indigo6alpha | 417 points
Hey guys,
First of all, I would like to offer you guys an explanation, and an apology.
Although the restriction on submissions was a knee-jerk reaction, we had done some planning on this a few months ago, where our goal was to reduce/stop the reddit/MEGA DMCA takedowns. So when the news of reddit ban spree came out, it was my hasty discussion to fast track our initial efforts and get the work done as soon as possible. But it soon became clear that the subs that were banned had very little similarity to ours, and we realized we risked alienating the very community that we intend to keep intact.
So, I would like to apologize. Not just to the posters/readers for the confusion caused over the past few days, but also my fellow mods, for giving them a very short notice before I went ahead and restricted the submissions.
And to resolve the confusion, once and for all, here is a short summary of what we had planned/what we are working on right now:
A browser extension (Chrome/Firefox/Opera) to automate the encoding/decoding of content (title & post) posted on this sub. The encoding/decoding part will be handled by a web server running locally. The encoding will be not a standard one like Base64, instead it will use a custom Vigenere cipher we've written.
There's no action required by users viewing the content, since the browser extension automates the process upon page load. The users posting the content however, will be given an option to encode the title and text of their post before their submit the post.
The local web server will be a micro service written in C# (Mono).
Currently, the work on the browser extension is about 80% done, with some minor changes pending. The local web server however, is currently supported only on Windows, and I am working on porting it to macOS and Linux.
The main intention behind restricting the submissions was to ease the testing of this solution. But like I mentioned, this is having an adverse effect on the community which we'd like to fix. So
We will post on an update on our work very soon.
For more information on how to contribute to the development work and to get involved in testing, please DM on the discord server. We have a separate channel dedicated to this.
Thanks you guys for making this community the wonderful place that it is. Please feel free to post your opinions/suggestions in the comments.
What pipe are you smoking? A freaking browser extension? C freaking sharp? It should better be on Github or something but still I won't trust some shady extension. Give us your decoding algorithm or set up a tiny online service so we can decipher those strings - why would you ever mess with browsers?
What even with this? Their so called plan is so flawed top to bottom, you really do have to wonder what they're smoking.
At best it will instantly reduce this sub to a fraction of what it once was, and just slowly die off after that.
Security through obscurity does no-one any good. Secret "custom cipher", requiring a browser extension
At the end of the day, content would not be plaintext, but anyone could decode it. One apporoach is massively overcomplicated and possibly dangerous to users, and the other one is simple.
It's stupid either way, because /r/megalinks got big because it is so easy and accessible.
[-] Lurking_Grue | 37 points
Nothing good ever comes from a "custom cipher"
I do agree with the idea of encrypting everything but custom stuff never works well.
I don't understand why they're reinventing the wheel, there's already browser extensions to encrypt text posts, for example:
https://addons.mozilla.org/en-US/firefox/addon/text-encryption-tool/
https://chrome.google.com/webstore/detail/cryptable-encrypt-message/gefljgiodoecfjglogndmhelekdgncgn
But that doesn't stop anti-piracy agents just getting the publicly available passphrase.
You could at least thwart automated takedowns if you required submissions to use referal links with captchas.
Or you could make the last few characters of a url a captcha example:
https://mega.nz/#F!0bQHg + https://i.imgur.com/Ku7Jvs0.png
Which would require human entry, though they may just task someone to it.
[-] JustSpeedy | 6 points
i might have a better alternative. its on github https://github.com/JohnDeved/megacrypt.js the mods didnt seem to like it as much as their extension idea. but i think it would be a way better.
the way it works is that the mega file id and decryption key get put into a url that is encrypted with a private server key.
that way only the server (node.js) knows the real mega file id and decrypt key and the server will basicly create a proxy to mega.nz using it. also the bandwidth limit wont apply with it, so thats a nice side effect.
https://i.gyazo.com/c30d89442418a9ec704defff7e04872d.png
the user doesnt have to install anything and can still use jdownloader or other tools if he wants to.
the only downside is that it would have to be hosted as a webservice. and that would cost the mod team money. mind you it could also be run localy, but that would make it possible to get the file id and key trough memory
[-] brickfrog2 | 3 points
Yup I was thinking the same thing, this entire thing could be accomplished with a simple Tampermonkey / greasemonkey userscript. Tons of people already run userscripts for various websites with it & already have the extensions installed in their browsers.
