I just found a weird things on they ToS [1] ...<p><i>8. Our service may automatically delete a piece of data you upload or give someone else access to where it determines that that data is an exact duplicate of original data already on our service. In that case, you will access that original data.</i><p>Duplicate check, I get that. But, how do they do it? They say the files are encrypted on the browser, so if I upload file X and other user uploads X too, they can't know they're the same because both uploads are encrypted. So, they can check only for duplicates of the encrypted outcome of each file. But, wouldn't that be inefficient? Probability of collision in encrypted files is (AFAIK) really low, something like 2^(-N), N being the size of the file on <i>bits</i>... If I did it well, it'd be a collision probability of 7.458E-155 for a file of 1MB.<p>[1] <a href="https://mega.co.nz/#terms" rel="nofollow">https://mega.co.nz/#terms</a><p>EDIT: Added example.
To everyone asking about the encryption, it isn't really about protecting your data its about protecting themselves. They have created a service that is billed as a drop box competitor but it's not. This is megaupload2, they just need it to not look like they are marketing it as that.<p>They needed a way to deny any knolage of file sharing and have found a two pronged attack. The encryption means they can deny any knowledge of what they are serving, and marketing it as a drop box type tool means that they aren't marketing it as a blatant tool for illegal file sharing.
Does anyone understand how their implementation of client-side encryption is actually supposed to make my data safer? After logging in for the first time, a 2048-bit RSA key pair was generated, but it seems that every time I log in I just use a username (email) and password. Does that mean the RSA private key is stored on MEGA's servers? If so, doesn't that render the whole "client side encryption" bit moot? If MEGA has the private key, they can decrypt the data or am I missing something?<p>The service seems to have ground to a halt, and I am not able to upload anything, so perhaps this all becomes clear once one starts using the service, but I'm curious about how the encryption is used in practice.<p>Edit: Found a bit more detail in the developer documentation: <a href="https://mega.co.nz/#developers" rel="nofollow">https://mega.co.nz/#developers</a>
According to this, they use the symmetrical AES-128 to encrypt files, so why do I need an (asymmetrical) RSA key pair? It also says there that the private part of the RSA key is stored encrypted with the symmetrical AES key, but MEGA has that key, so what good does that do in case of an FBI raid?<p>One of the things that I was most curious about regarding MEGA was to see how they would manage to make encrypted file storage safe but user friendly. It seems like this is user friendly, but not safe at all, or am I wrong?
Regardless of what you may think about KimDotCom he certainly has persistence. You'd think anyone would quit after a FBI raid and being sued into oblivion.<p>So what if the service falls flat? I don't really plan to use it until the kinks are hammered out anyway. The fact that he got it out there though is a statement on to itself.
I see Kim Dotcom as a stereotypical gangster who makes money by delivering illegal products. He has the narcissistic personality and lifestyle trappings to go with it. He even wants to buy protection from New Zealand itself by bringing free fibre optic cable to the island!<p>It's just hard for me to respect the man, because he's not fighting for information freedom, he's fighting for as much cash, status, and power as he can get his hands on.
They're not caching any of their static resources, that might explain the amount of bandwidth use Dotcom is apparently seeing.<p>Edit: They're not gzipping any of the 2.5MB in static resources either. I realise that probably doesn't impact their API calls that are failing, but it's still a big oversight.
The interface is very slick.. almost feel like a native application. Just the fact of being able to resize the various section of the window is very cool. Congrats for the launch, this takes lot of guts to start a service like that.
Site is getting completely hammered as of 15 minutes ago, Kim posted this on his twitter (<a href="https://twitter.com/KimDotcom" rel="nofollow">https://twitter.com/KimDotcom</a>): "Wow. I have never seen anything like this. From 0 to 10 Gigabit bandwidth utilization within 10 minutes."
His theory appears to be that by sharing keys via links to access encrypted files, instead of before which was exactly the same except to access unencrypted files, he will somehow be immune from persecution this time even though he still has the ability to identify infringing material by the traffic sources and bandwidth usage of individual files.<p>The tie in with web hosting companies adds an ounce of legitimacy to the affiliate program that originally led sites like the defunct tv-links.co.uk etc to throw traffic at their paywall last time but it won't be even close to enough if tomorrow there's millions of mega links on all the streaming and download indexing sites.<p>This will be very interesting to watch unfold.
