Topic: [EDU] Faucet risks - page 8. (Read 67409 times)
reserved
Intro
Today (01.05.2015) this section was created due to the strain this topic caused in other sections.
The purpose of this thread is to offer guidance when using the services in this section and understanding the downsides and risks involved. They are known by a variety of different names, but to make things easier I will just call them faucets. The shared principle is that you visit a homepage filled with advertisements and perform small tasks. That may be solving a captcha, answering a question, watching a short video or filling out a questionnaire. For these small tasks you get a very small rewards, typically a few hundred or thousand satoshi at a time. 1000 Satoshi equal roughly 0.3 cent USD (Nov 2015). Those running the service get their money from the advertisements shown to you. There are certainly other concepts and other profit strategies, but it would be too much for this thread to discuss them all.
This thread will be updated as needed, feel free to suggest things to add, corrections and discuss possible issues here.
Risks involved
#1 Fees and dusty inputs
The most common problem when using faucets is the small payment. Every time you receive a bitcoin payment to your wallet you have a new input to spend at a later date. Think of this like a lump of bitcoin you can use later. When you later want to use these lumps of bitcoin they need space as part of the transaction your wallet creates for you. This is usually 180 bytes per input. A bigger (in terms of byte) transaction will need more fees in order to be confirmed in a reasonable amount of time. Each block offers only a limited amount of space (currently 1 MB) and if you need a big chunk of the space a big chunk of your available funds will be used as fee for the miners. Faucets try to counter this by creating payout limits, but they are often set very small. A reasonable fee for a transaction with less than 1000 byte in size is 10,000 Satoshi. If the payout limit is 100,000 Satoshi and you try to spend this input, you will have to spend 10% on fees. If you want an example how bad this can end, I helped someone recover from this a while back, in numbers:
~0.5 BTC from faucets, collected over ~2 years, ~2000 inputs, ~350,000 bytes, ~0.09 BTC in fees.
#2 Fraudulent faucet operators
Faucets operate on a very slim profit margin. Its easy to balance the rewards with the income from the ads, this can be done on a per user basis. If one can expect 750 Satoshi for someone viewing all ads, one can safely reward 700 Satoshi and still make a profit. It is however difficult to balance the monthly costs, e.g. for the server. These can only be balanced over a certain amount of users. Whenever a faucet turns unprofitable the operator can easily vanish. Thus its desirable to withdraw early which might increase problem #1. As a rule of thumb popular faucets are less risky in this regard.
#3 Referal spam
Many faucets offer a bonus payment if you refer other users to it. Keep in mind that this board has a strict anti-spam policy. If you create a post for the sole purpose of posting a referral link it will get removed. If your member rank is high enough, you can use a ref link in your signature. If your post is only a reference to your signature its still considered ref spam though. Some cropped quotes from the admin that is going to ban you if you fail to understand this concept:
Still referral spam.
Still referral spam.
#4 Downloads
Some faucets require you to download a program or app to your computer or phone in order to be eligible for payment. These tools can hide trojan horses or other malware. Your anti virus software might not know about new malware and might fail to protect you in this regard. You can mitigate this risk by using a virtual machine, sandboxing software or even a dedicated machine like an old laptop.
#4.1 Faucet Scripts/Bots
Faucet bots and scripts are closely related to downloads. A faucet script is usually provided by a 3rd party. The idea is that the script or bot solves the tasks for you in order receive payment. Good scripts can solve captchas, have a programable downtime to suggest the user is sleeping and add little variance to the response time. A well written script is indistinguishable from a human to the faucet operator. As with everything you download from a 3rd party, a faucet script or bot may contain malware and may have hidden costs e.g. for the captcha solving API.
#5 Malicious ads aka malvertising
A malvertisement is an ad that is able to infect a machine loading said ad. This is typically not done by the person running the faucet but by the party booking the ad. Depending who you ask this is the most common source of malware and is a general problem for many homepages running ads. You can counter this with an ad blocker, which would at the very least harm the faucet. If the operator is not getting any revenue the faucet is doomed to fail sooner or later. This will most likely disqualify you for payments as well. In terms of faucets an ad blocker is no option. The best defense is to keep your software up to date at all times as malvertising relies on security vulnerabilities in your browser. Advertisements from services are often nested, thus no service is 100% safe. The picture below shows a possible attack on the flash player (SWF) on your computer.