[-] Torschlusspaniker | 34 points
Thanks for the effort mods but this seems like a very round about way of getting nothing done.
if anyone can decipher the posts what have we accomplished?
if anyone can decipher the links what have we accomplished?
Adding gibberish to links can stop bots but you are not stopping or even really slowing down human agents.
The problem is that there is no way to establish trust with this sharing method.
Indeed, if they wanna go with tittles encryption ok, go with encryption but keep it base64 (or anything that already exists and does not require us running some program on our pc), no
Custom extension with some local host is just way to lose community, human agents will install same thing and decode whatever is poste. What makes this different from using base64 in tittles, other than many of us don't wanna run some custom program on our pc?
Yes, set up page where we can copy paste tittle to decode it, site like base64 but for your thing.
[-] That_Guuuuuuuy | -2 points
xtrill runs fine and it needs an extension now
[-] focus_rising | 156 points
I'm not really comfortable installing extensions - will the sub still be usable for those who do not install the extension, or is it an all-or-nothing thing?
[-] ElectroXexual | 65 points
I agree with this. If even title is encoded it will become very difficult to browse the sub. I not ok with browsing Reddit on a particular web browser or installing another app for one sub. If at least title is not encoded we can easily choose the content and then decode it from a web browser. And what about "Search" function if title gets encoded?
[-] Riddle_Snowcraft | -41 points
Well, if you both would rather lose access to all content than taking some time to install a small browser complement that ensures the content's very safety, that's on you.
What about when browsing on mobile? I frequently save things to come back to on my computer. If the titles are encrypted, you can't see what's here from a mobile app anymore.
[-] Riddle_Snowcraft | -19 points
That's a pain, but considering the alternative is the content getting deleted faster, I think it's a reasonable price.
Personally, if I have to use a separate app to browse a single subreddit, I'll probably just quit, or start torrenting more again, or something.
[-] Riddle_Snowcraft | -9 points
Well, to each their own, I'm not saying it's wrong to dislike the idea. I'm just surprised so many people are downvoting me just because they are uncapable of caring about the permanence of the files. People can be pathetically selfish sometimes.
[-] I_Cant_Ink_Straight | 17 points
You do realize that saying “a browser complement that ensures the content's very safety” is bullshit, right? Even with the extension the content
But if you want your devices/computers to be mining monero or whatever other crypto they want, be part of a botnet, whatever they wanna do once you
[-] indigo6alpha | -12 points
ATM, the plan is to give the uploaders an option to encode their content using the extension. If they chose to do that, then yes, you will need the extension. The extension source code will be made public, if that helps.
[-] eigengrau82 | 68 points
Have you considered implementing the cipher as a greasemonkey/tampermonkey extension instead? Folks might find that much more acceptable than running an extension and a native OS process.
[-] indigo6alpha | -38 points
I would agree, but making the cipher public would defeat the purpose of this entire project. The source code of the native application will be made public as well. Everything, except the cipher.
Do you realize you just reinvented DRM, which we all here know doesn't work anyway because you can't give something to somebody without giving it to them?
[-] eigengrau82 | 56 points
How would you keep the key secret when using an extension or a server? Wait, so would you require folks to run a binary blob (in which case it might also not be trivial to keep the key secret)? Since you said you’d open up the sources, I was expecting people could run their own builds at least.
This sounds like a scam honestly. They want you to just "trust them" and run some secret code on your local computer. God knows what that secret code
What a trainwreck this sub has become.
[-] AWWseGJYTE | 35 points
Everything, except the cipher.
This defeats the whole purpose of making it open source. Security by obscurity isn't going to work in a case like this and just makes this whole thing look very fishy.
I'm sure a lot of people here are using VPNs and other measures to protect their privacy. A lot of people are pirating because they disagree with intrusive DRM methods. And you want them to install some webserver on their machines that was coded by someone somewhere and that isn't even completely open source? Just to decode some stuff? I really don't think that this a a good idea and i would strongly advise everyone to not install an extension like this, as long as it's not completely open source, transparent and as unintrusive as possible.
You should really rethink this. It doesn't make sense and looks suspicious as fuck to people who value their privacy and the integrity of their devices.
