Slashdot Mirror
Kim Dotcom's 'Mega' Storage Site Arrives
An anonymous reader writes "After months of hype riding the coattails of the MegaUpload controversy, Kim Dotcom's new cloud storage site, Mega, is finally going live. After being available to early adopters briefly, it's now open to the public with 50GB of free storage and end-to-end encryption. Several outlets have posted early hands-on reports for the service, including Ars Technica and The Next Web. In an interview, Dotcom spoke about how Mega's encryption scheme benefits both the users and the company: 'The Mega business plan will be a distributed model, with hundreds of companies large and small, around the world, hosting files. A hosting company can be huge or it can own just two or three servers Dotcom says—just as long as it's located outside the U.S. "Each file will be kept with at least two different hosters, [in] at least two different locations," said Dotcom. "That's a great added benefit for us because you can work with the smallest, most unreliable [hosting] companies. It doesn't matter because they can't do anything with that data." More than 1000 hosts answered a request for expressions of interest on the Mega home page. Dotcom says several hundred will be active partners within months.' On top of that, the way it's designed will protect Mega from legal problems: 'It's all about the plausible deniability. Mega doesn't know what you're uploading. ... Mega isn't so much securing your files for you as it is securing itself from your files. If Mega just takes down all the DMCAed links, it will have a 100 percent copyrighted material takedown record as far as its own knowledge is concerned. It literally can't know about cases that aren't actively pointed out to it, complete with file decryption keys.'"
Anybody poke around yet to see how they do the client-side encryption w/o a plugin? I suppose it could be done in Javascript. Another thought I had is maybe using the SSL stream its self and storing that. I would hope they are at least not using Java or Flash.
In any case, I would imagine that this would attract a lot of attention to see just how secure the mechanism is.
OR, perhaps it's like a storage solution where you don't have to trust the storage company. If you store sensitive papers in a safety deposit box in a bank, you still have to trust the bank that nobody else will peek inside. With this, your privacy will be guaranteed by laws of nature.
Ezekiel 23:20
It keeps the powers that be busy.
THL phish sticks
This will obviously be watched very closely by some fellows with a lot of power.
Yes it's obvious that unknown persons with an unquantified amount of indeterminate influence will be watching a public website with an unspecified degree of closeness through some unmentioned mechanism.
1. Setup a big, encrypted cloud storage. Make a loud rumble so everyone looks at it.
2. Charge for a) "Pro accounts" with more bandwidth and storage and b) advertising.
3. Profit.
The business plan is really no miracle or something.
Sounds more like an acknowledgment that, 'Yes, we KNEW we were hosting pirated binaries before, but now we're much more clever at it".
It's more, "it's not our job to police our members and we've made it computationally impossible for us to do so."
No. This is a lot better than Dropbox. Dropbox has your files, knows what they're called, and knows what's in them. It is a basic, fairly bad, cloud storage service. All your data is subject to search and seizure.
On an audit of the code from Mega - which looks pretty solid - Mega has your files, but does NOT know what they're called or what's in them. Your data may still be subject to seizure - as MegaUpload very obviously demonstrated - but is NOT subject to search.
It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly. Seriously, look at the legit usage for this: This is the first really big cloud storage service you don't really have to trust to not leak your data. The risks are reduced: to seizure or other loss (which is ALWAYS a possibility, especially the way the US is being at the moment), or if they were made to backdoor it (though people might notice, as the JS would have to change, and that wouldn't affect client applications).
and all they will see is a bunch of encrypted files.
or Safari for iOS before iOS 6
That's because Safari for iOS did not support uploading files before iOS 6, at all.
I don't think they store the data on DVDs.
Yeah, but I think the point is that third party indexer type sites will start popping up, allowing people who are members of such sites to traffic in digital information. As long as where it is hosted isn't liable for anything, there will be no real, long-term and effective way of preventing people from sharing information with a computer & the internet.