The Javascript for Mega looks very messy; all resources loaded via XHR, loading jQuery but using `document.getElementById` all over the place, using client-side Javascript to validate the integrity of all these XHR-loaded resources...<p>They say that this is their first Javascript coding; they should really get some talent on board to clean this up.
"Warning: You are using an outdated browser, which adversely affects your file transfer performance. Please upgrade to Google Chrome."<p>is this a joke? I'm on FF19
My first upload: <a href="https://mega.co.nz/#!jFlzGQiZ!CL2dMi5IAYLUp3ZQ5JS7nmW0sYtudfUchdIPcdz6oGg" rel="nofollow">https://mega.co.nz/#!jFlzGQiZ!CL2dMi5IAYLUp3ZQ5JS7nmW0sYtudf...</a>
Reading the comments about de-duping,I think one can identify a very attractive monetisation path for mega. The largest percentage of traffic mega achieves, which is largely supported by the huge free space, the biggest the incentive for ISPs to resort to a service from mega for de-duping and caching mega traffic. It would not be unexpected if a "mega appliance" comes up in a few months for "distributed", high-performance mega usage. I do not remember the statistics exactly, but megaupload used to have a significant percentage of global traffic. Albeit, anyone could cache that traffic. Now, mega holds the keys to that. Some strategic and gradual approach is required, though, before ISPs take notice of that and pro-actively degrade mega's services (the other article about Google paying Orange for preferential QoS is relevant) before it gets the required momentum. Just a thought. What do you think? Is mega really holding a lock on this kind of information?
I think maybe Kim is a little smarter this time by not having his servers easily accessible by the US authorities, exactly where those servers are remains to be seen.<p>For me, mega.co.nz is at 154.53.224.166, which is Africa allocated, administered by afrinic.net who seem to be on a small island off the coast of Madagascar.
The big red button is beautiful. But adding just a<p><pre><code> cursor:pointer;
</code></pre>
would have made a HUGE difference to the button itself and to the User's experience, clicking on it. Sigh, when will start-ups start paying attention to UX?
SSL Poor error, cannot connect to server.<p>Is it down, or is my ISP blocking the SSL certificates so I cannot use it?<p>I am using Google Chrome.<p>I assume the site was DDOS'ed or failed under heavy bandwidth.
I have a question..maybe it has already been answered. From what I know of security we have hash and other collisions in Virtual Machine systems and obviously that can be used to gain access. with Mega using always two hosts for a a piece of data assuming that they might be using some cloud structure how would this type of attack be prevented?
Seems like people who care about encryption when using the service are essentially putting their faith in Kim Dotcom's hands. If the FBI, e.g. were to break the encryption, people would probably lose trust in the service. Dotcom is carrying a lot of weight on his shoulders in acting as the security agent.
How exactly does this work, if they don't have access to the original?<p>> 8. Our service may automatically delete a piece of data you upload or give someone else access to where it determines that that data is an exact duplicate of original data already on our service. In that case, you will access that original data.
According to Kim, over a 100,000 users registered in under an hour (<a href="https://twitter.com/KimDotcom/status/292702999078387712" rel="nofollow">https://twitter.com/KimDotcom/status/292702999078387712</a>).
Pretty impressive, and it explains the slow responsiveness of the site.
Just signed up; was quick, smooth and has a nice interface.. was expecting it to get tonnes of visitors and be down for the next few hours but either noone is there yet or they've been very prepared<p>EDIT: Spoke too soon
A lot of people say that megaupload is back, but if I'm not wrong this is totally something different then megaupload or do I make a mistake?<p>You can't share a link with the public anymore, only with an emailadres.
It appears you can upload a file without creating an account. So without generating a key first. Or at least without generating a key that is somehow protected by a password.
After signing up, MEGA suggested that I download Google Chrome to use the service (I was using Safari). I was expecting some affiliate link there, but there wasn't any.
Perhaps he should have launched it like Gmail: Gradual launch with invites. Launching a file sharing site with this much media attention is surely going to crash it.
The site claims safer but it doesn't feel safer. The first click opens my files for me to select one to upload, yet why am I going to upload a file to a completely unknown entity? Who is/are Mega? What gives user confidence to entrust (confidential / personal / business) file uploads to Mega? There are a few steps missing here, I would work on building customer confidence. Unless you are aiming for uploads within a network of people who know and trust you for other reasons. Good luck.
completely not intelligent comment, but i read the url as Mega CONS. as in mega con-artist. never before had a NZ domain triggered that reaction in my mind.