Posts by Dylan Reeve
Last ←Newer Page 1 2 3 4 5 Older→ First
-
Nobody can sensibly argue that megaupload was not a file sharing business that provided users with an alexandra library of free copyright material.
I think even that is a stretch. It was a file locker that was fairly simple to use, provided good services and was stable and reliable. As such it became a popular place for people to store pirate content for sharing.
However I've yet to see any credible evidence that MegaUpload was any more guilty of that than many other file locker sites (RapidShare, HotFile and many others). And they appeared to be complying not only with the requirements of the DMCA in terms of copyright take downs, but also provided direct take down access to many rightsholders.
The MegaUpload service also had a significant legitimate user base (not sure we'll ever know how big?) which would certainly not be the case for some other services. They didn't facilitate any piracy themselves, instead that was made possible through index sites (which have continued unaffected) which list multiple download locations for various pieces of media.
If Dotcom's statement about the incentives system yesterday was true (I have no idea, I never explored it) then it was only available to premium users and only on files under 100MB. None of the pirated content I ever came across on MegaUpload was split into small chunks and imposing that limit certainly doesn't make it seem like they were encouraging piracy.
Of course I find it impossible to believe that MegaUpload weren't aware of the way many people used their service, but given they appeared to be complying with relevant laws I'm not sure how much that matters.
The new service, Mega, seems to have more in common with DropBox than with MegaUpload. It could be used in the same way that MegaUpload was to share pirated content, but so could DropBox.
-
Hard News: MegaBox: From f**k-all to zero, in reply to
For music- remarkably so!
I’m not so sure about visual content (film, tv, etc).Also works pretty well with video (although usually by using audio as the primary cue).
It presents interesting legal issues though. If you, as a rightsholder, choose to monetise uploaded content on YouTube are you then actually licensing that content? And if so what impact does that have for you in terms of commercial licensing arrangements for example?
If Fox claims and monetises Simpsons episodes and clips are they then breaking their licensing contracts with overseas broadcasters who likely have various rights to exclusivity etc?
I think the YouTube model is pretty flawed as well.
-
It’ll be interesting to see how much NZ (and other) tax Mr Dotcom pays on this new venture, and how the benefits pan out.
Well it's entirely NZ registered and based, so it's unlikely to be skirting tax like Facebook and Google do here.
-
I love what Mega could offer as a content distribution platform - imagine being able to purchase content and have it immediately transferred to your Mega account for download whenever and wherever - excellent idea.
But MegaKey as a funding model is a terrible idea. I'm not sure what other ideas they might be able to create, but that one is truly bad for all the reasons outlined here.
-
It seems like the right approach, especially as we move more toward Open Government and all that. But it is also hard to imagine some people (politicians) seeing the bigger picture.
-
OnPoint: The Source, in reply to
But when told about it last week by some bloke asking were they interested in knowing (or, sure, paying for that knowledge) they did nothing! Why not?
Presumably the details that Ira disclosed in those conversations weren't specific enough.
-
I wrote lots more words about all there on my very own bloggy thing...
Dealing with #WTFMSD -
As an aside to all this I think the NZ Government should establish an IT advisory group that can co-ordinate with any and all government IT departments on issues like this and that group should institute and publicise a Vulnerability Reward program. The data we're talking about is just too important to rely on the hope that "good citizens" will report whatever they find and that random IT departments will act appropriately.
-
OnPoint: The Source, in reply to
How bitter do you have to be, when finding a breach in “national security”, that, upon realizing you weren’t going to be paid for your “troubles” you felt the need to go behind the back of MSD and break this story.
Breaking the story is pretty much the norm. Even with most vulnerability reward programs the person reporting the issue is still allowed (in some cases encouraged) to publicly report it however they wish - the only limitation is timing.
Sure, he could have just told someone at MSD about the issue, although according to news reports today someone had already tried that. Instead by telling a journalist he made sure the problem would be properly addressed and the MSD still got advance notice so they could mitigate immediate damage.
Nothing Ira or Keith did here is improper or unreasonable. Had MSD (or NZ government in general) been operating a vulnerability reward system the only thing (hopefully) that would have changed here is that MSD would have got more details sooner, but everything else should have remained exactly the same.
-
Vulnerability Rewards aren't uncommon. Many (most?) big internet companies will offer them (some are advertised, some are not) as will many other businesses.
The idea being that a security vulnerability is probably worth money to someone. If you offer some reward to people for reporting them to you it's less likely people will try to profit from them in some other way.
Had I discovered it I may have handled things the same way that Ira did (well actually I'd probably have publicised it personally rather than going to Keith) - see if MSD wanted to reward my help, otherwise detail the problem (while giving MSD a reasonable heads up) publicly.
The ways of handling vulnerability reporting are a constant point of contention among the IT security community. Most adopt a "disclose and publish" approach where they tell the affected organisation then some time later publish the details. But some will just publish. Others will basically sell the information into the "black hat" world.