This is just the beginning of the evolution of information transfer (don't want to call it "piracy" - that word has been co-opted to mean something it does not - let's call a spade a spade here and use the term information transfer).
... american corporations and their complaint criminal government have no credibility. Any society that allows such insane acts to be passed over and over again is not a country who's laws and businessmen should be taken seriously.
http://en.wikipedia.org/wiki/Copyright_Term_Extension_Act
I have plenty of use for a service like this, for:
* Offsite backup of my content creation and personal files. I have a backup external drive at home, but it's nice to have another copy offsite.
* Distributing technical data, which is all open-sourced. My home PC is bandwidth limited and not turned on all the time.
Note that with his distributed hosting, he can get along with a small number of users. It would just mean using fewer hosting providers to match the demand.
I really have no interest in just uploading or downloading files through my browser. When this was announced I heard that they were going to support mounting / folder syncing, but I'm not seeing anything like that yet. Am I missing something?
Facts have a liberal bias.
Try to access with https://
Coincidentally today all my torrents stopped working, all tracker addresses are resolving to 127.0.0.1... anyone else having the same problem?
`echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
dedupe doesn't need to understand what the data is only that the data is identical. so now the 2 copies of data they make are now shared by 2 or more accounts (for that block allocation unit at least). The likelihood of duplication occurring however is small, as any cryptographic file storage system when reformatted by the same user to store inside exactly the same data will have completely different encrypted data. This is due to the session key and block perturbation scheme.
I can only think that this is a clause to cover some kind of legal angle maybe due to the way someone else might claim gained access to your (private) data, when really all they did was have access to an encrypted block of data that both you and the other guy happened to upload that happened to be identical. With copy-on-write when one of you changes that block of data you would presume the system unshares the data. The most obvious case for deduplication would be blocks of zeroed data.
Oh the embarassment.
They mention in their TOS that they retain the right to delete duplicate files when more than one user uploads exactly the same file, which is sensible of course. But can anyone tell me how they can do this if they don't have the encryption key?
Works fine for me on Opera.
The G
And this may be one of the first cases for the Great Firewall of the USA to go up.
This looks like a good service for me. Reasonable prices and strong encryption, universal cloud access. Heck of a deal. And it won't hurt my feelings to support the cause.
Help stamp out iliturcy.
That's it. Somebody gets it.
The site can't be monitored directly. That's the whole point. I'm sure they will be watching, but not directly. Were I in their place, I'd be looking for sites that link to files uploaded to Mega. A few careful google queries, a custom crawler, even entering into a few sneaky agreements with ISPs to do DPI and see where people are going. The idea not being to catch all the pirates, but to catch all the highly-visible pirates and the communities they form around. So only private, invite-only forums can survive.
Mac users don't need to upload things. They consume, rather than create stuff, so all of their apps are already on the cloud.
How do they do they encryption before upload? If the file goes to the unencrypted initially, then surely they'd have a record of it.
Well, there are AES implementations for JavaScript.... not if I know that's what they're using or what the performance is like, but it's certainly possible to do it client side...
Live today, because you never know what tomorrow brings
But they don't have the encryption key. Not having the encryption key is a crucial part of their plausible deniability defence against hosting copyright infringing files. And if they don't have the encryption key they can't point someone at another copy of the same encrypted file since the user won't have the encryption key to decrypt it.
> It keeps the powers that be busy.
it allows them to request bigger budgets.
It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly.
Take a look at Spideroak and explain why you think they did it wrong.
Sig Battery depleted. Reverting to safe mode.
If they did ti correctly, they could provide the source code for the client side encryption, and let you build your own client from it.
After all, the best encryption is the kind that even if they tell you exactly how it works and show you the code, you STILL can't break it in any reasonable time frame.
Sig Battery depleted. Reverting to safe mode.
They know full well that this is just a fight between vested interests, with no a priori right or wrong (if you see an inherent right or wrong it's because you've already picked a side).
