back to article Kim Dotcom shows off new mega service

Kim Dotcom has shown off his forthcoming replacement for megaupload, posting three screen shots to Twitter. The grabs offer some interesting insights into what Dotcom has planned, with the first (below) showing a field marked with a key-shaped icon. The login screen for Kim Dotcom's new cloud storage service The login …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    This could be useful

    I'll be watching with interest.

  2. Ole Juul

    Game changer

    I'm looking forward to seeing how this will effect the internet landscape over the next while.

    1. Anonymous Coward
      Unhappy

      Re: Game changer

      in the uk? give us your password or we'll give you two years jail.

      1. Ole Juul

        Re: Game changer

        in the uk? give us your password or we'll give you two years jail

        Personally I don't share media files, or even use them much - but that's not the point. The thing here is that the responsibility now rests on the end users. If all goes well, it will be more difficult to shut down the service. It will also be a lot of work to go after individual clients one by one. This changes the file sharing landscape considerably, especially if other internet services start to follow this model. The fallout from this could be all over the place. We'll see.

      2. takuhii

        Re: Game changer

        I think you still go to prison in America

      3. Paul Crawford Silver badge

        Re: Game changer

        The first point is that this always-on encryption means that they can't just seize the servers and go trawling (or trolling?) for evidence. They have to take you to a court and show good reason for a judge to compel you to hand over any password in your possession. At least you know they are investigating you and have recourse to legal advice early on, and the sheer effort of going after someone through the courts means they simply can't afford to do it for anything other than serious and significant cases. A few bootleg episodes of the Simpsons, etc, is hardly going to be worth it and copyright trolls (like the now defunct ACS:Law) will find that as well.

        Second point is if you have forgotten your password, I think the ECHR would come down on them for any attempt to force you to reveal what you no longer have. Of course, if you were dumb to say you know but are not telling, or if a court might not be convinced of your genuine problems in remembering it, then its not going to work.

        Third point is how long will it be before someone has a third-party service in another country that manages the passwords and can be set to destroy them if not used for a couple of weeks, so unless they can go through the courts very quickly (again, meaning you have to be on a really serious charge) then there is no longer a password to be revealed, as your memorable one will no longer recover the encryption one.

  3. Invidious Aardvark

    Given that the first screen is a logon screen, I'd guess that the field with the key icon is your password. Why you think that this refers to an encrytpion key is beyond me, especially since the key isn't actually generated until a later stage. It even looks like a password field, with the password starred out.

    The key generation being strengthened by "entropy from your mouse movements and keystroke timings" is just a variation on a theme, where some additional inputs are used to add randomness to the key being generated, e.g. TrueCrypt does something similar.

    Note that they state that "You hold the keys to what you store in the cloud, not us". This suggests to me that the encryption key for the files is stored by the user, a move designed to prevent third parties accusing them of knowlingly infringing copyright? If they are storing encrypted data only and have no way of decrypting that data to find out what it is, they really can argue that they are not liable for the content they host since they cannot even view that content. Some would say that this is a sensible move, not only in a self-preservation sense (they really don't know what the user is uploading so they can't be held liable for it) but also because it should, if implemented correctly, ensure some degree of security for the end-user's data - even if someone manages to get access to the servers where the data is stored, all they get is a load of encrypted data.

    One question that springs to mind is: If all the data is encrypted and the key is stored at the user's end, how is this going to replicate the success of megaupload? You can no longer just upload a file and post the URL, you now also have to post the key so other users can decrypt the data. It's not a huge extra burden, but it's one more hoop to jump through and may discourage the less technical users from using the site unless they make it really easy to use. There are some hints that you'll be able to share files and folders with other users, but part of the success of megaupload was that you didn't need an account to download stuff.

    It'll be interesting to see how this all pans out and whether this is a real change of direction from the original megaupload. It certainly sounds like they're moving from a free-for-all file hosting model to more of an encrypted file system approach with access to the service limited to registered users only but I guess time will tell.

    1. Anonymous Coward
      IT Angle

      Well, about the URL. I would imagine they would pass all required data in the URL itself, making it indifferent to the original for the typical file sharer. Is there really a reason you couldn't put the key in the URL?

      1. Invidious Aardvark

        There's nothing to stop the user passing the key in the URL, I guess, except it seems a somewhat insecure method of transmitting your key. Encryption only works when your key is secret, if you're broadcasting it to the world every time you request a file then why bother encrypting at all? The server definitely doesn't want to be seeing the key (they don't want to be able to decrypt your data) and I can't see why the client would be built to look for the key in the URL - transmitting the location of encrypted data and the means to decrypt it in the same message would be a massive security hole and would remove any hope of getting "serious" businesses to use your solution.

        The way they've phrased the encryption/decryption side of things, it appears to be entirely client-side. There's no reason to post the key to the server if all encryption is done prior to submitting to the server and all decryption is done as the file is received. Again, I'm assuming that security and/or limiting liability is their concern here - they don't want to be taken down like last time and not knowing what you're hosting is probably a good starting point.

