[BayAreaDev]

The whole Mega.com is in-your-face thing Kim is doing with authorities.

The real bone with megaupload was, authorities held megaupload responsible for what it hosted - and Megaupload could not deny what they had on their servers (copyrighted stuff) - so the responsibility and liability lied with megaupload and caused its downfall.

With mega.com - the game is, mega.com will claim we don't know what is on our servers (since its encrypted at browser) so we can't be held liable for it - and this will stick!

I read somewhere comment that - its doesn't matter how strong the encryption is for mega.com users - all mega.com need it as a shield from legal troubles.

Clever!

[sgarbi]

wasn't the content encrypted on MegaUpload then?

[Sunlis]

It may have been, but even if it was the encryption was likely done server-side. If I'm understanding this correctly, they will now be encrypting data before it leaves your browser. That way their servers never see the true data, so they can't be held accountable for what users are uploading.

In the previous model of receiving data then possible encoding it, they have full access to the raw data uploaded and are responsible for policing the legality of the files being uploaded.

[malandrew]

TBH, I can't wait until this becomes the standard way for lots of services to do business. This is going to be better for everyone's privacy and it's ultimately going to be cheaper and less complex for everyone to do this by default because the alternatively is being forced to fund cost of policing; something that Hollywood is already trying to force ISPs to do. Section 230 of the Communications Decency Act was supposed to provide this protection, but it's become clear it simply doesn't provide enough protection when highly motivated politically-connected actors get involved. Encryption from end-point to end-point creates a situation where providers don't even need to worry about needing the protections from Section 230.