What we're witnessing here is the next skirmish in the copyright wars: "You play the piracy card, we play the common carrier card".
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Why would MEGA know your encryption keys?
Why would you give them to anyone?
Sig Battery depleted. Reverting to safe mode.
Oh, so where do you store your TB of encrypted files on the internet for free?
Willlful ignorance is a crime...
The internet police will be knocking on his door soon enough.
Not to mention taking deliberate steps to avoid prosecution by hosting exclusively outside the US
So what does that make me? I have no connection to the US and I took deliberate steps to host all my stuff at my place.
http://michaelsmith.id.au
The other idea I saw is that to use their free service you have to install their ad-blocker which replaces normal advertisments on web pages with their advertisments. Its shonky as hell but I can see it working for them.
http://michaelsmith.id.au
The old Mega-Upload did use Flash for some functions, such as directories for multiple file downloads. I believe the architecture was up- or downgrade, take your pick, to Javascirpt just before the Big Raid.
However, what made the old Mega a popular download site was that it was perfectly possible to download using simple non-browser based tools, including the commandline hacker's download manager of choice, wget. And Mega's files where infinitely resumable, even across different IP addresses even using the non-paying downloaders. You just pointed wget to the new URL, and assuming the remote and local file's name are the same, wget resumes the partially downloaded file.
Few file hosts now allow this functionality for free users.
So, basically, he's taken the "Swiss Bank Account" model
No, he has just make a cyberlocker the way it should have been from the start - a private storage facility for controlled groups of people. The uploaders are not anonymous, that they have to be registered with the site, and the T&Cs make it clear MEGA will hand over any registration data if compelled to by law.
The search functionality is broken with the new model
It was useless anyway because people didn't upload public files with names that gave away the copyright infringing contents, instead they linked to the obfuscated names on forums.
This means most users will ignore megaupload and they will suffer from a lack of users.
Except all those people who like services such as Google Drive, Skydrive, Dropbox etc. but want more privacy. Oh, and all the pirates who used to use MegaUpload because it was less crappy than most of the other cyberlocker services.
enabling the piracy that makes his site popular, but trying to evade legal liability
Or maybe it's just that the MAFFIA controls the FBI now and the US has become the World Police, capable of sending agents of foreign countries to do the bidding of its corporations. Why else would he even bother to mention the DMCA when MEGA is deliberately staying well away from any US territory and laws? He should have no reason to respond to any DMCA request because it isn't law in New Zealand or anywhere MEGA operates or has servers, but he is forced to because the US thinks its laws are universal.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If it's using public key cryptography then there is no way for it to be a honeypot. The prive encryption key determines the security of your files and the public key determines who can access your files. PKI.
No, you are missing the GP's point.
The legal system doesn't fall for these lame attempts at "hack the law". They've been dealing with creative interpretations, weasel-wording, finding-of-loopholes and everything else we techies think we're masters of for more than two milennia. Ourt "brilliant hacks" are barely worth a yawn in the area of law.
GP is completely right. A judge will look at this and basically say "dude, seriously?". The prosecution will have to prove its case, sure. But Kim and most techies think that's a problem of mathematics, and by adding a tiny variable of unknown value to the equation, they can make it impossible to solve.
But that's not how the law works. At all.
Disclaimer: I'm a techie, not a lawyer. But through business I've had more then ample contact with the legal system, including many court cases.
Assorted stuff I do sometimes: Lemuria.org
megaupload lets you share individual files or folders with others while still keeping the contents hidden from megaupload. SpiderOak uses one encryption key for everything, which only you hold and gives only you access to your data.
SpiderOak is zero-knowledge encrypted cloud backup/storage/remote disk, MegaUpload is a an encrypted Dropbox/fileshare/(future)collaboration tool. They occupy slightly different application spaces.
OP was only commenting on the legality of what he was doing. He wasn't saying it was immoral.
