back to article Mega launches with mega FAIL

Kim Dotcom's new cloud file locker, mega.co.nz, has all-but-failed to appear online, with its mastermind claiming global enthusiasm for the site has overwhelmed its resources. But The Reg can report the site has been flaky since shortly after its launch, when the press-only login we were sent did not work. Regular attempts to …

COMMENTS

This topic is closed for new posts.
  1. Sandtitz Silver badge

    Deduplication, how?

    If all data is encrypted with different encryption keys controlled by the Mega users and not Kim&Co. (as I understood how things work here), how can they possibly use file based deduplication - efficiently, that is?

    1. Anonymous Coward
      Anonymous Coward

      Re: Deduplication, how?

      By hashing.

      Compute the hash before bothering to encrypt and upload.

      Of course this also provides a means by which "THEY" can establish whether your encrypted content matches known files (only if exact match).

      Interesting as this provides a way that actual user generated content always remains private, but (exact) pirate copies can still be detected.

      Of course rather easy to fuzz music and video content to defeat this, but probably plenty of people wouldn't.

      1. Michael Duke

        Re: Deduplication, how?

        So how do you provide the decryption key for user #2 for a file that is encrypted by user #1 if you do not have the private key?

    2. miknik
      Trollface

      Mega FAIL is the new tech launch protocol

      Haven't you heard?

      If your product launch isn't FUBARed in some way then nobody notices it. Fuck things up and get column inches from everywhere. Google Nexus 4 and Apple Maps are recent examples, it just shows you Kim has his finger on the pulse.

      Although I have no real opinion of the guy I'll be cooking up the popcorn for this one. Having the cash to rent a huge mansion and live the lifestyle he does might be enough for some people to quit once they get raided by gun toting law enforcement officers but I'm pleased to see Kim's balls are in proportion to the rest of his body when it comes to dealing with government agencies and mega corps.

      For reference, my attempt to register via my Virgin connection is currently greeted with an egg timer set for hard boiled ostrich.

    3. Frumious Bandersnatch

      Re: Deduplication, how?

      It doesn't seem likely, does it? There's one type of encryption (homomorphic encryption) that in theory could work, but in practice it won't. I won't bore you with details of that.

      The solution I would use would be to set up the front-end of the storage system to use an all-or-nothing transform (AONT) on the files, break them up into blocks and then distribute those blocks in a random order, with a single encrypted "key" being the locations and order of those blocks. So long as nobody can break into the fronted computer (or instruct it to divulge how to reconstruct a given file) then the storage is secure. Since the AONT should produce the same blocks for the same input file, you can do block-level dedup on the actual storage servers. I'd then encrypt the access key, add some validation info and send it back to the user before deleting it.

      Of course, in this scheme, you (as a user) can't trust the server not to keep the access key or to make a copy before it's encrypted, and so on.

    4. OPS

      Re: Deduplication, how?

      Hosts like Wuala already do it (they use client side encryption before upload, same as what Mega is supposed to be doing).

      Here is a post about it that explains it better than I could: https://plus.google.com/116211747541130660089/posts/f7kUWiAMzxj

      1. Anonymous Coward
        Anonymous Coward

        Re: Deduplication, how?

        None of these solutions allow for the end user to be in control of the encryption key - which is the implication.

        For de-dup to work, Mega has to be able to access the content of the file otherwise it cant make it available to two different people who may use different encryption keys.

  2. Michael Duke
    WTF?

    A little sense here please.

    How are mega.co.nz going to de-duplicate encrypted content?

    The very act of encrypting the data makes it unique, or should if done correctly. Only if you tried to upload the same content, encrypted with the same key, twice should this kick in. So you upload a folder with a heap of photos in a single operation then it will de-duplicate that data. However if two people upload the same media file (Non-copyright of course) then as far as the service is concerned that will be two unique chunks of binary data, they have to be if encrypted with different keys.