        1. Robert Heffernan
          Thumb Up

          @Invidious Aardvark

          "There's nothing to stop the user passing the key in the URL, I guess, except it seems a somewhat insecure method of transmitting your key. Encryption only works when your key is secret, if you're broadcasting it to the world every time you request a file then why bother encrypting at all?"

          That's easy! It's just so that the file host (Kim Dot Com's new outfit) cannot read the file themselves, thus tunneling a nice new loop hole in the laws that Megaupload got slapped with. Since this new site has no way of reading the contents of the files, they cannot possibly ever know that the file uploaded contains copyrighted data.

          It shifts ALL the burden of responsibility to the users of the service, you can store your files encrypted in the cloud, completely secure even if the servers are hacked or taken by the fuzz, or you can share a link with your friends that lets them download and decrypt the file.

          I would assume that ALL the file encryption/decryption is done on the user's side, possibly in-browser through some javascript, so that there is no way at all that the original unencrypted data passes to the cloud server, that way there is no way that they could know what was just uploaded was infringing in some way.

          I think it's a pretty clever and damn good service that will manage to skirt the law much to the annoyance of the FBI, RIAA, MPAA , etc

          1. Psyx
            Stop

            Re: @Invidious Aardvark

            "It shifts ALL the burden of responsibility to the users of the service"

            I don't think you can possibly say that without both a law degree and before the system is up and running.

            If there are a bunch of encryption keys stored publicly on a website and the Mega file owner's public user details shown on the site say "check this URL for content details" and then link to the site (and I imagine this is what might well happen), then it's not going to be legal plain sailing.

            I'm also unconvinced that one can legally wipe one's hands clean if one has reasonable suspicion that the law is being broken. If there are a zillion files on the site each the length of a movie, then I'm not sure Kim can play innocent any more than someone saying "I was just giving a hitch-hiker with a mask a lift from the bank. I had no way of knowing he'd just robbed it".

            We'll have to see. But in reality, I think Kim is playing stupid ass 'letter of the law' style games, and unfortunately our legal systems have had quite a while to adapt to that kind of evasion, and judges weren't born yesterday.

            1. Anonymous Coward
              Anonymous Coward

              Re: @Invidious Aardvark

              [blockquote]

              If there are a bunch of encryption keys stored publicly on a website and the Mega file owner's public user details shown on the site say "check this URL

              for content details" and then link to the site (and I imagine this is what might well happen), then it's not going to be legal plain sailing.

              [/blockquote]

              In that situation, the service provider is still only liable if it fails to take down the content. Service providers can't be forced to use DPI or other privacy invasive techniques on user generated content.

              This is roughly both the law in the EU and US. The European Court of Justice ruled so in a Belgian case brought against Netlog by the local collection society.

              <blockquote]

              I'm also unconvinced that one can legally wipe one's hands clean if one has reasonable suspicion that the law is being broken. If there are a zillion files

              on the site each the length of a movie, then I'm not sure Kim can play innocent any more than someone saying "I was just giving a hitch-hiker with a mask

              a lift from the bank. I had no way of knowing he'd just robbed it".

              [/blockquote ]

              And the car owner in such a case wouldn't be an complicit to robbery unless you could prove beyond a reasonable doubt that he knew what the stranger was up to.

              You can't extrapolate from anonymity, encryption and file sharing to law violation. Even if I wanted I could legally set up a local offline dropbox, in which people (anonymous strangers) could deposit encrypted packets. Of course, such a system could and would likely be abused, but I am not a criminal because I help strangers hiding their activities.

              1. Psyx
                Stop

                Re: @Invidious Aardvark

                "And the car owner in such a case wouldn't be an complicit to robbery unless you could prove beyond a reasonable doubt that he knew what the stranger was up to."

                Which is pretty easy. And it's not likely to be particularly difficult to prove beyond reasonable doubt that the new site's admins know that it's being used for illegal purposes.

                Justice isn't blind and stupid. Oddly enough, rules-lawyering doesn't tend to always work in courts of law, because it's the intent that matters. And we all know already that Dotlard intends to make a wodge of cash out of creating a shared home for illegal content. Dress it up with pretty words as much as you like, but that's what he's going to do and the only way for him to realistically get away with it is to keep paying a lot of expensive lawyers to try to keep one step ahead of the prosecution, and hope that they have less expensive lawyers.

                "I am not a criminal because I help strangers hiding their activities."

                Actually, in other walks of the law: You are. Simply closing your eyes to the details does not reduce responsibility in most criminal pursuits (smuggling, handling stolen goods, supplying weapons et al). Again: The law isn't stupid. 'dislike' as much as you like: It doesn't change the fact that Dotflab is likely to be investigated and tried for it in the long-term.

