
Kim Dotcom's New Mega Encrypted Cloud Storage - akosner
http://www.forbes.com/sites/anthonykosner/2013/01/19/kim-dotcoms-new-mega-encrypted-cloud-storage-see-no-evil-store-no-evil/
======
robomartin
Isn't it true that ANY web storage and file-sharing company could be raided
and shut-down tomorrow?

What's different between Megaupload and Dropbox or any of the others? If the
Feds (and the Motion Picture industry) decide that Dropbox is hosting pirated
works they could suffer the same fate, no?

I am not focusing on Dropbox here. They are just a place holder for any
storage/sharing service you'd care to name. I use Dropbox almost exclusively
and love it.

The point here is that, unless I am wrong, your data isn't safe anywhere
outside your own four walls. So, if data loss is your concern, be sure to back
it up locally.

If you do things right it should not matter if Mega (or any other service)
implodes overnight. Set yourself up to not loose anything if that were to
happen. If you do that, then you can use any service and sleep well knowing
that such a failure (or confiscation by the Feds) is of minimal or no
consequence to you.

~~~
rsync
Your data is safe with rsync.net, or any other provider that does not build a
business model around "sharing" or "social" or web links or any other bullshit
like that.

It's not file storage that presents the political risk - it's letting idiot
kids store things publicly, for free, because you are pursuing some "make it
up on volume" business model that we all knew was broken 13 years ago.

/rant

~~~
visarga
They probably just want to serve embedded video in a way that they can't be
accused of contribution to copyright infringement. What they added is a layer
of encryption. But can they do video playback on an encrypted stream? What in-
browser video player works with encryption keys?

------
WA
MEGA could be the only cloud storage I'd actually start trusting. I don't use
Dropbox, I don't use Google Drive or anything else, because I'm not interested
in other people being able to peep at my data.

While I don't perceive Dotcom as a trustable character, his incentive to NOT
store any encryption keys on the servers is much higher than any of his
competitors.

~~~
batgaijin
But Dropbox is a YC company. Why do you need the assurance of some fancy
acronym like AES?

~~~
TheEskimo
I do hope this is a joke. "some fancy acronym like AES"... I can't tell if
this is a failed attempt to be funny through saying something so ridiculously
stupid or if you're serious. There are lots of acronyms that are BS, but AES
isn't one of them. It's mathematically backed and has been thoroughly tested
to be strong.

Dropbox being a YC company means absolutely zero other than that YC liked
their idea and supported them. That doesn't give me any assurance that they
won't make a mistake or that an employee won't sell my data.

In fact, Dropbox, despite being a YC company, already slipped up majorly once
to the point that _every_ account was completely passwordless. You could just
type in random emails at the web login and view some stranger's files. Story
here: [http://techcrunch.com/2011/06/20/dropbox-security-bug-
made-p...](http://techcrunch.com/2011/06/20/dropbox-security-bug-made-
passwords-optional-for-four-hours/)

On the other hand, AES has yet to slip up. My AES encrypted data will take a
significant fraction of the life of the universe to crack and, YC or no, a
single programmer error won't break it.

~~~
chops
Pretty sure it was a joke.

------
hcarvalhoalves
I like this guy, he's beating copyright enforcers at their own game. That's
literally DRM the other way around.

------
dannyrosen
<http://www.spideroak.com> has been doing this for years. Nothing new to see
here.

~~~
DanBC
There's a bunch. Some are better than others.

Here's a list, taken from ([http://www.kimpl.com/1297/secure-online-backup-
file-sync-ser...](http://www.kimpl.com/1297/secure-online-backup-file-sync-
service/)) which also has some reviews.

(<https://www.sugarsync.com/>)

(<https://www.dropbox.com/>)

(<https://www.wuala.com/>)

(<https://www.syncplicity.com/>)

(<https://mozy.com/>)

As others say, there's a difference between syncing and hosting; between
levels of security; between ease of use; etc.

And obviously Tarsnap is great, for people who know what they're doing.

(<https://www.tarsnap.com/>)

~~~
gregd
There aren't a bunch. Sugarsync and Dropbox only offer encrypted _transport_
of your files. To actually encrypt the files/folders themselves requires a 3rd
party piece.

Mega offers everything wrapped in encryption, so presumably, his company will
have plausible deniability (zero knowledge) of the files/folders that his
service is being used for.

From a technical standpoint, I also believe it makes de-duplication impossible
but someone with more knowledge on that subject can comment on it.

