Techdirt. Stories about "mega"

Hollywood Studios Send DMCA Takedowns Over Kim Dotcom's Mega Service

Mike Masnick — Tue, 28 May 2013 14:09:18 PDT

Kim Dotcom launched his "Mega" service to great fanfare a few months back. Since then it hasn't really gotten much press coverage, but it appears that the Hollywood studios are looking to change that, sending DMCA takedown notices to Google to remove the Mega.com front page. You could understand it if it was a particular link to an infringing file (and, Mega itself claims to be completely complaint with any such DMCA notices). But, in this case, we have NBC Universal -- already known for being a bit overaggressive with these sorts of things -- sending a takedown notice that includes the very front page of Mega.co.nz, despite the fact that the front page has no links at all. They're claiming that the front page contains its film Mama. Meanwhile, Warner Bros. is claiming in a DMCA takedown that Mega.co.nz should be removed because it has its movie Gangster Squad.

Normally, we give the studios the benefit of the doubt, and we chalk these sorts of things up to over aggressive automated takedowns , but at this point you have to wonder if the studios aren't just attacking Mega because they can. They absolutely hate Dotcom with a passion well beyond any reason, and now that Google has told them it will hurt the search rankings of sites that receive too many DMCA notices, they have a direct incentive to look to weaken Mega, as it's something they're fearful of, in part because they don't understand it. Once again, though, we see that the major Hollywood studios completely abusing the DMCA takedown process. Is it any wonder they're so adamant that they shouldn't get in any trouble for filing bogus DMCA takedown notices?

Permalink | Comments | Email This Story

HADOPI May Be Succeeding -- In Driving French Customers To Dotcom's Mega

Glyn Moody — Tue, 19 Feb 2013 09:50:03 PST

Last week, Techdirt reported on the news that falling numbers of P2P users are being trumpeted as a victory for HADOPI's "three strikes" approach in France, but that it is a hollow victory, since sales of recorded music are still dropping in that country. The French site Numerama points out something else interesting happening there (in French), as revealed by the following tweet from Kim Dotcom:

#Mega Top 5 premium membership countries: 1. France 2. Spain 3. Belgium 4. United States 5. Germany - Thanks a lot for buying!

Now, of course, as Techdirt always emphasizes, correlation is not causation, but it's pretty suggestive that at precisely the same time that P2P use is dropping in France, its citizens should turn out to be the biggest premium users of Dotcom's Mega service. This is, after all, precisely what we and everyone else have been predicting: that people would simply move from P2P services where they can be observed, to others -- like Mega's file-hosting site -- where they cannot.

This interpretation is supported by the other notable fact to emerge from Dotcom's tweet: that after French users, it is Spaniards who are signing up for Mega's premium membership in droves -- another group who have had a punitive copyright infringement law imposed on them recently. This means that in about a year's time, we can probably expect the Spanish department tasked with implementing Ley Sinde to publish figures showing that the number of P2P users is falling -- omitting to note, of course that they, like their French counterparts, have simply moved to alternatives instead.

Now, some will doubtless use these trends to argue that Mega should be shut down just as Megaupload was. But the correct inferences to draw are that HADOPI and Ley Sinde are just an expensive waste of time, and that people don't expect to get everything for free, as the popularity in France and Spain of Dotcom's paid-for Mega service shows. It's just a matter of the recording and film industries offering the public what they want, in a form they want, at a reasonable price. Is that really too much to ask?

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Permalink | Comments | Email This Story

Odd: Mega Removing Any File It Can Find That Is Publicly Indexed -- Even Completely Legitimate Uploads

Mike Masnick — Thu, 31 Jan 2013 14:59:00 PST

There has been talk about how various anti-piracy operations have been "testing" Kim Dotcom's Mega in terms of how it responds to takedown notices (so far, it's apparently doing quite well). However, the folks at TorrentFreak noticed something odd. From their tests, it appears that Mega is actually taking down almost anything that shows up via a search engine that was set up to search publicly released "Mega" links. TorrentFreak uploaded some content that has been shared legally, and which is authorized for further sharing -- and all of it went away almost immediately.

To test how quickly a file is removed by Mega we decided to post some previously uploaded legal content to Mega-search.me ourselves. Our uploads included a few Dan Bull songs, a clip from the Pirate Bay documentary TPB-AFK, a video explaining fair use and Kim Dotcom’s single Mr. President.

Quite shockingly, the files were pulled down by Mega in a matter of minutes, claiming they had received copyright infringement notices for each of them.

We are in receipt of a takedown notice affecting the following public link
in your account:

https://mega.co.nz/#!iRQRnLzT

Please be reminded that MEGA respects the copyrights of others and requires that users of the MEGA cloud service comply with the laws of copyright. You are strictly prohibited from using the MEGA cloud service to infringe copyrights. You may not upload, download, store, share, display, stream, distribute, e-mail, link to, transmit or otherwise make available any files, data, or content that infringes any copyright or other proprietary rights of any person or entity.

Furthermore, please be reminded that, pursuant to our Terms of Service, accounts found to be repeat infringers are subject to termination.

