
Kim Dotcom's back with a new 50GB free storage service: Mega - CrankyBear
http://www.zdnet.com/kim-dotcoms-back-with-a-new-50gb-free-storage-service-mega-7000010043/
======
Tloewald
Assuming this actually works, it's an attempt to execute the plan in
cryptonomicon -- secure data storage immune to government inspection.

Dropbox could, of course, have implemented something similar if it weren't
trying to do deduplication. Assuming you are doing deduplication, it would be
neat to be able to -- say -- insert a DVD into your dropbox-based DVD ripper
and discover the operation had completed instantly...

------
Sami_Lehtinen
At least they miserably failed load testing etc. Site was practically
completely down for the first 24 hours. At least in EU area. They also failed
to send emails about their service being opened (they did collect addresses
etc.) So I would say they failed on multiple fronts.

~~~
silvestrov
That's one definition of a failure, but it could just as well be a definition
of a raging success.

If more people want to buy tickets to a concert than number of available
seats, is the concert then a failure?

~~~
dylanpyle
If the resultant crowd cancels the concert for everybody? Yeah, probably.

------
kken
Oh really? So this is not the same as the ten posts before were about?

~~~
zxcdw
Did you say the same about the links related to Aaron Swartz?

------
mtgx
I think everyone is expecting MPAA&friends (FBI, ICE, etc) to watch Mega. But
there isn't much they can do about it when it comes to private sharing, so
from that point of view it's a lot more secure than Google Drive, Dropbox,
Rapidshare, etc.

As for public sharing, nothing has really changed, because you need to give
your password for the file to be accessible, and it's possible MPAA&friends
will look into the more high-profile ones by using the passwords, and demand
them to be taken down.

~~~
jjoonathan
Do they disguise metadata as well? File size, name, and directory layout would
be more than enough to identify particular files (or at least enough to obtain
a warrant to force mega to push trojan client software).

I'm sure they've considered this but if someone has seen an article or post
analyzing the client side encryption I'd love to read it.

~~~
psionski
Yep. They don't even know the file names.

------
sakopov
So has anybody been able to actually use Megaconz (i love the ironic name,
btw)? My 70kb image upload's been pending for hours and the ENTIRE site is
unusable while an upload is pending. I could have flew the fucking jpeg to New
Zealand already. I guess i can speculate that the thing is either getting
slammed with traffic or the release didn't go well.

~~~
nathan_f77
I don't think it's an ironic name, to be honest. .co.nz is just a New Zealand
TLD.

------
petitmiam
> "That said, Mega's also claims that their service saves room on its over-
> burdened servers by keeping a single copy of identical files How do they do
> that if they don't know their users' password? Good question. We don't know
> the answer."

Can anyone shed some light on how this might be possible, given the files are
encrypted?

~~~
wmf
We've kinda been over this ad nauseam. It may be convergent encryption.

~~~
fredgrott
what is convergent encryption?

~~~
DanBC
Really?

(<https://en.wikipedia.org/wiki/Convergent_encryption>)

([http://www.hnsearch.com/search#request/all&q=convergent+...](http://www.hnsearch.com/search#request/all&q=convergent+encryption&sortby=score+desc))

etc etc.

Do you have a more specific question, because there are people on HN who can
answer it.

~~~
adcoelho
Since the same plaintext produces the same ciphertext with different passwords
dosn't it expand the search space for a possible attacker?

------
gorm
> That said, Mega's also claims that their service saves room on its over-
> burdened servers by keeping a single copy of identical files How do they do
> that if they don't know their users' password? Good question. We don't know
> the answer.

How can they do this and still keep information about the file unavailable?

~~~
truebecomefalse
Googled for encrypted de-duplication: <http://www.ssrc.ucsc.edu/Papers/storer-
storagess08.pdf>

------
rb2k_
This shows up in the JS console when trying to do anything non-cachable:

POST <https://eu.api.mega.co.nz/cs?id=01234567> 500 (Server Too Busy)

------
Geee
Has anyone got something uploaded? I'm curious how the downloading actually
works. Do they still use the original monetization scheme, i.e. pay to get
faster transfer?

------
pgcosta
That image they got on their site, that appears while the app is loading, with
the cloud and the gears is practically the same one that stripe has on their
website.

~~~
spyder
That comment you got there is practically the same as in the previous Mega
thread: <http://news.ycombinator.com/item?id=5084753>

------
rorrr
It's still completely broken for me. I'm getting 500 Server Too Busy even on
the initial load. When it loaded before, I couldn't upload anything.

------
peterhajas
MegaUpload, with a new skin? Seems like the same general business.

~~~
w1ntermute
Not at all, there's built-in protection against the type of takedown that
occurred last time.

