No, Kim Dotcom's New Mega Service Does Not 'Dismantle Copyright Forever'
from the a-step-forward dept
There’s been lots of anticipation about Kim Dotcom’s new “Mega” service. We’ve mostly held off commenting despite all the speculation and rumors, because, well, they were all speculation and rumors, and Dotcom has a history of hyping things way up. However, Gizmodo apparently got a sneak peak at the service, which is set to launch tomorrow, and has revealed the basic details, claiming that “this service could dismantle copyright forever.” That statement is ridiculous and pure bluster, not at all supported by the service.
From the description, the service does look nice and potentially useful. It’s really just a cloud storage system, not an online Dropbox or Box.net or Google Drive. It has a nicely designed file manager feature. The real “difference” is just that Mega has client-side encryption built in. So, basically, you encrypt anything you put into the Mega storage system before you upload it, and thus even Mega doesn’t know what’s there (mostly) and can’t decrypt it. You could hack together something like this with other services, if you just encrypted stuff yourself before uploading it to other cloud drives. By building it in, however, Mega is clearly adding a significant level of convenience.
All in all, it does look like a pretty nice service, and one that may be worth checking out if you use cloud storage regularly. That said, the claims of destroying copyright seem overblown. If the claim that a file can be shared “with a single right-click” is accurate, then once that link is used, it would be simple for anyone with access to Mega’s log files — including Mega and, potentially, government agents — to decrypt the file and see what’s in it. If that claim is an exaggeration, and a key needs to also be shared separately, then it’s no different than how encrypted data is shared already. And copyright still exists.
There may be some more details to come out once the product is officially launched tomorrow, but if the service is to be used for sharing, as implied, then there has to be a decryption process somewhere. The Gizmodo piece is as bit unclear, but it sounds like this likely involves two Mega users having their local clients talk to each other somehow to share the decrypt code. But, obviously, a government or Mega itself could potentially also be that local client on the other end. Basically, once you’re sharing, the “encryption” issue is still handy, but not a huge deal. And the user may be very liable for infringement.
In the end, it sounds like there are some nice features, and some additional protections from liability for Mega specifically, but I don’t see how this “dismantles copyright” even temporarily, let alone forever. Also, given the way the government likes to interpret things, you can bet that if it wanted to, it will make the case that this use of encryption is a form of “inducement” for infringement as well.
All in all, it looks like an interesting product, though hardly revolutionary.
Filed Under: cloud drive, copyright, encryption, file sharing, kim dotcom, mega, storage locker
Companies: mega
Comments on “No, Kim Dotcom's New Mega Service Does Not 'Dismantle Copyright Forever'”
Stop being a killjoy 🙁
no chance that the Gismodo reporter was ‘incentivised’ to report what the service would do to copyright, just to gee law enforcement and congress into believing that the entertainment industries claims about mega were right all along then? you dont think there may have been a good portion of bullshit included in the report, just to spice it up a bit?
Re: Re:
it’s a gawker site, you can pretty much assume there was a good portion of bullshit built in by default, to any article.
Re: Re: Re:
Gawker sensationalizes EVERYTHING.
I’ve been playing with it for a bit, seems ok, not great.
I looked at his logic on how the encryption key works with sharing, and frankly, the way Dotcom has this system setup is no different than how you’re able to download music through a magent torrent, or files from Google drive.
However, I am wondering if Mega will make the encryption key for the file/folder random with each share. For example, if you wanted to share a file with 5 of your friend, you would have to generate and send them 5 different keys.
If that’s the case, then I don’t see people choosing Mega as a way to share to millions of people.
Re: Re:
The file is encrypted on the user machine before upload, so the same key can be used by all those you want to share the file, just send them the key, or even publish it with the link.
Re: Re:
I believe the main purpose of the encryption is to provide Mega with plausible deniabilty in being able to say beyond a shadow of a doubt that they were unaware of whatever the stored content contains. Encryption for the user is just a secondary benefit. My understanding from the Ars review is that the encryption key can be generated within or separately from the download link, but it didn’t mention if you can generate user specific decryption keys.
Re: Re: Re:
I remember reading about how it would help keep them from getting into legal hot water again (I’m sure the DOJ would find some kind of excuse, nevertheless) and how it would be generated locally, but I wonder if he considered other measures to limiting the ability to share on a massive scale.
