Pirates beware: Kim Dotcom's Mega isn't the safe haven he says it is

mega paradise

Kim Dotcom — the infamous, indefatigable internet entrepreneur with an unidentifiable European cadence and the bravado of a Bond villain — is back in our lives. Exactly a year after his website Megaupload was shut down due to charges of copyright infringement, Dotcom has come out with a new venture called Mega.

Mega is ostensibly a cheap way to store files online, offering an insanely generous 50 GB of space for free. It also offers some additional security to protect your data from prying eyes, although the effectiveness has been challenged. Dotcom and his cofounders ran one of the world’s most influential hubs for the market in pirated movies, so of course the new Mega has started attracting pirates — although not as many as you might expect. And with Mega's recent move to shut down the piracy facilitating third-party search engine mega-search.me, the new file-sharing site is starting to seem downright hostile to the file traders on whose backs Dotcom built an empire.

So is Mega an attempt to design the perfect pirate’s paradise? A trap for pirates, perhaps, set up by the feds? Or is Dotcom going legit, as he claims?


"There’s a lot of money to be made in being a pirate."


Immediately after it launched, there was speculation that the new Mega was a front, a way for Dotcom to ignore US authorities and slip right back into the piracy game. Mega's lowest paid tier is a whopping 500 GB a month — far beyond the needs of any ordinary user, but appropriate if you’re trafficking in bootlegged blockbusters. Even the site’s description, "Mega is a so-called cloud storage provider," (emphasis ours) suggests that Dotcom has his fingers crossed behind his back.

The US Attorney’s office, which is prosecuting the case against Megaupload and attempting to extradite Dotcom from his home in New Zealand, declined to comment on the new Mega. They didn’t seem exactly pleased, however, pointing us to an affidavit in which Dotcom said under oath that, "I have no intention and there is no risk of my reactivating the Megaupload.com website or establishing a similar internet-based business during the period until the resolution of the extradition proceedings."

When asked about this sworn statement, Dotcom’s California-based attorney, Ira Rothken, defended his client: "Kim Dotcom is innocent, is presumed innocent, and is entitled to innovate and work in technology like any other innocent New Zealander."

But many, especially anti-piracy advocates, are skeptical when Mega claims to be a competitor to services like Dropbox and Google Drive in the completely legal business of personal cloud storage.

How is Mega being used for piracy?

Most modern day piracy happens via BitTorrent, the peer-to-peer file-sharing protocol that lets people download pieces of a file from multiple sources at the same time rather than downloading an entire file from a central source.

There is a subset of pirates, however, who prefer to use file lockers such as Megaupload, Rapidshare, 4shared, and others in order to upload porn, movies, music, or software. The links to the files are then shared on forums and blogs.

Operating in small communities makes it possible to get compensated for what you upload in money, web services, and peer recognition. It's also not always possible to use BitTorrent. Internet service providers in Europe throttle users' internet speeds if BitTorrent traffic is detected, and the US recently implemented a similar program.

Nate Glass worked in the adult film industry until 2009 when he launched Takedown Piracy, a service that hunts down pirated files and sends the hosts takedown notices under the Digital Millenium Copyright Act on behalf of content owners. He’s spent the last four years lurking in piracy forums, sniffing for his clients' copyrighted works and studying the culture.

"Piracy is kind of compartmentalized," Glass told The Verge. "There’s guys who are devout torrent guys. Then we have clients that get hurt more by people uploading their stuff to YouTube and streaming sites. Then you have the sites like Mega and the file listing sites."

Sites like Mega and its predecessor Megaupload, and the associated "file listing" sites that collect links to files hosted there, are popular with two groups. The first, "warez traders," are the uploaders who are philosophically opposed to copyright and traffic in intellectual property on principle.

The second group is profit-motivated, a class of traffickers who make money either in the illegal DVD market or via the various affiliate and rewards programs offered by sites like Megaupload. "There’s a lot of money to be made in being a pirate," Glass said. Megaupload collected $110 million via its PayPal account alone, according to the US Attorney's case.