                "<blockquote]"

                /raises eyebrow

                1. Ross K Silver badge
                  WTF?

                  Re: @Invidious Aardvark

                  Dotlard? Dotflab?

                  Kinda childish, don't you think?

                2. Anonymous Coward
                  Anonymous Coward

                  Re: @Invidious Aardvark

                  ""And the car owner in such a case wouldn't be an complicit to robbery unless you could prove beyond a reasonable doubt that he knew what the stranger was

                  up to.""

                  "Which is pretty easy. And it's not likely to be particularly difficult to prove beyond reasonable doubt that the new site's admins know that it's being

                  used for illegal purposes."

                  You are moving the goalposts.

                  You are analogizing from a car owner giving a lift to a criminal with whom he has personal interaction, to a service provider offering encrypted storage to end users whose motivations can't be known before the sale.

                  In the first situation, you ddon't contradict my argument that the car owner would get off unless the state could prove he knew that he was transporting a fleeing criminal.

                  But in the latter situation, you are suddently arguing that general as opposed to specific knowledge would be sufficient to establish criminal liability. Claiming that a file hosting is liable by analogy to the former situation doesn't do you any good, because there would be scant opportunity for the service provider to know anything about its customer.

                  "Justice isn't blind and stupid. Oddly enough, rules-lawyering doesn't tend to always work in courts of law, because it's the intent that matters. And we

                  all know already that Dotlard intends to make a wodge of cash out of creating a shared home for illegal content. Dress it up with pretty words as much

                  as you like, but that's what he's going to do and the only way for him to realistically get away with it is to keep paying a lot of expensive lawyers to

                  try to keep one step ahead of the prosecution, and hope that they have less expensive lawyers."

                  And profitting from selling file hosting is not illegal in itself. You are arguing something which is not even in EU or US law.

                  A service provider is not responsible for user generated content, unless it acquires specific knowledge or fails to act on a valid take down notice.

                  General knowledge is not sufficient, and even the theory of willful blindness has its limit. You may be willfully blind if you blind yourself to something specific which you has the technical ability to verify, but you can't be willfully blind as to something which is technically impossible to know.

                  "I am not a criminal because I help strangers hiding their activities."

                  ""Actually, in other walks of the law: You are. Simply closing your eyes to the details does not reduce responsibility in most criminal pursuits (smuggling,

                  handling stolen goods, supplying weapons et al). Again: The law isn't stupid. 'dislike' as much as you like: It doesn't change the fact that Dotflab is

                  likely to be investigated and tried for it in the long-term."

                  You are trolling, and I don't have time to explain why all your analogies are either inapposite or deadly wrong.

                  But suffice to say that we are not talking about offering an online drug mall but a service whereby people can exchange encrypted information.

                  You are conflating the desire to offer encryption with a clear intend to facilitate illegal conduct.

                  Encryption is a neutral technology. Under your police state theory, the developers of Tor, I2P and FreeNet and other anonymity facilitating networks would be criminally responsible on the theory that they should know that someone somewhere is using the software to do illegal things.

                  1. Psyx
                    Facepalm

                    Re: @Invidious Aardvark

                    "You are trolling, and I don't have time to explain why all your analogies are either inapposite or deadly wrong."

                    Deadly wrong? Like... I'm going to die from making them? And *my* analogies are flawed? :O

                    Look: Like it or not, people who actually work in the legal profession with actual law degrees are going to have a very good attempt at nicking Dotlard (yes: It's childish, but frankly if I wanted anything less than childishness, I wouldn't get my IT news from El Reg) for what he's doing and going to be doing. We will see just how well he gets away with it when he invariably gets taken to court. Until then both of our legal theories are just the idle speculation of people who don't actually get paid to prosecute people.

                    As regards the difference between ISPs linking illegal content and individuals legal content, we already have seen evidence that what is good for the goose is NOT good for the gander, and individuals can get slapped with fines for that kind of thing. You can't state with any certainty that what he is doing is going to be legal when he has his day in court. On the other hand we all know darned well that his actual intention is to make money out of a site focused on illegal file sharing. To my mind it's going to be a lot easier to prove that he has done something illegal than it will be to claim that he doesn't know of any crime or intends to facilitate any crime.

                    "You are conflating the desire to offer encryption with a clear intend to facilitate illegal conduct."

                    No, I'm conflating a history of running sites blatantly used for illegal fire sharing with a desire to run another website used for illegal file sharing. Once again: Prosecution services aren't morons.

                    "Encryption is a neutral technology."

                    It is, but how much water does the "It's encrypted, I didn't know" defence hold when the users put the encryption key either in the file details or at the end of a link saying "Encryption keys here", as I suspect will happen... A LOT. The admins would have to be wilfully blind to ignore it, and offended movie/music companies could easily swamp Mega with enough take-down requests a day to require enough staff to make it financially un-viable.

                    In short: This will sink if the authorities and recording industry want it to badly enough, regardless of any amateur barracks-room lawyering on your behalf.