~~~
DanBC
Dropbox offers encrypted storage of files.

(<https://www.dropbox.com/help/27/en>)

> _Dropbox uses modern encryption methods to both transfer and store your
> data._

Sure, you're right that the difference is that dropbox holds the keys and mega
doesn't. But you're also ignoring the fact that Dotcom has had considerable
interest from law enforcement in the past, and that some companies have
cooperated with law enforcement by pushing malformed client software to some
customers.

(<http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/>)

~~~
thirsteh
Encrypting files at rest means nothing if the data and keys aren't separate.
It's just compliance/PR fluff.

------
akosner
I like the logical chess game that Dotcom is playing here. Even if everybody
knows that some of the storage will be used for copyrighted material, it can't
be proven that ANY of it is. There are many legitimate reasons why people want
secure, encrypted and private storage, so innocent until proven guilty (which
can't be proven!)

~~~
benologist
It depends if he tries to monetize it by paying referral fees to websites
indexing all the pirated stuff ... again.

Nobody cares about one to one piracy.

~~~
akosner
I wonder how much of a house of cards would be necessary to distance MEGA from
such indexing sites and yet still profit from it. Dotcom did say he is
interested in new business models. How new could it be?

------
speeder
My associate is really wanting it. Not because it was Megaupload, my associate
is very much against piracy...

But he is a privacy nut, has truecrypted hard drives, and was sad there was no
encryption on Google Drive.

Now this has encryption, and office tools in the roadmap, I can see the
excitement of a person against piracy can have!

~~~
dublinben
There are any number of cloud storage options (SpikerOak, Crashplan,
Backblaze, Tarsnap, Amazon, Wuala, etc.) which offer client side encryption
using a key you control. I would consider any of those before I trusted
important files to this new service.

------
keithpeter
[http://www.guardian.co.uk/technology/2013/jan/18/kim-
dotcom-...](http://www.guardian.co.uk/technology/2013/jan/18/kim-dotcom-fight-
internet-freedom?CMP=twt_gu)

The Guardian interview linked from the original article is worth reading.

------
Kudos
While it sounds like it would be great for secure archival storage, I can't
help but worry that it would disappear one day in a raid.

~~~
jtreanor
"“Each file will be kept with at least two different hosters, [in] at least
two different locations," said Dotcom." from [http://arstechnica.com/tech-
policy/2013/01/building-mega-ars...](http://arstechnica.com/tech-
policy/2013/01/building-mega-ars-pre-launch-interview-with-kim-dotcom/)

~~~
ceejayoz
Simultaneous raids are well within the capability of US law enforcement, even
overseas.

~~~
chrisrogers
The model is to eventually have thousands of varied hosts within the storage
network.

That said, it is to launch under one single unified host in NZ.

------
00dgm
From his twitter feed just now:

"In 3 hours it will be exactly 1 year after the US government destroyed
#Megaupload. In 3 hours #Mega will be born."

<http://twitter.com/KimDotcom>

edit: that'd put Mega online ~10:45am PST

------
cdash
He just posted on twitter a new music video it seems.

[http://www.youtube.com/watch?v=Fr1feJDCjPo&feature=youtu...](http://www.youtube.com/watch?v=Fr1feJDCjPo&feature=youtu.be)

------
eps
I'm getting a blank page with a simple

    
    
      Access Denied
    

when trying to access <https://mega.co.nz>. Is anyone else getting the same?

~~~
seferphier
same. I can't wait until this service is launched.

~~~
davorak
I thought they lost that domain and the forbes author was just made a mistake.
All of the recent links have pointed to kim.com or kim.com/mega

~~~
JeremyBanks
The domain they lost was <http://me.ga/>

------
JimWestergren
From his Twitter[1]:

"Site is extremely busy. Currently thousands of user registrations PER
MINUTE." - @KimDotcom

"Wow. I have never seen anything like this. From 0 to 10 Gigabit bandwidth
utilization within 10 minutes." - @KimDotcom

[1]: <https://twitter.com/KimDotcom>

------
StavrosK
My quandary: I don't trust any third-party client, and the clients I do trust
are too cumbersome.

In the end, I think I'll just use an EncFS volume and back it up with whomever
is most convenient. If MEGA gives me 50 GB of free storage, they are very
convenient.

------
sgarbi
"30 Minutes until #Mega. Lets make it 5% of the Internet this time ;-)"
<https://twitter.com/KimDotcom/status/292682270324703235>

------
teoruiz
I still have my doubts about their privacy practices, I would love to see a
detailed technical article on how the actual PKI infrastructure works.