Just because we agree with the laws that swiss banks are enabling people to break and disagree with the laws that mega is enabling people to break doesn't mean there aren't parallels.
And how exactly is Kim related to the stealing of movies? After all, files can be saved anywhere. He is not the only person offering a file sharing service.
Ultimately, the thieves are people who rip movies and distribute them to others for free or worse, for a fee! I don't remember Kim dotcom ever being accused of ripping and distributing movies for a fee?
There are double standards here: Just like the Gun industry is not held responsible for lunatics killing innocent people with guns, file sharing providers should not be held accountable to the actions of people sharing recipes of how to build your own uranium enrichment facility, or the latest LOTR movie.
All those moments will be lost in time, like tears in rain... time... to... die...
What do you mean? Like, bombing brown people? Check.
Most of us don't even bother with HDDs or SSDs - just DVDs.
Most of who? I somewhat doubt that.
Filthy, filthy copyrapists!
Now got through, first upload failed. Not really important, for sure.
http://stephan.sugarmotor.org
To add to that, they do have API and let you build clients with it, although you need to have it approved with them.
Dilbert RSS feed
It keeps the powers that be busy.
You say that like it's a bad thing. Half a sec, this torrent is finishing... :D
Understanding the scope of the problem is the first step on the path to true panic.
Problem here is that you will have to outright ban encryption to solve this problem.
You're thinking techie again, not legalese.
The law is quite familiar with seemingly shizophrenic approaches. For example, they have an odd thing that is neither OR nor AND nor XOR - a lawyer can claim that his client wasn't even near the crime scene at that time, but if he was he didn't do it, and if he did then he was intoxicated and not in his right mind. He can claim all of these three as true at the same time, and nobody in the courtroom will even raise an eyebrow, except for the techie whose brain has just shut down with a long list of logic errors.
What exactly is the difference between a public lockers providing company and what mega is doing?
The difference is that the law deals with humans and motivations, something you ignore entirely. If I were to set up that locker company, the case would probably be shut down. But if a formerly convicted criminal who is currently on trial for drug deals did it, and if he had made a public statement basically saying "only our company uses opaque steel doors instead of the glass doors other companies use, so even we won't know if you store, say, drugs, in them, hint hint" he would very likely be convicted if there is even the slightest bit of evidence.
And that can easily be done without making lockers illegal. It's how the law works. I've been in enough court rooms to understand that a judge will judge the particular case in front of him. Only the high courts consider the broad implications of their judgements, for good reasons. And you would be surprised how capable these people are. Kim and many techies is guilty of arrogance. You, too, seem to think that only geeks have brains. Most of the judges I've met were very smart people who can easily blow a big hole into your whole circumvention scheme.
Never forget that these people meet someone new who had a brilliant idea to get away with his crime every week. It's like your lawyer friend coming to you and saying something like "I've had this brilliant idea yesterday. Your web application you've been complaining about, it would run so much faster if you only ... (insert old idea you've heard 1000 times before here)".
Assorted stuff I do sometimes: Lemuria.org
you sign up with a pre-paid CC and use a new email address you only use with mega? Seems pretty trivial to me
have you seen my sig? there are many others like it but none that are the same
Meh, I don't think the RIAA/MPAA are interested in any more warrants or lawsuits; on average, they lose a lot of money on them. The Verizon deal is great to them because it cuts all those "due process" requirements and it's therefore much cheaper per user.
Why should they care? It's not their money. The whole point of the *AAs getting copyright infringement redefined as a criminal act rather than a civil act was so the taxpayer foots the bill for prosecution, not the *AA. Once the complaint is signed in a criminal case, it's up to the government to investigate, serve warrants, make arrests, haul defendants in front of a judge, etc. In civil cases, it's up to the plaindiff to do all that gruntwork, without the benefit of arrest powers and police backup.
Understanding the scope of the problem is the first step on the path to true panic.