Is GetGrass.IO Mining Legit or Scam? Deep Analysis
Grass Extension: A Deep Dive into Privacy Concerns and Red Flags
- Grass extension: An overview of a project aimed at selling unused internet data.
- Lack of transparency: Concerns raised regarding anonymity of the team, absence of white paper, smart contracts, and audits.
- Data collection: Alarming extent of data collected by the extension, including passwords and personal information.
- Comparison with competitors: Contrasting data collection practices with other similar tools like ad blockers and Honeygain.
- Security risks: Potential for data breaches and hacks due to extensive data collection and lack of transparency.
- Recommendations: Caution advised in using the extension, suggestion to run it on isolated browsers or devices.
- Call for transparency: Emphasis on the need for the project to provide more information and transparency to build trust.
- Conclusion: Summary of concerns and hope for future updates or improvements from the Grass project team.
The idea of the extension and the apps is basically to sell your unused internet data. Many times, in at least in civilized countries, we have unlimited data plans, at least I do. So, it kind of makes sense to get the extension since I'm not downloading stuff 24/7. Having that extension to basically sell out my unused data and get paid for it in points, which will eventually be converted into tokens.
However, there are a lot of concerns with Grass, which I have found throughout my investigations and information put out by other people prior to me, which was the basis of this investigation in the first place.
Let's start by evaluating Grass as a project and what type of information we can find out about it. I already kind of explained the main basis here and how it works. The website looks very clean and professional, and the actual extension is verified on the Google Chrome Store. Everything from that front seems to be looking good.
This is not a new model, by the way. We have Honeygain and others which we have featured on the channel before. However, they are leveraging a bit of AI here, which is collecting data and feeding that data to AI, and then they also have a very lucrative referral system, which is basically building out this grassroots movement. People are chilling out the project, and that's also part of the problem when people have bags in certain projects, which I have exposed in recent years.
Let's move to the concerns. So far, we are not able to find a list, GitHub, open-source code for the extension or the backend, smart contracts, audits, blockchain announced for wynd, and no team announced. There's not even a token smart contract available, so we have nothing. We have this extension and then there's obviously the extension's version on mobile.
We blindly have to trust this team who is anonymous. Yes, they are on Discord, but they don't have LinkedIn profiles or Twitter accounts. They're just names with avatars, which are not real faces, as far as I remember.
So, what are they doing, basically? As it's stated on the FAQ, they are selling that data to what they have said are Fortune 500 companies. However, they don't name which Fortune 500 companies those are, and there's no connection tab here or contact us. If I'm a company, how do I lease this information? How do I buy the information from here?
Let's move to the big red flag. When you go into the extension on the Chrome web store, it says that data collected includes names, addresses, emails, age, and identification numbers. Identification number? I don't know what that means. If it's passport in this context, that's kind of bad. Other stuff I kind of understand to a degree, you need to know your IP, but that's a separate thing.
So, it needs your IP in order to sell your internet data, and that's okay. That makes sense. But, it also needs your passwords, credentials, security questions, and your PIN to your wyndows or other things. That's alarming. Let's be honest about that. That's an alarming amount of information that you're allowing the extension to gather.
When I went to their Discord and asked about this, why exactly do you need to collect that data through the extension? That seems unnecessary in order to basically sell your bandwidth. Okay, I understand the IP thing, it makes sense. But that's the extent of it.
There have been a couple of rebuttals. One of the core team members said that the permissions are taken by the extension, and they have been pulling out this narrative that the extension is taking fewer rights than ad blockers are.
But when I actually went through to see all these other extensions like ad block ultimate, they're not collecting that data. Ad block, not collecting that data. Ad guard, not collecting that data. So basically, none of these ad blockers are collecting that specific data. So that's a lie. That's a very big problem when a team gets caught in a lie.
Another point I want to make is about Honeygain, which is the biggest competitor. Even they don't collect that information on their app. And for some reason, Honeygain doesn't have an extension version. Maybe that's exactly why, because it would be collecting unnecessary information and would be rejected by Chrome or Google.
One more point to address is about the Cyrus crypto wallet, which is selling your data. Even they do not collect the same information. They collect different stuff like IPs and personal information. But they don't collect passwords.
So, why is this being collected here?
Lastly, in case you want to look into these other tools, I have an article that I did ages ago on my website that's still relevant. So, in case you want to lease that internet, but there are shady things, and there always have been. Here is the interface of the GetGrass thing. Obviously, I made some money through the referrals. If you don't believe in this, you can sign on me into Grass and start doing this.
But yesterday, I did not open the Edge browser at all, so it's running in the windows background. It was able to accumulate points even though I didn't open it. That worries me. But then again, I don't have my other extensions really here on Grass, so that's where I have isolated right now.
Grass protocol extension because, at least according to Edge, it's not requiring any special permissions. However, it doesn't give you a lot of information on Edge's side about what is being collected and things like that.
So, there's a lot of things that we should know, like the white paper, the team, smart contracts, what blockchain are you giving any audits for the code you're running? That is not an audit that you have your verified badge on Google Store. Anybody can basically have this. It just says that there's no record of violations for the publisher. That's not a golden stamp.
If you want to run this extension, do it on an isolated browser or isolated dummy phone because I think there's much of a security risk here. There's a chance that the thing can get hacked and somebody will use that information.
We need more transparency from projects like this, especially because people's wallets are being stolen all the time. Right now, I'm not really recommending using this, at least on your main browser. I think there are too many red marks right now. The only kind of legit thing here is that investment thing. So, that kind of brings a bit of safety. Okay, these might be legit because they were able to raise this much money.
But why are these anon teams getting so much money? That seems like money laundering or something like that in my opinion. But that's my take. I'm not going to blab any longer. I've given all the information that I have about Grass, all of these red signs, and hopefully, the team will address this. Why hasn't this information been shared with the community? When are you going to stop being anonymous? There's no reason to be anonymous, really. This is not a privacy project. I think it would bring a lot of faith into the project if the team would actually do something transparent, like video calls or zooms or whatever.
