Wow. Its just so incredibly obvious that this is just MegaUpload in a new form and that the entire point is to allow sharing of copyrighted data. Kim is hanging this whole thing on plausible deniability but it doesn't take a rocket scientist to figure out what's really going on. This infuriates me. Sharing copyrighted files isn't what pisses me off. What does is the arrogance of Dotcom to try to pass this thing off like its for legit sharing of files. We have Google Drive, Dropbox, Box.net, Amazon's thing, iCloud and a billion others and no one really messes with them. There's no doubt in my mind that those services are storing some copyrighted data but they don't get messed with because they're truly legit. The feds didn't go after MegaUpload because it allowed people to share files that may or may not be copyrighted. It did so because the worst kept secret on the web was that if you want to download the new Lady Gaga single you could probably find it pretty easily on MegaUpload because that's basically what everyone was using it for. I honestly have no qualms about not backing up my claims with specific examples and evidence in this case because everyone here knows what was going on at MegaUpload and anyone trying to deny is either twisting their minds into a preztel with the mental gymnastics they'd have to do to convince them otherwise or they're just outright lying. I said it.
So now that they have this new approach I doubt they'll be successful. Because of the way the new Mega is set up you can't search for content. Allowing the ability to search for content would necessitate getting rid of their whole privacy scheme. I predict that the new Mega could still be used to share copyrighted files but the onus will be on third parties to keep track of such files in a database or something in order to provide links to people searching or it can just become a safe place to store your copyrighted files and share them on a case by case basis (through email, links on forums, or wherever). But if this really is supposed to be a legit service, which it isn't (come on, you know it), then I don't see how it can gain market share or mind share given the alternatives we already have had for a while now.
"...easily on MegaUpload because that's basically what everyone was using it for"
You can never blame the creators of a tool for what their users do. Not to rehash an old argument, but you don't blame suitcase manufacturers for making suitcases that criminals use for convenient cash lockboxes. You can't blame a knife maker because a housewife stabbed her husband.
Unless you can empirically prove that MegaUpload courted people to break copyright I don't see what case you have. All of your "claims" seem to be anecdotal bluster, couched in a defensive posture to automatically discredit anyone who disagrees.
I find it so hard to comprehend that people refuse to believe that MegaUpload was never used for legitimate reasons. It's widely known that MegaUpload was well used in the corporate world[1], however it's unfortunate that no specific companies (to my knowledge) have come forward publicly. As a personal aside, I used it many times to send files that were too large for email to classmates and friends.
Beyond all of that, you are overlooking the problem. Attacking filesharing websites is simply slapping a band-aid over a symptom. The websites will continue to pop up, there is a demand and someone is going to supply it. Plus, it's incredibly easy to set up your own file-sharing website... I expect it won't be too soon before we start seeing people rolling their own just like blogs today (though admittedly not nearly as widespread).
We need to be addressing the real issue. Admittedly, I don't have a solution to "piracy" on a grand scale, however I can certainly say actions like targeting MegaUpload and then vilifying a business that has yet to even land a single customer over it's first press release definitely do not help the issue.
As for blaming the tool for what the users do: I believe this has been tested in court with the Sony vs. Universal City Studios case (The Betamax case).
Since the recorder wasn't explicitly made for breaking the law, the makes of the recorder can't be held accountable.
> This infuriates me. Sharing copyrighted files isn't what pisses me off. What does is the arrogance of Dotcom to try to pass this thing off like its for legit sharing of files.
You're attributing to arrogance that which can be adequately explained as a desire for plausible deniability. If Mega acts like a legitimate file depository site, and they don't do noticeably more to help with copyright infringement than things like Google Drive, and they say that they're legit, then this decreases their chances of getting in more legal trouble.
You couldn't search for content on the old Megaupload. Third-party crawlers always took care of that.
In one of the articles discussing his arrest it was mentioned that they had an internal tool that could search for content, maybe that is what you're thinking about.