    1. jubtastic1

      Should be doable

      Just break the encrypted files down into small enough chunks and you'll find dupes, decrypting the chunk with user A's key will give you user A's data, decrypt it with user B's key will give you user B's data. At the end of the day a chunk from the middle of a file is pretty much random binary anyway.

      1. jubtastic1

        Re: Should be doable

        Replying to myself is bad form I know, but no edit, just wanted to clarify, I'm not suggesting they could dedupe two copies of Avatar, I'm suggesting they could dedupe some chunks of an encrypted copy of Avatar against some chunks of an encrypted copy of Titanic, actually, there's no reason why the source files couldn't be the same either but it makes for a more confusing premise.

        1. Eddie Edwards
          Boffin

          Re: Should be doable

          It's fairly obvious that this doesn't work. The block size has to be larger than the amount of data needed to store the pointer-to-duplicate, otherwise deduplication is more expensive in disc space. So it needs to be at least say 128 bits. The likelihood of two random 128-bit blocks matching is astronomically small. Even if you have 2^64 blocks to choose from (250 million TB of data) the chance of a match is still only 1 in 2^64. You'd have to match a 250 mega-TB corpus with another 250 mega-TB corpus to get an expected saving of 16 bytes total.

        2. Jamie Jones Silver badge

          Re: Should be doable

          In "My Posts" there is a "withdraw post" option...

      2. DavCrav

        Re: Should be doable

        "Just break the encrypted files down into small enough chunks and you'll find dupes..."

        [First note: I know little about how de-dupe works, but can take a reasonable stab at it.] That sounds perfectly reasonable, but to have the chunks at sizes where there are likely to be duplicates (assuming the encrypted files are distributed randomly across the parameter space) the number of files would be a similar order of magnitude as the size of the files, so repeating the file and referencing another file would be operations needing similar amounts of data. You'd shrink somewhat, but not much as far as I can tell.

        In the extreme case, you can produce a look-up table of all possible blocks, then just reference them, and of course this saves nothing...

      3. Frumious Bandersnatch

        Re: Should be doable

        Just break the encrypted files down into small enough chunks and you'll find dupes

        If it were that easy, you could just break it down into 1-bit chunks. But that obviously requires a bigger index than the original file collection. (Q.E.D. by Reductio ad Absurdum). Random data (such as the output of a good encryption algorithm) by definition are not compressible.

    2. Richard Boyce
      Happy

      Deduplicating encrypted data is possible

      "A little sense here please. How are mega.co.nz going to de-duplicate encrypted content?"

      With a little ingenuity. One way is to encrypt each block of data in the file with its own hash. Then you send the hash of the result to the site to see if the site already has it. Since everyone is encrypting the same way, this works. You then end up with a list of hashes/decryption keys, one for each block of plain text. If the list isn't large, you encrypt that list with your private key and upload that to accompany the encrypted data. If the list is large, you break it up into blocks and perform the same process on that file, and so on.

  3. Jon Green
    Facepalm

    Mega surprise

    If you're not a mega-corp and you try to manage mega-data in house instead of using a cloud mega-infrastructure to manage mega-peaks, you're going to get mega-stuffed when you're hit by mega-scale user demand.

  4. pewpie
    Facepalm

    It's a nice looking interface..

    That's about all I can say. The rest is pretty much useless at the moment.

    How they can claim to be 'The security company' is quite beyond me also... they are promoting a browser which development was partly funded by NSA+CIA and is known to have serious privacy concerns for the hard-core security concious among us.

  5. Anonymous Coward
    Trollface

    Hmm, this guy.

    No matter what you think about this man, he does put a spin on internet file storage that some other companies might want to consider. To throw conspiracy into the mix, I'm starting to think that a lot more people want him gone, even if copyright violations will never occur. At some point, big businesses are going to be concerned with this man.

    No, I'm not a Kim.com fan or anything, but he is appearing to be more than just a pirate captain. Could we be witnessing a crook turning wholesome white collar?

    1. jptech
      Big Brother

      Re: Hmm, this guy.

      if it makes you feel any better, My ISP is blocking mega.co.nz. When reached via proxy, I was able to sign up, but email authentications never arrived. What does that tell you?

      1. pewpie
        WTF?

        Re: Hmm, this guy.

        Your ISP is run by facists.

      2. Anonymous Coward
        WTF?

        Re: Hmm, this guy.

        WTF is right. Your ISP is already blocking it and it isn't even functional yet? Well, I can connect to it. Just found out the entire site is ran via Javascript. That's 100%, not just most of it.

      3. Anonymous Coward
        Anonymous Coward

        Re: Hmm, this guy.

        Your first point is worrying, but I don't get emails from some parts of WoT. some Stuff happens without a conspiracy.

      4. amanfromMars 1 Silver badge

        There are pathetic, crooked and right dodgy characters everywhere, aren't there?

        if it makes you feel any better, My ISP is blocking mega.co.nz. When reached via proxy, I was able to sign up, but email authentications never arrived. What does that tell you? ….. jptech Posted Monday 21st January 2013 00:39 GMT

        And your ISP is …, jptech? The more intelligence-led worlds and their dogs would like to know, for that sort of childish nonsense from supposed adults is not acceptable in a free and meritocratic society.

    2. Anonymous Coward
      Anonymous Coward

      Re: Hmm, this guy.

      This guy is a crook of the highest order, and in his case leopards really do not change their spots.

      I remember him from way back when he was just Kim Schmitz aka Kimble, running riot on UK Quake 2 servers with an aimbot and threatening anyone who dared to confront him with being DDoS'd. He actually did it too, though the word around the campfire back then was that he paid a load of real hackers to do it for him (this was a long time before that whole Osama nonsense he came up with).

      In his former life as just a regular crook he defrauded numerous people out of money through various insider trading scams, most notably pump-and-dumping Letsbuyit. Despite all of this he's largely avoided serious incarceration and ultimately amassed a wealth off the back of straight up copyright infringement.

      That all said he is a fascinating character simply because his wealth and the ability to amass more of it in spite of what would appear to be a child like persona defies logic.

      Mega will I'm sure go down a similar road to Megaupload simply because Kim Schmitz, Kimble or Kim Dotcom or whatever you want to call him has the scruples of a serial killer. He does not respect anything other than his own wealth and ridiculous self-image.

      (AC so my internet doesn't get DDoS'd)

      1. This post has been deleted by its author

      2. Richard Wharram

        Re: Hmm, this guy.

        @AC

        As I thought. He did DDoS Barrysworld in a hissy-fit as 155&Rising remembers here:

        "And beating l33t professional hax0r www.kimble.org and his aimbot in ra2, only to have him nuke b0rk.co.uk's irc bouncer afterwards and throw dos attacks at Barrysworld for the next week or so in revenge. ph34r the hacker dog ;)"

        My old Barrysworld chums will be full of stories of his great prickery.

    3. Anonymous Coward
      Anonymous Coward

      I'm not a Kim.com fan or anything

      but whenever I see his profile picture "Gangnam Style" starts playing in my head.

    4. peawormsworth

      Re: Hmm, this guy.

      All cloud services should provide encryption. There's no reason why gmail could not provide an encrypted email option where the message content is decrypted by local browser plugins or javascript or similar. The only reason not to encrypt cloud data is to allow the provider to parse and possibly sell the content. Like if you want to post relevant ads next to your content.

      In my mind there is little question that big business is concerned with largely free massive storage sites. Regardless of whether or not the content is legally shared or not, there will be the concern about control of distribution. Currently media is largely controlled by distribution companies. Companies with huge profits that largely steal from their own clients and garantee the quantity of content is kept to a minimum in order to channel sales through a limited set of artists. Distribution companies are about to die, because after all the process of distribution is basically $0. Since we all know that the consumer pays for the majority of bandwidth costs directly to their ISP.

      Finally, I just want to mention that in many countries sharing content you own with people you know is not illegal. The american legal system would have you believe that sharing what you own with those you care about is immoral. This ideal is not shared among most of the world. So although you may feel that Dotcom is/was obviously a criminal, many of us are far less convinced.

      1. Ben Tasker

        Re: Hmm, this guy. @peawormsworth

        There's no reason why gmail could not provide an encrypted email option where the message content is decrypted by local browser plugins or javascript or similar.

        Unless the email is being encrypted at the senders end, it'd make no difference whatsoever to Gmail's ability to scan and index. They'd just process it when it first hits their SMTP server instead.

        If it's being done at the senders end, you can already do that - use PGP - whilst it'd be nice to have it happen 'in browser' there's no reason GMail needs to provide this, pretty sure there are browser plugins that can do that for you.

        It's a nice idea though, but I'm not sure I'd trust my email provider to provide the solution, especially if the aim is to keep said provider out of my emails!

    5. mijj
      Holmes

      Re: Hmm, this guy.

      the whole issue would be made simpler if the US just straight out made it illegal to be Kim Dotcom.

  6. Ole Juul

    Works for me

    I don't see anything worth reporting about the site "not working". Right off the bat they were (supposedly) handling 2K signups per minute, and my guess is many times that in requests. I got timeouts in the first hour, and then I was able to sign up. However, I was not able to upload files until some hours later. How a site works under it's initial barrage of requests isn't really any indication of how it will be running after that.

  7. Haku
    Coat

    Still waiting for my signup confirmation email...

    Looks like I'm in for a (mega) wait.

    1. Best Before:
      FAIL

      Re: Still waiting for my signup confirmation email...

      Same here, I do appreciate that due to a heavy load, first day, it would be bad but lets face it its not exactly Glastonbury tickets he is selling and a user registration/automated email setup shouldn't put too much load on the system..

      You could potentially excuse a newbie company for doing this but someone with K.Com's (supposed?) knowledge of the net etc? inexcusable if you ask me..

  8. etabeta
    FAIL

    Slowwwww.....

    I was able to signup, but when I tried to upload a 1.5mb file it started at 1k and a few minutes later just stayed at 3% for about 30 minutes. At least for now, it is unusable.

  9. McBeese
    WTF?

    Why Bother?

    "You are strictly prohibited from using our services to infringe copyright. You may not upload, download, store, share, display, stream, distribute, e-mail, link to, transmit or otherwise make available any files, data, or content that infringes any copyright or other proprietary rights of any person or entity."

    But why else would anyone use MegaUpload if not for storing and sharing bootleg content? Does anyone really think it used to be be popular because of the generic service?

    No business with any kind of sense would touch this site, and I don't know why any consumer wouldn't just use SkyDrive, Google Drive, or Dropbox.

    Me thinks that the NEW MegaUpload is going to be about as successful as the NEW Napster was.

    1. Greg 16
      Alien

      Re: Why Bother?

      He said himself that it's basically a competitor to dropbox - it's not a new megaupload. I can't see how this can be touched legally, because you could only share files if you shared the account login.

      The terms and conditions are pretty much standard for any service like this (FWIW I'm also pretty sure that megaupload had similar T&C's)

      Why use it?..... 50GB free storage, or up to 4TB for 30 euros a month.

      Why's it slow right now?.... Massive publicity, 50GB free storage, or up to 4TB for 30 euros a month!

      Good luck to him.

    2. creger
      Angel

      Adult novelties

      Yeah, and certain toys that're long, smooth or dimpled and go "bzzzmmbzzzzmmmm" are "adult novelties, not for internal use". Right, sure, we believe you. I'll just get that "back massager" and go home.

      It's a legal fiction that, along with their supposed inability to decrypt the data they're storing, they think might let them get away with mass copyright infringement. Much like selling toys as "adult novelties" lets vendors get around the USA and some other countries' prudish laws (and some liability laws).

      Avoiding specific words in case of spam filter / people's stupid work proxies, in case this sounds a little bit roundabout.

  10. Anonymous Coward
    Anonymous Coward

    Clause 19 makes it plain Mega is a no-dodgy-files zone, stating "You are strictly prohibited from using our services to infringe copyright. You may not upload, download, store, share, display, stream, distribute, e-mail, link to, transmit or otherwise make available any files, data, or content that infringes any copyright or other proprietary rights of any person or entity."

    -----

    So the same statement every dodgy download site has then?

  11. pewpie
    Mushroom

    30 hours since sign up...

    ..and I haven't yet succeeded in uploading even a 170 byte text file containing the recipe for a Quarter Pounder with cheese.. frozen on 0%.............

    Wonder if it's cus I stole the recipe from Satan...

    1. DavCrav

      Re: 30 hours since sign up...

      "the recipe for a Quarter Pounder with cheese.. frozen on 0%............."

      I think the recipe should start with "1) remove from freezer" then...

  12. Anonymous Coward
    Anonymous Coward

    Sexy interface

    Very sexy and modern interface. It is indeed kinda slow but the number of people hammering the site must be insane. Went through the process of uploading and downloading. No problems, a lot smoother than the old version. Didn't need to signup and didn't need to fill out any captcha or wait for a countdown to download.

  13. Anonymous Coward
    Anonymous Coward

    zbigz

    The design, images and functionality are all eerily similar to zbigz.com

  14. Anonymous Coward
    Anonymous Coward

    Fail

    But, but, the password you enter is also your encryption key, and you can't change it - so WTF do you only enter it ONCE when registering? Guess what happens when you make a typo in the signup, or you forgot by the time the email turned up? You're screwed, that's what. Three goes and you're locked out and the email link responds with a naff error code.

    I'll bet 99% of those accounts are folks signing up 2 or 3 times because they made a typo the first time round. Thankfully an endless supply of junk email addresses is at hand.

    1. My Alter Ego
      Boffin

      Re: Fail

      Don't understand the whole password thing. I [ would have] thought that Mega hold the encryption keys, but they are encrypted themselves with your password. When you log in, they send your keys to you which is then decrypted client-side using your password, and can be used for uploading new files. If you wanted to change your password, all that needs to be done is to for the client-side script to re-encrypt your keys and send them back for storage. Encrypting using your password as the key is just plain stupid, as your password will hit Mega's servers when you log in.

      At least, that's they way I'd hope it to be. Please feel free to pick holes in this.

      In addition, I'd hope that when you login your password never hits Mega's servers (if it were used for encrypting your keys), but is hashed and then sent to authenticate (this hash in turn is hashed and compared to the credentials database). That would mean that could still authenticate you, but would never be even able to sniff what your password is. Of course, it would rely on you completely trusting their client-side scripts, so that will fail the tin foil hat test.

  15. jake Silver badge

    Why would anyone trust this idiot?

    Step over the "trust" line once, maybe you made a mistake ... Keep stepping over the line, you are untrustworthy. See Sanford Wallace. Or any given long-term politician.

    1. g e
      Facepalm

      Re: Why would anyone trust this idiot?

      See Facebook.

      Doesn't affect them in any meaningful way.

  16. Dan 55 Silver badge
    Meh

    Wouldn't touch it not even with yours

    I'm sure the US isn't going to let things rest here. I'd rather not have my files uploaded there when it happens.

  17. peawormsworth

    site is working for me now

    As of 1am Pacific time, the site is allowing me to login and view the cloud drive. I went to setting and switched upload speed to unlimited. I am in the process of uploading a test image.

    Previously it was not working for me in any browser. I am using Chrome for this one, simply because that was suggested by the site.

  18. Anonymous Coward
    Anonymous Coward

    The screenshots he was teasing before launch showed a 2048-bit RSA key being generated using keypresses & mouse movements as entropy. That didn't happen when I signed up ... wonder if this (taken with the dedupe stuff) isn't more smoke and mirrors than encryption and privacy.

    I remember Kim from the kimble days too - had no idea he ran Megaupload until it got closed down.

    1. My Alter Ego

      It happens when you activate your account. Bit bloody slow uploading some (non-critical) test files though.

    2. Stephen 2

      Login

      The key is generated during your first login.

  19. The FunkeyGibbon

    Oh for a roundtable meeting

    With Kim Dotcom and John McAfee. All sorts of bonkers.

  20. Pie
    FAIL

    Signed up fine about 8am

    Email came through very quickly, logged in ok, but trying to upload a file is going very slowly. 2.1k/s at the moment, and that has sped up...

    Overall it seems like they have nailed the how to launch a new website without enough resources to a T.

  21. Piro Silver badge
    Thumb Up

    Go go, Kim Dotcom!

    I think he's a fantastic character.

  22. fLaMePrOoF
    Stop

    OK, might not be the best launch ever but looking around it's a great product / service.

    C'mon Reg, do you absolutely have to crap on everything?

    Credit where credit's due...

    1. Chad H.

      Maybe if KimDotCom publishes an anti-global warming study they'll go easy on him...

  23. Will Godfrey Silver badge
    Meh

    I think I'll leave it at least a week before commenting.

  24. Justice
    Thumb Up

    It's all go...

    Verified my account on my iSheep 4 which has a very interesting 'Coming Soon A dedicated app for your device will be available shortly.' are the Cult of Jobs going to approve such an app?

    Good luck with that.

  25. Anonymous Coward
    Thumb Up

    Working OK here —although I've just registered and logged in, not tried uploading yet. No IP checking either it seems, as I've been able to set up four accounts with different email addresses. 200GB free storage. Not bad.

    Well played, the fat lad!

  26. Anonymous Coward
    Anonymous Coward

    "failed on a variety"

    "failed on a variety of platforms (Mac, Windows, iPad, over ADSL in two locations and 3G wireless)"

    Are... are you saying that you think making a request to an overloaded server from a different client device / different connection will affect it's ability to respond?

    I really need to find another IT news site.

  27. flankme

    When you see propoganda it is so much sweeter when you can call it out for what it is and know beyond doubt that you are right. For some this is a massive story for some just an opportunity to create a bit of traffic to their sites, as it the case for the author of this piece. I managed to register three separate accounts with MEGA over the time period he is talking about and before then too.

    I have managed to upload a few files and although small it worked very well so i call bullsheepers to the author of this piece and i have registered specifically to say that, not that all the comments will be shown but on sites that really matter MEGA is a huge success for all, and Kim is again making waves that need to be made in this closed society of ours where greed is the ultimate factor in any decision by those with just a little perceived power. The internet is the great technological levelling of the field, where anyone can say anything they want and share anything with anyone else. It is time for those who thought they had power to fall by the wayside and their cries and desperate attempts are going to be met with the contempt they deserve.

    1. Chris Sake
      Trollface

      Hello Kim

      Welcome to The Register.

  28. Roger Houghton

    Response

    No problems registering and validation email arrived immediately. However my initial test upload of a 1 Mb file is still at 0% after 15 minutes.

    1. Roger Houghton

      Re: Response

      Now five hours but still at 0%.

  29. atomcrusher

    It's convergent encryption. The upload process works like this:

    1. Encrypt the file with the file's hash as the key

    2. Upload the ciphertext (which will always be the same for the same plaintext)

    3. Client-side encrypt the hash (key) with the user's password

    4. Upload the encrypted key for storage

    The download process then goes:

    1. Receive the ciphertext (encrypted file) and the encrypted key to that

    2. Client-side decode the key with your password

    3. Client-side decode the ciphertext with the now decoded key to obtain the original file

    Because the encrypted file will *always* be the same from the same source file, they can detect duplicates. Since the hash function is one-way, there's no way to decode the original file server-side. Of course, it does mean that they know which users have uploaded a copyrighted file.

    This is why the lesson here is: If you don't want Mega to know you've uploaded a copyrighted file, archive it with some random data before you upload, so the hash will be different.

This topic is closed for new posts.