The file-hosting cloud service ‘Mega’ (mega.nz) has published its 2020 transparency report, reminding its community that piracy isn’t tolerated. More specifically, the platform has terminated 94,966 users for repeat copyright infringement, which means three takedown strikes within six months.
This is significantly higher than the 78,000 that were suspended last year. However, it is still a drop of water in the ocean that is ‘Mega.’ To get an idea, the platform hosted 83.5 billion files by Q3 2020 and received 312,588 takedown requests during that period. That’s a tiny percentage, of only 0.0004%.
Does this mean that people use ‘Mega’ lawfully and avoid uploading pirated stuff? Yes and no. Mega doesn’t tolerate copyright infringement and has made it clear that they will share user details with the authorities if they’re asked. However, there’s so much going on in the platform that even finding and reporting stuff is a challenge. So, it looks like a crackdown that’s meant to please the rightsholders who, in the end, want to see a spirit of collaboration.
It is worth clarifying that the files uploaded on Mega are being encrypted on the client-side using the AES algorithm. Therefore, the platform doesn’t know the contents of the uploaded files, so it can’t be responsible or liable. A few companies bother to report files based on their names, or after having accessed them, or by somehow discovering or acquiring the encryption keys online. What is not encrypted is the user’s email address, account access details, upload actions, shares, and chats.
Of course, it’s not only about piracy. Child exploitation or abuse material, violent extremism, zoophilia, bestiality, passwords, malware, and stolen data are also prohibited on Mega. In the context of the above, Mega received eight legal orders from New Zealand’s authorities and disclosed the associated account information to them.
In total, the number of requests for subscriber information from October 2019 to September 2020 was around 9,100. Only seven of them were declined by Mega, as they did not meet the requirements.
Finally, Mega sets the account retention period to 12 months after its closure, so it keeps user data like anonymized email and IP addresses for a full year. However, some database records like the user’s financial transactions may be retained for longer, possibly indefinitely. User files that are deleted by their owner become inaccessible and are deleted only when the next purging comes.