Famously founded by Kim Dotcom a year after the 2012 shutdown of Megaupload, Mega has grown to become one of the most popular cloud storage sites online today. Dotcom is no longer involved with the platform but that hasn’t affected its growth.
In its launch year Mega hosted just 0.6 million files but just 12 months later, that had grown to an impressive 3.6 billion. By 2019, the number of files stored had swelled to 63.8 billion and last year that figure grew further still, topping out at 84 billion files.
This data is presented in Mega’s annual transparency report and this week the company published its latest set, revealing that it now has 230 million users in more than 200 countries and territories. Together those users are storing more than 100 billion files utilizing end-to-end encryption, meaning that the platform continues to grow.
Copyright Infringement & Content Removal
Right from the beginning, Mega has been promoted as a privacy platform, meaning that not even the company itself is able to look at what content is being stored on its servers. This is a welcome feature for users but it’s still possible for them to share stored content with outsiders, as long as links are distributed with a decryption key.
It follows then that some Mega users utilize the service for sharing copyrighted content including movies, music and TV shows, much as they had done with Megaupload. In what appears to be a clear effort to distance itself from its predecessor, however, Mega is overtly public about what actions it takes to tackle infringement in response to valid or at least uncontested copyright holder requests.
During the most recent reporting period spanning 12 months to September 2021, Mega received more than 2.3 million takedown requests from copyright holders, up from around 1.2 million in the previous reporting period. The company says that it aims to process takedowns within a maximum of four hours, with most takedowns being actioned within minutes.
“The number of files which have been subject to such takedown notices continues to be very small [compared to overall files stored], indicative of a user base which appreciates the speed, flexibility and privacy of Mega’s systems for legitimate business and personal use,” the company says.
“In Q3 2021, the links taken down represented 0.0007% of the 107 billion files uploaded to Mega servers.”
In common with many online platforms that handle user-uploaded content, Mega also processes copyright counternotices, which allow those wrongfully targeted with a takedown request to file an objection. The company says that most of the counternotices it receives are both genuine and appropriate but the number it receives is vanishingly small.
In the previous reporting period, Mega processed 20 counternotices. In the latest, that had dropped to just 13, none of which were contested by the original complainant. This suggests that the overwhelming majority of copyright complaints are genuine, with possibly a small number targeting files that users simply don’t care enough about.
Repeat Infringer Policy
After initially operating a “five strikes” policy, in 2015 Mega introduced a “three strikes” regime that remains in place today.
“Mega suspends the account of any user with three copyright takedown strikes within six months. In some cases, the account can be reinstated after it is proved to be the subject of invalid takedown notices, but most suspended accounts are terminated,” the company says.
Account suspensions for alleged copyright infringement peaked in the third quarter of 2017 at just over 8,000 but tailed off to a relatively steady 2,000 to 2,500 suspensions per quarter thereafter. In the 2019/20 period, Mega suspended a total of 8,845 accounts, a number that increased to 9,716 in the most recent 12-month period.
Added together, the total number of accounts suspended is large but as Mega is keen to point out, the overall number of users on the platform should be considered for context.
“As at 30th September 2021, Mega had suspended 144,813 users for repeated copyright infringement. The data below shows that suspensions are a very small % of the number of registered users,” its new report reads.
Storage of Personal Data
Finally, Mega reports that it currently stores “very limited” non-encrypted personal data on servers in New Zealand, Canada and/or Europe, suggesting none in the United States. This data includes users’ email addresses and “some activity” relating to account access, file uploads, shares, and chats.
However, digging into the service’s privacy policy reveals that when people use Mega, its systems retain metadata including IP address and port information for logins, API usage, file uploads, folder creations and link exports. This means that if a user shares a file in public with a decryption key attached, copyright owners can identify the content and potentially link that to an account at Mega carrying personal data.
Mega also stores the email addresses of anyone that users have contacted using Mega’s systems, the email addresses of chat participants, plus chat commencement and duration times.
Account data is kept for as long as accounts are active and in the event that an account is suspended or terminated, the company ‘may’ hold that data if enforcement action takes place or is likely. After 12 months, if no action is apparent, account data will be anonymized with the following condition:
“[W]here you are a contact of, have had a folder shared with you by, or have chatted with, another MEGA user, those details will continue to be retained to allow services to continue for those other users,” the company writes.
“If we think it is necessary or we are obliged by law in any jurisdiction, then we are entitled to give Your Files, Your Chats, any Account Data and any Usage Data to competent authorities, even if those items are encrypted. We reserve the right to assist any law enforcement agency with investigations, including disclosure of information to them or their agents.”
Mega’s latest transparency report can be found here