Kim Dotcom's Mega launch brings privacy to free 50GB cloud drives

Kim Dotcom's Mega launch brings privacy to free 50GB cloud drives

Summary: Kim Dotcom, whose MegaUpload cyberlocker service was closed down at the instigation of the US government, has launched a new privacy-oriented service from his New Zealand mansion.


One year to the day after police stormed his New Zealand mansion on January 20, 2012, the self-named Kim Dotcom launched a new online cyberlocker where each user gets 50GB of free storage. Mega differs from his previous effort, MegaUpload, in that it enforces encryption. This probably makes it the most privacy-oriented cloud drive that is easily available to both private and corporate users.

The Mega launch featured Maori dancers, an "FBI" helicopter and balaclava-clad commandos, among other things.

Dotcom said Mega had more than half a million sign-ups in the first 14 hours, so it was already a success. However, the site has sometimes been knocked offline.

Mega's file encryption is not so much to protect users as to protect Kim Dotcom and his company. The New Zealand police force's ludicrous overreaction resulted from accusations that MegaUpload was being used to share copyright material such as movies, TV shows and music. With Mega, files are encrypted before they are uploaded, so that Mega staff do not and cannot know what users are uploading and, possibly, sharing.

Encryption also protects users from snooping by internet service companies and governments.

Mega uses symmetric key encryption in the browser. Every file has its own key, and only the uploader knows what it is. Users can share files, but only if they provide downloaders with the key to decrypt the file.

However, Mega's terms and conditions implicitly recognise that users will upload copyright material such as backup copies of their music files for personal use. To reduce storage demands, the system says that it will only store a single copy of files that it recognises are not unique. How it knows they are not unique is not explained, nor is the system for handling different keys.

This idea goes back more than a decade. The failed Streamload service, launched in 1998, also used to store single copies of music and movie files even if they were uploaded by different users. Amazon also stores single copies in its cloud music service.

Of course, people who use Mega to share copyright files along with their keys will be taking the same risks as users sharing similar files on MegaUpload. But that's not the problem. The issue is whether or not Mega can be shut down if they do.

The Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) have somehow managed to get the US government to take over the huge financial burden of policing copyright, instead of them having to finance it out of their profits. They have, along the way, criminalised American citizens. Whether this approach will succeed remains to be seen, but it will probably help drive file-sharing abroad. Mega isn't registered under a US domain name, because this is now too big a risk.

The New Zealand police action against MegaUpload and other lawsuits prompted many cyberlockers to close down, or limit sharing, perhaps to non-US territories. Some deleted users' files, or would only allow people to download files they had uploaded.

However, many sites continued, while others appeared to fill the gap, or simply became more widely used. Current cyberlocker offerings include Rapidshare, Depositfiles, Hotfile, Filefactory, Turbobit, Uploaded,, Extabit, ZippyShare, LuckyShare, Rapidgator, Freakshare, Bayfiles, PutLocker, Bitshare, and Lumfile. (This is a quick, random selection, not a comprehensive list. Sites are very easy to find by searching for copyright files on Google.)

There is no doubt that cyberlockers are widely used for business purposes. Their use is not necessarily known about or condoned, but Kim Dotcom told the TorrentFreak website in December 2011: "We have hundreds of premium accounts from employees of the companies the RIAA and MPAA represent. In fact, 87 percent of the Fortune 500 companies have premium accounts with us."

TorrentFreak also reported a survey, conducted by SkyDox, about the use of cyberlockers among 4,119 workers at companies in the US and UK. It found that 66 percent of these employees "admitted to using free file-sharing sites for work. Among these 'sharers', 45 percent said their IT departments are aware of their usage of these services."

SkyDox offers cyberlocker services aimed at businesses and enterprises, including the NHS. It has a Framework Agreement for the Provision of G-Cloud Services from the British government's Cabinet Office.

The US government seized 25 petabytes of data from MegaUpload, some of it private data belonging to its own citizens. Most probably kept separate copies or took the wise course of uploading files to more than one cloud service. However, those who didn't have no chance of getting it back.

According to Wired, Kyle Goodwin — owner of the OhioSportsNet, which streams high school sports videos — sued to get his videos back, but the US government refused to help. "The issue is that the process of identifying, copying, and returning Mr Goodwin's data will be inordinately expensive," it explained.

The US government apparently can't find and deliver a file even if the user has the filename and a link to its previous address. Maybe the FBI should give Kim Dotcom a job.

UPDATE: A later post by Michael Lee highlights the problem with using Mega passwords to generate encryption keys: see Mega users: If you're hacked once, you're hacked for life. In a comment, ZDNet user Sc00bz adds: "Your Mega account is compromised when you register. The confirmation link contains a hash of your password. I'll be releasing 'MegaCracker' hopefully in a few hours" But we're only one day into what still seems to be a mostly on-working service. No doubt there will be more to come....