#6 Clickbait
Clickbait is closely related to malvertising. Its an ad that is not using a vulnerability, but your curiosity. Its designed in a way that you want to click it. There are different techniques. Some try to lure you with promises (bitcoin, sex, etc.); some try to scare you with warnings (outdated software, infected system, etc.); some try to imitate the site they are on and many more. They all have in common that you are lead to different site which is either filled with further clickbait and/or malvertising or directly asks you to download something (see #4).
#7 Tracking
There are many ways we are tracked online. That can be cookies storing what products we watched on amazon, that can be single pixel pictures in mails that reveal when we read them, that can be browser fingerprints, that can be the log files on the servers we communicated with and more. You can easily prevent cookies via the browser settings or special plug-ins. You can change you mail client to only display pictures on demand to prevent tracking pixels. Regarding browser fingerprints I suggest you visit the EFF -> https://panopticlick.eff.org . You can however never know what the server owner logs about you. Unless you take measures to prevent it (like Tor) they will e.g. know your IP-address(es) and could link them to the bitcoin address(es) you use. From my personal experience most faucets will not work over Tor. Keep this in mind if you value your privacy.
Local thread rules
#1 No links to faucets, this thread is not for you to adertise your service here.
changelog:
todo:
Today (01.05.2015) this section was created due to the strain this topic caused in other sections.
The purpose of this thread is to offer guidance when using the services in this section and understanding the downsides and risks involved. They are known by a variety of different names, but to make things easier I will just call them faucets. The shared principle is that you visit a homepage filled with advertisements and perform small tasks. That may be solving a captcha, answering a question, watching a short video or filling out a questionnaire. For these small tasks you get a very small rewards, typically a few hundred or thousand satoshi at a time. 1000 Satoshi equal roughly 0.3 cent USD (Nov 2015). Those running the service get their money from the advertisements shown to you. There are certainly other concepts and other profit strategies, but it would be too much for this thread to discuss them all.
This thread will be updated as needed, feel free to suggest things to add, corrections and discuss possible issues here.
Risks involved
#1 Fees and dusty inputs
The most common problem when using faucets is the small payment. Every time you receive a bitcoin payment to your wallet you have a new input to spend at a later date. Think of this like a lump of bitcoin you can use later. When you later want to use these lumps of bitcoin they need space as part of the transaction your wallet creates for you. This is usually 180 bytes per input. A bigger (in terms of byte) transaction will need more fees in order to be confirmed in a reasonable amount of time. Each block offers only a limited amount of space (currently 1 MB) and if you need a big chunk of the space a big chunk of your available funds will be used as fee for the miners. Faucets try to counter this by creating payout limits, but they are often set very small. A reasonable fee for a transaction with less than 1000 byte in size is 10,000 Satoshi. If the payout limit is 100,000 Satoshi and you try to spend this input, you will have to spend 10% on fees. If you want an example how bad this can end, I helped someone recover from this a while back, in numbers:
~0.5 BTC from faucets, collected over ~2 years, ~2000 inputs, ~350,000 bytes, ~0.09 BTC in fees.
#2 Fraudulent faucet operators
Faucets operate on a very slim profit margin. Its easy to balance the rewards with the income from the ads, this can be done on a per user basis. If one can expect 750 Satoshi for someone viewing all ads, one can safely reward 700 Satoshi and still make a profit. It is however difficult to balance the monthly costs, e.g. for the server. These can only be balanced over a certain amount of users. Whenever a faucet turns unprofitable the operator can easily vanish. Thus its desirable to withdraw early which might increase problem #1. As a rule of thumb popular faucets are less risky in this regard.
#3 Referal spam
Many faucets offer a bonus payment if you refer other users to it. Keep in mind that this board has a strict anti-spam policy. If you create a post for the sole purpose of posting a referral link it will get removed. If your member rank is high enough, you can use a ref link in your signature. If your post is only a reference to your signature its still considered ref spam though. Some cropped quotes from the admin that is going to ban you if you fail to understand this concept:
Do not make topics or replies just to share your referral link. Whether it's in your sig, avatar, personal message, profile, within the post itself, or tattooed on your forehead is irrelevant.