File listing sites are fairly underground, and there are a number of influential secret forums where only trusted members are permitted. These sites have a much smaller audience than BitTorrent, but they have an outsized impact because they’re often the original source of a file.

After Megaupload got shut down, uploaders felt a void where the hosting site had been. The case had a chilling effect on the illicit industry. Hosting sites FileSonic and FileServe both went offline. File listing forums dried up.

Mega is no pirate’s paradise


While some waited for the return of Megaupload or something like it, others scoffed and moved on. "There are tons of other uploaders which work perfectly, sometimes even much better than Megaupload ever did," one commenter wrote on a forum in response to a thread about the new Mega. "[Is there] some sort of misplaced nostalgia for when the internet was still the wild west? Sentimental value?"

Whatever the cause, there’s already copyrighted content on Mega. The company has reportedly received hundreds of takedown requests, with which Mega is reportedly complying. The fact that Mega can't see the content of files to verify if they're actually infringing means that legitimate files are also reportedly being removed. But using the file listing search engine Filestube, we were still able to find eight of the ten movies that were most torrented during the week of Mega's launch.

"It’s already becoming a go to web site for pirates," Robert King, a porn industry businessman and copyright crusader, wrote four days after the site launched. King discovered that files shared via popular piracy blogs, such as the movie Defiance, Nirvana’s Blew, and a crack for Windows 8, were being hosted by Mega. King successfully lobbied four of Mega’s six payment processors, including PayPal, into dropping support for the site.

But given its treatment of piracy thus far, Mega’s no safe haven — at least, not yet.

Where’s my reward?

A recent poll on the pirate forum WJunction showed that more than 62 percent of uploaders dislike the new Mega. The most frequently cited reason? There’s no easy way to make money. Unlike other file lockers and its predecessor Megaupload, which grew into a titanic, household name among the piracy community, Mega does not pay its users.

On other sites, a pirate can upload a file and be paid $10 for every 1,000 downloads. Kickbacks for referring new premium subscribers, who pay to get their downloads prioritized or sped up, are also common. These programs are referred to as "affiliate" or "rewards" programs, and Megaupload has been credited with bringing this concept to the piracy underground. The hosting sites benefited from the extra traffic — which translated to ad revenue — and the extra premium subscribers.

These incentives programs were undeniably aimed at pirates. The idea that Megaupload was catering to any audience but pirates doesn’t pass the smell test, Glass said. "Are 1,000 people going to download your vacation pictures?" he asked. "Maybe an indie musician could get those numbers. But isn’t it more likely that 1,000 people are going to download Transformers or The Dark Knight?"

Mega does not offer its users such incentives, and Finn Batato, Mega’s chief marketing officer and one of the three men indicted along with Dotcom, said it never will. "There will be no such thing," he wrote in an email.

Dotcom has changed his story before, so it would be naive to believe that Mega would never offer some mechanism to pay out its users. However, affiliate programs may be falling out of style. Rapidshare first rolled back and then completely discontinued its rewards program in October because rewards are "still a strong incentive for amateur uploaders who occasionally post copyrighted works at piracy forums which they frequent" and "Rapidshare doesn’t even need an affiliate program nowadays much because it can attract uploaders anyway."

While uploaders miss the rewards programs, they've also figured out how to make money by redirecting would-be downloaders to intermediate sites with ads. It works like this: the pirate uploads a bootlegged copy of Skyfall to Mega, Rapidshare, or one of the other file lockers. Then he or she creates a network of blogs on Blogspot and other free platforms, enticing others to download the movie for free. When the would-be downloader clicks the link, they're routed through a revenue-sharing service like AdF.ly or another ad network. The downloaders are bombarded with ads, but eventually they get through to the actual movie. Everybody's happy.

