Kim Dotcom's Mega launch brings privacy to free 50GB cloud drives

Kim Dotcom, whose MegaUpload cyberlocker service was closed down at the instigation of the US government, has launched a new privacy-oriented service from his New Zealand mansion.
Written by Jack Schofield, Contributor

One year to the day after police stormed his New Zealand mansion on January 20, 2012, the self-named Kim Dotcom launched a new online cyberlocker where each user gets 50GB of free storage. Mega differs from his previous effort, MegaUpload, in that it enforces encryption. This probably makes it the most privacy-oriented cloud drive that is easily available to both private and corporate users.

The Mega launch featured Maori dancers, an "FBI" helicopter and balaclava-clad commandos, among other things.

Dotcom said Mega had more than half a million sign-ups in the first 14 hours, so it was already a success. However, the site has sometimes been knocked offline.

Mega's file encryption is not so much to protect users as to protect Kim Dotcom and his company. The New Zealand police force's ludicrous overreaction resulted from accusations that MegaUpload was being used to share copyright material such as movies, TV shows and music. With Mega, files are encrypted before they are uploaded, so that Mega staff do not and cannot know what users are uploading and, possibly, sharing.

Encryption also protects users from snooping by internet service companies and governments.

Mega uses symmetric key encryption in the browser. Every file has its own key, and only the uploader knows what it is. Users can share files, but only if they provide downloaders with the key to decrypt the file.

However, Mega's terms and conditions implicitly recognise that users will upload copyright material such as backup copies of their music files for personal use. To reduce storage demands, the system says that it will only store a single copy of files that it recognises are not unique. How it knows they are not unique is not explained, nor is the system for handling different keys.

This idea goes back more than a decade. The failed Streamload service, launched in 1998, also used to store single copies of music and movie files even if they were uploaded by different users. Amazon also stores single copies in its cloud music service.

Of course, people who use Mega to share copyright files along with their keys will be taking the same risks as users sharing similar files on MegaUpload. But that's not the problem. The issue is whether or not Mega can be shut down if they do.

The Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) have somehow managed to get the US government to take over the huge financial burden of policing copyright, instead of them having to finance it out of their profits. They have, along the way, criminalised American citizens. Whether this approach will succeed remains to be seen, but it will probably help drive file-sharing abroad. Mega isn't registered under a US domain name, because this is now too big a risk.

The New Zealand police action against MegaUpload and other lawsuits prompted many cyberlockers to close down, or limit sharing, perhaps to non-US territories. Some deleted users' files, or would only allow people to download files they had uploaded.

However, many sites continued, while others appeared to fill the gap, or simply became more widely used. Current cyberlocker offerings include Rapidshare, Depositfiles, Hotfile, Filefactory, Turbobit, Uploaded, Uploading.com, Extabit, ZippyShare, LuckyShare, Rapidgator, Freakshare, Bayfiles, PutLocker, Bitshare, and Lumfile. (This is a quick, random selection, not a comprehensive list. Sites are very easy to find by searching for copyright files on Google.)

There is no doubt that cyberlockers are widely used for business purposes. Their use is not necessarily known about or condoned, but Kim Dotcom told the TorrentFreak website in December 2011: "We have hundreds of premium accounts from employees of the companies the RIAA and MPAA represent. In fact, 87 percent of the Fortune 500 companies have premium accounts with us."

TorrentFreak also reported a survey, conducted by SkyDox, about the use of cyberlockers among 4,119 workers at companies in the US and UK. It found that 66 percent of these employees "admitted to using free file-sharing sites for work. Among these 'sharers', 45 percent said their IT departments are aware of their usage of these services."

SkyDox offers cyberlocker services aimed at businesses and enterprises, including the NHS. It has a Framework Agreement for the Provision of G-Cloud Services from the British government's Cabinet Office.

The US government seized 25 petabytes of data from MegaUpload, some of it private data belonging to its own citizens. Most probably kept separate copies or took the wise course of uploading files to more than one cloud service. However, those who didn't have no chance of getting it back.

According to Wired, Kyle Goodwin — owner of the OhioSportsNet, which streams high school sports videos — sued to get his videos back, but the US government refused to help. "The issue is that the process of identifying, copying, and returning Mr Goodwin's data will be inordinately expensive," it explained.

The US government apparently can't find and deliver a file even if the user has the filename and a link to its previous address. Maybe the FBI should give Kim Dotcom a job.

UPDATE: A later post by Michael Lee highlights the problem with using Mega passwords to generate encryption keys: see Mega users: If you're hacked once, you're hacked for life. In a comment, ZDNet user Sc00bz adds: "Your Mega account is compromised when you register. The confirmation link contains a hash of your password. I'll be releasing 'MegaCracker' hopefully in a few hours tobtu.com/megacracker.php" But we're only one day into what still seems to be a mostly on-working service. No doubt there will be more to come....


Editorial standards