I could register and (apparently) generate a private RSA key, which was sent
to mega.co.nz as part of a HTTP POST payload. I wonder if that's only used for
the current session, which I guess is mandatory, but I'd like to understand
more: how does the model work for sharing, for instance.

------
joonix
Couldn't they just pull the plug on all of their servers? Then they wouldn't
need the keys. They could demand removal of copyrighted files, but if Mega
refuses to do so, they could demand the server be taken offline until they
figure out how.

------
ninetax
So this says all files will be encrypted with RSA, doesn't that mean who ever
wants to access them needs the key? Is this just not a successor to Megaupload
then? How will sharing files publicly work? Or will it at all?

~~~
racbart
You could do that if there is a per-file key. But you'd need some client
software to store and manage keys for individual files for easy exporting urls
including these keys, and I read that MEGA is managed only via web (at least
now).

~~~
cdash
This is built in as I understand it, there is a master key that is used to
encrypt a key database that is stored on the server for each user.

------
mahmud
Or use the GPLed Tahoe-LAFS, by Zooko (et al), a real hacker and man of
unquestionable integrity.

<https://tahoe-lafs.org/trac/tahoe-lafs>

------
guiambros
And.... it's down. And it's not just me.
<http://www.downforeveryoneorjustme.com/mega.co.nz>

------
jtreanor
Mega's launch site (<http://kim.com/mega/>) appears to be down. It does seem
to be getting lots of attention.

------
0xC3
Hmmm... interesting use of a domain hack.

mega.co.nz = "mega conz"

~~~
nwh
I doubt it's any more intentional than the main second level domain for the
Cook Islands.

<http://en.wikipedia.org/wiki/.co.ck>

------
gregd
I was able to get my account, although the registration process bombed out on
me..it still gave me my account.

------
sgarbi
down for me

------
thoughtcriminal
Personally, I can't wait for this. Yes, I have a Dropbox account and have for
years, but I like the ideology behind this, and lately the US government
doesn't seem to be all that concerned about the liberties of its citizens - or
citizens of any country.

I'm just wondering if it has a desktop sync like Dropbox. Now _that_ would be
MEGA.

~~~
jpdoctor
> _but I like the ideology behind this, and lately the US government doesn't
> seem to be all that concerned about the liberties of its citizens_

Definitely a case of "no such thing as bad publicity". At this point, he
probably has better name recognition than dropbox, before the product is even
out.

~~~
1337biz
It is not bad publicity at all. In fact he has, despite his problematic past,
shown the strongest commitment possible to his clients. He could have sold or
left Megaupload long before things came down. He could have left the Mega idea
behind and put his focus and money towards saver ventures. But instead he
continues to stay dedicated to the cause he is fighting for.

Showing that you are willing to fight for your cause, despite having powerful
enemies, and sticking to your mission even after your company, your home and
your private life have been raided, demonstrates integrity. And integrity is
probably the best publicity you can get - especially when operating in
controversial industries.

I personally would love to see a Mega incubator that fosters an environment of
similar challenging ideas (for example building on Mega's in-browser
encryption).

------
mylittlepony
_"Mega rocks with Google Chrome"_

 _"Warning: You are using an outdated browser, which adversely affects your
file transfer performance. Please upgrade to Google Chrome."_

What is this bullshit? I'm using the latest Firefox. You are concerned about
privacy, but you want to force me into using a propietary browser?

~~~
arcatek
There are stating in their help page that Firefox allocates as much memory as
the size of the downloaded files, which is not very convenient for this kind
of application.

> _However, some legacy or technically inadequate browsers require the entire
> file to be stored in memory for downloading (Firefox, IE10, Opera), or for
> both downloading and uploading (IE9, Safari 5)._

At the end, the choice is yours but they are fairly warning you that the UX
would be better on Chrome / ium.

~~~
mylittlepony
Well I don't like their tone, I don't need to be told that my browser is
"outdated", especially if it's not, it works perfectly fine for basically the
rest of the internet, including web dev tasks. If there is a very specific use
case for which it's not the best, they should have said so. They should have
checked whether I'm using IE6, or the latest FF version, and adapt their
speech accordingly. I feel like an angry nerd right now, but I'm the user this
time so I'm right and they are wrong.

~~~
Endless
Why should Mega being going out of its way to make you feel better?