The long arm of the law

Mega launched under the umbrella of an entity called "The Privacy Company," and privacy is a big part of the pitch. Mega tried to do something clever by encrypting files on the user’s end before they’re uploaded, meaning that not even Mega can see the contents of the file. In theory, that would give the company plausible deniability in the event of a crackdown.

This extra security gives peace of mind to those who might want to protect their personal files, such as lawyers backing up their casework and moviemakers shuttling back and forth cuts of an unreleased documentary. It also means Mega has limited data to hand over to the government in the event of a subpoena.

In theory, that is. In reality, Mega’s encryption is unlikely to protect either the company or its users from a determined prosecutor, said Eric Goldman, a professor of law at Santa Clara University who specializes in copyright. A file-sharing company, first called Aimster and later Madster, tried encrypting information so it couldn’t see what users were trading. The strategy backfired when a court ruled in 2002 that Aimster had deliberately designed a system that allowed for repeat copyright infringement.

In subsequent cases, including Viacom v. YouTube, courts affirmed that "willful blindness" could be a basis for liability. "It’s not clear to me that the encryption trick will solve the problem legally," Goldman said. "If anything, it’s the kind of thing that courts will respond negatively to."

In Mega we distrust

Megaupload was singled out by authorities last year, and the US government is eager to put the founders away. Megaupload's users are also up a creek; the Electronic Frontier Foundation filed a brief on behalf of one Megaupload user who has not had access to his files since the raid. That doesn’t bode well for Mega's prospective customers, who have to worry that their cloud storage provider might be seized by the government.

This suggests that Mega holds little appeal for anyone other than "file traders," who exchange bits and bytes like underground currency. "After the FBI raid, it's unlikely Mega will ever be seen as a stable service for storing irreplaceable personal or business data regardless of what else they might do in the future," Alan Fairless of SpiderOak, a personal storage service similar to Dropbox, said in an email. "So based on all that, who is it for? We're left mostly with the traders."

More than 62 percent of uploaders dislike the new Mega

In fact, uploaders don’t trust Kim Dotcom either. Users on the forum Facepunch speculated over whether the new Mega is little more than "a gigantic honeypot." Every day on Twitter, someone calls Dotcom a "snitch." That’s because he cooperated with a Department of Justice investigation into the now-shuttered file-sharing site Ninja Video.

There’s also speculation that Mega’s much-vaunted security won’t work as advertised. After a hugely successful launch that brought in more than half a million registered users in the first 14 hours, according to Dotcom, programmers and journalists began to scrutinize Mega’s code and found multiple holes.

One blog post, "Megafail," described a problem with the encryption that could have allowed an attacker to take over Mega and steal user data. Mega’s error "demonstrates a deep lack of understanding about the crypography that they are using," Héctor Martín Canter, the hacker who authored that blog post, wrote in an email to The Verge. "It all boils down to trust. Mega themselves admit that the entire system only works if you trust them... personally, I have trouble putting that much trust in a company like Mega."

Mega says it is addressing the issues that were raised and will continue to improve the site’s security.

Will Dotcom ever be pirate king again?


Dotcom has said publicly that he does not support piracy for music, but does support downloading movies, since the studios force people to wait for staggered releases. His current home country, New Zealand, seems ready to support him after first cooperating with the US government and then regretting it.

But will Dotcom ever welcome the pirates again? It’s hard to imagine that the Mega team won’t return to what they know, especially since cloud storage is already a highly competitive market, with players from Google to Amazon.

However, there are significant challenges along the way, including shoring up the site’s security and earning back the trust that was lost after the shutdown of Megaupload. Mega will never be Megaupload unless it starts offering some compensation to encourage people to upload new content. The day that happens, it’ll be obvious what Dotcom is aiming for. The company has said it’s not headed in that direction, but promises don’t mean much to pirates.

Evan Rodgers contributed to this report.

Dotcom has said publicly that he does not support piracy for music, but does support downloading movies

Photo credit: Images are from Mega's website and promotional videos.

The Verge
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.