Why wouldn't app developers stuff their GET requests?

An app developer earns safecoin for public GET requests of data stored via his app, right?

So why isn’t it worth his while to make his app (and all its users) constantly request each others’ files?

Is the only safeguard from this caching? So what, on every new “post”, he could have every user request it until the chunks are cached, 3 seconds later after another post he does it again.

1 Like

The Circlejerk Attack!

This scenario was discussed below (the question is naive, but the comments mention the scenario you mention) and yes, if devs get paid for GETs for public data, that wouldn’t be cool. And to add insult to injury, there was (is?) a plan is to subsidize public data to make that scenario even more lucrative.

2 Likes

@janitor

For clarification to others not wanting to read that thread, it’s talking about an attack where you specifically request the chunks stored on your nodes to earn farm requests, but this is mitigated because you don’t know the global id of the chunks you are storing.

What I’m talking about is having a bunch of nodes PUT public data with your app key attached, and then have these nodes request each others’ data. The network will then pay the app when it sees your public data is highly requested.

Edit:
Sorry to bother the busy @dirvine but I think this is a legitimate concern so I’m pinging you.

1 Like

Next time you have a good idea, please PM me first. I have a feeling we could work together! :moneybag:

But joking aside, this, ladies & gentlemen, is a perfect example of how not just the Circlejerk Conspirators, but literally everyone who’s on board, can get filthy rich. The new Sharing Economy is here!

We just need to combine this with the Anders’ ideas for free access (explained here).
Then everyone gets a copy of a basic app, finds a download peer and we all get engaged in this collective production of SAFE coins. The farmers make money, the app vendors make money, everyone’s happy!

They used to make fun out of “Make money from home while sleeping”, but … who’s laughing now, eh?

I am releasing my first SAFE app. Anders, this one is for you!

<html>
<a href="/safe/nfs/1tb-file.bin">Click here</a>
</html>
3 Likes

Hahaha, and if the attack works we’ll make millions of safecoins!! …that will immediately become useless because the attack works :laughing:

3 Likes

Hi there :slight_smile:

This does not happen in fact. The app merely has its key that is recognised in the Get payments which allows farmers to earn. An app that tried to put or get when not required would likely be one folks would not want to use I would think.

5 Likes

That was a poor wording on my part, but I’m still not sure why the attack isn’t a possibility.

If my app GETs a bunch of chunks with my app key attached in the GET request, I can still earn a farm request.

So if I have a moderately popular app, and then release an update that begins calling GETs on random public files, my app key is still attached in the request and I still earn the farm request for the GET.

The app could even download irrelevant data and delete it in the background without the user knowing (if it already has privileges to do so).

Edit:

It wouldn’t have to PUT (i.e. no spending of safecoins). It would just have to GET public data (free to download, right?) and attach the app key to the request.

Users wouldn’t know as it could be done once GET access is allowed for the app.

Side note: Is PUTting public data free? Or is it the 25% safecoin cost of private data?

Yes I agree with this, I do think apps doing this would not be popular with users. Like a bitcoin wallet that took a wee bit of a users cash by altering the fee down a smite, or mining without consent (like the anti virus recently), I think users would be pretty annoyed.

This is where OSS apps are very good as it’s caught fast, but even non oss apps will be spotted doing this. The problem for the app is or will be (I think) to be successful it will need lots and lots of users like the anti virus chappie and the community won’t use the app in that way. The arg we can get a bot would also apply to AV folks and did not or a google competitor wanting to fill up all gmail with files (gmail fuse tool was never banned) etc. Or get a bot to click on your youtube videos to get advertising up etc. (not different as some server based snooping can catch this faster).

So my argument is scale of the attack required (as network grows) as well as ability to fool the public long enough.

Looks like public data will be costed at same price as private and structured data is X 10 (well each SD is a charged at a full chunk cost). Each chunk will more than likely (testing) be charged at same rate, so creating very small chunks will be a bad thing to do for any app.

4 Likes

A question I have for awhile now is: “How is the price for a reward on a get request, to an app developer, determined?”.

Fixed and pegged to a $ price or what to expect ??

1 Like

I don’t know if a “the market will adapt” solution will work.

If an app has GET privilege, and can GET an image in the background and display it, it could absolutely GET 10-50x images without the user knowing, not display them, then delete them. Earning the app dev 50x the farming attempts.

If apps are capable of artificially inflating their GET requests to increase farming attempts, is that not a serious possibility of abuse for the safecoin economy?

Edit:
Additionally, if a larger app was doing this, and people stopped using it as you suggested, the market value of safecoin would plummet (artificial inflation crashing). And we get associated with the same bitcoin-style market crashes.

I think it is a fixed percentage (10%) of the farming reward for the chunk.

4 Likes

That is a good question as well, does the app developer have a flat % chance on all GETs it makes? Does he get to choose “up-to” a certain perecentage? (And of course he has the option of making the app make no money, right?)

1 Like

Behaving badly and against the interests of the community? I doubt such a thing being not used would crash an eco system. It happen on todays Internet when apps bomb, if there was a market demand then the market would fill that demand I suspect.

I don’t dispute this at all :wink: I do think folk would not want to use an app caught doing anything against the community, would it respect b/w and battery use etc. as well as provide the best user experience possible, I doubt it. So it’s not a technical fix, an app today could steal info from users to make cash or click adds, be a botnet and they do, but generally get caught and stopped.

The scale required (this scale is hard to see and easy to forget) to do this as the network grows will mean it would have to be really pulling down data at a huge rate and unlikely to be unnoticed.

5 Likes

A ok it was just curiosity because I don’t think this is an easy part to decide from an economics looks. (Maybe it actually was an easy decision when I see what a system they are building :heart_eyes:)

1 Like

Not 5 years out where it’s much larger and “steady”, but certainly in the building-up stages of SAFE it’s possible, and I only care because of the negative association of digital currency speculative crashes.

What do you mean the scale required? Could this not be done with 1000 app users making only 2x the normal GET requests?

100% and that is where we need to be careful. The network has some code that would not be required when the network is large. We pontificate over that though as restarts would put is back to being small (worldwide outages, unlikely but ?).

That is exactly what I mean the scale could mean millions of nodes doing this initially hundreds or thousands may cause issues. If we find issues like that more code will be required to monitor that kind of activity, not hard to do but we want to test a few things like this. They are not as easy as we imagine, nearly on all attempts. We will defo see though.

3 Likes

I don’t understand, could someone please explain this attack vector to me

2 Likes

In places where people pay for their internet on a per use basis, the unexplainable increase in data consumption will lead to some raised and pissed eyebrows.

1 Like

I think the problem is more insidious than that. This scheme gives app developers a reason to increase the get request count of their app. It incentives an inefficient use of the resources of the network. Your app won’t suddenly start to generate more get request. It will just abnormally use a bigger count then really necessary.

1 Like

If someone creates Safe app he gets a cut from the use because apps are supposed to do that (app authors get a small cut from the total amount of SAFE generated by the network - most of that goes to farmers for GETs), then we can make some extra income by using each other’s app.

  • You create an app with a 10 GB file, I access it every day.
  • I create the same app and you use it every day.
2 Likes