Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Cloud Data Storage Encryption Hardware

Kim Dotcom's 'Mega' Storage Site Arrives 314

An anonymous reader writes "After months of hype riding the coattails of the MegaUpload controversy, Kim Dotcom's new cloud storage site, Mega, is finally going live. After being available to early adopters briefly, it's now open to the public with 50GB of free storage and end-to-end encryption. Several outlets have posted early hands-on reports for the service, including Ars Technica and The Next Web. In an interview, Dotcom spoke about how Mega's encryption scheme benefits both the users and the company: 'The Mega business plan will be a distributed model, with hundreds of companies large and small, around the world, hosting files. A hosting company can be huge or it can own just two or three servers Dotcom says—just as long as it's located outside the U.S. "Each file will be kept with at least two different hosters, [in] at least two different locations," said Dotcom. "That's a great added benefit for us because you can work with the smallest, most unreliable [hosting] companies. It doesn't matter because they can't do anything with that data." More than 1000 hosts answered a request for expressions of interest on the Mega home page. Dotcom says several hundred will be active partners within months.' On top of that, the way it's designed will protect Mega from legal problems: 'It's all about the plausible deniability. Mega doesn't know what you're uploading. ... Mega isn't so much securing your files for you as it is securing itself from your files. If Mega just takes down all the DMCAed links, it will have a 100 percent copyrighted material takedown record as far as its own knowledge is concerned. It literally can't know about cases that aren't actively pointed out to it, complete with file decryption keys.'"
This discussion has been archived. No new comments can be posted.

Kim Dotcom's 'Mega' Storage Site Arrives

Comments Filter:
  • I wonder when/if he will be able to get back all the content from megaupload...
    • I'm still waiting for final resolution of fallout from the 2007 financial meltdown. A mutual fund I had shares in lied about the value of mortgage-backed securities they held. The legal process is slow, so you can expect it to take several years for the return of user data.

      • Re: (Score:2, Offtopic)

        by whoever57 ( 658626 )

        I'm still waiting for final resolution of fallout from the 2007 financial meltdown. A mutual fund I had shares in lied about the value of mortgage-backed securities they held.

        At this point, I think that it is pretty clear that almost no-one is going to be held to account for the illegal activities that led to the financial meltdown. If you are waiting for restitution from the mutual fund, I suggest that you give up.

  • by edelbrp ( 62429 ) on Saturday January 19, 2013 @01:58PM (#42634607)

    Anybody poke around yet to see how they do the client-side encryption w/o a plugin? I suppose it could be done in Javascript. Another thought I had is maybe using the SSL stream its self and storing that. I would hope they are at least not using Java or Flash.

    In any case, I would imagine that this would attract a lot of attention to see just how secure the mechanism is.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      There are a few libraries...

      http://code.google.com/p/crypto-js/

      http://crypto.stanford.edu/sjcl/

      • As far as I know, the ability to use JavaScript crypto libraries on an uploaded file relies on browser support for the File API, which isn't available in Internet Explorer before version 10 or Safari for iOS before iOS 6. This means it's not available in Internet Explorer for Windows XP, Internet Explorer for Windows Vista, or Safari for the first-generation iPad.
    • by sco08y ( 615665 )

      Anybody poke around yet to see how they do the client-side encryption w/o a plugin? I suppose it could be done in Javascript. Another thought I had is maybe using the SSL stream its self and storing that. I would hope they are at least not using Java or Flash.

      In any case, I would imagine that this would attract a lot of attention to see just how secure the mechanism is.

      SSL wraps the entire HTTP session, so by the time your Javascript is running, everything is arriving as clear text.

      There are any number of Javascript crypto libraries, and for small files it's probably Good Enough.

    • by mwvdlee ( 775178 )

      I don't think Javascript alone can intercept uploaded files. They could use a flash tool to intercept the file and pass to javascript for encryption.

    • The old Mega-Upload did use Flash for some functions, such as directories for multiple file downloads. I believe the architecture was up- or downgrade, take your pick, to Javascirpt just before the Big Raid.

      However, what made the old Mega a popular download site was that it was perfectly possible to download using simple non-browser based tools, including the commandline hacker's download manager of choice, wget. And Mega's files where infinitely resumable, even across different IP addresses even using the

  • Let us remember... (Score:5, Informative)

    by blahplusplus ( 757119 ) on Saturday January 19, 2013 @02:49PM (#42634865)

    ... american corporations and their complaint criminal government have no credibility. Any society that allows such insane acts to be passed over and over again is not a country who's laws and businessmen should be taken seriously.

    http://en.wikipedia.org/wiki/Copyright_Term_Extension_Act [wikipedia.org]

    • by guttentag ( 313541 ) on Saturday January 19, 2013 @05:04PM (#42635505) Journal

      ... american corporations and their complaint criminal government have no credibility.

      I'd like to file a slashdot-compliant complaint about your misspelling of the word compliant in your complaint.

  • Mega doesn't know what you're uploading... but they definitely care. Ad impressions will pay regardless of whether content is legitimate or not, but just like Megaupload their paid subscriptions (starting at 10EUR/month) will only sell if there's illegal content on the service.

  • by grahamsaa ( 1287732 ) on Saturday January 19, 2013 @02:55PM (#42634903)
    I really have no interest in just uploading or downloading files through my browser. When this was announced I heard that they were going to support mounting / folder syncing, but I'm not seeing anything like that yet. Am I missing something?
    • https://mega.co.nz/#developers [mega.co.nz]
      As far as their future (at bottom) [mega.co.nz], it looks like they'll just be developing this for the browser, but the API appears to be fully open for developers.
    • Re: (Score:3, Informative)

      by Anonymous Coward

      According to their FAQ they intend to support this in the future. But access to their servers is done through HTTP and JSON, and the CRUD functions map to a subset of POSIX filesystem API. so it should be possible to make a FUSE driver for Linux or a synced folder implementation for any platform.

      Right now their site only really fully supports desktop version of Google Chrome, less complete support for other major browsers, and no mobile platform apps. But because their service is written in unobfuscated Jav

  • by HighlyIrregular ( 2784665 ) on Saturday January 19, 2013 @03:22PM (#42635091)
    They mention in their TOS that they retain the right to delete duplicate files when more than one user uploads exactly the same file, which is sensible of course. But can anyone tell me how they can do this if they don't have the encryption key?
  • On Comcast they appear to be blocking uploads to the website. I can access and interact with the site but all uploads are completely blocked.

  • 50 GB? (Score:2, Flamebait)

    by DogDude ( 805747 )
    50 GB? I know this guy's famous, but other than that, is there any other reason I should care? I measure my storage in TB, these days. 50 GB is only about 10 movies (or less).
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Oh, so where do you store your TB of encrypted files on the internet for free?

  • If Mega just takes down all the DMCAed links, it will have a 100 percent copyrighted material takedown record as far as its own knowledge is concerned.

    Yeah, right. Because judges are stupid and fall for even the most transparent and obvious front. *facepalm*

    You'd think his n-th run-in with the legal system would've made him a bit smarter. I feel sorry for the next bunch of naive folks he'll take down with him when they bust Mega and folks lose their data again.

Avoid strange women and temporary variables.

Working...