When asked how they might deal with abuse of the service to distribute illegal files, he suggested that you could compare uploaded files to hashes of known files. This doesn’t make sense in a system where the server has no knowledge of the unencrypted file, since the same file encrypted with two different passwords will result in two different hashes.
One red flag from that podcast:
When asked how they might deal with abuse of the service to distribute illegal files, he suggested that you could compare uploaded files to hashes of known files. This doesn’t make sense in a system where the server has no knowledge of the unencrypted file, since the same file encrypted with two different passwords will result in two different hashes.
Can’t you hash it before uploading and upload just the hash? Or download the banned hash list locally.
Sure, but then you’re trusting the client. I can always encrypt
x
and send along the hash fory
.In the end you can always just encrypt the illegal stuff externally before giving it to them…