@VekTorr
You can calculate estimated earnings (for our donation and coin fund) based on the hashrate we display by checking multipool.us (profitability rates)
If our values are too low, we're stealing.
Yes, because we all know that the hashrate you display cannot possibly be different from the hashrate that is actually being given to your server. All we have to do is check the code. Oh, wait, we can't. You've pointed out one potential way that you could steal. That way has a built-in assumption that we can't validate is actually true, nor if it actually is true does that point out that you cannot be stealing... it merely points out that this one potential fraud path wasn't being used.
You can calculate your personal earnings from the equation we use
(Hashrate/TotalHashrate)*(Time/TotalTime[1440 min])*(TotalMined [in 1440 minutes]) = Payout
(h/Th)*(t/Tt)*Tm = p
If the hashrate is falsified, your values will be too high/low
Yes, because we all know that the TotalHashrate (that your server acts as the only possible gatekeeper for) couldn't possibly be reporting a value other than the accurate total of the complete hashing power provided to you by the sum total of all of your obfuscated clients. All we have to do is check the code... again, we can't be sure of that, because we can't see all of the code. We just have to trust that the server doesn't report false values for the actual total hashing rate. Besides, if it turns out that the totals don't seem to quite be what we would expect, we always have the option of solo mining or using a different pool provider, and knowing that fact will help keep you honest. Oh, wait, we can't...
We can't falsify hashrates to give ourselves money. The hashrate is pulled off of cgminer through a monitor program. You have to be mining. This program creates a text file that is exported on your comp, it cannot be edited.
All this does is point out that the end user can't falsify their own hashrate and supply a bogus value to you, thereby stealing from you. This does nothing to show that you can't falsify actual client hash rates through your obfuscated and virtualized code (falsely reporting them artificially low to the user and keeping the incremental hashing benefit for yourself), which we could verify for ourselves if the client was truly open source, and/or falsely reporting the total aggregate hashrate for the multipool as artificially high, allowing your server to allocate a share of the rewards to dummy accounts under your own control that didn't actually do any work because they are simply virtualized entries in your server code. The usual way a user combats potentially sketchy behavior by a pool operator is by the threat of switching to a different pool or solo mining. Bt you've foreclosed on those potential responses, so if a user isn't feeling right about what's being reported, they have no options beyond living with it or abandoning "theoretical mining" for it entirely.
