If they must scam, shouldn’t they be deduplicating on the server rather than the client?