MEGA is genius

by hlieberman on 10/19/2015, 12:33 AM with 30 comments
  • by bentpins on 10/19/2015, 7:45 AM

    Note that MEGA is compromised: The NZ govt now owns a controlling portion of shares. Kim issued a statement saying not to use it, and to look out for an open source not for profit MEGA 3.0 when his non-compete expires late this year

    http://www.wired.co.uk/news/archive/2015-07/31/kim-dotcom-me...

  • by aidenn0 on 10/19/2015, 2:40 AM

    It seems like given a public link including the decryption key, they could still be given a takedown request, since as soon as a rights holder sends them the link, they are no longer blind to the content. It does, however, preempt a Content ID like system.

  • by fho on 10/19/2015, 4:03 PM

    Regarding the discussion about deduplication ability (deduplibility?): Would it be possible to do some cryptography tricks to allow MEGA access to the data while still preserving deniability? I am thinking about the Dual_EC_DRBG backdoor [1] or the weak-key-generation in Debian [2].

    Edit: I should clarify. I mean a purposeful installed vulnerability at the point MEGA was build, not something that can be used after the fact.

    [1](https://en.wikipedia.org/wiki/Dual_EC_DRBG) [2](https://en.wikipedia.org/wiki/Random_number_generator_attack)

  • by codexon on 10/19/2015, 9:37 AM

    I don't see how this is genius.

    Having hosts not know the contents they perform services for has been desired for a very long time. Research on homomorphic encryption predates mega by quite a while. And I am sure there must be backup services that already encrypted client-side long before mega.

    The only reason why there wasn't something exactly like mega earlier was because browsers didn't have the capability. And it seems mostly like revenge for having megaupload shutdown. The profits aren't very good when you can't de-duplicate files (because the content is encrypted) or do anything else clever with the data. You just become a dumb provider of hard drive space and bandwidth. Anyone can clone client-side encryption.

  • by zamalek on 10/19/2015, 9:43 AM

    Avoiding spam could be made less frustrating for users (report = frustration): require proof-of-work. The server presents some nonce and the client is expected to perform the old "hash until X zero bytes" POW and then add some extra entropy. This makes spamming computationally expensive.

    In addition, because there may be multiple possible solutions for the problem, if the POW+entropy key is used with AES CTR, this could provide an additional layer of plausible deniability.

  • by sametmax on 10/19/2015, 9:15 AM

    This is what services like 0bin.net and zerobin.net do for pastebin.

  • by DennisP on 10/19/2015, 9:06 AM

    Freenet has a similar model, in a p2p context. Anyone with a link can access the file, but the person hosting it plausibly isn't aware of its contents.