So security through obscurity, got it. Not like this is the first time someone had the same idea when it comes to cryptography and is widely regarded as completely thrown out the window since 1883!.
[-] focus_rising | 18 points
Thanks for the reply, and yes, that definitely does help if the code will be public - that's where my discomfort was coming from.
edit: the cipher will not be public... any good geek knows you don't roll your own crypto!
Turns out the code won't be public after all: "Everything, except the cipher."
So they're asking you to install some secret code that in reality could be doing anything they want with your computer.
This ploy has "scam" written all over it
[-] cheekyfractal | 33 points
Yeah. One of the great things about this sub is how straight-forward and transparent it is. I don't have to worry about getting viruses by using it.
But installing a partially closed source browser extension is starting to seem sketchy...
It's also completely unnecessary. If they truly wanted to use this secret cypher thing they cooked up they could easily set up a website to do just that. Just like the base64 decode website.
But no, for some unknown reason they won't do that but instead want everyone to install some secret software on your computers.
It makes absolutely no sense unless they want to do something sketchy with your computers.
[-] Caelondian_Brushers | 2 points
Completely sincere and honestly asking.
Wouldn't whoever is watching just use base64 or equivalent to decode the website, then send notices to Reddit to give warnings or shut it down?
I wouldn't say scam from the get-go. More of just less transparency now just to protect it currently.
Then again, whoever is watching could just install it as well.
He did say that "but the vigenere cipher will unfortunately be closed source,
Wouldn't whoever is watching just use base64 or equivalent to decode the website, then send notices to Reddit to give warnings or shut it down?
Which is absolutely no different from a browser extension: whoever watching just install the browser extension to decode the website, then send notices to Reddit to shut it down.
Which is why I said this browser extension idea is completely unnecessary: it doesn't buy you anything. At all.
The only thing the browser extension does is to give its creators unlimited access to your computer to do whatever they want. Hence it is very sketchy.
[-] AWWseGJYTE | 22 points
The only thing the browser extension does is to give its creators unlimited access to your computer to do whatever they want.
It's also a possible attack vector for anyone else who is trying to get access to your machine. I'm certainly not going to run some webserver-thingy some random dude coded in C#, to solve a problem with this sketchy security by obscurity approach.
[-] Caelondian_Brushers | 1 points
Then the vigenere cipher might as well be open source as well. At least there's an attempt to layer the process.
Agreed. Which is why this whole secret browser extension thing doesn't pass the smell test. It's sketchy af.
[-] [deleted] | 5 points
[deleted]
[-] BetrayerOfBetrayers | 2 points
Especially since the first part of the link is always mega.co.nz. Talk about making known-plaintext attacks easy!
Who are "they" exactly? I think people are being a bit paranoid.
You can't expose the cypher, or links will be taken down.
But maybe it's better to run the whole process via command-line, rather than an extension.
[-] I_Cant_Ink_Straight | 12 points
All this extension/encrypting links business is flawed from the beginning in the first place, if
[-] Lunatic2014 | 3 points
This is honestly a terrible idea that needs to be reevaluated.
[-] I_Cant_Ink_Straight | 98 points
You do realize that this is not gonna work in the end, right? The people that file DMCA or Reddit claims can just install your little extension themselves. It does absolutely nothing.
[-] plain_dust | 46 points
What happen when the people that do the DMCA just install the extension? They will have instant access to all the links.
Just make it base64 or make the encryption that can only be decoded with a website you have to visit.
Don't make it easy for the link to be take down by a simply extension installation.
[-] -TheBabadook | 8 points
Couldn't you simply say "Don't make it easy for the link to be taken down simple by visiting a website".!?
What's the difference between extension and visiting base64?
You do understand that there is no need to visit websites, right? Most text editors will encode/decode for you or have the option to install the extension to add that function. You can also add the following to your bookmarks bar.
javascript:function c(){}c.prototype.get=function(){var a="";window.getSelection?a=window.getSelection().toString():document.selection&&"Control"!=document.selection.type&&(a=document.selection.createRange().text);return a};c.prototype.set=function(a){if(window.getSelection){var b=window.getSelection();b.rangeCount&&(b=b.getRangeAt(0),b.deleteContents(),b.insertNode(document.createTextNode(a)))}else document.selection&&document.selection.createRange&&(b=document.selection.createRange(),b.text=a)};try{var d=new c,e=atob(d.get());d.set(e)}catch(a){alert(a.message)};
Then you just highlight the encoded line and click on the bookmark.
