close.

Waze is definitely, and unambiguously malware – and so is EpicScale, until they prove otherwise. Even if they technically require your consent to install this stuff, they are trying to trick you. Disguising malware as a legitimate installation step is among the scummiest tactics used by dark-side software developers. Legitimate developers don’t feel the need to trick users into downloading malware. As far as EpicScale goes, legitimate developers also don’t generally need to distribute their software by deception.  Plenty of distributed computing projects Should I Put My PC To Sleep Or Leave It On & Save The World? Should I Put My PC To Sleep Or Leave It On & Save The World? Most people put their PCs to sleep, hibernate them, or turn them off when they’re not in-use. However, you can also choose to run your PC 24/7, contributing your PC’s processing power to distributed computing... Read More (like Folding@Home) get by just fine on normal, voluntary downloads.

Speaking to the Verge, a representative of Bittorrent Inc. 4 Things You Didn't Know About BitTorrent 4 Things You Didn't Know About BitTorrent What do you think of when you hear the word “BitTorrent”? It probably depends on who you are. If you're an average Internet user, you think of free stuff. If you’re the president of a... Read More (the company that owns µTorrent), defended the company, saying,

“Like many software companies, we have partner offers in our install path and our policy is that they are strictly optional.”

This is, if you’ll pardon my French, a steaming load of bull-hockey. “Many software companies” don’t do this. This is scummy, scammy, skeevy, and other bad alliterations. It’s not something that responsible developers do, and it’s not something that users should tolerate. We’ve praised µTorrent before for its modern interface and feature set, but I feel entirely comfortable revoking that recommendation right now, in light of their installation policies.

utorrentwebsite

Don’t download µTorrent. If you’ve already got it, uninstall it, along with Wajam, EpicScale, and anything else it might have been bundled with  There are a lot of lightweight BitTorrent clients out there Beat the Bloat! Try These Lightweight BitTorrent Clients Beat the Bloat! Try These Lightweight BitTorrent Clients Guns don’t share illegal files. People share illegal files. Or, wait, how does it go again? What I mean to say is, BitTorrent shouldn't be dissed based on its potential for piracy. Read More  – if you want to be  sure you’re safe from malware, stick to open-source clients like qBittorrent or Deluge. In general, steer clear of any installer that tries to trick you into installing stuff you don’t want (including literally anything from cnet.com).

As software consumers, we deserve better, and it would be a shame to let cynical people take advantage of us. While the Litecoin mining malware isn’t necessarily worse for users than spyware or adware, the novelty has attracted enough attention that this is a good opportunity to remind people that they have options in how they consume software. The relationship doesn’t have to be a predatory one.

 Image credits: Man wearing hood Via Shutterstock, “Litecoin,” by BTC Keychain

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. ahmad
    April 25, 2016 at 8:49 pm

    utorrent is not safe ... please read this

    https://www.hideiptips.com/is-utorrent-safe

  2. Dérsir
    April 17, 2015 at 6:34 pm

    My solution is to use the portable format of uTorrent. You can find it in many well-known portable software sites, and doing so you assure that nothing is being installed onto your system. You will not even see the optional offers, just double-click and uTorrent will bring up

  3. debashish
    March 11, 2015 at 8:14 am

    I am using very old version of utorrent 2.0.2 is that safe ?

  4. Obfuscatori
    March 11, 2015 at 1:23 am

    I agree with your comments in your article. But just to be clear, this may be a particularly bad example of this practice--but it is a practice that even "legitimate" software companies use. Case in point; anyone who has installed any Adobe product (including flash updates, etc.) has to watch carefully or they will accidentally install a toolbar and change their default search engine. Or you can install a Java update and possibly install the Google toolbar as well as others.
    It is simply a good practice to choose to custom install everything you install on your system--but is there not some ethical dilemma in companies hiding software changes and crapware in their installs? If there isn't--then there should be. A lot of print has been wasted lately reporting about every new risk on the Internet subjecting the public to reams of FUD reporting--but the reality is that these practices are also used by legit companies--within their "legit" installs. But this is never given the same play as other reporting.
    Closing with a similar point--there is a great deal of discussion about NSA harvesting of user data from commercial companies--but not nearly enough questioning of "Why do the commercial companies have ALL this data to begin with?" at least the NSA (supposedly) is actively covered by some structure of laws and oversight-while the commercial companies have none.
    My two cents.

  5. M C
    March 10, 2015 at 8:56 pm

    So you berate µTorrent for their scummy scamminess but have no problems running a "Promoted Content From The Web" advert at the bottom of the article which is basically a bunch of links to even more scummy scamminess?

    • Sonylisation
      March 11, 2015 at 9:13 am

      +3000 internet points to you!

      This is by far the most hypocritical company in a very very long time! Some articles are genuinely good, some are meh but all of these have the incredibly shady links at the bottom, linking to phishing/click baiting/scam websites who exploit the un-knowing.
      Coincidentally, the exact same demographic this websites articles turn towards!

      If they are going to bring up shady businesses and shame them, then they better clean their own house before doing so!

      Google ads have tons and tons of good businesses whom does not try to trick anyone (more than maybe make you crave one of their products (marketing!)).

    • dragonmouth
      March 11, 2015 at 6:15 pm

      Let's not forget that MUO authors want to get paid for their writing and scummy ads are one way to do it.

    • Andre Infante
      March 12, 2015 at 10:54 pm

      If uTorrent were merely running questionable ads, I'd be less upset about it (in fact, lots of free software supports itself in this manner). What uTorrent did would be closer to MakeUseOf running positive articles about malware in exchange for kickbacks from Malware developers. Which, I think you'd agree, would be a good deal more morally reprehensible.

      Obviously, in an ideal world, you'd be able to browse this page without seeing ads that are trying to sell you dubious pharmaceuticals and questionable dating and financial advice. However, in an ideal world, you'd also be paying a nominal fee to view our content, to make up for the lost revenue (money to produce content has to come from somewhere).

      Becuase most people aren't willing to pay the nominal fee, we have to put up with the ads. If you have a better idea, don't tell anybody, because you'll make a lot of money off it.

  6. Bill
    March 10, 2015 at 4:25 pm

    Good writeup, though in the article, you mention Waze to be malware, did you mean Wajam?

  7. Saifur Rahman Mohsin
    March 10, 2015 at 3:33 pm

    Good thing I use Transmission. IMO best torrent client..!