New MEGA service for sharing (former Megaupload)

Discussion in 'privacy technology' started by dogbite, Jan 20, 2013.

Thread Status:
Not open for further replies.
  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Megaupload seems back to business, with a new version which claims highest privacy standards (despite collecting personal info needed to provide their service, see Privacy section) and encryption of uploaded material.
    50GB free storage.

    Some details:

    https://mega.co.nz/#privacycompany

    Some encryption info:

    ---
    For bulk transfers, AES-128 (we believe that the higher CPU utilization of AES-192 and AES-256 outweighs the theoretical security benefit, at least until the advent of quantum computers). Post-download integrity checking is done through a chunked variation of CCM, which is less efficient than OCB, but not encumbered by patents.

    For establishing shared secrets between users and dropping files into your inbox, RSA-2048 (the key length was chosen as middle grounds between "too insecure" and "too slow"). All encryption, decryption and key generation is implemented in Javascript, which limits throughput to a few MB/s and causes significant CPU load. We are looking forward to the implementation of the proposed HTML5 WebCrypto API in all major browsers, which will eliminate this bottleneck.

    Javascript's random number generator is augmented by a mouse/keyboard timing-driven RC4 entropy pool.
    ----
    Source: https://mega.co.nz/#help_security
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I give it about a year before they go knocking the guy's door down again. In the meantime, have a dose of comedic hypocrisy :D
     

    Attached Files:

  4. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    lols aes256 is too demanding?what year is he living in, apparently i have a quantum computer then and ipswitchft with its aes256 bit transfer encryption is from the future , lmfao , what a freakin idiot,
    and tells me they dont take theyre buisness seriously and apparently kim dotcom hasnt been raided for nothing hes far from innocent, i hardly believe he wasnt involved in some shady buisness that made him a main target of interest, rumors even have it that he himself was cooperating with the feds on cracking down on file sharers, you get what you deserve then i guess , what goes around comes around ;) , megaupload was just the tip of the iceberg , yep this ones gona be hilarious....again
     
    Last edited: Jan 20, 2013
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I would have preferred AES 256 bit, but i'm not sure it would have really made a difference since anonymity is more important than the encryption for these type of sites. I had never used Megaupload before, but I will take a peek at this site out of curiosity.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Yep, it looks like any other cloud storage site at this point. Maybe there's something special behind the curtain if you create an account. At the present time I have no need for another cloud storage service. I may try it out later.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Apparently, there is a major XSS injection vulnerability on the site.

    Haha nice one :D
    That is a really annoying warning/ad from the MPAA btw and the most stupid part of it is that only paying users are tortured by it..
     
  8. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Kim Dotcom’s new file locker “Mega” opens to the public

    Source: http://arstechnica.com/tech-policy/2013/01/kim-dotcoms-new-file-locker-mega-open-to-the-public/
     
    Last edited: Jan 21, 2013
  9. JeffreyCole

    JeffreyCole Developer

    Joined:
    Dec 29, 2012
    Posts:
    433
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    this is going to get interesting.
     
  10. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    It sure is.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    While much of the sordid Kim Dotcom case leaves a bad taste in my mouth, some of the recent bits are worth a read.
     
  13. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
  14. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    Kim is pretty funny.

    Many feel they took him down because he was going to start a competing service to ITunes and Amazon, that's when the heat turned into a fire.

    The salted encryption he is using is basically to protect him, because he won't know what is being stored or transfered on his service, therefore he cannot really be held liable. It's like bullguard being liable for what I store on BG-Drive, when they don't really know what I store.
     
    Last edited by a moderator: Jan 22, 2013
  15. JeffreyCole

    JeffreyCole Developer

    Joined:
    Dec 29, 2012
    Posts:
    433
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    Interesting stuff.

    Anyone here signing up for it? :D
     
  17. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    'Ars was given a preview look at the new Mega service, which offers end-to-end encryption of files and seeks to circumvent the possibility of another high-level raid by allowing a diverse range of companies and individuals to set up servers and host users' files. Encrypted files stored with Mega will be duplicated and stored with multiple hosts for redundancy protection...'

    But as mentioned in the most recent Ars article on 'Mega', posted by Lotuseclat79;

    'There's another issue besides identity spoofing: Mega's terms of service contain the following puzzler:

    "8. Our service may automatically delete a piece of data you upload or give someone else access to where it determines that that data is an exact duplicate of original data already on our service. In that case, you will access that original data."

    This sounds a lot like deduplication—only storing each unique chunk of data once to save storage space. The AES-128 encryption used for the node data blocks should ensure that every encrypted block is unique, even encrypted blocks made up of two copies of the same file. If Mega only sees encrypted data, which by definition is all completely unique, how then can they be "deduplicating" it? Is something fishy going on?
    There is a lengthy discussion at Hacker News on the subject, which has a number of theories, including that Mega is using convergent encryption to identify non-unique blocks...
    '

    meh, deduplication could mean Kim&Co know which files are duplicates, which will allow them to erase most of them and then link users to the 'single' file. Probably still duplicated over multiple servers of course.
    But it's not like all your files will always remain untouched. Nevermind the legal implications of having lists of users, all linked to (a) specific file(s).
    Encrypting all your data before uploading is still an option of course.
     
    Last edited: Jan 21, 2013
  18. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Re: Megabad: A quick look at the state of Mega’s encryption

    Thanks for posting.
    Still 'some'(cough) caveats like reg. the deduplication and userpassword-based encryption key but for non-essential data it might be usefull to have 50GB to store already encrypted data, for some. Not sure if they'll overcome their tarnished reputation though.
    LEA will undoubtedly announce their special interest in Mega traffic and it's users.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Re: Megabad: A quick look at the state of Mega’s encryption

    Most of this is premature and irrelevant.
     
  20. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    Re: Megabad: A quick look at the state of Mega’s encryption

    I'm happy to see they are working on a privacy solution. I'd still encrypt anything I uploaded anyways. I figure the only way this is going to be a problem is if they poorly implement security on their side, I have my uploads MITM, or have a warrant to seize my hardware. Best of luck, Uncle Sam.
     
  21. PastTense

    PastTense Registered Member

    Joined:
    Feb 28, 2009
    Posts:
    42
  22. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Re: Megabad: A quick look at the state of Mega’s encryption

    well said... got the same impression while reading it.
     
  23. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    181
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    I don't understand the message of these "cloud" websites.

    They tell modern consumers like me that you should "backup" your computer contents to the cloud so that they are available across platforms...and in case of emergency.

    Yet, they set storage limits & price their services as if this was 2003. As if all that people have on their computers are office documents, CD-size software packages, 128 kbit/s mp3's, and low quality Real Media videos.

    It's 2013. I have purchased lossless albums, HD TV shows, and HD movies from sites like Itunes & Amazon. Then there are HQ pictures from my camera, and large design & editing software packages which can only fit on DVD's.

    All this content amounts to over 8 TB. Apparently, if I wish to securely backup these files online...I must hand over almost $80 every month?!

    Ridiculous.
     
    Last edited: Jan 22, 2013
  24. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    I made an account mainly because they're giving 50 GB for free. Not sure when and if I'll start using it.

    I agree with you.
     
  25. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    Exactly, you 're better off buying 2-3 TB HDD drives.
     
Loading...
Thread Status:
Not open for further replies.