

Megaupload Is Dead. Long Live Mega - mtgx
http://www.wired.com/threatlevel/2012/10/megaupload-mega/

======
bpatrianakos
Wow. Its just so incredibly obvious that this is just MegaUpload in a new form
and that the entire point is to allow sharing of copyrighted data. Kim is
hanging this whole thing on plausible deniability but it doesn't take a rocket
scientist to figure out what's really going on. This infuriates me. Sharing
copyrighted files isn't what pisses me off. What does is the arrogance of
Dotcom to try to pass this thing off like its for legit sharing of files. We
have Google Drive, Dropbox, Box.net, Amazon's thing, iCloud and a billion
others and no one really messes with them. There's no doubt in my mind that
those services are storing some copyrighted data but they don't get messed
with because they're truly legit. The feds didn't go after MegaUpload because
it allowed people to share files that may or may not be copyrighted. It did so
because the worst kept secret on the web was that if you want to download the
new Lady Gaga single you could probably find it pretty easily on MegaUpload
because that's basically what everyone was using it for. I honestly have no
qualms about not backing up my claims with specific examples and evidence in
this case because everyone here knows what was going on at MegaUpload and
anyone trying to deny is either twisting their minds into a preztel with the
mental gymnastics they'd have to do to convince them otherwise or they're just
outright lying. I said it.

So now that they have this new approach I doubt they'll be successful. Because
of the way the new Mega is set up you can't search for content. Allowing the
ability to search for content would necessitate getting rid of their whole
privacy scheme. I predict that the new Mega could still be used to share
copyrighted files but the onus will be on third parties to keep track of such
files in a database or something in order to provide links to people searching
or it can just become a safe place to store your copyrighted files and share
them on a case by case basis (through email, links on forums, or wherever).
But if this really is supposed to be a legit service, which it isn't (come on,
you know it), then I don't see how it can gain market share or mind share
given the alternatives we already have had for a while now.

~~~
pdeuchler
Your own post undermines your point.

"...easily on MegaUpload _because that's basically what everyone was using it
for_ "

You can never blame the creators of a tool for what their users do. Not to
rehash an old argument, but you don't blame suitcase manufacturers for making
suitcases that criminals use for convenient cash lockboxes. You can't blame a
knife maker because a housewife stabbed her husband.

Unless you can empirically prove that MegaUpload courted people to break
copyright I don't see what case you have. All of your "claims" seem to be
anecdotal bluster, couched in a defensive posture to automatically discredit
anyone who disagrees.

I find it so hard to comprehend that people refuse to believe that MegaUpload
was never used for legitimate reasons. It's widely known that MegaUpload was
well used in the corporate world[1], however it's unfortunate that no specific
companies (to my knowledge) have come forward publicly. As a personal aside, I
used it many times to send files that were too large for email to classmates
and friends.

Beyond all of that, you are overlooking the problem. Attacking filesharing
websites is simply slapping a band-aid over a symptom. The websites will
continue to pop up, there is a demand and someone is going to supply it. Plus,
it's incredibly easy to set up your own file-sharing website... I expect it
won't be too soon before we start seeing people rolling their own just like
blogs today (though admittedly not nearly as widespread).

We need to be addressing the real issue. Admittedly, I don't have a solution
to "piracy" on a grand scale, however I can certainly say actions like
targeting MegaUpload and then vilifying a business that has yet to even land a
single customer over it's first press release definitely _do not_ help the
issue.

[1] [http://arstechnica.com/business/2012/01/before-shutdown-
mega...](http://arstechnica.com/business/2012/01/before-shutdown-megaupload-
ate-up-more-corporate-bandwidth-than-dropbox/)

Edit: phrasing

~~~
afhof
As for blaming the tool for what the users do: I believe this has been tested
in court with the Sony vs. Universal City Studios case (The Betamax case).

Since the recorder wasn't explicitly made for breaking the law, the makes of
the recorder can't be held accountable.

