Slashdot Mirror
Kim Dotcom's 'Mega' Storage Site Arrives
An anonymous reader writes "After months of hype riding the coattails of the MegaUpload controversy, Kim Dotcom's new cloud storage site, Mega, is finally going live. After being available to early adopters briefly, it's now open to the public with 50GB of free storage and end-to-end encryption. Several outlets have posted early hands-on reports for the service, including Ars Technica and The Next Web. In an interview, Dotcom spoke about how Mega's encryption scheme benefits both the users and the company: 'The Mega business plan will be a distributed model, with hundreds of companies large and small, around the world, hosting files. A hosting company can be huge or it can own just two or three servers Dotcom says—just as long as it's located outside the U.S. "Each file will be kept with at least two different hosters, [in] at least two different locations," said Dotcom. "That's a great added benefit for us because you can work with the smallest, most unreliable [hosting] companies. It doesn't matter because they can't do anything with that data." More than 1000 hosts answered a request for expressions of interest on the Mega home page. Dotcom says several hundred will be active partners within months.' On top of that, the way it's designed will protect Mega from legal problems: 'It's all about the plausible deniability. Mega doesn't know what you're uploading. ... Mega isn't so much securing your files for you as it is securing itself from your files. If Mega just takes down all the DMCAed links, it will have a 100 percent copyrighted material takedown record as far as its own knowledge is concerned. It literally can't know about cases that aren't actively pointed out to it, complete with file decryption keys.'"
OR, perhaps it's like a storage solution where you don't have to trust the storage company. If you store sensitive papers in a safety deposit box in a bank, you still have to trust the bank that nobody else will peek inside. With this, your privacy will be guaranteed by laws of nature.
Ezekiel 23:20
It keeps the powers that be busy.
THL phish sticks
This will obviously be watched very closely by some fellows with a lot of power.
Yes it's obvious that unknown persons with an unquantified amount of indeterminate influence will be watching a public website with an unspecified degree of closeness through some unmentioned mechanism.
1. Setup a big, encrypted cloud storage. Make a loud rumble so everyone looks at it.
2. Charge for a) "Pro accounts" with more bandwidth and storage and b) advertising.
3. Profit.
The business plan is really no miracle or something.
Sounds more like an acknowledgment that, 'Yes, we KNEW we were hosting pirated binaries before, but now we're much more clever at it".
It's more, "it's not our job to police our members and we've made it computationally impossible for us to do so."
No. This is a lot better than Dropbox. Dropbox has your files, knows what they're called, and knows what's in them. It is a basic, fairly bad, cloud storage service. All your data is subject to search and seizure.
On an audit of the code from Mega - which looks pretty solid - Mega has your files, but does NOT know what they're called or what's in them. Your data may still be subject to seizure - as MegaUpload very obviously demonstrated - but is NOT subject to search.
It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly. Seriously, look at the legit usage for this: This is the first really big cloud storage service you don't really have to trust to not leak your data. The risks are reduced: to seizure or other loss (which is ALWAYS a possibility, especially the way the US is being at the moment), or if they were made to backdoor it (though people might notice, as the JS would have to change, and that wouldn't affect client applications).
and all they will see is a bunch of encrypted files.
or Safari for iOS before iOS 6
That's because Safari for iOS did not support uploading files before iOS 6, at all.
I don't think they store the data on DVDs.
Yeah, but I think the point is that third party indexer type sites will start popping up, allowing people who are members of such sites to traffic in digital information. As long as where it is hosted isn't liable for anything, there will be no real, long-term and effective way of preventing people from sharing information with a computer & the internet.
This is just the beginning of the evolution of information transfer (don't want to call it "piracy" - that word has been co-opted to mean something it does not - let's call a spade a spade here and use the term information transfer).
... american corporations and their complaint criminal government have no credibility. Any society that allows such insane acts to be passed over and over again is not a country who's laws and businessmen should be taken seriously.
http://en.wikipedia.org/wiki/Copyright_Term_Extension_Act
I really have no interest in just uploading or downloading files through my browser. When this was announced I heard that they were going to support mounting / folder syncing, but I'm not seeing anything like that yet. Am I missing something?
Facts have a liberal bias.
Try to access with https://
They mention in their TOS that they retain the right to delete duplicate files when more than one user uploads exactly the same file, which is sensible of course. But can anyone tell me how they can do this if they don't have the encryption key?
Works fine for me on Opera.
The G
And this may be one of the first cases for the Great Firewall of the USA to go up.
This looks like a good service for me. Reasonable prices and strong encryption, universal cloud access. Heck of a deal. And it won't hurt my feelings to support the cause.
Help stamp out iliturcy.
The site can't be monitored directly. That's the whole point. I'm sure they will be watching, but not directly. Were I in their place, I'd be looking for sites that link to files uploaded to Mega. A few careful google queries, a custom crawler, even entering into a few sneaky agreements with ISPs to do DPI and see where people are going. The idea not being to catch all the pirates, but to catch all the highly-visible pirates and the communities they form around. So only private, invite-only forums can survive.
If they did ti correctly, they could provide the source code for the client side encryption, and let you build your own client from it.
After all, the best encryption is the kind that even if they tell you exactly how it works and show you the code, you STILL can't break it in any reasonable time frame.
Sig Battery depleted. Reverting to safe mode.
They know full well that this is just a fight between vested interests, with no a priori right or wrong (if you see an inherent right or wrong it's because you've already picked a side).