                    1. Mad Mike
                      FAIL

                      Re: @Invidious Aardvark

                      "Look: Like it or not, people who actually work in the legal profession with actual law degrees are going to have a very good attempt at nicking Dotlard (yes: It's childish, but frankly if I wanted anything less than childishness, I wouldn't get my IT news from El Reg) for what he's doing and going to be doing. We will see just how well he gets away with it when he invariably gets taken to court. Until then both of our legal theories are just the idle speculation of people who don't actually get paid to prosecute people."

                      Yep, you're right. The best legal minds in several countries, some governments and law enforcement agencies have already had one go and made such a good attempt at it. After all; they got him and can get him again. The only problem is; they didn't get him. So far they have shut him down, but the judicial system has now declared pretty much everything they did illegal and even opened the opportunity for him to sue for damages, probably running into hundreds of millions, maybe even a billion. That's going to hurt. So, the legal profession and best legal minds so far have dismally failed. They have even managed to make him into a good guy in the minds of a good few people.

                      "No, I'm conflating a history of running sites blatantly used for illegal fire sharing with a desire to run another website used for illegal file sharing. Once again: Prosecution services aren't morons."

                      So, what you're saying is 'once a crim, always a crim'. Legal systems have lots of safeguards to prevent exactly this. Otherwise, someone up on a burglary charge would simply have their previous rap sheet of similar offences and be found guilty without any evidence at all. After all, they've done it before!!

                3. Invidious Aardvark

                  @Psyx

                  From what I can see so far, Kim's intention is to make money from people by offering a secure, cloud-hosted, file storage service. Your suspicion that he's creating this as a place for illegal content is not based in fact and, sad to say, the law does actually require facts to prove a case.

                  Kim can easily point out that he has no knowledge of what data is stored on his service (nor should he know) and that it has substantial non-infringing uses. As long as he cooperates with any legal requests by law enforcement agencies (though what he could do is questionable if all content is encrypted and he doesn't have access to any means to decrypt the data), he's in the clear.

                  "...it's not likely to be particularly difficult to prove beyond reasonable doubt that the new site's admins know that it's being used for illegal purposes." Really? If every file is encrypted, how can this be proven? Using your logic you could argue that google knows that YouTube is being used for illegal purposes and thus should be in the dock beside Kim.

                  1. Psyx

                    Re: @Psyx

                    "Your suspicion that he's creating this as a place for illegal content is not based in fact."

                    Seriously? He's actually a saint?

                    If they really want him that bad, a wire or communications tap put in place now would undoubtedly catch plenty of references to his prior knowledge of illegal use.

                    The COURT has to assume innocence until proven guilty. Investigations and prosecution services tend to start by knowing the person is guilty and then assembling the evidence to prove it in court. And I don't think any of us can look each other in the eye and proclaim Kim isn't basically trying to flick the bird at the authorities and carry on doing what he has been doing. Eventually, he will get nailed for it, because deliberately annoying massive industries is not a clever thing to do.

                    1. Mad Mike

                      Re: @Psyx

                      "Seriously? He's actually a saint?"

                      Nobody is saying he's a saint. However, it isn't up to him (or anyone else) to prove he is. It's up to the appropriate prosecuting authorities to prove he isn't. Without your argument, you would deciding guilt or innocence on the basis of the distance between their eyes.

                      "If they really want him that bad, a wire or communications tap put in place now would undoubtedly catch plenty of references to his prior knowledge of illegal use."

                      Well, they could do if it a LEGAL wire or communications tap. Unfortunately, the last time they tried that, it was declared illegal. They'd be really brave (or very stupid) to try that stunt again.

                      "The COURT has to assume innocence until proven guilty. Investigations and prosecution services tend to start by knowing the person is guilty and then assembling the evidence to prove it in court. And I don't think any of us can look each other in the eye and proclaim Kim isn't basically trying to flick the bird at the authorities and carry on doing what he has been doing. Eventually, he will get nailed for it, because deliberately annoying massive industries is not a clever thing to do."

                      Wholesale wrong. Proper investigative and prosecution services start by SUSPECTING they're guilty and then set about proving it. Once they have proven it to themselves, they attempt to prove it in court and if successful KNOW they're guilty.

                      1. Psyx

                        Re: @Psyx

                        "Without your argument, you would deciding guilt or innocence on the basis of the distance between their eyes."

                        Reductio ad absurdum.

                        You are no more a legal expert than I. I'm simply siding in debate with the people I see as 'winning': The recording industry and their wall of lawyers, the prosecution services, and the US authorities. It doesn't really matter who is morally right or wrong, or right at first-pass gut-instinct to people who don't have any real detailed knowledge of the legal system. We can all see that Kim is going to be acting as an enabler to copyright abuse, we can all see that he isn't popular, we can all see how this is probably going to end.

                        "Well, they could do if it a LEGAL wire or communications tap. Unfortunately, the last time they tried that, it was declared illegal. They'd be really brave (or very stupid) to try that stunt again."