[-] -TheBabadook | 1 points
I tried to do what you said and it didn't work :( (I'm fairly technologically illiterate.)
that freeze was rather pointless in every way. It wouldnt have prevented a takedown anyways.
[-] indigo6alpha | -3 points
We didn't expect it to, either.
Then you admit you did it for no reason, and as such are unfit for moderation duty?
That's assuming it was OP's decision and his or hers alone. If that's the case, then I don't think a single error in judgment is reason to say that someone is "unfit for moderation duty".
[-] GoslingIchi | 24 points
Welcome back!
Otherwise, I have to say that I'm rather opposed to browser extensions.
I guess this means we won't be able to use the search anymore, seeing as the titles would be encrypted?
[-] uwotm8_888 | 20 points
Feel free to use my sub r/megahosting u/indigo6alpha
[-] indigo6alpha | -2 points
Hey thanks! I will DM you on discord. I'm assuming you have the same username there?
[-] uwotm8_888 | 1 points
Yup and i jave sent ypu a mod request. I dont have many sub so we can just use it even without going private
[-] uwotm8_888 | 1 points
Yo im on discord as maximiion#0192
people will not install some browser extension.. sounds so much like a scam that even if it isnt, people will think it is. would prob cut userbase by 65-70%
[-] divinekaos | 18 points
Nope.
If the titles are encrypted, will we be able to use the search bar and search shortcuts (side bar)?
[-] AnonymousHerbMan | 8 points
Small variations in the title will mess up any searches. I don't think it's a good idea
[-] AnonymousHerbMan | 15 points
I think an offsite solution is still the best. Whether it's a reddit clone hosted on a server someone pays for, or a forums, something far away from reddit is the best bet. Encryption might work for a while, but who's to say it'll stop reddit from coming down on you in the future?
The forums is working great for us over at /r/megaporn. Sure, we got a smaller community but the organization and search works well with a forums. Encryption is going to mess up search results, so /r/megalinks will be more of a RSS feed than a database of sorts. I love being able to pop on and search for movies I can't find other places.
[-] ex_planelegs | 12 points
Will you restore any deleted posts?
No posts were deleted as submissions were restricted during the time.
Comments mentioning another site were deleted, and some users claim they were banned. I'd like an explanation.
[-] -TheBabadook | 6 points
I figured they were warned for mentioning it (IDK why), but then kept spamming the link after repeated warnings. Resulting in a ban
That "other site" is pretending to be this subreddit without any affiliation whatsoever, and is being run by people even more happy about censorship than reddit. It's only fair this trash doesn't get advertised here.
That "other site" is pretending to be this subreddit without any affiliation whatsoever
In what way? Are you suggesting that some user is confused thinking they are on this subreddit when really they are on the other site's similarly named sub? That seems quite a stretch.
is being run by people even more happy about censorship than reddit
I understand if you were trying to move all your subs over there that would be very problematic. But using it as an alternative for stuff reddit bans, assuming they are OK with it, seems like a nice backup plan. I really don't care about the politics of the folks hosting something like /r/megalinks, provided I can get 90% of what I'm looking for I can dig up the rest elsewhere. I could deal with this sub being on "that other right wing site" or "that other left wing site" equally.
In what way?
This one guy co-opted the name, the sidebar, the post format and everything from this subreddit and put it there. Then came here advertising it as if it's where this subreddit moved, which is not true in the slightest.
I could deal with this sub being on "that other right wing site" or "that other left wing site" equally.
Same here, others' political views are none of my concern no matter what they are. It's only a problem to me when the admins of the website I'm on go out of their way to censor content because it doesn't align with their views.
[-] DaveSheepel | 6 points
Are you seriously defending censorship while complaining about censorship?
Do you call removing spam censorship?
[-] DaveSheepel | 3 points
[-] JustForRobins | -8 points
That site just censors alt right views, it's basically the lefts answer to voat.
[-] uwotm8_888 | 7 points
An user deleted all of their posts
If a user decides to remove their posts, there really is no way for us to recover them. Only posts that were removed by automod or another moderator can be recovered.
