It’s not the only game in town – not by a long shot – but many had high hopes that storage locker MEGA would deliver where competitors like Dropbox and Skydrive fall short: elbow room.
Apparently, Dotcom planted all his seed money in the lawyers’ garden, and forgot to retain a few competent techs during the whole “architecture” phase of this project.
If MEGA’s HTML-5 frontend is the handsome, youthful face of the company, then the servers and security code are surely the true picture of Dorian Gray.
“It’s a nice website, but when it comes to cryptography they seem to have no experience […] Quite frankly it felt like I had coded this in 2011 while drunk.” – Nadim Kobeissi, creator of Crytocat.
Security researchers have discovered multiple, fundamental flaws with Dotcom’s distributed paradigm:
“If you were hosting one of Mega’s CDN [content delivery network] nodes (or you were a government official of the CDN hoster’s jurisdiction), you could now take over Mega and steal users’ encryption keys,” (source)
And just for the hat trick, Steve Thomas has discovered how to decipher the confirmation email sent by MEGA, allowing you to unlock any data stored by the email recipient on the servers. Email is of course comparatively easy to intercept as plain text, so this should be a very present concern for users.
All of these security holes, coupled with near-to-useless responsiveness for the entire post-launch week, and Dotcom is off to a very shaky start indeed.
Still, our hopes are high that all the concerns can be addressed quickly, and if so, MEGA may yet emerge as a real online storage contender (provided they get on the cross-platform horse in a big hurry). But let this be a lesson: If you’re going to launch a tech company, it’s probably unwise to skimp on the tech.