                        Or they could just bother to do the right paperwork, I guess. For all other poster's complaints about the corrupt judiciary, I believe it was the judge who threw out the wire-tap evidence, wasn't it?

                        "Proper investigative and prosecution services start by SUSPECTING they're guilty and then set about proving it. Once they have proven it to themselves, they attempt to prove it in court and if successful KNOW they're guilty."

                        Investigative services are allowed to take prior behaviour, suspicion, and inadmissible evidence into account, and courts aren't. Any copper sitting at home for ten minutes on the Megaupload site could see what was going on. Then they can take it to prosecution services and say "is this actually illegal" and get told what to actually look for.

                4. Mad Mike
                  FAIL

                  Re: @Invidious Aardvark

                  "Which is pretty easy. And it's not likely to be particularly difficult to prove beyond reasonable doubt that the new site's admins know that it's being used for illegal purposes." (Psyx)

                  If this were the case, then the owners of Google and many other websites would already be in prison. Maybe DotCom knows it will be used for illegal purposes, but Google is already used for illegal purposes as well (and so are many, many other websites), but I don't see their owners running scared.

                  Just because you KNOW your website COULD be used for illegal activities does not make you complicit in these activities and guilty of breaking any law. You have to be shown to have KNOWN and ACTIVELY aided in the criminal enterprise. Simply providing a service that is used both legally and illegally does not qualify in this. Otherwise, every car dealer would be guilty as they must KNOW that sometimes their cars are used in armed robberies?

            2. Anonymous Coward
              Anonymous Coward

              Re: @Invidious Aardvark

              'If there are a bunch of encryption keys stored publicly on a website and the Mega file owner's public user details shown on the site say "check this URL

              for content details" and then link to the site (and I imagine this is what might well happen), then it's not going to be legal plain sailing.'

              In that situation, the service provider is still only liable if it fails to take down the content. Service providers can't be forced to use DPI or other privacy invasive techniques on user generated content.

              This is roughly both the law in the EU and US. The European Court of Justice ruled so in a Belgian case brought against Netlog by the local collection society.

              'I'm also unconvinced that one can legally wipe one's hands clean if one has reasonable suspicion that the law is being broken. If there are a zillion files

              on the site each the length of a movie, then I'm not sure Kim can play innocent any more than someone saying "I was just giving a hitch-hiker with a mask

              a lift from the bank. I had no way of knowing he'd just robbed it".'

              And the car owner in such a case wouldn't be an complicit to robbery unless you could prove beyond a reasonable doubt that he knew what the stranger was up to. The fact that the defense does not always work or lets criminals go free is no argument against it.

              You can't extrapolate from anonymity, encryption and file sharing to law violation. Even if I wanted I could legally set up a local offline dropbox, in which people (anonymous strangers) could deposit encrypted packets. Of course, such a system could and would likely be abused, but I am not a criminal because I help strangers hiding their activities.

              The fallback argument that it should still be illegal, because it makes it difficult for the police or government or big business to enforce their claims is worthy of a police state.

            3. amanfromMars 1 Silver badge

              The Law is an Ass and always Falters and Fails against Advanced Intelligence

              .....and judges weren't born yesterday..... Psyx Posted Monday 10th December 2012 09:28 GMT

              I think you will find that they definitely are/were, Psyx, and in more senses than just one. And they are easily bought too, aren't they, in so many cases whenever the status quo is challenged to change to accommodate a new future?

              1. Psyx
                FAIL

                Re: The Law is an Ass and always Falters and Fails against Advanced Intelligence

                "I think you will find that they definitely are/were, Psyx, and in more senses than just one. And they are easily bought too, aren't they, in so many cases whenever the status quo is challenged to change to accommodate a new future?"

                Do you actually know any, or are you just saying what everyone else says, based on a few things printed in tabloids?

                1. Mad Mike
                  FAIL

                  Re: The Law is an Ass and always Falters and Fails against Advanced Intelligence

                  @Psyx.

                  I think the evidence is all around. Basically, judges get 'perks' of one form or another from various industries. Politicians (who 'craft' the laws) get 'election funds' etc. from the same sorts of industries. Lawyers get their money from various industries. The better paid the lawyer, the more chance you have in court generally. So, all in all, it pretty much looks like the politicians are in hock to certain businesses and make laws appropriately, the judges are in hock as well, and the businesses in question can afford the best lawyers and therefore 'buy' the law that way.

                  You only have to look at where politicians 'election' funds come from and evidence like that to see how the money is flowing and what it's buying. All with a veneer of legitimacy.

                  I actually like what Dot Com is doing as it is playing the politicians, courts and laws at their own games. He is creating a veneer over his business to hide any dodgy dealings that may be going on (not saying there are dodgy dealings, just that there could be). This is exactly the same thing that politicians etc. do with their 'incomes'.