[-] uwotm8_888 | 6 points
I realize that i was just clearing it up for the op
[-] IAmAlreadyAGod | 12 points
The more you think about this, the more you realise this won't work.
[-] BungusMcFungus | 11 points
What license will the extension and server be under?
[-] indigo6alpha | -14 points
Browser extension? 'Community'? The fuck are you talking about? Run a local program? A web server?
Somebody just fucking make another subreddit. This is retarded.
[-] Mrfrodough | 9 points
Any plans on the browser extension will be on mobile as well?
[-] uwotm8_888 | 4 points
Use firefox on mobile
[-] Mrfrodough | 4 points
I do but wasnt sure if an extension that gets put out for pc automatically works on mobile or it has to be developed seperately.
[-] indigo6alpha | 4 points
Firefox Mobile will support the PC extension, but we're looking into alternative solutions for mobile, like patching the official reddit APK.
[-] Mrfrodough | 1 points
Atleast the extension would serve for awhile, i didnt know you could basicly mod the official app.
[-] roryjacobevans | 9 points
Can you address how search and tags will be impacted?
Is the Discord thing not happening anymore?
[-] sharklaser5432 | 6 points
The group still exists but it's a mess to navigate. Even in the separate channel that is just for filled requests there are tons of irrelevant posts that clutter up the feed.
slightly worried for you guys as this might have legal implications. you're going from hands-free platform moderation to what could be seen as active assistance. just watch your backs for everyone's sake and stay safe please. :)
how will mobile users browse the sub? i dont think even android has browser extensions?
[-] GeraldoDeRifia | 2 points
Firefox does.
[-] rule2productions | 6 points
I just discovered this subreddit yesterday and fell in love with what you guys do. I've already found so much content that doesn't seem to be available anywhere else. I'm glad to hear this community will survive. Thanks for all you do.
[-] Plays_You_Wonderwall | 11 points
Time to stock up on storage drives.
[-] Axelstrife | 5 points
Im a little confused how will users be able to read the title if it's encoded?
[-] indigo6alpha | 9 points
The browser extension will decode it.
[-] Axelstrife | 10 points
Ok I like it but mobile and tablet users will not be able to use extensions afaik.
[-] indigo6alpha | -2 points
[-] Jake548675 | 5 points
Sorry, but obfuscation does little to nothing, because there also are humans reporting the links, not just bots. You should prepare a place to meet and regroup as a real "plan B" in the event this subreddit gets banned. It's going to happen eventually as Reddit gets more commercialized. The question isn't if, but when.
.....
/u/indigo6alpha /u/iPhunwa2 /u/vcdupper /u/GoldFuzzy /u/siomi /u/focus_rising /u/plain_dust
[-] rED_kILLAR | 6 points
[-] sniperkitty10 | 2 points
Is there an updated discord invitation?
Might not need a browser extension, the command-line could probably do everything itself, i.e load the sub posts as text, and also do the decrypting and downloading.
Could probably be done by forking megatools.
[-] saberskill | 2 points
u/indigo6alpha need this subs discord link. The one in sidebar is expired
[-] greatflicks | 1 points
Thank you for being proactive. A few days of thought and patience will help the sub last longer.
Even though it wasn't needed, thanks for taking measures to preserve/protect the sub!
[-] a200tristan | 1 points
I very much appreciate the hard work and ingenuity going into this project. Best of luck and long live Mega
[-] MrTattyBojangles | 1 points
Glad it's all sorted out. Welcome back MEGAlinks!
[-] chapling1313 | 1 points
Why not try somehtign like TPB's Pirate Browser? Mitigates much of the concern of the users and helps keep the community going.
[-] Lunatic2014 | 1 points
I don't want to use some random extension running from some random person's PC.
please please just keep megalinks as it is and if it gets banned move to a diffrent websute. easy. Could have a list of regular uploaders and downloaders to PM and everyone could just follow from website to website, or make Megalinks private.
Just discover this subreddit and wanted to thank everybody, the admins, contributors, general public, everybody. Just wow amazing subreddit, its going help a lot for a few months away from home.
[-] sniperkitty10 | 1 points
Was anyone else banned from the discord? I can't seem to find a reason as to why, but my account definitely can't rejoin.
[-] ihavenogreypoupon | 1 points
Lots of people got banned when the mods decided to clear out any mega.nz links, it's possible you didn't get unbanned afterwards. what was your username?
[-] sniperkitty10 | 1 points
SK10#5093
Ah I see, I noticed the new rule about only posting encrypted links, but that was announced after I was banned so that makes sense. Thanks
[-] mrizzle1991 | 1 points
I’m glad that the sub lives on!
[-] MrKyleOwns | 1 points
With this new browser extension mobile users will no longer be allowed to download. Is this on purpose?
So, once the extension is implemented, posters will choose whether or not to encode their links, or just the title/text of the post itself? Dosen't making it optional still leave the sub open for a potential shut down? Will mods be going back over old posts and encoding them to ensure that a shut down can't be linked to older content still available on the sub?
[-] iMadeThisToSayThanks | 0 points
[-] DeathtotheCavalry | -1 points
P R O F I T <3
[-] heavymetalelf | -2 points
I just want to say I really appreciate the effort that is going into trying to save/salvage the sub and the community.
While a browser extension may not be ideal, I think if you are going to bitch about it, then you're not required to install or use it. After all, we're accessing links that people have shared that often times contains copyrighted material to which they do not own the copyright, and to which you, the link-clicker certainly do not own the copyright to.
Nothing in that scenario says "do it to my exact specifications because it must be my way or no way at all". It sounds a lot more like a bunch of people being ingrateful of the time and effort being spent to develop a method to continue on in the face of systemic changes that is not perfect.
I would argue that if you trust the mods to run the sub and you trust the people providing uploads, that a browser extension or an encryption program is reasonable. I also feel it is reasonable to not publish the cypher, because an encryption is only valid while the key remains secret. This is aside from the speculated usefulness of any given solution.
The fact of the matter is that times are changing, as much as we may not like it, and we have to change with them.
This is awesome! I'm also a little bummed because I just spent a ton of time writing a decoder bookmarklet :P
[-] Tagliavini | -2 points
MY WD EasyStore Appears to have Died.
SSHHHHIIIITTTT!!!!!!
I hooked it up to my laptop on Sunday and I noticed (after a short while) that it didn't show up. I tried a few different usb ports and nothing.
I can hear it spinning, but it's repeating the same pattern of clicks and scratchy sounds over and over... almost like morse code.
I have roughly 2.5-3TB of stuff on it... is there anything I can do?
Where’s the drop - deadmau5 available on tidal. Can anyone provide download? Flac? 🙏🏻
[-] _stevenjus_ | -2 points
does anyone have Swiss Army Man (Original Motion Picture Soundtrack) on flac format????
i only have the amazing soundtrack of this movie in mp3 but i havent been able to find it on flac format through mega. I was wondering if anyone were to have it or has the link to it. im sure its out there through torrent but thats something i cant do because i dont have a vpn.
[-] R3a1ityCheque | -3 points
back in the game!
Hope this works well, or that we go down in glorious flames!
[-] DeathtotheCavalry | -3 points
Great work mods
The extension can be a good idea if done correctly.
It won't stop individual links from being found and taken down, but it will provide plausible deniability for the existence of the subreddit, as long they don't call the extension megalinks downloader or something too obvious.
[-] red_storm_risen | -5 points
No biggie.
Glad you’re back.
Love y’all.
[-] DisastrousProgrammer | -8 points
[-] fonzerrillii | -9 points
Good idea...
[-] MayMeiMaiMae | -9 points
Have some of my emoji gold🌟 🌟 🌟 🌟 🌟
[-] GoldFuzzy | 286 points | Mar 26 2018 14:04:32
Take your time, the survival of this community is more important than a week or two of submissions
<3 mods
permalink
[-] GurbHedgeTheHedgeHog | 60 points | Mar 27 2018 03:00:57
Pros:
Cons:
permalink
[-] GodnBabyJesusHelpUs | 21 points | Mar 27 2018 04:33:54
r/titties?
permalink
[-] SomeDuderr | 4 points | Apr 01 2018 09:35:23
Yea, I'm not gonna bother with some unknown extension and running a (local) server that does who knows what.
If this means the death of this sub, so be it.
permalink
[-] doctorwho6904 | 1 points | Mar 27 2018 04:46:16
Well i agree. But now that Megalinks is up again. I can start posting again.
permalink