

Why MEGA Will Not Change The Status Quo - marknadal
https://dl.dropbox.com/u/4374976/random/megaless.html

======
skymt
This is an oblique, needlessly wordy way to say that if you make public all
the information needed to download a file, the authorities have the
information to issue a takedown order for that file. Absolutely true, and MEGA
was not created to solve that problem.

Possibly the biggest point in the case against MegaUpload was that when they
received a DMCA complaint, they deleted only the links mentioned in the
complaint. (MU had a standard deduplication system, where if a file is
uploaded more than once, the new copy is simply created as a link to the
original to save space.) Other links to the same content were left up. The
prosecutors claimed MU was required to delete the actual file in storage.

MEGA avoids that issue entirely. If every file is encrypted, and MEGA doesn't
have the key, they have no way to connect uploads of the same file and remove
them en masse. It's true that DMCA complaints can still be issued if a
copyright holder discovers a link to a pirated file, but that wouldn't wipe
out every other copy at the same time.

~~~
brownbat
Agree, plus...

MEGA is siloing infrastructure off from access, and that's significant. (I
mean "infrastructure" as holding and sending bits, while "access" is your link
+ key so people can unwrap all the way to the gooey content).

The post is right that enforcement can still find and takedown access that is
broadcast.

But short messagaes (ie, access) are easy to keep alive through backchannels,
while downed infrastructure stays down a while.

Here's one way content could become relatively takedown-proof with everyone
following somewhat normal behavior on MEGA: User uploads content, shares with
20 friends. After getting notification that 20 or so people have downloaded,*
pulls the content offline (maybe reuploads to a private link). Friends possess
the content and their own MEGA accounts. Several friends repost to MEGA, and
you have second generation sharing, now reaching 100 or so people. The cycle
continues, spreading content increasingly quickly, but building liability
firewalls behind each degree of separation, any takedown impacts a dwindling
fraction of the overall sharing population.

(The post claimed this was just like lending a DVD to a friend. Yeah, sort of,
except now it can be shared instantly, remotely, and to dozens of people
simultaneously.)

* No idea if this will be a MEGA feature, I assume it will be.

------
digitalengineer
Mega should sell a Silent Circle (encrypted communication) kind of app that
allows users to share keys. Key could be QR code you hold up to your webcam
and allows your browser to find the data.

------
jakozaur
Oversimplified.

Especially option 3. What if encryption keys are stored in other website (e.g.
forum with links and EK). Sharing is possible, just behind Mega eyes.

Moreover, even if Mega stores encryption keys they might be encrypted using
password (and some security questions for password recovery). That way it is
only available when user is logged in.

------
soult
Although one might guess so from the domain, this is not an official statement
by Dropbox.

On a side note, I do now understand why Google is pushing user-geneated
content to googleusercontent.com.

~~~
RyanZAG
The reason Google does that is to sandbox off possible XSS attacks from user
data on google itself.

------
mtgx
I've been hoping for a while that cloud storage providers like Dropbox,
Google, Microsoft and all the others would have one-click encryption, to get
most people to use it.

Mega will probably not make any easier to mass-share files on the web, but it
will make private sharing a lot safer from prying eyes of both the providers
themselves and governments, and I hope this catches on.

Dropbox should figure out how to do it, too, instead of finding flaws from the
sideline, one day before Mega's launch, which also happens to give _25x_ more
storage than Dropbox. I smell a little desperation with this article.

~~~
mar0ux
This is not a statement from Dropbox.