It's possible that someone is sending takedowns on all content it can find, or it's possible that Mega itself is taking down all such content -- and then flat out lying about receiving a takedown notice. Unfortunately, it also does not appear that Mega has any sort of appeals process, or the ability (as per the DMCA) to file a counternotice. While Mega is not a US company, and not subject to the DMCA, it seems only reasonable that it at least have a counternotice process.

Yes, given the legal mess that Kim Dotcom and his partners are in over their previous company, Megaupload, you can certainly understand why they might default to an extreme position of "take down everything that is publicly searched," but that still seems ridiculous. There is plenty of content out there that is legally shareable, and if Mega does not want to allow public sharing at all, even of legal content, it should make that explicit. Alternatively, if someone is issuing bogus takedowns, Mega should have a process for dealing with that. Finally, it seems that Mega is in desperate need of an appeals process or counternotification system.

Permalink | Comments | Email This Story

GEMA Takes Kim Dotcom's Mega Launch Party Video Down, Despite All Songs Being Cleared

Mike Masnick — Thu, 24 Jan 2013 14:45:13 PST

GEMA and MEGA may have the same letters arranged differently, but you have to imagine that the hardline copyright maximalists at GEMA aren't at all pleased by Kim Dotcom's new Mega outfit, even if it's really not all that different than tons of other online cloud storage platforms. Still, it is a bit odd to see that GEMA had Mega's launch video removed from YouTube. There was music in the video, but as Dotcom notes, it was either his own music, or music by musicians who all gave permission to use it. My guess is that it may have more to do with the ongoing dispute between GEMA and YouTube, which means that any video with GEMA content is blocked in Germany. However, Dotcom filed a dispute, and notes that he plans to have his lawyers discuss the matter with GEMA.

Permalink | Comments | Email This Story

Anti-Piracy Group Already Demanding That Kim Dotcom's New Mega Service Be Shut Down

Mike Masnick — Thu, 24 Jan 2013 04:03:08 PST

This probably isn't a huge surprise, but with the launch of Kim Dotcom's new Mega cloud drive system, many in the entertainment industry have assumed that he must be relaunching Megaupload and a way to infringe. However, it seems pretty clear that Mega is quite different and mostly resembles other well known legitimate services, like Google Drive, Dropbox and Amazon's cloud offerings. Still that hasn't stopped some in the "anti-piracy" community from trying to shut down the site already:

Robert King is the lead figure behind StopFileLockers (SFL), an anti-piracy group dedicated to bringing file-hosting services to their knees by strangling their finances. Last year King claimed his group had a hand in disrupting the cash flow to hundreds of sites and actually shutting down dozens more. Now he has a very big scalp on his mind.

King, an Australian and adult industry player, says that StopFileLockers have just begun a “campaign to have the payment processing of all Mega resellers terminated.”

Apparently waiting for actual evidence of infringement, or even specific liability for Mega, is too much to ask. This is silly. While we may have doubts about how Mega is running, shutting it down without even understanding what it's about seems incredibly short-sighted. Plenty of successful legitimate companies have been built out of those who were earlier sued for "infringement." Isn't it worth at least making sure he's breaking the law before insisting he must have done so?

Permalink | Comments | Email This Story

Mega's Security Appears To Be Surprisingly Bad

Mike Masnick — Wed, 23 Jan 2013 11:16:00 PST

We were a little skeptical of Kim Dotcom's new Mega cloud storage offering, in part because the claims of security and privacy seemed somewhat dubious upfront. We didn't see how it would be reasonably possible to do everything the service claimed it was doing in a manner that really kept the data secret. And, indeed, it has not taken long for security researchers around the globe to raise questions. Right away there were significant questions about the security design choices, including some questions about how random the random key generation really was, as well as significant concerns about Mega's claims that it offered deduplification (if things were really encrypted correctly, there would be nothing to deduplicate).

While Mega has responded to some of those criticisms, a whole host of other security questions have been raised, leading cryptographer Nadim Kobeissi to tell Forbes: "Quite frankly it felt like I had coded this in 2011 while drunk." A big part of the problem is that, by doing everything in the browser, you're really still trusting Mega, even as Mega implies that you have full control over the encryption.

And, then comes the news that when you first sign up, while Mega hashes your password, it sends you an email that includes the hash in plain text along with other data, such that one hacker has already released a tool to extract passwords from Mega's confirmation emails:

Steve "Sc00bz" Thomas, the researcher who uncovered the weakness, has released a program called MegaCracker that can extract passwords from the link contained in confirmation e-mails. Mega e-mails a link to all new users and requires that they click on it before they can use the cloud-based storage system, which boasts a long roster of encryption and security protections. Security professionals have long considered it taboo to send passwords in either plaintext or as cryptographic hashes in e-mails because of the ease attackers have in intercepting unencrypted messages sent over Internet.

Despite that admonishment, the link included in Mega confirmation e-mails contains not only a hash of the password, but it also includes other sensitive data, such as the encrypted master key used to decrypt the files stored in the account. MegaCracker works by isolating the AES-hashed password embedded in the link and attempting to guess the plaintext that was used to generate it.

