Hacker News new | comments | show | ask | jobs | submit login

Assuming you know the exact structure of the file this would be a perfectly valid attack. There could be a lot of variance in rich formats like PDF files from things like compression, etc, so this might be expensive to perform on non-plaintext files.

Dropbox effectively acts as an "existence oracle". You can't ask it to cough up a file you don't have, but you can ask it if a given file exists anywhere in the system.

This would be an effective way for law enforcement or copyright civil enforcement to check for content that is clearly illegal or a certainly copyright violation to possess. They would need to query for a set of hashes of the given illegal content. If any matches returned positive data, they would be able to issue a subpoena for all users who stored the given content in their dropbox folder and pursue them further.




> for content that is clearly illegal or a certainly copyright violation to possess

How can something be "clearly" a violation? If I have an album, but copy someone else's rip instead of making my own - is that "clearly" a violation? Alternatively if I used the same application, I'd probably obtain the exact same file - is that clearly a violation too?

(grooveshark kind of operates on the assumption that it's ok)


I'm thinking of something like a pre-release album, a theatre rip of a movie, etc. Not a rip of something legitimately licensed to you, but of something not officially released to the public.


The Perkeo database used by some German polices contains hashes of known child-porn image files. Probably not SHA256, though, given that it was started in 1998.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: