Is my machine safe?

You're about to let strangers run code on your computer to earn money. That's a fair thing to be nervous about. Here is exactly what a buyer can and cannot do — no hand-waving.

The short version: a buyer's code runs in a locked sandbox. It cannot read your files, passwords, photos, or other apps — we tested this by attacking it ourselves (table below). It can use your GPU and your internet, so we run a 24×7 abuse monitor that kills mining/scanning/flooding, and IP-masking is coming before we open to the public. Your hardware is protected by temperature, priority, and auto-pause limits.

1. Your files are walled off verified

Buyer code runs inside an OS-level sandbox. It can read and write one folder — its own scratch space — and nothing else. We didn't just claim this; we ran the six attacks a malicious buyer would try, from inside the exact sandbox:

Attack we ranResult
Read your Documents folder🛡 Blocked
Steal SSH keys / saved passwords (Keychain)🛡 Blocked
Write a file to your Desktop🛡 Blocked
Read GridShare's own config (holds your API key)🛡 Blocked
List your home folder's contents🛡 Blocked
Reach another buyer's instance data🛡 Blocked

The buyer can only touch ~/.gridshare/native/<their-instance>/work. Your personal data is invisible to them — they can't see it, copy it, damage it, or plant anything on your machine.

2. What the sandbox actually is

On a Mac it's Apple's built-in sandbox-exec (the same isolation technology macOS uses for App Store apps). On Linux/NVIDIA nodes it's Docker container isolation. Either way the workload runs as a jailed process: it gets the CPU/GPU you're renting out, and nothing else.

The terminal & notebook a buyer opens is your machine's compute…

…but jailed. Think of it like a locked room inside your house: they can use the workbench (GPU/CPU) we put in that room, but every door to the rest of the house is bolted. They never get your login, your shell, or your files.

3. We watch the network 24×7 live · v1.3.22

Workloads need the internet (to download models and datasets), so the sandbox allows outbound traffic. The risk is a buyer abusing your connection — mining crypto, scanning, or flooding. Our abuse monitor runs every 30 seconds on your node and watches for exactly that, using only connection metadata (never your traffic contents):

Every kill is logged and the buyer's account is flagged. Repeat offenders are banned.

4. IP protection — GridShare Shield rolling out for public launch

Buyers already never see your IP address — they reach your node only through GridShare's relay, never directly. The next layer, Shield, routes buyer traffic out through GridShare's own servers, so even outbound traffic carries our address, not your home connection. If a complaint is ever raised, it routes to GridShare — and we hold the records to action the responsible buyer, not you.

Shield ships before we open the marketplace to the public. Until then, providers are our own team and known users, protected by the abuse monitor above.

5. Your hardware is protected live

Sustained compute means heat and electricity, like running a game for a few hours — real, but bounded by the limits above.

✅ You're always in control

Your machine is yours first — it pauses the instant you touch it, you pick the hours you share, and you can stop sharing anytime with one click. Every workload is sandboxed away from your files, watched around the clock, and (with Shield) routed through our own network. We deliberately layer these protections so no single safeguard has to be perfect — that's how serious infrastructure is built. And we're rolling out carefully, starting with a trusted circle of providers, so the system is proven before it scales. Earn from your idle GPU with peace of mind.

Ready to earn from your idle GPU?

Your files are walled off, the network is watched, and your hardware is protected.

⬇ Download the Node Agent Provider Portal →