[1]
[http://en.wikipedia.org/wiki/Sony_Corp._of_America_v._Univer...](http://en.wikipedia.org/wiki/Sony_Corp._of_America_v._Universal_City_Studios,_Inc).

~~~
dmix
Also, every gun and tobacco manufacturer.

------
davidp
My inner civil libertarian cheers at this, although one wonders how useful a
public storage locker is without any associated content discovery tools.

But my inner policeman hesitates. If actual bad guys (organized crime, drug
cartels, spies, terrorists, governments, script kiddies, or anyone else
working outside the law) can communicate and operate with impunity, the
technology is not an unequivocally good thing. The broadly accepted way we
deal with this is to have warrant-based interception and eavesdropping; it's
hard to argue that our law enforcement services would best operate without any
tools other than direct physical surveillance. So presumably even Mega would
need to comply with legal wiretapping requests. Happily for Mega, and
unhappily for law enforcement, doing it at the server doesn't get them
anything with this scheme. But that simply compels law enforcement to get much
more invasive, in a way that's hard for citizens to monitor: Find a way to
install eavesdropping tools on the suspect's machine so access is gained
before encryption.

I'm not sure where all this is headed; it's a brave new world.

(Heading off potential replies about the growing use of warrantless wiretaps
-- of course those are unacceptable. But wiretapping _with a warrant_ is a
vital, crucial tool, and that's all I'm discussing here.)

~~~
spindritf
> But my inner policeman hesitates. If actual bad guys (organized crime, drug
> cartels, spies, terrorists, governments, script kiddies, or anyone else
> working outside the law) can communicate and operate with impunity

This tool is still just a cyber-locker, it doesn't allow you to launch a ddos
attack, or run scripts, or even communicate, you need a channel of
communication established elsewhere to pass the keys. It's just an easier way
to share files with people you're already communicating with in some manner.

------
res0nat0r
This will probably go the way of Aimster. IE: You can't play dumb to shield
yourself while knowingly assisting copyright infringement.

[http://en.wikipedia.org/wiki/In_re_Aimster_Copyright_Litigat...](http://en.wikipedia.org/wiki/In_re_Aimster_Copyright_Litigation)

 _The court held that in this case the users of the systems were the direct
infringers, these who are ignorant or more commonly disdainful of copyright
and in any event discount the likelihood of being sued or prosecuted for
copyright infringement, however companies such as Aimster that facilitate
their infringement, even if they are not themselves direct infringers can be
liable for copyright violations as contributory infringers._

~~~
btown
(IANAL)

The key question is whether Mega is practicing "Willful Blindness"
(<http://en.wikipedia.org/wiki/Willful_blindness>) by providing this service.
The players involved, especially Dotcom, seem to have already "tainted"
themselves as being _knowledgeable_ of infringement through their involvement
in MegaUpload. So in what way is their "design" of a client-side encrypted
system different from "designing" a drug trafficking briefcase so that the
courier doesn't have a key? If the courier/service has reason to believe that
the service is being used for copyright infringement, it could be argued that
they are being criminally negligent by offering such a service.

~~~
msg
If the postal service invented physical systems that didn't allow mail to be
opened in transit, would you accuse the postmaster general of facilitating
criminal conspiracies?

All they are doing is keeping private communication really private.

What is the difference between this and encrypted email? Hint, you can break a
large file into many chunks of email too.

------
nnq
I think it's a conspiracy directed by an occult media producer's conclave to
destroy the public image of file-sharing in general using this guy's butt-ugly
face...

(No really, I'd rather hear more about what happened to the poor Demonoid guys
than see his face taking up more media space - it's obvious that he likes
publicity even more than money so even the FBI just gave him what he wanted!)

------
stephengillie
Both Megaupload and The Pirate Bay have recently announced plans to use
redundant datacenters in a multi-country approach to eliminate downtime.

Why would a person host their entire company from one location, like AWS US-
East?

~~~
true_religion
In order to minimize complexity in your set up maybe?

~~~
jaggederest
As well as to avoid paying transfer fees between regions. If you're querying a
database in a different region, you're gonna have a bad time.

~~~
DrStalker
Wouldn't you have a DB set up in each location with some sort of replication?
So there would be DB -> DB log shipping inter-region but everything else would
be intra-region.

~~~
jaggederest
That can still add up a ton. I was thinking regional sharding where you might
end up having records in a different region that are local to 'that region'
queried by other regions.

------
lucian1900
"the so-called Advanced Encryption Standard algorithm" What?

~~~
stewartbutler
AES?

