
Megaupload Implications are plain scary for Cloud Storage - AlexBlom
http://www.alexblom.com/blog/2012/01/thinking-through-the-megaupload-takedown/
======
wmf
We need to distinguish between _primary storage_ , _syncing_ , _backup_ ,
_distribution_ , and other cases. I wouldn't even call MegaUpload "cloud
storage"; I would call it more of a CDN. If Akamai went down, people wouldn't
complain about losing data, because Akamai isn't used as primary storage.

Likewise, the US DOJ makes a distinction between uploader-pays and downloader-
pays business models, so we must also.

------
bgeorgescu
How about using some common sense? Megaupload was primarily focused on
enabling, and even incentivizing, piracy. Although bashing on the government
is popular in our community, I don't think there is very much precedent that
would indicate they would close something like Dropbox out of the blue.

~~~
tomp
How about being innocent unless proved guilty? Megaupload went down without
any trial, and even though the site was __obviously __used for piracy (was it
really?), that should still be proven in court and then only the illegal
section of the website should be removed from web.

~~~
ceejayoz
There's really nothing unique about that. If you were accused of selling drugs
via a restaurant front, it'd be shutdown while you're standing trial too.

~~~
nknight
There is no general authority for the police to abruptly shut down a business.
Once a warrant has been executed, the police leave and the business can reopen
at its leisure, even if it might need to replace some equipment and staff.

The authority given to courts and federal authorities to behave as they are
for suspected copyright infringement is extremely abnormal and cause for great
consternation as to the direction of our legal system.

------
hemancuso
The author, like many other commenters in the past week or so, is wasting
words by saying "this is scary - what if it happened to Dropbox and I lost
access to all those files!"

Let's not forget Dropbox is just a replica of local storage. That's the whole
model. It's more meaningful to discuss whether or not this could happen to S3.
I don't see anyone legitimately worried about that, because it's quite
obviously a very legitimate business with tens of thousands of legitimate
customers (just like Dropbox). Articles like these portend to get you thinking
about the broader implications of a takedown, but in truth they cloud clear
thinking with what are essentially scare tactics.

~~~
kijin
_Dropbox is just a replica of local storage._

It gets scary when the operators of the "replica" has the ability to delete
files from your local storage as well. Amazon did this with Kindle & 1984,
which caused a sizable controversy at the time. Next thing you know, somebody
sends a DMCA notice to Dropbox, they delete your remote copy, and your local
Dropbox folder is automatically updated to reflect the change. Whoa, no
thanks.

Dropbox is also an apt comparison because part of the MegaUpload indictment
has to do with their deduplication system. Dropbox is also very good at
deduplication, which means that a single court order can cause all copies of
an offending file to be remotely deleted from everyone's Dropbox folder.

~~~
hemancuso
The primary difference with your 1984 example is in that case the content
originated at Amazon. In the Dropbox model you provided it to start.

If mozy was taken down do you think that it's possible they would wipe the
drives of all users? I don't.

Amazon also quite clearly keeps hashes of all keys in S3, which Dropbox rides
on. Would you expect the government to be able to issue hash based takedowns
to amazon across all buckets?

~~~
nitrogen
_Amazon also quite clearly keeps hashes of all keys in S3, which Dropbox rides
on. Would you expect the government to be able to issue hash based takedowns
to amazon across all buckets?_

I was under the impression that Dropbox, while having the ability to decrypt
your files, encrypts them before they hit S3. If so, a hash-based takedown
sent to Amazon would at best be able to take down a single encrypted instance
of a piece of data.

~~~
bigiain
Except that Dropbox dedupe _everything_.

So I suspect what happens is that everybodies bittorrented dvd rip of Avatar
on dropbox is deduped and stored once on S3, admittedly encrypted, but all
with Dropboxes encryption key and all with the same hash pointing at the same
single encrypted instance of the file.

~~~
nknight
I believe Dropbox uses a method analogous to block-level dedupe. That is,
files are split up into smallish chunks and then the chunks are what get
"deduplicated". A "file" basically consists of a list of pointers to chunks.

This makes things extra problematic because completely unrelated files might
share chunks. Standard file formats may lead to duplicate headers. Or consider
a political science textbook that contains a complete copy of the US
Constitution, and a file that contains _just_ the US Constitution. One is
perfectly legal to distribute freely, the other may not be, but both might
share some common blocks, and a federal judge with a shoot-first mentality
might craft an order requiring the deletion of those common blocks.

------
literalusername
_The Megaupload indictment reads that they removed links to the illegal file,
but did not remove the actual file. To those blissfully unaware of how the
internet works, this makes sense._

It has nothing to do with the Internet. In the context of file-systems, the
word "remove" actually _means_ to "unlink". Doesn't this technicality
invalidate the indictment?

~~~
AlexBlom
Internet was a general statement on my part, since corrected. It will be
interesting to see how the "unlink" plays out in the indictment.

------
twelvechairs
> I’m the first to agree that any website obviously engaged in piracy (vs.
> having independent users leverage the platform in unintended ways) should be
> shut down

So if you wanted to start a website like this and maximise your business and
legality - the simple answer is to just let people use it for piracy and
pretend you dont know it is happening? This seems slightly silly to me..

------
nikcub
this assumes that Megaupload will lose in the courts, and it might not. all
that we have so far are the claims of a handful of federal agents and their
interpretation of the law plus some very weak search warrants with little PC.
I agree _that_ interpretation is scary, but I hope it turns out that it isn't
right.

~~~
wmf
Like the Netscape antitrust case, if they win in the courts they'll still have
been out of business for years.

------
newhouseb
Does anyone know if all Megaupload content was defaulted to being publicly
available? This seems to me the most obvious signal for suspicious behavior.
I'm aware that with Dropbox, you can publicly post things, but in this case
it's the individual user which is "choosing" to distribute the content and
thus it would make sense that the user would be the one held liable. I'm not a
lawyer, just exploring what might appear to clarify some of the distinctions
that might help prevent abuse of anti-piracy laws.

Edit: Youtube, as a counter example, (I think) makes everything public by
default, but they enforce the DMCA pretty heavily.

~~~
codesuela
once you uploaded something you got a link with a unique ID which you could
share. Other people could not access your file without knowledge of this
unique link as you could not search for specific files (unlike Youtube). As
far as I know there was also a list of Top Downloaded files but those didn't
resemble the truth as they were carefully selected by Megaupload (to make sure
that only legal content would be listed)

~~~
furyofantares
Youtube supports unlisted videos that behave the same as you're describing.

------
es_tee_eff_you
Summary:

a kneejerk reaction inspired by his fear of a legal precedent where a
"physical file must be deleted where one of many users with ‘links’ engages in
illegal activity"