Box.net, Amazon, iCloud and other 'cloud drive' style sharing services can actually be quite a large pain to share large amount of files with random people, even when your paying. For example, I ran into this pain trying to share 4GB of photos I took, mediafire split archives ended up being the least painless way to go about it. These digital locker services tend to be the cheapest way to host/share large amounts of files too when your paying as a normal person.
> [...] everyone here knows what was going on at MegaUpload and anyone trying to deny is either twisting their minds into a preztel with the mental gymnastics they'd have to do to convince them otherwise or they're just outright lying. I said it.
I wasn't really aware of megaupload until the bust happened. Maybe I don't spend enough time looking for pirated copies of Lady Gaga albums.
I guess you never consumed user-generated content then. Plenty of CC music is shared through file lockers. Plenty of freeware games are done through file lockers.
And there's hundreds of sites like that, people creating content on different platforms that need a way to share it. How do you think they share their creations?
> everyone here knows what was going on at MegaUpload and anyone trying to deny is either twisting their minds into a preztel with the mental gymnastics they'd have to do to convince them otherwise or they're just outright lying. I said it.
The question remains however, how big a part of "what was going on at MegaUpload" involved copyright infringing data. The article implies that the old MegaUpload was indeed using data deduplication. The Feds confiscated 25 petabytes of data. It just doesn't add up if you consider all Blu-Ray releases in the movie industry to date (which at 10GB a piece would make up the vast majority of infringing data). The only conclusion (that makes any sense to me) is that the vast majority of those confiscated 25 petabytes (about 95% if I remember my previous back-of-the-envelope calculations correctly) must have been legit user-generated or individually produced data, such as the 4GB photos that are mentioned elsewhere in this thread, or who knows what it could be, raw video data, the only reliable way to share huge amounts of sensor readings from whatever instruments for scientific research maybe. I have no idea, but given they used deduplication, Hollywood just didn't produce that many films. 25 petabytes are huge.
Don't get me wrong, it still means they were infringing on an enormous scale, just that it wasn't quite entirely fair to just take and hold the whole 25 petabytes, they don't do that when Google infringes either.
Doesn't this one seemingly trivial change (encryption) add enough annoyance for the average pirate that they'll likely use one of the bevy of competing filehosting sites?
Reasons I can think of using "Mega" instead of another service include (1) DL speed, (2) brand recognition, (3) less intrusive ads and less annoying capchas due to their superior financial position and scale stemming from their name recognition.
I wonder if the reasons above (or others) will be strong enough to transition Megaupload users to "Mega"
It sounds like their client is going to automatically perform the decryption. I would guess you'll be able to just pass in the key in the URL, so indexing sites will make Mega just as easy to use as BitTorrent is with magnet URLs. Remember that Mega only makes money if people use it.
A crypto key in the URL would ruin the deniability - their web server logs would contain the decryption keys. The whole point is to run AES in Javascript in the browser so the key never reaches them.
Linking the key as the fragment identifier component (after a #) would prevent the server from seeing it, but still allow Javascript to have access to the key.
That way you can link encrypted content with a key, and have the server not know about it.
This scheme has been deployed for at least one secure pastebin.
This schema is actually more useful for secretive document "dead drops" (such as handing a tranche of files to Wikileaks) or for friend-to-friend swaps than it is for making warez available to the web at large. As soon as the files are publicly indexed, the excuse "we don't know what we're hosting" becomes a lie - they would have to delete it. The law's attitude would be "if we can find Lady Gaga on your servers with a Google search, so can you".
But then the copyright holder would have to proove that this thing named "Lady Gaga - all albums" is actually infringing material and not a bunch of, say, zipped lolcats. So they'd have to check it and file a complaint on per-file basis, at which point Mega just deletes that file. Isn't it just like YouTube, but without the ability to run copyrighted-material-detection algorithms on data?