                  1. Psyx
                    FAIL

                    Re: The Law is an Ass and always Falters and Fails against Advanced Intelligence

                    "I think the evidence is all around."

                    Such as? I'm interested to what evidence there is of this. You're just dreaming stuff up.

                    "Basically, judges get 'perks' of one form or another from various industries."

                    Umm... no, they don't. Not in this country (UK). That would be a criminal offence. As it probably is in the US, too.

                    "Politicians (who 'craft' the laws)"

                    Under Common Law? Are you sure? This isn't Europe. You might want to look into how the legal system works, rather than just pointing your finger at it and complaining. I used to be pretty ignorant about it too, and so believed that the judiciary was critically flawed. Then I actually read up on how it worked. I still find it flawed, but certainly not in the way that you claim that it is.

                    "get 'election funds' etc. from the same sorts of industries. Lawyers get their money from various industries. The better paid the lawyer, the more chance you have in court generally. So, all in all, it pretty much looks like the politicians are in hock to certain businesses and make laws appropriately, the judges are in hock as well"

                    Even if Lawyers are well paid and politicians are bent, that has *nothing* to do with lawyers. You might as well say that apples are expensive, and bananas are bent, so pears MUST be mould-ridden.

                    "and the businesses in question can afford the best lawyers and therefore 'buy' the law that way.

                    You only have to look at where politicians 'election' funds come from and evidence like that to see how the money is flowing and what it's buying. All with a veneer of legitimacy."

                    Again: That has nothing to do with judges.

                    You have labelled judges as corrupt by putting them in the same sentence as lawyers and politicians. That's not an argument; it's irrational.

                    Again: Do you know any judges and can you cite ANY direct evidence that they're all corrupt?

                    "I actually like what Dot Com is doing as it is playing the politicians, courts and laws at their own games. He is creating a veneer over his business to hide any dodgy dealings that may be going on (not saying there are dodgy dealings, just that there could be). This is exactly the same thing that politicians etc. do with their 'incomes'."

                    I hate to break this to you, but this is the same thing that every wealthy person does: Bends the law as much as they think they can, and hides behind lawyers and PR BS. It's the job of the judiciary to try to cut through the BS and try to make them accountable to the same laws that you and I are accountable for, regardless of how rich their lawyers are. Is that a reprehensible career choice in your mind?

                    How about the endless days sat there trying to ensure both a fair trial and justice for everyone, and that the criminal under-classes don't literally get away with murder, while dealing with a professional life replete with threats? Is that corrupt?

                    Kim is no Robin Hood: Just another crook, but one with a PR appeal for getting away with it slightly higher on the scale than government ministers, but lower than Branson and Bono.

            4. xpusostomos

              Re: @Invidious Aardvark

              It doesn't have to be plainsailing for everyone, only for mega that counts.

              While nobody can know what the law ends up saying, your argument is just as strong against something like Google, who must be aware that a lot of the stuff they link to or even host must be copyright. Sure they take the stuff down when they find out about it, but so will mega.

              1. Psyx

                Re: @Invidious Aardvark

                "Sure they take the stuff down when they find out about it, but so will mega."

                Google have the manpower to do it, though.

                The recording industry could simply swamp Mega with take-down requests at the rate of a few thousand a day. Mega can either then comply and not be business-viable due to admin costs, or it'll sink. It's a technique that's been used before.

                1. Robert Heffernan
                  Trollface

                  @Psyx

                  " The recording industry could simply swamp Mega with take-down requests at the rate of a few thousand a day. Mega can either then comply and not be business-viable due to admin costs, or it'll sink. It's a technique that's been used before."

                  thats very true, if i was doing it i would provide a simple page for content owners to use that they can provide a link to illegally hosted content, some type of evidence that said file actually is infringing and a captcha so that you can be sure the page isnt being "abused" by spam bots, etc.

    2. ScissorHands
      Devil

      Standard Operating Procedure

      It's been ages since filesharers are posting password-protected RARs. Some were even encrypted.

      1. John Brown (no body) Silver badge
        Thumb Down

        Re: Standard Operating Procedure

        "posting password-protected RARs"

        That wasn't for security or to protect themselves from riaa/mpia and the like. That was to send users to a landing page with adverts and referral schemes to make money.

    3. xpusostomos

      You can still do that, you just post the key on the end of the URL, probably. mega.com/foobar?mykey=baz

      The point is, mega now have plausible deniability. They don't know the URL that can access the data, only you do and whoever you give the URL to. If you post it publicly, sure the feds can chase it, but they can't blame mega, because they never knew anything.

  4. tempemeaty

    Security for users of the inter-tubes?

    I wonder if this will engender a greater sense of security with users in a now incredibly tyrannical US government snooping environment on the Internet. As a user of the Internet I welcome things like this while trapped in world like this where governments give tyrannical authority to and aid organizations in confiscation of children's laptops over downloads that never happened and arrest people like Kim on the say-so of such organizations or tyrannical governments like the one in the USA.

