It looks like you're new here. If you want to get involved, click one of these buttons!
I'm trying out MEGA. It doesn't work yet. Uploading a small text file to test. Just says "pending" and never uploads. The UI is great, though.
Are storage locker companies required to monitor what you store inside?
Are storage locker companies required to monitor what you store inside?Not as far as I know, though if they think you're doing something really hinky, they'll take a look. I think they are obligated to report anything illegal to the cops, though, if they find it.
Scott, anything after the hashbang (#!) isn't sent to the server, it's only accessed from JS.http://stackoverflow.com/questions/940905/can-php-read-the-hash-portion-of-the-urlI can't get it to work myself, but from what I can tell, it stores your private key in your browser's HTML5 localStorage for your convenience, so that's not stored on the server either.
This Ars article also suggests some pretty fundamental questions about their encryption:http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/Short version of the biggest issue: they claim to keep only one copy of identical data shared by multiple users ("deduplication") for storage optimization purposes, which strongly suggests they are both able to decrypt stored data and to associate it with specific users.
I think there's a way that you could de-duplicate data after it was encrypted, it just means that the same file must have the same decryption key... and MegaUpload doesn't have that key. Two users will have the same key to the same data file, but that would be fine, right?
I think there's a way that you could de-duplicate data after it was encrypted, it just means that the same file must have the same decryption key... and MegaUpload doesn't have that key. Two users will have the same key to the same data file, but that would be fine, right?How would Mega know to give both users the same private key? All encryption and decryption is done by the client.
Maybe they are using real small blocks?
You upload a file. Your browser will automatically create an encryption key and encrypt the file before uploading it. You have to write down the key or save it somewhere, because it is created in your browser on your computer and is never sent to MEGA. If you visit the link to download the file, you will need the key to decrypt the file. So when you want someone else to download a file you have to give them the link and the key.
Meanwhile MEGA only has encrypted data. They will have no idea if that data is child porn, the latest Hollywood Blockbuster, or your homework. If someone uploads the same file twice, it will be encrypted with a different key each time, so it will be impossible for them to know that both of those files are the same file, except maybe they will be very similar in size.
Thus, the only way they can get a DMCA takedown notice is if the MPAA/RIAA finds both the URL and the key. Even that kind of notice is going to be tough to get through. It's basically what we've always asked for. Why doesn't someone make encryption easy to bring power to the people? Well, it's happening.
The real question is, will the government be able to convince judges that services like these are essentially secure dropboxes for criminal activity. If so, the services won't survive long.
The major point is that if MEGA doesn't store the keys itself, it's much, much harder to hold them responsible for the content. Unless courts were to make the ludicrous ruling that MEGA itself is required to attempt to trawl the Internet looking for keys to decrypt the data they're storing, it seems like they're in a decent legal position.
Sure, they will have to allow and respond to takedown requests, but as long as they comply with those requests things should work out.
I got this information anecdotally via hearing people describe and talk about Storage Wars in depth. (A TV show on auctioneers bidding on items in storage lockers that people got behind on their payments on).
Then you can get a link to the file like this and the downloader needs the encryption key to actually decrypt the file.
However, they also allow URLs like this.
With the key included, so what the fuck is the point of the encryption anyway? Not only is the key in the URL sent to MEGA every time the URL is visited, but you can actually retrieve the key URL from MEGA itself. There is no way they can claim to not know what is in the files.
The way it is supposed to work is that the encryption and decryption are 100% client side. That is the keys are generated in your browser, the file is encrypted locally. The encrypted file is uploaded, and MEGA has no idea what is in it. It's up to you to save the keys because they will be lost otherwise. Then the key can never be sent to MEGA in a URL or otherwise.
They fucked it the fuck up, and they were so close.
I can't get it to work myself, but from what I can tell, it stores your private key in your browser's HTML5 localStorage for your convenience, so that's not stored on the server either.
Going to see what happens if I login from another computer and if the key is there.
EDIT: Or maybe the file list was empty because they are not 100% working properly.
Short version of the biggest issue: they claim to keep only one copy of identical data shared by multiple users ("deduplication") for storage optimization purposes, which strongly suggests they are both able to decrypt stored data and to associate it with specific users.
FYI, I work in deduplication, so I have some familiarity with the subject.