What we're witnessing here is the next skirmish in the copyright wars: "You play the piracy card, we play the common carrier card".
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Oh, so where do you store your TB of encrypted files on the internet for free?
Willlful ignorance is a crime...
The internet police will be knocking on his door soon enough.
Not to mention taking deliberate steps to avoid prosecution by hosting exclusively outside the US
So what does that make me? I have no connection to the US and I took deliberate steps to host all my stuff at my place.
http://michaelsmith.id.au
So, basically, he's taken the "Swiss Bank Account" model
No, he has just make a cyberlocker the way it should have been from the start - a private storage facility for controlled groups of people. The uploaders are not anonymous, that they have to be registered with the site, and the T&Cs make it clear MEGA will hand over any registration data if compelled to by law.
The search functionality is broken with the new model
It was useless anyway because people didn't upload public files with names that gave away the copyright infringing contents, instead they linked to the obfuscated names on forums.
This means most users will ignore megaupload and they will suffer from a lack of users.
Except all those people who like services such as Google Drive, Skydrive, Dropbox etc. but want more privacy. Oh, and all the pirates who used to use MegaUpload because it was less crappy than most of the other cyberlocker services.
enabling the piracy that makes his site popular, but trying to evade legal liability
Or maybe it's just that the MAFFIA controls the FBI now and the US has become the World Police, capable of sending agents of foreign countries to do the bidding of its corporations. Why else would he even bother to mention the DMCA when MEGA is deliberately staying well away from any US territory and laws? He should have no reason to respond to any DMCA request because it isn't law in New Zealand or anywhere MEGA operates or has servers, but he is forced to because the US thinks its laws are universal.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If it's using public key cryptography then there is no way for it to be a honeypot. The prive encryption key determines the security of your files and the public key determines who can access your files. PKI.
No, you are missing the GP's point.
The legal system doesn't fall for these lame attempts at "hack the law". They've been dealing with creative interpretations, weasel-wording, finding-of-loopholes and everything else we techies think we're masters of for more than two milennia. Ourt "brilliant hacks" are barely worth a yawn in the area of law.
GP is completely right. A judge will look at this and basically say "dude, seriously?". The prosecution will have to prove its case, sure. But Kim and most techies think that's a problem of mathematics, and by adding a tiny variable of unknown value to the equation, they can make it impossible to solve.
But that's not how the law works. At all.
Disclaimer: I'm a techie, not a lawyer. But through business I've had more then ample contact with the legal system, including many court cases.
Assorted stuff I do sometimes: Lemuria.org
megaupload lets you share individual files or folders with others while still keeping the contents hidden from megaupload. SpiderOak uses one encryption key for everything, which only you hold and gives only you access to your data.
SpiderOak is zero-knowledge encrypted cloud backup/storage/remote disk, MegaUpload is a an encrypted Dropbox/fileshare/(future)collaboration tool. They occupy slightly different application spaces.
Javascript can access and process file data directly with the HTML5 File API which is supported by recent versions of most major browsers.
To add to that, they do have API and let you build clients with it, although you need to have it approved with them.
Dilbert RSS feed
Problem here is that you will have to outright ban encryption to solve this problem.
You're thinking techie again, not legalese.
The law is quite familiar with seemingly shizophrenic approaches. For example, they have an odd thing that is neither OR nor AND nor XOR - a lawyer can claim that his client wasn't even near the crime scene at that time, but if he was he didn't do it, and if he did then he was intoxicated and not in his right mind. He can claim all of these three as true at the same time, and nobody in the courtroom will even raise an eyebrow, except for the techie whose brain has just shut down with a long list of logic errors.
What exactly is the difference between a public lockers providing company and what mega is doing?
The difference is that the law deals with humans and motivations, something you ignore entirely. If I were to set up that locker company, the case would probably be shut down. But if a formerly convicted criminal who is currently on trial for drug deals did it, and if he had made a public statement basically saying "only our company uses opaque steel doors instead of the glass doors other companies use, so even we won't know if you store, say, drugs, in them, hint hint" he would very likely be convicted if there is even the slightest bit of evidence.
And that can easily be done without making lockers illegal. It's how the law works. I've been in enough court rooms to understand that a judge will judge the particular case in front of him. Only the high courts consider the broad implications of their judgements, for good reasons. And you would be surprised how capable these people are. Kim and many techies is guilty of arrogance. You, too, seem to think that only geeks have brains. Most of the judges I've met were very smart people who can easily blow a big hole into your whole circumvention scheme.
Never forget that these people meet someone new who had a brilliant idea to get away with his crime every week. It's like your lawyer friend coming to you and saying something like "I've had this brilliant idea yesterday. Your web application you've been complaining about, it would run so much faster if you only ... (insert old idea you've heard 1000 times before here)".
Assorted stuff I do sometimes: Lemuria.org
Meh, I don't think the RIAA/MPAA are interested in any more warrants or lawsuits; on average, they lose a lot of money on them. The Verizon deal is great to them because it cuts all those "due process" requirements and it's therefore much cheaper per user.
Why should they care? It's not their money. The whole point of the *AAs getting copyright infringement redefined as a criminal act rather than a civil act was so the taxpayer foots the bill for prosecution, not the *AA. Once the complaint is signed in a criminal case, it's up to the government to investigate, serve warrants, make arrests, haul defendants in front of a judge, etc. In civil cases, it's up to the plaindiff to do all that gruntwork, without the benefit of arrest powers and police backup.
Understanding the scope of the problem is the first step on the path to true panic.