Trips of a curious penguin.

Go to the Heartbleed test!

Why Mega WILL change the status quo

A response to this on the newly launched Mega.

It is true that theoretically no sharing approach can solve the problem of being inspectable, however what Mega does is eliminate the single point of failure.

What made sharing over Megaupload difficult and finally killed the service was that MPAA and RIAA could pressure Mega to obtain access to their data (remember that they had direct read and delete access to Mega* data), fingerprint a bunch of files and take down those that matched pirate videos or tracks.

Now Mega encrypts client-side all the uploaded data, and gives you the key to store (and share) along with the URL.

How this changes the outcome, you ask? Simply stated, now MPAA and RIAA can’t do anything with access only to Mega infrastructure.

Obviously key (and URL sharing) is the weakest link in the chain. but consider the two following (common) scenarios:

The classic pirate movie/music forum/blog

The users of those sites always re-uploaded all the content, as taking the links of another community was considered really unkind and prevented in various ways.

However, all the copies were easy to kill at once by fingerprinting.

Now, instead, a MPAA/RIAA employee (or program) would have to scan through all those disperse, ephemeral and registration-based communities, in a giant struggle that never comes to an end.

This because each community will have its own copy of the data, each one requiring its key to be taken down, and each key will have to be fetched from each particular site.

Do you want to be sure that no one will take down your link? Put it (and its key) behind a CAPTCHA. This way an automated program will not suffice and they’ll not have enough human resources to check all the forums, blogs, etc.

The underground textual community

Let’s say an IRC channel, but also a Skype group chat or Facebook group might work (although I would never share pirate stuff along with my name and surname, but …).

Ever tried sharing big amounts of data over those services? It’s a pain. And sharing with a number of people is plainly impossible.

But now, one simply upload to Mega the file, and then share link+key with his closed group, and the only way to prevent this is to be part of that group.

This time I have the feeling that the bad guys win.

P.S. I know that JavaScript crypto is doomed but they are not going to MitM your connection to steal your Mega keys, really.

P.P.S. If you read this far, you might enjoy following me on Twitter