Users still need to crack the hashed password, but that's a relatively easy brute force effort, especially for those who use weaker passwords (i.e., most people). There are, of course, much more secure ways of handling this, such as not including the plain text hash in the email.

All that said, many of these problems can be fixed, but when your whole pitch to the public is about how secure and private you are -- and some have been falsely implying that such a system allows individuals to avoid copyright infringement claims -- it seems reasonable to suggest that better security should be in place from the beginning.

Permalink | Comments | Email This Story

No, Kim Dotcom's New Mega Service Does Not 'Dismantle Copyright Forever'

Mike Masnick — Fri, 18 Jan 2013 13:53:37 PST

There's been lots of anticipation about Kim Dotcom's new "Mega" service. We've mostly held off commenting despite all the speculation and rumors, because, well, they were all speculation and rumors, and Dotcom has a history of hyping things way up. However, Gizmodo apparently got a sneak peak at the service, which is set to launch tomorrow, and has revealed the basic details, claiming that "this service could dismantle copyright forever." That statement is ridiculous and pure bluster, not at all supported by the service.

From the description, the service does look nice and potentially useful. It's really just a cloud storage system, not an online Dropbox or Box.net or Google Drive. It has a nicely designed file manager feature. The real "difference" is just that Mega has client-side encryption built in. So, basically, you encrypt anything you put into the Mega storage system before you upload it, and thus even Mega doesn't know what's there (mostly) and can't decrypt it. You could hack together something like this with other services, if you just encrypted stuff yourself before uploading it to other cloud drives. By building it in, however, Mega is clearly adding a significant level of convenience.

All in all, it does look like a pretty nice service, and one that may be worth checking out if you use cloud storage regularly. That said, the claims of destroying copyright seem overblown. If the claim that a file can be shared "with a single right-click" is accurate, then once that link is used, it would be simple for anyone with access to Mega's log files -- including Mega and, potentially, government agents -- to decrypt the file and see what's in it. If that claim is an exaggeration, and a key needs to also be shared separately, then it's no different than how encrypted data is shared already. And copyright still exists.

There may be some more details to come out once the product is officially launched tomorrow, but if the service is to be used for sharing, as implied, then there has to be a decryption process somewhere. The Gizmodo piece is as bit unclear, but it sounds like this likely involves two Mega users having their local clients talk to each other somehow to share the decrypt code. But, obviously, a government or Mega itself could potentially also be that local client on the other end. Basically, once you're sharing, the "encryption" issue is still handy, but not a huge deal. And the user may be very liable for infringement.

In the end, it sounds like there are some nice features, and some additional protections from liability for Mega specifically, but I don't see how this "dismantles copyright" even temporarily, let alone forever. Also, given the way the government likes to interpret things, you can bet that if it wanted to, it will make the case that this use of encryption is a form of "inducement" for infringement as well.

All in all, it looks like an interesting product, though hardly revolutionary.

Permalink | Comments | Email This Story

Me.ga Domain Pulled Out From Under New Kim Dotcom Venture

Mike Masnick — Wed, 7 Nov 2012 10:39:31 PST

As we've noted, we've been avoiding stories about whatever "new" service Kim Dotcom is launching, because it all sounds like hype and vaporware to us. Until there's something real, it's all just rampant speculation, and it's a little silly how much adoration people have for an idea whose details have not been released at all. However, we will cover factual information related to the effort, and as was widely reported by others, the plan had been to use the domain name Me.ga. This had a few useful "features." First, it plays on the "mega" prefix that is so closely associated with Dotcom's offerings. Perhaps more importantly (at least, it's a key thing that many in the press covered), the .ga domain is not technically subject to control or seizure by the US (though, of course, SOPA/PIPA were intended to deal with just that kind of situation).

However, even without SOPA/PIPA, there is still the power of diplomatic pressure, and it didn't take long for the Communications Minister of Gabon to announce that the domain was being suspended:

"I have instructed my departments... to immediately suspend the site www.me.ga," announced Communication Minister Blaise Louembe, saying he wanted to "protect intellectual property rights" and "fight cyber crime effectively".

"Gabon cannot serve as a platform or screen for committing acts aimed at violating copyrights, nor be used by unscrupulous people," the minister said.

Of course, that seems pretty presumptuous on a number of levels. Since the service has not been launched -- and the actual details have not been revealed -- it's a bit premature to declare that the site must somehow violate intellectual property rights or be useful for cybercrime. And if government officials are stepping in to kill off cyberlockers based entirely on rumor and innuendo, will .ga block any other cyberlocker as well? Considering how popular such services are -- including those run by well-established companies like Amazon, Google and Dropbox -- it makes you wonder how Gabon decides who gets to use a .ga domain.

There may also be a separate issue at play here. As some have noted, the .ga top level domain is administered by Gabon Telecom, which just so happens to be a wholly owned subsidiary of Vivendi... the same company who owns the world's largest music label, Universal Music. I'm sure that's just a coincidence.

Permalink | Comments | Email This Story