BTW. in Poland there's a well-known sharing service that operates this way; promptly deleting infringing content, while everybody knows that the files will reappear shortly somewhere else, and it's all Google-indexed (I don't think that it's by coincidence), so with simple "site:" query you can even skip the paid search feature.
If your access to files consists of a public index (or something like a torrent tracker), they can just crawl the index, fetch all the keys, fetch all the files and check them. It would be a bandwidth hog compared to running recognition patterns on localhost, but it's not hard.
And more to the point, they could put the onus on Mega to go do that. It would be easy to argue in court "if we can find the key, so can they, if we can check the file, so can they" and cast their actions as wilful negligence.
It's not so much whack-a-mole, as "keep it quiet", then. Mega pretty much has to kill what they can find the keys to, but if you keep the key a secret and share it sparingly, that is no longer possible.
The feds didn't go after MegaUpload because it allowed people to share files that may or may not be copyrighted
It's very presumptuous to assume you know the reason why the Feds raided MU.
If the Feds had a case they should have presented it. Not all this "we have evidence, but we won't show it to anyone" crap.
With the fact that they had been spying on MU for over 5 years, you would think they could have built a solid case, and the fact that they couldn't makes one think the raid was rushed.
Perhaps this had more to do with the Universal lawsuit, the pending release of MegaBox, and pressure from lobbyists than actual wrongdoing.
Of course this is all conjecture, as is your assumption.
My inner civil libertarian cheers at this, although one wonders how useful a public storage locker is without any associated content discovery tools.
But my inner policeman hesitates. If actual bad guys (organized crime, drug cartels, spies, terrorists, governments, script kiddies, or anyone else working outside the law) can communicate and operate with impunity, the technology is not an unequivocally good thing. The broadly accepted way we deal with this is to have warrant-based interception and eavesdropping; it's hard to argue that our law enforcement services would best operate without any tools other than direct physical surveillance. So presumably even Mega would need to comply with legal wiretapping requests. Happily for Mega, and unhappily for law enforcement, doing it at the server doesn't get them anything with this scheme. But that simply compels law enforcement to get much more invasive, in a way that's hard for citizens to monitor: Find a way to install eavesdropping tools on the suspect's machine so access is gained before encryption.
I'm not sure where all this is headed; it's a brave new world.
(Heading off potential replies about the growing use of warrantless wiretaps -- of course those are unacceptable. But wiretapping with a warrant is a vital, crucial tool, and that's all I'm discussing here.)
> But my inner policeman hesitates. If actual bad guys (organized crime, drug cartels, spies, terrorists, governments, script kiddies, or anyone else working outside the law) can communicate and operate with impunity
This tool is still just a cyber-locker, it doesn't allow you to launch a ddos attack, or run scripts, or even communicate, you need a channel of communication established elsewhere to pass the keys. It's just an easier way to share files with people you're already communicating with in some manner.
Even today, nothing stops bad guys from encrypting using available tools in their PC and upload to a public file sharing service. Only thing the proposed Mega service is doing is making the process simpler. Believe this is going to be the future unless governments ban encryption all together which might not picture them in a better light amongst all of us.
The court held that in this case the users of the systems were the direct infringers, these who are ignorant or more commonly disdainful of copyright and in any event discount the likelihood of being sued or prosecuted for copyright infringement, however companies such as Aimster that facilitate their infringement, even if they are not themselves direct infringers can be liable for copyright violations as contributory infringers.
The key question is whether Mega is practicing "Willful Blindness" (http://en.wikipedia.org/wiki/Willful_blindness) by providing this service. The players involved, especially Dotcom, seem to have already "tainted" themselves as being _knowledgeable_ of infringement through their involvement in MegaUpload. So in what way is their "design" of a client-side encrypted system different from "designing" a drug trafficking briefcase so that the courier doesn't have a key? If the courier/service has reason to believe that the service is being used for copyright infringement, it could be argued that they are being criminally negligent by offering such a service.
