Slashdot Mirror
Kim Dotcom's 'Mega' Storage Site Arrives
An anonymous reader writes "After months of hype riding the coattails of the MegaUpload controversy, Kim Dotcom's new cloud storage site, Mega, is finally going live. After being available to early adopters briefly, it's now open to the public with 50GB of free storage and end-to-end encryption. Several outlets have posted early hands-on reports for the service, including Ars Technica and The Next Web. In an interview, Dotcom spoke about how Mega's encryption scheme benefits both the users and the company: 'The Mega business plan will be a distributed model, with hundreds of companies large and small, around the world, hosting files. A hosting company can be huge or it can own just two or three servers Dotcom says—just as long as it's located outside the U.S. "Each file will be kept with at least two different hosters, [in] at least two different locations," said Dotcom. "That's a great added benefit for us because you can work with the smallest, most unreliable [hosting] companies. It doesn't matter because they can't do anything with that data." More than 1000 hosts answered a request for expressions of interest on the Mega home page. Dotcom says several hundred will be active partners within months.' On top of that, the way it's designed will protect Mega from legal problems: 'It's all about the plausible deniability. Mega doesn't know what you're uploading. ... Mega isn't so much securing your files for you as it is securing itself from your files. If Mega just takes down all the DMCAed links, it will have a 100 percent copyrighted material takedown record as far as its own knowledge is concerned. It literally can't know about cases that aren't actively pointed out to it, complete with file decryption keys.'"
There are a few libraries...
http://code.google.com/p/crypto-js/
http://crypto.stanford.edu/sjcl/
Since you couldn't understand what I meant: The feds, the music industry, the movie industry, the porn industry, the gaming industry and the software industry to name a few.
No. This is a lot better than Dropbox. Dropbox has your files, knows what they're called, and knows what's in them. It is a basic, fairly bad, cloud storage service. All your data is subject to search and seizure.
On an audit of the code from Mega - which looks pretty solid - Mega has your files, but does NOT know what they're called or what's in them. Your data may still be subject to seizure - as MegaUpload very obviously demonstrated - but is NOT subject to search.
It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly. Seriously, look at the legit usage for this: This is the first really big cloud storage service you don't really have to trust to not leak your data. The risks are reduced: to seizure or other loss (which is ALWAYS a possibility, especially the way the US is being at the moment), or if they were made to backdoor it (though people might notice, as the JS would have to change, and that wouldn't affect client applications).
or Safari for iOS before iOS 6
That's because Safari for iOS did not support uploading files before iOS 6, at all.
... american corporations and their complaint criminal government have no credibility. Any society that allows such insane acts to be passed over and over again is not a country who's laws and businessmen should be taken seriously.
http://en.wikipedia.org/wiki/Copyright_Term_Extension_Act
It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly.
Take a look at Spideroak and explain why you think they did it wrong.
Sig Battery depleted. Reverting to safe mode.
User A uploads file encrypted with his keys, and hash of unencrypted file
User B uploads same file encrypted with his keys, and same hash of unencrypted file
Mega sees hash are same and deletes User B's file, linking to User A's
... time passes ...
User B downloads the file.... now what? User B doesn't have A's keys, he can't decrypt it. Mega doesn't have A's keys, they can't decrypt it for him. There is no way for B to get the decrypt the file.
I would say that particular item in the terms and conditions is either;
1. a mistake, added in by a lawyer copy-pasting
2. referring to duplicate encrypted files, if somehow the same file is encrypted with the same keys, by 2 people who both upload it (or 1 person gives the pre-encrypted file to another and they both upload it), then that's possible.
NZ Electronics Enthusiasts: Check out my Trade Me Listings
If they did ti correctly, they could provide the source code for the client side encryption, and let you build your own client from it.
After all, the best encryption is the kind that even if they tell you exactly how it works and show you the code, you STILL can't break it in any reasonable time frame.
Sig Battery depleted. Reverting to safe mode.
According to their FAQ they intend to support this in the future. But access to their servers is done through HTTP and JSON, and the CRUD functions map to a subset of POSIX filesystem API. so it should be possible to make a FUSE driver for Linux or a synced folder implementation for any platform.
Right now their site only really fully supports desktop version of Google Chrome, less complete support for other major browsers, and no mobile platform apps. But because their service is written in unobfuscated Javascript on their site and doesn't seem to rely on any hidden moving parts, I expect we'll see more apps show up pretty quickly. I am excited, this service actually seems to be competently constructed.
If it's using public key cryptography then there is no way for it to be a honeypot. The prive encryption key determines the security of your files and the public key determines who can access your files. PKI.
What do you mean? Like, bombing brown people? Check.
Javascript can access and process file data directly with the HTML5 File API which is supported by recent versions of most major browsers.