    1. amanfromMars 1 Silver badge

      Re: Security for users of the inter-tubes?

      I wonder if this will engender a greater sense of security with users in a now incredibly tyrannical US government snooping environment on the Internet. As a user of the Internet I welcome things like this while trapped in world like this where governments give tyrannical authority to and aid organizations in confiscation of children's laptops over downloads that never happened and arrest people like Kim on the say-so of such organizations or tyrannical governments like the one in the USA. ... tempemeaty Posted Monday 10th December 2012 01:22 GMT

      A tyrannical government is a stupid failed government, for it generates for itself a whole range of novel and significantly more intelligent enemies, both phantom virtual and physical real, both within itself and outside its perceived realms of power and play, which it doesn't influence and cannot control. And as systems and systems administrators get smarter internetworking, does power and control with global operating devices in communications channels seed new feeds and deeds which take over from and/or destroy such as are as fools in their madness with their madness and the idiot savant in his increasingly self destructive state of delusion .... should they fail to see the light and the error of their ways.

      1. Anonymous Coward
        Anonymous Coward

        Re: Security for users of the inter-tubes?

        Oh shit I just upvoted amanfrommars.

        I think I must be loosing my mind.

        Daisy. Daisy...

        1. amanfromMars 1 Silver badge
          Boffin

          Security? What Security? Those battles are long ago lost. Now is it just a matter of price and cost

          Yes, that is all that is needed, AC, and it is not the end of the world yet, as you know it, is it? And so much better than losing your mind, too.

          However, be in no doubt that things have changed more than just fundamentally, and there is nothing you can do about it unless you can control ...... well, I suppose it would be most accurate to classify the IT Feed Seed as Virtual Eventing.

          A little something irregular and unconventional from GCHQ for the New Year and the Future to report on, El Reg? :-)

          1. Curtis

            Re: Security? What Security?

            I've been away too long, when did amanfromMars1 start speaking in coherent sentences? or have i finally "slipped the trolley"?

    2. David Hicks
      Stop

      Re: Security for users of the inter-tubes?

      "incredibly tyrannical US government"?

      Holy moley do you need to recalibrate your sensors, unless by "incredibly tyrannical" you mean "It's hard to believe how tyrannical the US government is because it's not very tyrannical at all".

      There are a lot of dodgy things going on in the western world with respect to individual liberty and privacy. There is abuse of power by governments. However Obama is not an arbitrary (unelected) or absolute ruler and the abuses by the state in the US, while occasionally heinous, are not that bad compared to ... say anywhere that actually has a dictator.

      There is much injustice to be fought, but hyperbole doesn't really help.

  5. mr. deadlift
    Coat

    if you could...

    collect entropy. would you have perpetual energy?

    okay the second law of thermodynamics is about disorder to a physical system, i'm not much of a physicist so im a little curious.

    1. Filippo Silver badge

      Re: if you could...

      In this case, "entropy" means "randomness". It has nothing to do with physical energy.

  6. southpacificpom
    Paris Hilton

    Santa

    Yes, Kimmy is a jolly old Santa. Rumour has it that Assange and McAfee are to appear as two of the wise men in the show...

  7. Parax
    Meh

    GCSB Case File.pdf

    Is a bit thin though. only 115kb isn't many pages.

  8. Flawless101
    Mushroom

    Interesting

    File storage websites having been dropping like flies recently. Rapidshare basically just ended itself too by having 30 GB only of publicly accessible data.

    I wonder how long this will last?

  9. FSM

    Pseudo-random?

    I don't know that much about the maths of this, but I thought you were supposed to "get" entropy from an unpredictable source, such as radioactive decay, rather than something VERY predictable, like ones mouse and keyboard use?

    I believe that /dev/random gets noise from attached hardware devices in order to fill an entropy "pool", I believe the term is.

    OK, exam over, feedback please!

    1. DavCrav

      Re: Pseudo-random?

      "I don't know that much about the maths of this, but I thought you were supposed to "get" entropy from an unpredictable source, such as radioactive decay, rather than something VERY predictable, like ones mouse and keyboard use?"

      Well, mouse movements are very random. If you add up the mouse movements since your computer was switched on, or just tell the user to move the mouse around for ten seconds, then there is no way you can predict that. You have to be spot on, down to the pixel, if you want to guess it. Keyboard strokes maybe less so, but again if you have ten seconds with "Go mad on the keyboard" on the screen, it should be fine.

      1. Robert Grant
        IT Angle

        Re: Pseudo-random?

        This is totally normal; don't know why the article author also thought it was intriguing. puttygen has been doing it since the year 2000.

      2. David Barrett

        Re: Pseudo-random?

        Bash the keyboard like a mental monkey... Pretty sure I saw this message in some encryption software in the 90s.

      3. lotus49

        Re: Pseudo-random?

