Check out the Limitations beneath the "How to become a Hosting Partner" page.
> Unfortunately, we can't work with hosting companies based in the United States. Safe harbour for service providers via the Digital Millennium Copyright Act has been undermined by the Department of Justice with its novel criminal prosecution of Megaupload. It is not safe for cloud storage sites or any business allowing user-generated content to be hosted on servers in the United States or on domains like .com / .net. The US government is frequently seizing domains without offering service providers a hearing or due process.
The DMCA Safe Harbor works fine for companies that aren't PURPOSEFULLY attempting to violate copyright. Just don't make the mistake of getting caught berating employees for taking down infringing material, don't get caught figuring out what users upload the best pirated material so you can reward them, don't get caught ordering employees to work on improving the quality of pirated files on your site, and you won't have the problems Mr. Dotcom (who did all the aforementioned things) had with staying under the Safe Harbor.
> and you won't have the problems Mr. Dotcom (who did all the aforementioned things) had
This is simply false. Legitimate non-infringing websites have been seized by the U.S. justice department without due process.[1] There is a reason to have due process and innocent until proven guilty; the reason is that otherwise power is abused by those with the power.
Bureaucrat 'bo1024, you are technically correct --- the best kind of correct! Following the strict letter of the DMCA does not in fact guarantee that nobody will make a mistake or fail to stop someone abusing process.
What this has to do with the meat of the comment you're responding to, I'm less sure of; that comment was useful in that it corrects an extremely common misconception about the DMCA (that if you simply have a process to honor takedown requests, you're a service provider immune to prosecution).
Regardless of your opinion about copyright or the DMCA, it remains an under-appreciated fact that if you do the things Kim Schmitz was discovered to have done (it's spelled out explicitly in the Mega emails), you're violating the DMCA whether or not you honor takedowns; further, you're not simply committing individual infractions by doing so, but instead (potentially) forfeiting all your protections as a service provider under the DMCA.
If you look at the comment that was responding to, it was a quote from dotcom on how the DOJ is going around the DMCA to illegally take down legitimate sites. My comment was on-topic, but the parent comment, while technically correct, was misleadingly off-topic. It implied that, if you stick to the letter of the law, you'll be fine. That's not true, and that's what the original quote was pointing out.
It would be very bad advice to site operators with expose to US law to ignore that law because it is capriciously applied.
For one thing, its application is much less capricious than the echo-chamber would like you to believe; there's a cascading availability bias at play, because it's hard for Techdirt and Torrentfreak to drive page views with stories about sites that play by the rules and don't have a problem with takedowns. You only hear about the dramatic cases, but the fact is that the boring cases are much more common.
For another, regardless of whether you can be taken down by accident or malice when you follow the rules, you will, if you're popular, be taken down, sued, and potentially prosecuted if you run a site the way Kim Schmitz ran his.
I'm less interesting in refuting you or any other commenter on this thread than I am in being clear about what the situation is. There is a widespread belief on HN that the takedown of Megaupload was unlawful because Kim Schmitz and his team responded to takedowns. Whatever technical or even Constitutional issues may or may not have tainted the case against Megaupload, we now know that Megaupload was in fact a conspiracy to evade copyright law.
We can dispute the legitimacy of the prosecution, but it's no longer possible to credibly dispute the underlying facts. And, back to this thread: those facts are instructive. There is more to US copyright law for service providers than accepting takedown requests.
If I'm not mistaken, your first example was a case where 1 website made in on a list (a list with 100s of other entries) BY MISTAKE. And the bureaucratic process took over.
What happened to that website was an exception, not the rule.
On your second point, the evidence was so overwhelming clear on MU being a criminal enterprise, that when combined with KimDotCom's long criminal history, it was quite clear what was going on.
On the other hand the lack of due process is significant, what good will it be for you when your domain/machines are seized for months before you can prove you are legit?
Or, alternatively, do all that, without getting caught, to drive traffic, until you are a household name and get acquired by everyone's favorite advertising multinational. Then everyone'll forget your humble beginnings.
"The new Mega encrypts and decrypts your data transparently in your browser, on the fly. You hold the keys to what you store in the cloud, not us."
For me this is the most important bit of the website. That bit demonstrates the dedication of building something that will be very hard to shut down.
If you combine this with the VPN tunneling at the backend to obfuscate parties for the final host and content (similar to what piratebay did a month ago according to the news)- it has the potential to become very powerful and take a good share of torrents traffic.
Let's get the web crypto done, and maybe then we can find an "Encrypt before you upload" button on every single web service that stores your data, from e-mail to Dropbox-like services.
Hopefully the Government hasn't tried to put a backdoor in it, but I assume that would be discovered pretty quickly.
