DropBox
Does this mean my content on DropBox is knowable?
PayPal has pulled support for Kim Dotcom's Mega. Dotcom claims the decision was made following pressure on Paypal from Visa and Mastercard. Paypal, Visa, and Mastercard have been contacted for comment. In a statement Paypal refused to elaborate on the grounds of customer privacy saying only that it terminated the …
Totally idiotic decision. From all I'd read MEGA were DMCA compliant but it seems the gripe is that they don't remove underlying files where deduplication is used (which sounds pathetic). So A uploads legit copy as backup, B uploads pirated copy, deduplication takes over. RIAA want A's legit copy removed... :boggle
Sadly this guy and/or his businesses are in a damned if you / damned if you don't scenario. None of the decisions against him seem like due process, ie
Court rules Dotcom as a 'fugitive' and takes his money - https://www.techdirt.com/articles/20150227/18171630168/us-court-rules-that-kim-dotcom-is-fugitive-thus-doj-can-take-his-money.shtml
So A uploads legit copy as backup, B uploads pirated copy, deduplication takes over. RIAA want A's legit copy removed... :boggle
Pirated copies are not usually similar to legit copies, since they omit all the crap. It's rather than the same pirated copy was available under multiple addresses, and the RIAA wanted a complaint for one single address to take down all the others.
Allegedly, internal communication of Mega shows that they were deliberately not doing it. Also allegedly, you are not allowed to backup your legit copy…
Please note that I said RIAA. Albums don't tend to come with the ridiculous enforcements / restraints that the MPAA insist on being used for dvds / blurays etc.
All 'decent' ripping software uses a database of known checksums to ensure the rip matches other verifiable rips for archival reasons, which is a good thing for those backing up their purchases.
Because mega employs Convergent Encryption (Same as Bitcasa/Taho-LAFS). It means if you know the hash and locator, you can decrypt the data. Presumably Mega stores the file as a hash, so it can tell if the file already exists. Shared links, I presume, contain the locator. Due to a quirk of convergent encryption, if you have the unencrypted file and any file encrypted with the same hash, you can recreate the locator. So the file becomes verifiable at the point of encrypting another copy. (And de-duplicatable as it can dump the file you just supplied, and give you the derived locator for the original encrypted file to replace your own.) It does mean that if a company wants to take down a file from Mega, it needs to provide the original source *file*, or the file's hash, and ask for the copy to be removed. (Google: "Drew Perttula and Attacks on Convergent Encryption" for a better write-up.)
In most civilised* countries, the supplier of goods and services can choose who to deal / not deal with, unless they are in a position of market power. Given that there are limited payment processing options, there could be an argument that this amounts to collusion to use the market power of PayPal, Visa and Mastercard to effectively try and put MEGA out of business. One more reason to hate Paypal I suppose.
*yes, I know it's the USA we're talking about...