~~~
lucian1900
I found the "so-called" bit weird.

~~~
freehunter
I think they were using so called in the traditional sense rather than the
colloquial sense. Rather than being sarcastic like is common with that phrase,
they meant "using what is known as the Advanced Encryption Standard".

------
milliams
It sounds like a lot of the things that SpiderOak (<https://spideroak.com/>)
is doing.

------
arscan
_> Mega will also grant direct access to their servers for entities such as
film studios, allowing them to remove copyright-infringing material
themselves._

How? Is this if the person that uploaded the file is openly distributing the
key?

~~~
TeMPOraL
I guess this was a joke. They can look through the data stored on the servers
for as long as they want; they won't find anything because they don't have the
keys.

~~~
pyre
But they will have the keys if something is being widely distributed.

~~~
TeMPOraL
So they can pop in and remove it, just to have it reappear ten times. It will
be completely futile waste of time, unless Mega lets them automate this
process somehow.

~~~
pyre
Chances are that the most widely distributed things will be on centralized
sites (e.g. ThePirateBay). The RIAA/MPAA could probably easily write a bot to
scrape these sites for access information and then go into MegaEncryptedUpload
and remove the files.

------
JoachimSchipper
Users are required to hand over encryption keys in several countries,
including the UK. Worse, encryption keys are likely to find their way to
Google ("check out this great $POPULAR_ARTIST song: www.mega.com/mykey"), so
proving that Mega hosts lots of infringing content will be really easy.
Finally, Mega can easily detect such files just by looking at the access
patterns (10MB plus lots of hits from all over the world? Likely pirated MP3.)

Of course, all of this assumes that they get the crypto right in the first
place.

~~~
learc83
>Mega can easily detect such files just by looking at the access patterns
(10MB plus lots of hits from all over the world? Likely pirated MP3.)

How is that pattern any different from a musician legitimately distributing an
mp3?

~~~
JoachimSchipper
Musicians legitimately distributing their songs don't get any hits. (No
musician likely to generate a pirate-ish number of hits is going to use Mega
to distribute the song - people who make money don't send their users to sites
with completely different branding.)

~~~
learc83
You can say that, but there's no way to prove it short of commissioning a
study. I don't think the DMCA requires you to hire statisticians to
investigate the usage patterns of your site.

And what if someone uploads a wikileaks like pdf that gets downloaded by
thousands of people? Is that going to get automatically shut off.

------
batgaijin
So would this be AES written in JS, or an extension?

~~~
robin_reala
AES JS libraries do exist:
<https://en.wikipedia.org/wiki/AES_implementations#Javascript>

~~~
ars
But there is no way to use that to download a file.

Javascript has no way to output data that is then saved to disk.

It will have to be a browser extension or an offline tool (download the
encrypted file, decrypt it once you are done).

However I shudder to think about how much malware people are going to get from
sites purporting to make "special megaupload decryption tools".

~~~
kanzure
> Javascript has no way to output data that is then saved to disk.

First, there's HTML5 window.saveAs which apparently nobody has implemented.
Second, you can always fall back to some swf.

[http://stackoverflow.com/questions/2897619/using-
html5-javas...](http://stackoverflow.com/questions/2897619/using-
html5-javascript-to-generate-and-save-a-file)

~~~
robin_reala
<https://github.com/eligrey/FileSaver.js>

_FileSaver.js implements the W3C saveAs() FileSaver interface in browsers that
do not natively support it._

No IE support, but what’s the intersection of Mega users and IE users?

------
DrStalker
As someone who never used Megaupload how did it differ from Dropbox/google
drive/etc in terms of being good for piracy?

~~~
E14n
Anything that allows the free flow of information is good for copyright
infringement, but when you are contorting Laws in absurd perverse ways its
better to have a fat ugly obnoxious guy on the receiving end.

------
leeoniya
that's all good and well, except for it to resemble the previous model, there
would need to be a mechanism for key exchange and search by title => key,
which would need to move underground. without a search facility it loses most
of its piracy value.

~~~
stephengillie
If Mega doesn't do that, another group will. Then that group will be partially
liable too.

Part of the point of this is to make the problem too big to raid, too many
people to litigate.

------
jijji
how are they going to implement the browser based AES on files before/while
they are uploaded?