I guess we will find out in the next week or so.
Re: Re: Re: Re:
i seriously doubt that was a consideration, i’d kind of assumed the effort was a giant middle finger to the DOJ, with the secondary benefit of user friendly built in crypto.
Re: Re: Re:
Yeah, I think the idea is that even if the key is shared publicly, it could be Mega’s policy that they never ever look at keys on the net. So even if I put a link in my website and the key alongside it, Mega wouldn’t have looked for it so they can say that they just don’t know it.
C'mon Kim
How long until Mega-Tron gets the Mega DOJ to shut down this new Mega service with Mega-lawers?
About a week.
Re: C'mon Kim
I think Dotcom jumped the gun here just a little, he is about to get a lot of money from the DOJ, I suspect, and would be protected from them making any further false allegations without 100% proof, which is what is suspect a judge will say when they apply for a search or seizure warrant.Nobody is going to take him down though, I am sure he will not let that happen again.
Re: Re: C'mon Kim
How do you suggest he make money to live and pay for the expenses of the lawsuits then? Work at the grocery store in the next corner? He did what the law mandates and got prosecuted for that. He’s just adding further layers to be completely exempt from any of the current accusations.
The problem with the copyright infringement on the old Megaupload was that they were “aware” of what users were uploading. With the new Mega, the file is encrypted before the upload, so they don’t know what is being sent.
The file can only be opened if you have the key, which can only be provided by the uploader of the file.
The decryption proccess must be done on your computer.
Mega will not have access to that key nor it’ll store it somewhere. As it’s done locally, the key might be stored somewhere in the uploader machine.
Re: Re:
With the rank technical incompetence of most prosecutors and members of law enforcement, I doubt they’ll realize the distinction. They’ll couch their accusations in terms of Mega now “circumventing” copy protections or some such drivel.
Re: Re: Re:
this is why I need to read TechDirt 24×7. As soon as I read the article just now, I thought “yep – Carmen Ortiz will be given the case, and her “career thugs” will just slap a “clear attempt to circumvent copy protection” in there….
Re: Re:
That can’t be true, they would have to store it somewhere, i mean what if you lose it and have no way to access the machine you uploaded it from?
Re: Re:
Being generally aware that your service may be being used to infringe a law does not make you liable. ISPs are aware their networks are used for illegal stuff, postal services are aware, road operators are aware… None were prosecuted.
If it does dismantle copyright forever I will eat my own testicles.
Re: Re:
You can safely say… Yet attached
Re: Re:
While I do care for my fellow TD commenters I’ll have to hope you eat them….
Nodes?
Well the system is supposed to be decentralized too and there was talk of allowing people to sign up and become nodes. They would sign up and allow their computer to act as a node and files would be stored on there from other users. This way if the main site gets shut down everyone can still access their data.
If they do go that route and lets say someone uploads an infringing file. Could the MAFIAA would go after that person who’s computer it happened to be hosted on as well?
Re: Nodes?
With the local encryption done by the original uploader prior to sharing the file, and node volunteer should have a fully legitimate defense that they could not have known the content of the stored files. What I’m wondering about is how DMCA takedowns will be handled (if Mega will be honoring them going forward). Will takedowns be done centrally through MEGA or will they be passed on to the node volunteer? And if they are passed on, what is the node volunteers liability for failure to act?
Re: Re: Nodes?
How can they do DMCA takedowns if they don’t know what’s in a given file?
Can I court a takedown if I call my vacation video “Prometheus”? Maybe we’ll go back to the warez days of calling everything “Potosh00p”
Re: Re: Re: Nodes?
warez? whats warez? Never heard of it. #Innocent #NeverUsedWarez #ExceptWhenICouldntAffordAProgram #WhichMeansPiracyDoesntReduceRevenue #ButYouNeverHeardThatFromMe
Re: Re: Nodes?
Firstly the DMCA is only a quasi-legal notice that absolves providers of liability if and only if they are taken to court by the content holders. If a provider fails to act then there is no liability other than they do not get to affirmatively have a defence under 230. Though this doesn’t mean they cannot bring it up in court after the fact.
As for mega, no idea if they will honour DMCA requests… there is no legal reason why they should and based on previous action against them there is really no ethical reason why they should either.