        Radioactive decay is a good (possibly even perfect) source of randomness but not one widely available. In any event this has been largely replacement by Zener diode noise as a source of randomness but this also requires hardware.

        Mouse and keyboard movements are not predictable as long as the resolution is high enough. The exact movements to the pixel measured in milliseconds are not truly random but are really almost as good as one of the above sources for all but the very highest security requirements. Linux has been using an entropy gathering daemon for at least 10 years based on these sources and I have never seen the reliability of this seriously challenged.

        Most pseudo RNGs are not sufficiently cryptographically secure but the EGD is as good as any private individual is ever likely to need.

      4. FSM

        Re: Pseudo-random?

        Hang on, surely mouse and keyboard use are among the most predictable entropy sources possible?

        Consider for a moment the likelihood that someone has moved their hands to the left or right, rather than up or down, given our wrist and the movement it makes the easiest.

        And for the keyboard, if you're sourcing what people type and they're not aware of the fact that they are participating in entropy "gathering", what's the likelihood they've been using the most common characters the most?

        Maybe I'm misunderstanding the concept, but I can't think of a worse choice for getting entropy.

        1. Charles 9

          Re: Pseudo-random?

          The thing is, mouse movement is near-analogue, timing-sensitive, and simultaneously bi-axial. What that means is that, at any given moment, a mouse can determine how far along in two different axes it has moved since the last time it checked. And since humans by nature cannot move very precisely, a mouse with nice high resolution would provide plenty of randomness simply from the slight variations of movement your hand makes on the mouse: Even if you move in one direction, you could be faster one moment, slower the next, drifting up and down, and so on.

          As noted, a keyboard is not the best source of entropy, but with enough variables you can still get some use out of it, especially if you add key timing (another randomness variable) in addition to the values pressed.

    2. Filippo Silver badge

      Re: Pseudo-random?

      I don't think I have a "true random" number generator in my PC. Picking up a pseudorandom number and adding some noise from devices and some noise from mouse movements is the next best thing. Yeah, mouse movements aren't random, but that doesn't mean you can't use them to add some entropy to a number.

    3. stanimir

      Re: Pseudo-random? /dev/random

      check about writing to /dev/random, yes it's possible to write there as well

      Mouse moves and keyboard timing aint anything predictable.

  10. takuhii

    Kim.com... Kim Jong Ill more like...

  11. This post has been deleted by its author

  12. Nifty Silver badge
    Angel

    Random numbers

    I programmed a random number generator on game to seed based on timing the gap between some user keystrokes in microseconds, to avoid the game always startling the same way. So the mouse entropy idea is a more sophisticated way of doing similar. Ah those BBC Micro days!

    1. Spoonsinger

      Re: Random numbers

      Used a similar technique but mixing the key strokes timings with the refresh register on the Z80 - for the 'other' computers. Somewhat better than using a fixed seed string in my experience. (eek, my old aching bones).

  13. Jeff 11
    Stop

    'I'm also unconvinced that one can legally wipe one's hands clean if one has reasonable suspicion that the law is being broken. If there are a zillion files on the site each the length of a movie, then I'm not sure Kim can play innocent any more than someone saying "I was just giving a hitch-hiker with a mask a lift from the bank. I had no way of knowing he'd just robbed it".'

    The idea of total client side encryption and decryption is that the storage service fundamentally CANNOT know anything about the data that's being sent to it - in theory it'll be about as legally responsible as your ISP for not knowing what's going through your HTTPS connections.

    1. Charles 9

      Sounds much like a cloud version of TrueCrypt's system, in that the whole filesystem is encrypted. Probably goes a step further and encrypts individual files on top of that. So it would take two keys to reach a file: a filesystem key and a file key. Still, it would have the desired results.

  14. kparsons84

    Cheltenham

    give the cryptography clowns there something to do wont it.

  15. Filippo Silver badge

    user-side crypto

    Sounds like a good idea. In practice, people who use this to share movies will just share their keys very freely. Possibly embedding them in the URL. This obviously nullifies the security aspect, but that's irrelevant - those users actually want other people to be able to read the file.

    As a bonus, if you want an online storage that has security, you can actually just use this and not share the key. But it's really a side benefit. The real point is giving Kim plausible deniability, and for that purpose the scheme seems to work well.

  16. Curtis

    A point has been missed

    For all that I've seen discussion of a) the encrypition and b) the sharing of encrypted files i think a point has been missed.

    this will include a "mail" type service....

    i postulate this, you will click a link to download, have to LOG IN, and the item you are looking for is in your "mailbox". as you download it to your computer, the software decrypts it with a public style decrypt provided by the linker/uploader.

  17. Anonymous Coward
    Anonymous Coward

    I'll bet money

    ...that his new site is soon to have the same FBI "Closed for Biz", notice as his old site.

  18. Winkypop Silver badge
    Trollface

    The dodgy corrupt bad guys versus

    The dodgy corrupt good guys.

    SNAFU

This topic is closed for new posts.