Consider Mega.nz #496
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#496
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi,
Is there any reason mega.nz is not listed?
I've search the issues and couldn't find any thing related. Some posts on reddit however mentions that it has been listed previously on your list.
It's also listed on your other repo : privacy respecting.
For what I know all their software is open source and could be found on
https://github.com/meganz
There have file sharing, chat and other very useful features, all are encrypted end-to-end - per their statement.
I am not actually promoting it but just wondering as a user. So if you have reasons against it, I'd be happy to know them to be careful.
https://www.wired.co.uk/article/kim-dotcom-mega-3
https://yro.slashdot.org/story/15/07/27/200204/interviews-kim-dotcom-answers-your-questions
https://old.reddit.com/r/privacy/comments/7y26sy/is_meganz_still_secure_and_private/duehbw5/
https://old.reddit.com/r/privacy/comments/7f8pe5/how_is_meganz_in_terms_of_privacy/
https://mega.nz/blog_40 - April 2016
Worried about Kim Dotcom’s tweet concerning MEGA?
We don’t know why Mr Dotcom would want to make negative comments about the company he co-founded, but we do know that he is factually incorrect. MEGA has significant funding and strong support from shareholders, so its financial position is sound.
This year, MEGA has already committed 24 PB additional storage capacity to service our 40 million registered users, and we will continue that expansion. MEGA users are able to pay subscriptions through a variety of methods, depending on their country of residence.
MEGA continues to experience strong growth, which illustrates global appreciation of the quality of its services.
Mr Dotcom resigned as a director of MEGA in August 2013 so he could pursue his political ambitions with the Internet Party. That endeavour badly damaged his credibility with the New Zealand public.
His family trust sold a significant proportion of its original shareholding in MEGA, releasing many millions of dollars. In 2015 the family trust twice subscribed for new shares in MEGA. In December 2015 Mr Dotcom applied to the New Zealand Court for approval to personally borrow $0.7 million for his family trust to subscribe for further shares in MEGA. The Court declined approval. Since then he has made negative comments about MEGA that have no factual basis.
It is good practice to have a backup of your files but we strongly disagree with Dotcom's scaremongering. If you follow his tweets about ‘MegaNet’ you may have less confidence in his predictions:
January 2014: “Coming in 2014”
July 2014: ‘MegaNet’ is coming in 2015
December 2014 Launching in 2016
June 2015: ‘MegaNet’ details will be revealed and equity will be available via crowd funding on 20 Jan 2016
https://mega.nz/blog_46 - January 2018
1,826 days, 100 million registered users, 40 billion encrypted files. A lot has changed in the 5 years since MEGA first booted on 20 January 2013, offering users 50 GB of free storage and a breakthrough encryption system. While encryption has been widely available for many years, most systems remain complex and difficult to use. MEGA’s simple implementation, where files are encrypted and decrypted within the user’s browser, is still unique 5 years later.
@megasteph Has mega.nz software been independently audited?
Actually, I don't reject the huge user base of mega - and growing. But remember google has too much more.
Security and privacy should be supported by technical facts, not by market share.
Are all types of data & communications on mega encrypted in way that even mega cannot access?
Or just the files?
I mean data like sessions, shares, contacts, chat data and meta data, audio and video communication?
"Whom, when, how and what?" Are all those pieces of info. encrypted that even mega cannot spy on?
You can't even know the files are encrypted, but that's with any provider. So you either have to self-host or trust some company. The question is whether MEGA is trustworthy.
@Shifterovich I think as they say that data is encrypted client side, and the client software is open source, you can know that files are encrypted, not you?
Well, true. You can know that you sent the files to the server in an encrypted form. But stealing your key isn't hard, especially in a browser. And if we talked about receiving encrypted files, just because your open source client receives encrypted files doesn't mean they are stored encrypted.
The files are sent to Mega in encrypted form, and the code is public so we can see that they aren't stealing the key, SO Mega can't decrypt. The files are certainly received and stored in encrypted state.
Raviu8:
Some data must be stored without user encryption so Mega can operate functions such as shares, chat, email comms etc.
Mega's Privacy Policy is being updated shortly. It will specify that the following account data is stored without user encryption. The reason is obvious when you consider the type of data:
"- browser type and operating system of the devices from which you have logged in to Mega;
Raviu8:
Agree - market share is interesting but not indicative of security. Mega is proud of both!
January 2017 Mega reported:
"MEGA supports the safety and security of individuals, companies and governments by providing tools, technologies and services relying on the inherent integrity and security of correctly implemented user-controlled end-to-end encryption. To provide full assurance of that integrity and correctness, we are disclosing the source code of all relevant components. We welcome reviews by independent security researchers to confirm that there are no backdoors in the MEGA systems and that the cryptographic processes are appropriate and reliable. We also invite security researchers to verify that the binaries that can be downloaded from our website and from app stores are built from our published source code with no alterations.
SDK code has been posted on GitHub since 2014, web client code, Firefox and Chrome extension code and MEGAsync code since 2016. Now we have published the code for Android, iOS and Windows Phone apps. Please send comments to crypto@mega.nz "
Mega software has been independently reviewed by many security experts who have reviewed the public code and tried to find vulnerabilities.
As reported in https://mega.nz/blog_46 "MEGA offers a vulnerability bounty and paid out a total of
EUR 15,000 for some minor vulnerabilities that were reported between 2013 and 2016. However, MEGA’s brute-force challenge, issued in February 2013, hasn’t been claimed and we are confident it never will be!"
If it's in browser, they can just send you JS that makes your browser hand the key over to them.
Using a desktop version that you trust with restricted updates works.
@megasteph Fair enough. Thanks
@megasteph So does mega save session history information including IP address and other identifying info.? Or just for the current active sessions?
Session history is stored
just google Zhao Wu Shen and figure out why you want to stay far away from MEGA. 5th most wanted Chinese fraudster https://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11340807
Shen has no involvement with Mega.
Yan has settled his issues with the NZ and Chinese government.
Mega is backed by 16 private investors so hiragashi 's comment is irrelevant.
I guess this can be closed as there wasn't clear concencus that it should be recommended and there haven't been comments in a long time.