The node volunteers liability is up in the air, though firstly Mega needs to state whom the node is (if it can be discovered) and they would require a court order in the jurisdiction thy are within (Mega’s jurisdiction not the nodes) and then the Node, again if it’s possible to even know the nodes identifiable information (they could just not have logs.. its not illegal to not keep them) has the ability to challenge any orders to find out a postal address and contact name (which is also required for a valid notice under the DMCA). See the problem?
Also the DMCA is ONLY valid really if the node is within the USA or its territories anywhere else the DMCA is basically toilet paper and personally I suggest it should be used as such (though the ink might stain)
This could become a more thorny issue and major nail in the coffin then what Bittorrent was. In fact I’m reminded of Napster in that the content owners took Napster to court, destroyed Napster and annoyed millions of people worldwide. Therefore new protocol and services were designed and implemented that did exactly the same as what Napster did but in a decentralised way.
Sometimes when you try to destroy something, what takes it place is worse or better than what you destroyed… It is all dependent on your viewpoint.
Re: Re: Re: Nodes?
I completely agree that innovation always outpaces legislation. The internet community truly is a hydra.
I also agree that it would really surprise me if Mega honors the DMCA anymore after what the DOJ has done to them.
I suppose we’ll have to wait and see how it’s all setup, but I’ll be really interested to see how the node volunteer program works. My guess is that there will be many Americans that may want to support Mega, and I would have to assume that the DOJ/MAFIAA will be be attempting to take action against them no matter what laws they have to stretch or skirt around after the total failure their case against Dotcom has become.
I’d assume that if nothing is ever passed on to the node volunteers directly (by this I mean notification of infringement) then the encryption gives them complete deniability of any knowledge of infringement. You also raise an interesting point about the potential, or lack there of, for obtaining records on node volunteers. I’d also be interested to see if the program works anonymously or through a VPN service… I guess we’ll find out soon enough.
Re: Re: Re: Nodes?
Mega used to honor DMCA takedowns.
Mega gave the cartels extra super duper access beyond legal requirements.
Mega still got screwed.
I would suspect that the DMCA response’s from Mega will be offshored to TPB. I mean those guys need to earn some money to pay of the insane demands… and the extra smiles all around.
encryption is the peoples DRM
Re: Re:
ah that’s another tactic DOJ could use. Bring in Homeland Insecurity and claim MEGA is supporting terrorists by allowing the encryption prior to upload….
Sounds like
what SpiderOak has been doing for years, but their model is simply charging storage for more than the amount they give away. It will be interesting to see how MEGA monetizes this without access to the contents.
Re: Sounds like
Wuala.com too.
There was some past notes in the news put out, that the copyright holders could access files to remove those deemed infringing but they would be required to sign a statement before getting access about holding Mega blameless for what might be on their servers. This was in particularly aimed at the way the takedown was done with DOJ/ICE previously.
About the only way that copyright holders will be able to identify files is to be on those file sharing sites to obtain the description, the link, and the encryption key for verification. This is going to mean a lot more eyes and butts occupying computer seats to check. None of the copyright holders are going to wanna do this as it’s an increase in people/hours to do so. They are looking at ways to get someone else to pay for removing infringing files.
http://www.techdirt.com/articles/20121127/13221421157/german-court-holds-internet-user-responsible-passing-unknown-encrypted-file.shtml
A German court recently held a Retroshare user responsible of passing on an encrypted file. Retroshare is an invites-based filesharing network and using its own client software. His computer was only a pass-through between sender and receiver and the encryption made it impossible for him to know the contents of that file. Didn’t impress the court, though, and I wonder – could the same twisted ‘logic’ be applied to Kim’s new service, too? I hope not…
Re: Re:
“ I wonder – could the same twisted ‘logic’ be applied to Kim’s new service, too?“
Certainly, if your encrypting data (or passing it) then you obviously have something to hide. We will even let you choose your fate, you can be prosecuted as a terrorist or a be prosecuted as a pirate, either way your going to prison for a very long time.
Re: Re: Re:
And the moon is made of green cheese too didn’t you know.
Re: Re: Re: Re:
There was a time when when you had to be found guilty of something in a court of law to be punished. That is no longer true. Now it is enough that you are accused a few times.
I suppose Aaron Swartz wasn’t disproportionately prosecuted either.
