Kim Dotcom's 'Mega' Storage Site Arrives 314
An anonymous reader writes "After months of hype riding the coattails of the MegaUpload controversy, Kim Dotcom's new cloud storage site, Mega, is finally going live. After being available to early adopters briefly, it's now open to the public with 50GB of free storage and end-to-end encryption. Several outlets have posted early hands-on reports for the service, including Ars Technica and The Next Web. In an interview, Dotcom spoke about how Mega's encryption scheme benefits both the users and the company: 'The Mega business plan will be a distributed model, with hundreds of companies large and small, around the world, hosting files. A hosting company can be huge or it can own just two or three servers Dotcom says—just as long as it's located outside the U.S. "Each file will be kept with at least two different hosters, [in] at least two different locations," said Dotcom. "That's a great added benefit for us because you can work with the smallest, most unreliable [hosting] companies. It doesn't matter because they can't do anything with that data." More than 1000 hosts answered a request for expressions of interest on the Mega home page. Dotcom says several hundred will be active partners within months.' On top of that, the way it's designed will protect Mega from legal problems: 'It's all about the plausible deniability. Mega doesn't know what you're uploading. ... Mega isn't so much securing your files for you as it is securing itself from your files. If Mega just takes down all the DMCAed links, it will have a 100 percent copyrighted material takedown record as far as its own knowledge is concerned. It literally can't know about cases that aren't actively pointed out to it, complete with file decryption keys.'"
Re:In-browser encryption? (Score:2, Informative)
There are a few libraries...
http://code.google.com/p/crypto-js/
http://crypto.stanford.edu/sjcl/
Re:Honeypot (Score:2, Informative)
Re:hmm (Score:5, Informative)
No. This is a lot better than Dropbox. Dropbox has your files, knows what they're called, and knows what's in them. It is a basic, fairly bad, cloud storage service. All your data is subject to search and seizure.
On an audit of the code from Mega - which looks pretty solid - Mega has your files, but does NOT know what they're called or what's in them. Your data may still be subject to seizure - as MegaUpload very obviously demonstrated - but is NOT subject to search.
It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly. Seriously, look at the legit usage for this: This is the first really big cloud storage service you don't really have to trust to not leak your data. The risks are reduced: to seizure or other loss (which is ALWAYS a possibility, especially the way the US is being at the moment), or if they were made to backdoor it (though people might notice, as the JS would have to change, and that wouldn't affect client applications).
Re:Not all user agents support the File API (Score:5, Informative)
or Safari for iOS before iOS 6
That's because Safari for iOS did not support uploading files before iOS 6, at all.
Let us remember... (Score:5, Informative)
... american corporations and their complaint criminal government have no credibility. Any society that allows such insane acts to be passed over and over again is not a country who's laws and businessmen should be taken seriously.
http://en.wikipedia.org/wiki/Copyright_Term_Extension_Act [wikipedia.org]
Re:Let us remember... (Score:4, Informative)
"Is it really insane folks?"
Yes it is. Why can't I repair games or get access to source code? Why don't videogames and their source-code and art assets go into a library (being a cultural work like books)? I could go on and on about all the people who's ability to create and solve problems are constrained by such criminal laws.
The current laws are merely rent seeking protectionist conservative nanny statism for corporations. Anyone who disputes this is naturally not very bright.
In economics, rent-seeking is an attempt to obtain economic rent by manipulating the social or political environment in which economic activities occur, rather than by creating new wealth.
And what is copyright? Government enforced monopoly pushed by big business. How is preventing people from using non-scarce ideas a good idea over the long term? You can't justify it at all rationally. You're creating huge amounts of inefficiency because it puts up barriers to creativity and problem solving by anyone who is not fairly wealthy.
Re:hmm (Score:3, Informative)
It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly.
Take a look at Spideroak [spideroak.com] and explain why you think they did it wrong.
Re:Deletion of duplicate files (Score:3, Informative)
User A uploads file encrypted with his keys, and hash of unencrypted file
User B uploads same file encrypted with his keys, and same hash of unencrypted file
Mega sees hash are same and deletes User B's file, linking to User A's
... time passes ...
User B downloads the file.... now what? User B doesn't have A's keys, he can't decrypt it. Mega doesn't have A's keys, they can't decrypt it for him. There is no way for B to get the decrypt the file.
I would say that particular item in the terms and conditions is either;
1. a mistake, added in by a lawyer copy-pasting
2. referring to duplicate encrypted files, if somehow the same file is encrypted with the same keys, by 2 people who both upload it (or 1 person gives the pre-encrypted file to another and they both upload it), then that's possible.
Re:hmm (Score:5, Informative)
If they did ti correctly, they could provide the source code for the client side encryption, and let you build your own client from it.
After all, the best encryption is the kind that even if they tell you exactly how it works and show you the code, you STILL can't break it in any reasonable time frame.
Re:Is there a standalone app? (Score:3, Informative)
According to their FAQ they intend to support this in the future. But access to their servers is done through HTTP and JSON, and the CRUD functions map to a subset of POSIX filesystem API. so it should be possible to make a FUSE driver for Linux or a synced folder implementation for any platform.
Right now their site only really fully supports desktop version of Google Chrome, less complete support for other major browsers, and no mobile platform apps. But because their service is written in unobfuscated Javascript on their site and doesn't seem to rely on any hidden moving parts, I expect we'll see more apps show up pretty quickly. I am excited, this service actually seems to be competently constructed.
Bullshit, technologically not possible. (Score:4, Informative)
If it's using public key cryptography then there is no way for it to be a honeypot. The prive encryption key determines the security of your files and the public key determines who can access your files. PKI.
Re:Honeypot (Score:2, Informative)
Re:In-browser encryption? (Score:4, Informative)
Javascript can access and process file data directly with the HTML5 File API [w3.org] which is supported by recent versions of most major browsers [caniuse.com].