If the postal service invented physical systems that didn't allow mail to be opened in transit, would you accuse the postmaster general of facilitating criminal conspiracies?
All they are doing is keeping private communication really private.
What is the difference between this and encrypted email? Hint, you can break a large file into many chunks of email too.
I think it's a conspiracy directed by an occult media producer's conclave to destroy the public image of file-sharing in general using this guy's butt-ugly face...
(No really, I'd rather hear more about what happened to the poor Demonoid guys than see his face taking up more media space - it's obvious that he likes publicity even more than money so even the FBI just gave him what he wanted!)
Wouldn't you have a DB set up in each location with some sort of replication? So there would be DB -> DB log shipping inter-region but everything else would be intra-region.
That can still add up a ton. I was thinking regional sharding where you might end up having records in a different region that are local to 'that region' queried by other regions.
It depends on your goals. As someone stated the other day in the ThePirateBay thread, their priority is mobility, rather than keeping their setup close-knit.
I think they were using so called in the traditional sense rather than the colloquial sense. Rather than being sarcastic like is common with that phrase, they meant "using what is known as the Advanced Encryption Standard".
It's a rather bland and encompassing name (are other encryption standards not advanced?), so saying "so-called" points out that it's a name and not a description.
>Mega will also grant direct access to their servers for entities such as film studios, allowing them to remove copyright-infringing material themselves.
How? Is this if the person that uploaded the file is openly distributing the key?
I guess this was a joke. They can look through the data stored on the servers for as long as they want; they won't find anything because they don't have the keys.
So they can pop in and remove it, just to have it reappear ten times. It will be completely futile waste of time, unless Mega lets them automate this process somehow.
Chances are that the most widely distributed things will be on centralized sites (e.g. ThePirateBay). The RIAA/MPAA could probably easily write a bot to scrape these sites for access information and then go into MegaEncryptedUpload and remove the files.
Yes. Basically it's giving 3rd parties (content owners) a self-service account in Mega's admin tools so that they can take down items without involving Mega, and in this case to verify that the content is infringing they'd have to have the keys somehow.
It's fairly routine for large media sites to supply this access, since it's more about administrative efficiency for the hosting site than anything else.
Users are required to hand over encryption keys in several countries, including the UK. Worse, encryption keys are likely to find their way to Google ("check out this great $POPULAR_ARTIST song: www.mega.com/mykey"), so proving that Mega hosts lots of infringing content will be really easy. Finally, Mega can easily detect such files just by looking at the access patterns (10MB plus lots of hits from all over the world? Likely pirated MP3.)
Of course, all of this assumes that they get the crypto right in the first place.
Musicians legitimately distributing their songs don't get any hits. (No musician likely to generate a pirate-ish number of hits is going to use Mega to distribute the song - people who make money don't send their users to sites with completely different branding.)
You can say that, but there's no way to prove it short of commissioning a study. I don't think the DMCA requires you to hire statisticians to investigate the usage patterns of your site.
And what if someone uploads a wikileaks like pdf that gets downloaded by thousands of people? Is that going to get automatically shut off.
Anything that allows the free flow of information is good for copyright infringement, but when you are contorting Laws in absurd perverse ways its better to have a fat ugly obnoxious guy on the receiving end.
that's all good and well, except for it to resemble the previous model, there would need to be a mechanism for key exchange and search by title => key, which would need to move underground. without a search facility it loses most of its piracy value.
So now that they have this new approach I doubt they'll be successful. Because of the way the new Mega is set up you can't search for content. Allowing the ability to search for content would necessitate getting rid of their whole privacy scheme. I predict that the new Mega could still be used to share copyrighted files but the onus will be on third parties to keep track of such files in a database or something in order to provide links to people searching or it can just become a safe place to store your copyrighted files and share them on a case by case basis (through email, links on forums, or wherever). But if this really is supposed to be a legit service, which it isn't (come on, you know it), then I don't see how it can gain market share or mind share given the alternatives we already have had for a while now.