Re: Re: Re:
Really, are you a lawyer? Care to explain how this would work if the system was truly fair and impartial? Of course not, save your FUD.
Re: Re: Re: Re:
I think you need to check your sarc-meter.
Re: Re:
This amuses me especially if you know anything about the transmission of ANY sort of data into packets or even to go fro Digital to Analogue (or vise versa) then you would understand that that too is a form of encryption and decryption.
Unless you actually place a sniffing program in place to analyse the packets being sent by a network then you have no freakin idea what is being sent around the world via the routers the government or other ISP’s in Germany own either. In fact this just proves that the German govt (if they own any form of telecommunication device be it copper cables, satellites, etc etc) should also be charged under this courts fallacious and lets put it bluntly STUPID logic. They haven’t just created a sort of legal fiction they have fed it LSD and sent it into orbit.
Enter, Encrypted Cloud Storage Tax.
Enter need for more super computers (to crack encryption)
Enter new laws banning encryption without back door key.
Enter spyware and hacking attempts aimed directly at computers who use Kim Dotcom’s New Mega Service and takes the keys right off the end users machine.
At the end of the day, if it becomes popular it might indeed lead to “encryption for the masses” as they say, because I’ve been wanting for a while for Google and others to offer encryption in the browser for their services.
If you want to “share” with the masses, then yes it won’t make you safe. But if you keep it between a few friends, then at least you cut out the middlemen like Google or Microsoft from knowing what you have in there.
I’d say that would be a pretty significant progress for cloud services, if Mega managed to popularize this.
New mega site
Providing encryption to users is just another way this CRIMINAL KROUT (Kim Dotcom) can continue his dishonest file sharing behaviour.
Shame on Prime Minister John Key & Councillor John Banks for allowing this known convicted criminal to be fast tracked for NZ citizenship. Money sure does talk? I hope that kiwis remember this when it comes to the next general election.
However, they could redeem themselves by revoking his citizenship and handing him over to the FBI? A holiday in gitmo for him and his cronies would be justification indeed.
Re: New mega site
“CRIMINAL KROUT”? “gitmo”? wow. You’re both a racist and a stooge/lackey for government or the 20th century corporate machine – its so transparent it causes me to spit up my soup as I’m reading…
Re: New mega site
If you’re going to resort to immature name-calling, at least spell them right so you avoid looking like an ignorant ass.
yeah, i'm done with Empire, i'm rooting for the 'bad guys', now...
go kim go ! ! !
stick your pudgy fingers in the eye of sauron, just look out when the nazgul take flight…
i don’t know that i even have any use for this service, but i’m going to look into it JUST TO FUCK WITH THE MAN…
screw Empire, i’m done being associated with a monstrous system built to enrich the powerful…
Empire must fall, BY ANY MEANS NECESSARY…
art guerrilla
aka ann archy
eof
Re: yeah, i'm done with Empire, i'm rooting for the 'bad guys', now...
(talking to myself and feeling fine…)
had to try about 4-5 times over 16-18 hours to finally log on and set up an account…
did so…
one small ‘fuck you’ from me, one giant FOAD for the MAFIAA!
oh, everybody, here is my password: **********
have at it !
art guerrilla
aka ann archy
eof
That’s AWESOME. Back from the ashes and in the face of the MAFIAA and the corruption of DOJ!
Let us see how things develop. So far the pricing is plain sexy.
Funny thin, the MAFIAA got me cheering on this guy that would gone past largely unknown/unimportant to me had they not tried to bring him down at all costs. Epic fail for them 😉
and it still doesnt work
ya so big deal
nice data mining operation
Article correction: The key probably cannot be recovered from the logs
From the screenshot in the Gizmodo article, the request is passing the key as a hashtag reference (in-page link). This does not get transported in the HTTP requests, but is accessible to Javascript on the client side.
Assuming the Javascript they serve up to clients isn’t actively backdoored to push the key back to the server through a separate request, they don’t get the key from the download requests. The key in the screenshot is a bit short, though – it’s 8 characters of upper+lower case, which is less than 46 bits of data. A real URL from a screen capture at YouTube looks like it has a more realistic length, though: http://youtu.be/-jOHfnNclF0?t=1m6s
This is really nice. Thanks for your information
Dot net training in chennai