You are allowed to put your refferal link on your signature
So, when you make promotion, ask users to join through refferal link on your signature
And you might want to use link shortener, so every user can't know the refferal link
Any you should know it already when you join this forum
So, when you make promotion, ask users to join through refferal link on your signature
And you might want to use link shortener, so every user can't know the refferal link
Any you should know it already when you join this forum
Still referral spam.
If you pay people to register under your ref link it works on games and rounds, also sometimes when people find new promos or giveaways they give their ref link and a non ref link, seems to be allowed aswell.
Still referral spam.
#4 Downloads
Some faucets require you to download a program or app to your computer or phone in order to be eligible for payment. These tools can hide trojan horses or other malware. Your anti virus software might not know about new malware and might fail to protect you in this regard. You can mitigate this risk by using a virtual machine, sandboxing software or even a dedicated machine like an old laptop.
#4.1 Faucet Scripts/Bots
Faucet bots and scripts are closely related to downloads. A faucet script is usually provided by a 3rd party. The idea is that the script or bot solves the tasks for you in order receive payment. Good scripts can solve captchas, have a programable downtime to suggest the user is sleeping and add little variance to the response time. A well written script is indistinguishable from a human to the faucet operator. As with everything you download from a 3rd party, a faucet script or bot may contain malware and may have hidden costs e.g. for the captcha solving API.
#5 Malicious ads aka malvertising
A malvertisement is an ad that is able to infect a machine loading said ad. This is typically not done by the person running the faucet but by the party booking the ad. Depending who you ask this is the most common source of malware and is a general problem for many homepages running ads. You can counter this with an ad blocker, which would at the very least harm the faucet. If the operator is not getting any revenue the faucet is doomed to fail sooner or later. This will most likely disqualify you for payments as well. In terms of faucets an ad blocker is no option. The best defense is to keep your software up to date at all times as malvertising relies on security vulnerabilities in your browser. Advertisements from services are often nested, thus no service is 100% safe. The picture below shows a possible attack on the flash player (SWF) on your computer.
#6 Clickbait
Clickbait is closely related to malvertising. Its an ad that is not using a vulnerability, but your curiosity. Its designed in a way that you want to click it. There are different techniques. Some try to lure you with promises (bitcoin, sex, etc.); some try to scare you with warnings (outdated software, infected system, etc.); some try to imitate the site they are on and many more. They all have in common that you are lead to different site which is either filled with further clickbait and/or malvertising or directly asks you to download something (see #4).
#7 Tracking
There are many ways we are tracked online. That can be cookies storing what products we watched on amazon, that can be single pixel pictures in mails that reveal when we read them, that can be browser fingerprints, that can be the log files on the servers we communicated with and more. You can easily prevent cookies via the browser settings or special plug-ins. You can change you mail client to only display pictures on demand to prevent tracking pixels. Regarding browser fingerprints I suggest you visit the EFF -> https://panopticlick.eff.org . You can however never know what the server owner logs about you. Unless you take measures to prevent it (like Tor) they will e.g. know your IP-address(es) and could link them to the bitcoin address(es) you use. From my personal experience most faucets will not work over Tor. Keep this in mind if you value your privacy.
Local thread rules
#1 No links to faucets, this thread is not for you to adertise your service here.
changelog:
Code:
2015.09.26 - added tracking - thanks to jonasl
2015.05.02 - added "botscripts" under "downloads" - thanks to twister
2015.05.02 - corrected spelling / grammar - thanks to BadBear
2015.05.01 - several rephrasings, corrected spelling / grammar
2015.05.01 - added malvertising picture - thanks to Muhammed Zakir
2015.05.01 - added clickbait - thanks to Muhammed Zakir
2015.05.01 - added malvertising - thanks to Muhammed Zakir
2015.05.01 - added Downloads - thanks to minifrij
2015.05.01 - added a comparison satoshi USD - thanks to Quickseller
2015.05.01 - added referal spam
2015.05.01 - added local rules
2015.05.01 - added fraudulent faucet operators
2015.05.01 - started thread
todo:
Code:
-
Jump to: