Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here's the part I don't get:

IP addresses, file ownership and payment info are stored unencrypted (http://bit.ly/VswkJi). If someone or something is advertising they have a trove of copyrighted material, the standard procedure for law enforcement is to subpoena the cloud provider for the IP of the user, then the ISP for the subscriber's physical name/address. When they confiscate their computer they'll find the data on there. What is to stop this from happening with Mega? Do they not have to respond to these subpoenas in New Zealand? What if CP is involved - will they respond then, even if not compelled by the law?

I don't understand how end-to-end encryption protects illegal file sharers if the file ownership information is stored unencrypted. I understand Mega's value prop is encryption, NOT illegal sharing, but my question remains.



Why is bit.ly showing up so often these days? https://mega.co.nz/#help_security


because HN's markup is stupid


Hmmm, I'm afraid I' going to need a bit more detail than that... it's been fine for years and nothing's changed that I know of.


Because dumber people are using HN now ? Somehow they can make links to bitly but they cannot use the exact same "markup" to link to the direct url. Especially given that there is no markup for url per see, you just type it ...


For a server in New Zealand I assume it would be covered by our three strikes law (http://3strikes.net.nz). Rights holders can send infringement notices via the users ISP for a $25 fee. After three notices (from the same copyright holder) they can then take you to our copyright tribunal for damages.

From what I've heard some notices are being sent out, but RIAA have been complaining that the $25 fee is too high.


Did you mean too low?


No, RIAA has to pay the $25 fee to send an infringement notification. Therefore, they want the fee to be lower.


What they really mean is they want to have automated systems do it for them without worrying.


If each infringement "costs" them $150,000 then $25 is a small price to pay...


This is NOT America .. http://www.stuff.co.nz/technology/digital-living/5887377/Fir...

http://www.stuff.co.nz/technology/digital-living/8242164/Dow...

$ 25.00 can be considered a rather high fee for those sort of returns [I think].


>I don't understand how end-to-end encryption protects illegal file sharers if the file ownership information is stored unencrypted.

It doesn't. Who said it was supposed to?

In theory it protects Mega from the argument that they know what the data is and aren't stopping it, because now they can't know, but YouTube isn't encrypted and nobody expects for them to be shut down, so I'm not sure to what extent that is really even necessary.


If someone or something is advertising they have a trove of copyrighted material, the standard procedure for law enforcement is to subpoena the cloud provider for the IP of the user, then the ISP for the subscriber's physical name/address. When they confiscate their computer they'll find the data on there.

Has that ever happened in a copyright case? I get the impression that police are too busy with actual crime to investigate anything less than mega-size infringement.


Yes, frequently. Typically media does not cover smaller instances of a copyright investigation and thus the impression that this only happens in mega-sized instances.


They go after the so-called release groups, too, if the news is to be believed.


Encryption is only a legal defense for Mega and their partners, but i'm really waiting to see how the Dotcom campain will change after the first bust


I believe encryption will buy them some time until the law catches up, then poof.


What do you expect the law to prohibit? Encrypted data?

The issue with file lockers is this: The service that actually hosts the file doesn't know what it is. It would be totally impractical for e.g. YouTube to preemptively screen all uploads for infringement by hand. It's just not economically possible.

So YouTube has a lot of infringing stuff on it. They also have a screening system which does fingerprinting etc., which keeps a lot of infringing stuff off (and also keeps plenty of non-infringing stuff off when there are false positives.)

But you can't even do that when your service is general purpose rather than specific to video. You don't know what a password-protected RAR archive has in it, you can't fingerprint it. So there is a ton more infringing stuff on the general purpose sites. The file locker takes it down as soon as the copyright holders identify it, but then the infringers just upload it again in ten minutes.

So you say, go after the uploaders. Okay, they're in non-extradition countries or are using anonymizers. Now what?

There are two fundamental facts that make stopping copyright infringement extraordinarily difficult: First, sending bits is very, very much cheaper than identifying what they represent and whether it's infringing. Second, normal law-abiding people have a legitimate interest in the privacy of their communications. In other words, good people need the same encryption that bad people abuse, and even if they didn't, there is too much volume to economically sort it by hand anyway, and the algorithmic methods are unreasonably inaccurate. (See: huge list of all the stupid nonsense YouTube ContentID does.)

So we have a problem without a good solution. What law do you propose could fix it?


Great response. I'm not proposing any new laws, but my belief is that a judge will ultimately disagree with your statement that "The service that actually hosts the file doesn't know what it is."

You're correct that an automated service can't identify/fingerprint these digital files, but if I go to mega-search.me and see tens of thousands of copyrighted movies/music/software, it's impossible to say, "I didn't know there was illegal material on my server."

Where YouTube keeps the rights holders at bay is by having those screening mechanisms in place. If Mega's design can't make that possible, and they as a company don't take actions to protect copyright holders, then I see the courts finding a basis to shut them down - on what basis I don't know, but I don't imagine major copyright holders sitting idly by.


>You're correct that an automated service can't identify/fingerprint these digital files, but if I go to mega-search.me and see tens of thousands of copyrighted movies/music/software, it's impossible to say, "I didn't know there was illegal material on my server."

Sites like mega-search.me are operated by different people from the ones who host the data. In any given case the data hosts don't even necessarily know they exist, much less the content of the links or whether they're licensed. They have no better ability than the copyright holders themselves to discover the links and a far, far worse ability to know which links the copyright holder has licensed, which is why we put it to the copyright holders to identify them.

Meanwhile the link sites are extremely lightweight. You don't need a CDN with regional caching or any of that, you can host the whole thing from a single location for the whole world. So shutting down the link sites is whack a mole. Shutter one and a different one will be up and running in less than a day.

Again, it's an economic problem. It's not about the structure of these entities or who knows what. Changing the laws might move around the pieces on the board but it doesn't change the nature of the game. It doesn't change the fact that it costs millions of times less to send bits than to accurately filter them. You can't change economic reality so easily.

In theory we could put the genie back in the bottle, but that doesn't mean "shut down The Pirate Bay and mega-search.me," it means "shut down the Internet and stop having computers." Because computers are what create the underlying economic conditions that lead to the issue. And I have to hope that nobody is seriously suggesting that would be an acceptable trade off.

I am not one of these people who thinks we should get rid of copyright. But you can read the Das Capital as a mostly accurate criticism of the failings of capitalism without accepting Marx's conclusion that communism is preferable. The facts on the ground have changed. Copyright has to change to adapt. "Change" doesn't have to mean "abolish" but it certainly means that trying to change the modern world to fit copyright is a stupid idea when we can far more sensibly change copyright to fit the modern world.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: