[kristopolous]

Anything illegal on these forums is going to be encrypted with the decrypt passwords shared over tor sites. It's not like people are posting a cleartext version of stolen_credit_cards.csv

The operators don't know what's being posted. This is a problem because it's what's called "inducement of a crime" - it's like if you say "We are a bar that doesn't check IDs" - you have a responsibility that comes with the operations. If you have a bunch of underage people in the bar because of your policy of not checking IDs, that responsibility falls on you. When you choose to forego responsibilities, you get that secondary liability.

See Kim Dotcom, MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 and Arista Records LLC v. Lime Group LLC. The courts have spoken many times on this and with a single voice.

You can have a service, then turn your head close your eyes and say "we'll just let freedom happen" but that doesn't excuse you from being responsible for what happens.

[stef25]

> This is a problem because it's what's called "inducement of a crime" - it's like if you say "We are a bar that doesn't check IDs"

Obviously operating on another level but what's the difference with Whatsapp saying we can't read your messages, and the other even more privacy focused alternatives?

Does WA check if CP.zip is being sent through groups ?

[zer8k]

It probably has more to do with the stated business rather than what's possible. For example, nothing is stopping you from going on whatsapp and, one hexadecimal byte at a time, writing out the entirety of a zip file full of whatever illegal stuff you want. Then, there's nothing stopping people from copying those bytes into a hex editor and recreating your stuff. This was used to great effect with DeCSS leading to the ideal of "illegal primes". The USG would have to ban typing any string of hex into anything to make this actually have teeth. But then you could move to binary, octal, brainfuck code that creates the file with shifts, etc.

But, with a company that hosts files you are liable for checking those files. There's also nuance here: you can't check everything all the time. You also can't check encrypted shit. But if you make no effort (see: the bar example) then that rises to inducement. Anonfiles, for example, is negligent in this regard. There's no law preventing you from allowing people to store encrypted files but there should be a way to not only comply with valid, warrant-provided, law enforcement requests but also keep track of such "prolific" uploaders as they are most likely uploading shit you don't want.

Source: I work in an industry that, unfortunately, has to deal with this stuff all the time. The internet is a sick place. Our legal team briefed us on our responsibility (in terms of storage and processing) along with the correct chain-of-command should something come up. Of course, we also have therapy available which is used more often than you'd think. In our case there's also some protection afforded to us for the things that may be stored because we comply with various law enforcement agencies when necessary. Posted further up you see:

> Recently, the last CP addict idiot basically killed us. We always remove those posts when we get a report (we can't see them by our-self, that's the point), but we were swamped by other things, and we didn't catch this one in time. It's a free volunteer project after all.

Which tells you they had zero idea what they were doing. If you're not hosting your anonymous service on an derelict oil platform deep in international waters you have a responsibility to get the correct legal counsel and set up a system for handling chomos. Ignorance is not an excuse, "volunteer" is not an excuse, AND you shouldn't make a service that protects chomos.

[AnthonyMouse]

Anyone can upload encrypted data to anything. You can do the same thing with Pastebin or Google Drive or Reddit or AWS. And there are many lawful reasons to want to be anonymous.

> See Kim Dotcom.

Megaupload got in trouble because their employees actively knew about and participated in infringement. Mega.com, which encrypts everything by default so they don't know what it is, is... still there?

[kristopolous]

mega.com isn't an uploads site anymore and those domains were seized in 2012 by the us doj.

The point wasn't that encryption is possible but instead that it's a de facto practice so the operators don't actually know the breakdown of the content being uploaded unless they're only considering the cleartext.

Furthermore, this doesn't protect them from being responsible for the content.

You can disagree, but until you can form a majority opinion on the SCOTUS, your thoughts don't actually matter.

I'm not a lawyer but I did a few podcast episodes on this topic a few years ago so I did about a month of research on it. The hosting providers are responsible for the content within some reasonable expectation of how the site is structured.

[toyg]

Isn't the whole point of DMCA Safe-Haven rules, that providers are not responsible for the content they transmit...? As long as they respond to law enforcement to the best of their ability, of course (i.e. taking down after being notified). I agree that encryption is not exempting them from enacting takedowns, and that intention matters (as discussed in the MEGA case), but that should be about it.

If I build a filesharing site with clearly-good intentions, my employees don't promote piracy, and the content is encrypted, as long as I take shit down when authorities tell me it's Bad I should be in the clear, surely...?

[kristopolous]

That's probably fine. AWS S3 or say Google Cloud or Dropbox doesn't have these issues.

There's plenty of long lived providers.

That's different from if you had a service called, say, pirate-share with a search function that has options like "artist" and "director". These difference matter.

As far as I know, the courts have looked at anonymous file sharing sites as closer to the second group than the first.

I remember when the internet was basically only anonymous and I think it was a better time and that's kinda why I like tor. The problem is most people seem to only go there for crime as opposed to some weird ideological commitment to how online engagement should exist.

It'd be nice if there could be a more healthy balance between anonymity and crime that's more encouraging for people to be anonymous but somehow less supportive of criminal activity.

Basically I think "influencer culture" and branding oneself has destroyed things

[AnthonyMouse]

> That's different from if you had a service called, say, pirate-share with a search function that has options like "artist" and "director". These difference matter.

Perversely, though.

Grokster and BitTorrent are largely used for the same things and they both have infringing and non-infringing uses. Grokster lost because they promoted the infringing uses. But why do we actually care about this?

It's not as if copyright infringement never existed before Grokster and nobody has been able to figure out how to use BitTorrent for it because Bram Cohen never mentioned it.

So all the rule does is impose censorship. Because otherwise the creators of these technologies would be outspoken proponents of copyright reform. But then their lawyers tell them to STFU, because if they say that existing copyright terms are morally unjustifiable and the RIAA is a pack of vultures who deserve to go bankrupt and things to that effect, plaintiffs will argue that they're promoting infringement and sue them for their political opinions. Especially if they fail to be perfectly articulate and precise while expressing that sentiment.

Is it not a de facto prohibition on developers and businesses expressing public support for the Pirate Party?

[AnthonyMouse]

> mega.com isn't an uploads site anymore

Okay, so they apparently moved it to mega.nz.

> those domains were seized in 2012 by the us doj.

The ones where they weren't encrypting the stuff.

> Furthermore, this doesn't protect them from being responsible for the content.

Laws commonly have knowledge requirements. If you go to the UPS store and ask them to deliver a metal cage clearly containing a screaming woman who has been kidnapped, and they do it, they're going to be in trouble. If you go and ask them to deliver a brown cardboard box of contents unspecified, that's a different matter, even if unbeknownst to them it turns out to contain some contraband.