Forgot your password?
typodupeerror
Cloud Data Storage Encryption Hardware

Kim Dotcom's 'Mega' Storage Site Arrives 314

Posted by Soulskill
from the raid-helicopters-on-their-way dept.
An anonymous reader writes "After months of hype riding the coattails of the MegaUpload controversy, Kim Dotcom's new cloud storage site, Mega, is finally going live. After being available to early adopters briefly, it's now open to the public with 50GB of free storage and end-to-end encryption. Several outlets have posted early hands-on reports for the service, including Ars Technica and The Next Web. In an interview, Dotcom spoke about how Mega's encryption scheme benefits both the users and the company: 'The Mega business plan will be a distributed model, with hundreds of companies large and small, around the world, hosting files. A hosting company can be huge or it can own just two or three servers Dotcom says—just as long as it's located outside the U.S. "Each file will be kept with at least two different hosters, [in] at least two different locations," said Dotcom. "That's a great added benefit for us because you can work with the smallest, most unreliable [hosting] companies. It doesn't matter because they can't do anything with that data." More than 1000 hosts answered a request for expressions of interest on the Mega home page. Dotcom says several hundred will be active partners within months.' On top of that, the way it's designed will protect Mega from legal problems: 'It's all about the plausible deniability. Mega doesn't know what you're uploading. ... Mega isn't so much securing your files for you as it is securing itself from your files. If Mega just takes down all the DMCAed links, it will have a 100 percent copyrighted material takedown record as far as its own knowledge is concerned. It literally can't know about cases that aren't actively pointed out to it, complete with file decryption keys.'"
This discussion has been archived. No new comments can be posted.

Kim Dotcom's 'Mega' Storage Site Arrives

Comments Filter:
  • by Anonymous Coward on Saturday January 19, 2013 @03:15PM (#42634709)

    There are a few libraries...

    http://code.google.com/p/crypto-js/

    http://crypto.stanford.edu/sjcl/

  • Re:Honeypot (Score:2, Informative)

    by Quakeulf (2650167) on Saturday January 19, 2013 @03:23PM (#42634759)
    Since you couldn't understand what I meant: The feds, the music industry, the movie industry, the porn industry, the gaming industry and the software industry to name a few.
  • Re:hmm (Score:5, Informative)

    by Anonymous Coward on Saturday January 19, 2013 @03:32PM (#42634793)

    No. This is a lot better than Dropbox. Dropbox has your files, knows what they're called, and knows what's in them. It is a basic, fairly bad, cloud storage service. All your data is subject to search and seizure.

    On an audit of the code from Mega - which looks pretty solid - Mega has your files, but does NOT know what they're called or what's in them. Your data may still be subject to seizure - as MegaUpload very obviously demonstrated - but is NOT subject to search.

    It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly. Seriously, look at the legit usage for this: This is the first really big cloud storage service you don't really have to trust to not leak your data. The risks are reduced: to seizure or other loss (which is ALWAYS a possibility, especially the way the US is being at the moment), or if they were made to backdoor it (though people might notice, as the JS would have to change, and that wouldn't affect client applications).

  • by kthreadd (1558445) on Saturday January 19, 2013 @03:39PM (#42634823)

    or Safari for iOS before iOS 6

    That's because Safari for iOS did not support uploading files before iOS 6, at all.

  • Let us remember... (Score:5, Informative)

    by blahplusplus (757119) on Saturday January 19, 2013 @03:49PM (#42634865)

    ... american corporations and their complaint criminal government have no credibility. Any society that allows such insane acts to be passed over and over again is not a country who's laws and businessmen should be taken seriously.

    http://en.wikipedia.org/wiki/Copyright_Term_Extension_Act [wikipedia.org]

  • by blahplusplus (757119) on Saturday January 19, 2013 @05:25PM (#42635335)

    "Is it really insane folks?"

    Yes it is. Why can't I repair games or get access to source code? Why don't videogames and their source-code and art assets go into a library (being a cultural work like books)? I could go on and on about all the people who's ability to create and solve problems are constrained by such criminal laws.

    The current laws are merely rent seeking protectionist conservative nanny statism for corporations. Anyone who disputes this is naturally not very bright.

    In economics, rent-seeking is an attempt to obtain economic rent by manipulating the social or political environment in which economic activities occur, rather than by creating new wealth.

    And what is copyright? Government enforced monopoly pushed by big business. How is preventing people from using non-scarce ideas a good idea over the long term? You can't justify it at all rationally. You're creating huge amounts of inefficiency because it puts up barriers to creativity and problem solving by anyone who is not fairly wealthy.

  • Re:hmm (Score:3, Informative)

    by icebike (68054) on Saturday January 19, 2013 @06:09PM (#42635533)

    It's not the very first cloud storage service to do this, but so far as my audit shows, it's the first big one to do it properly.

    Take a look at Spideroak [spideroak.com] and explain why you think they did it wrong.

  • by Bitsy Boffin (110334) on Saturday January 19, 2013 @06:18PM (#42635567) Homepage
    Nope, doesn't work, think it though

    User A uploads file encrypted with his keys, and hash of unencrypted file
    User B uploads same file encrypted with his keys, and same hash of unencrypted file

    Mega sees hash are same and deletes User B's file, linking to User A's
    ... time passes ...
    User B downloads the file.... now what? User B doesn't have A's keys, he can't decrypt it. Mega doesn't have A's keys, they can't decrypt it for him. There is no way for B to get the decrypt the file.

    I would say that particular item in the terms and conditions is either;
    1. a mistake, added in by a lawyer copy-pasting
    2. referring to duplicate encrypted files, if somehow the same file is encrypted with the same keys, by 2 people who both upload it (or 1 person gives the pre-encrypted file to another and they both upload it), then that's possible.

  • Re:hmm (Score:5, Informative)

    by icebike (68054) on Saturday January 19, 2013 @06:22PM (#42635585)

    If they did ti correctly, they could provide the source code for the client side encryption, and let you build your own client from it.

    After all, the best encryption is the kind that even if they tell you exactly how it works and show you the code, you STILL can't break it in any reasonable time frame.

  • by Anonymous Coward on Saturday January 19, 2013 @07:57PM (#42636015)

    According to their FAQ they intend to support this in the future. But access to their servers is done through HTTP and JSON, and the CRUD functions map to a subset of POSIX filesystem API. so it should be possible to make a FUSE driver for Linux or a synced folder implementation for any platform.

    Right now their site only really fully supports desktop version of Google Chrome, less complete support for other major browsers, and no mobile platform apps. But because their service is written in unobfuscated Javascript on their site and doesn't seem to rely on any hidden moving parts, I expect we'll see more apps show up pretty quickly. I am excited, this service actually seems to be competently constructed.

  • by elucido (870205) on Saturday January 19, 2013 @08:16PM (#42636111)

    If it's using public key cryptography then there is no way for it to be a honeypot. The prive encryption key determines the security of your files and the public key determines who can access your files. PKI.

  • Re:Honeypot (Score:2, Informative)

    by Anonymous Coward on Saturday January 19, 2013 @08:40PM (#42636277)
    What do you mean? Like, bombing brown people? Check.
  • by monkeyhybrid (1677192) on Saturday January 19, 2013 @09:01PM (#42636369)

    Javascript can access and process file data directly with the HTML5 File API [w3.org] which is supported by recent versions of most major browsers [caniuse.com].

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...