Topics: Cloud, Government US, Privacy, Storage, New Zealand

Jack Schofield

About Jack Schofield

Jack Schofield spent the 1970s editing photography magazines before becoming editor of an early UK computer magazine, Practical Computing. In 1983, he started writing a weekly computer column for the Guardian, and joined the staff to launch the newspaper's weekly computer supplement in 1985. This section launched the Guardian’s first website and, in 2001, its first real blog. When the printed section was dropped after 25 years and a couple of reincarnations, he felt it was a time for a change....

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Criminalised American citizens?

    Only those copying someone else's property without consent surely?

    Personally I think I 'll stick to Adrive, as you say, it attracts far less attention and press...
    • Yes, A-drives....

      USB drives, VCRs, tape recorders and photocopiers are all used for "copyright theft", aren't they? ;-)
      Jack Schofield
      • Does that mean it should be legal?

        Regardless of how those wishing to break the law, it was not their primary intent in design.

        With regard to the VCR, the US Supreme Court ruled that non commercial use does not violate the 1976 federal copywrite act.

        That's a common sense approach to my mind. If you pay for something, or a copywrite protected media such as tv is legally transferred to you, then you should be allowed to make copies on varying media for your personal use; it's common sense. However wilfully redistributed someone else's property freely or for a charge without or against their wishes simply shouldn't be legal.
        • Agreed....

          However, suppose the FBI had decided to target just one brand of VCR while ignoring all the other models on the market....

          There are take-down mechanisms for copyright files on cyberlockers. MegaUpload took down thousands of files.
          Jack Schofield
  • Not sure I'd trust him.

    Innocent or not - his defiance of law enforcement waves too many red flags for me to trust his services. I don't think I'll ever use it.
    • So you're saying people should let the government walk all over them.

      So, you're saying that when the government oversteps it's bound and attacks a person. Destroying his work. That person should just disappear with his tail between his legs. Not to mention All of the innocent people that lost their rightful files that the government basically stole with no chance of getting back.
      Edwin Combs
      • That's not what I'm saying, heh

        That is nowhere near what I'm saying. Not close.

        Being defiant is not the only way to handle a government that oversteps its bounds.

        They could try something like - oh, I dunno, a class action lawsuit, perhaps? File charges right back at the government? Maybe hold a few protests?

        There are lots of other options. Giving the government a virtual middle finger seems to be one of the more childish ones.
  • Defiant or not ....

    Kim Dotcom has every right to pull the finger at the authorities who illegally raided his mansion with SWAT teams, man handled his wife children and house staff, froze his bank accounts, impounded his assets, spied on him, imprisoned him on legal search arrest warrants and shut his business down. His assets, bank accounts and property have still not been returned to him.

    He has now masterfully created the internet version of the Swiss banking system. A virtual Fort Knox and file haven for absolutely any kind of file that needs to be untraceable.

    It would have behoved the authorities to understand the internet and Mr Dotcoms business before acting irrationally and illegally because when the dust settles, the law suits will be off the scale.

    Mega is innovation in its purest form and the sooner people can deal with it the better. Especially the now redundant internet police.

    Here's to private enterprise!
  • that should be ILLEGAL search and arrest warrants

    apologies for the typo
  • Something smells - this is bullshit.

    How can Kim store only one copy of duplicate files unless he has a master decryption key to allow him to compare different user's files? (because when 2 users encrypt the same file with different private keys, you SHOULD get two DIFFERENT BIT STREAMS).
    Obviously the files are not 'really' encrypted in the sense that Kim can deny knowledge of copyright infringement.
    • It is possible

      First thing crossing my mind (regardless of security issues or even best solution considerations, because it is not):

      If it's been encrypted in origin as they say, you can also hash it in origin and send both hash and file to the service, you could even encrypt the hash in the main stream after the file has been encrypted in a way you can use your key just to extract the hash from the stream after.

      I can think a number of possibilities around this idea, and the only flaw is that hash could be corrupted in origin (but as well could file stream, there is no motivation to do it with hash other than trying to overflow mega's storage space)

      I'm not a cryptologist, so If I can instantly think one way to achieve it, there must be many more possibilities.
    • No, it's not possible

      Actually, IF the files are properly encrypted then, no, it's not possible to compare 2 different files from 2 different soucres, to prevent duplication.

      The way this is being 'sold' (so to speak) is to claim the files are encrypted BEFORE they are uploaded - if so, that would entail off-line (or pre-upload) encryption. So, common sense tells you that 2 [truly] encrypted files NEVER will compare to the same value, because they have different keys.

      Now, IF the Dotcom client piece does a "pre-encryption" size/name/content/CRC comparison, BEFORE any encryption, then yes, it would be possible. But then, they cannot deny knowing about the content, if they have ANY piece that 'sees' the file before it's encrypted.
  • How does Dotcom make a living?

    Will Mega become an income source?