This article seems to focus mainly on digital signatures. Encryption does not necessarily involve ensuring data source authenticity.
If you have an SHA hash as part of the request url and you can trust the SHA hash calculator to verify the authenticity of the final file then you can trust the whole encryption layer to return whatever data it wants because hash verify will refuse tampered servers.
The trick is to ensure the hash calculator is 100% untampered. For the more paranoid people this means using command line hash calculator for this just as it's used for linux distro .iso files etc.
The same vulnerability that would exist in the hash calculator could exist in the hash calculator locally to induce data loss, theft, etc. The same security challenges that face a hash algorithm in a browser affect encryption ability as well. Presumably the decryption happens in the browser as well which would preclude your post.
So why not a .onion? You can set it up so that name resolution goes through Tor, but you still connect directly to the IP, if you're after speed. He could even manage to get mega.onion.
It doesn't work like that. Reaching a .onion involves going through six proxies. You can't connect directly to its IP, because you don't know what it is and it probably doesn't listen on a public interface anyway.
It will be the best thing to happen to the TOR network - thousands of new (mostly non-exit, but still) nodes carrying all sorts of legal and illegal traffic.
As someone who lives in New Zealand, I think that its only a matter of time before the domain name is seized. This whole MegaUpload affair has shown that the US government has quite a lot of sway over the NZ government and in my opinion I don't think they will stop until he's extradited to the US and put behind bars.
Assange is still chill-banging. Sipping Aguardiente. Schmoozing Ecuadorian diplomats. Yelling shit about the commander-in-chief out from the balcony to the glassy-eyed press [1].
As for Mr. DotCom, don't hold your breath. NZ is still busy kissing his arse [2].
The NZ courts have been quite good in the MegaUpload case. However the NZ government has shown that its happy to essentially overrule decisions of the courts if it doesn't like the decision.
Although Kim has become a bit of a celebrity in NZ now, he's even looking at funding a program to bring free fibre optic to NZ. ( http://www.stuff.co.nz/technology/digital-living/7904696/Dot... ) So the government may not do something too hasty as it would cause a large amount of public backlash.
Last I heard Assange was still stuck in Ecuador's London embassy, which is what your linked article seems to imply too. Not exactly as rosy a situation as you're implying.
Did anybody actually ever host "important files" on MegaUpload? I know people say they did, but did they actually? If they did that's just plain stupid.
MU was the only site that allowed unregistered users to upload large files with unregistered downloads, making it a great way to distribute customized Linux live CD images.
Sure, i've used a couple of upload sites recently to transfer large files... but never anything that was actually important, i didn't have local backups of or couldn't be easily replicated.
I've read about people trying to get their files back off the servers and all the other hoo-ha going on, and have nothing against people trying to do that or using the excuse that it was their main backup... just seems extremely silly to rely on it form my point of view. It's not possible to rely on Google, for fear of them shutting down your account for some violation or T&Cs (and no recourse for appeals), so to rely on these kinds of companies...
Not sure why I got down votes for a genuine question.
I am interested in which technology he would use to encrypt/decrypt the data in the browser. Most web-tools I've seen have a strict limit on number of bytes that can be encrypted in a userfriendly process.
Once you do something, you keep on doing it. Check out what happened to Peter Popoff after James Randi and Johnny Carson busted him in the 80's. http://www.youtube.com/watch?v=KYdlX_Wn1K4
Imagine some kind of worldwide system, without a central server and dedicated administrator, distributed among a large, constantly changing conglomeration of servers that store and forward messages to one another.
So why is golden the rule of usenet, to not talk about it?
Because if people did, anti-piracy companies would start paying attention to it. Therfore making it way more expensive to run Usenet servers and expose users to legal risk.
It's success depends on its relative obscurity.
You have to provide a credit card to use Usenet (unless you use bitcoins). Making it easy to be targeted.
Torrents "done properly" can be completely anonymous for everyone involved and still free.
So I don't agree that the problem was completely solved by Usenet. Despite being a happy Usenet + NZBmatrix user (oops broke the rule :p).
Usenet is hardly without flaws.
- Comparatively costly
- Native indexing is not available. 3rd party indexes are not distributed
- RAR files
- Does not support streaming as is
- Feedback and rating system is worse (many small 3rd parties, fewer users, files do not persist).
- Easily susceptible to poisoning
- Easily susceptible to censorship and takedowns (few usenet backends).
- etc
> Unfortunately, we can't work with hosting companies based in the United States. Safe harbour for service providers via the Digital Millennium Copyright Act has been undermined by the Department of Justice with its novel criminal prosecution of Megaupload. It is not safe for cloud storage sites or any business allowing user-generated content to be hosted on servers in the United States or on domains like .com / .net. The US government is frequently seizing domains without offering service providers a hearing or due process.