On 25/07/18 14:35, Matthew Crews wrote:
On 7/24/18 7:17 PM, Rick Thomas wrote:
On Jul 24, 2018, at 2:41 PM, Matthew Crews <mailingli...@mattcrews.com> wrote:
Personally, I have a low degree of trust for Mega.nz, so caveat emptor.
Why do you say that? (serious question!) Have there been reports of problems?
A few reasons:
1. Kim Dotcom vs the United States. There is a strong chance Mr. Dotcom
will be extradited to the United States (due to Megaupload and other
criminal accusations), and will leave Mega without functional leadership.
Apparently, Kim Dotcom is no longer associated with Mega:
https://en.wikipedia.org/wiki/Mega_(service)
2. In light of Megaupload being shut down, there's no guarantee that
Mega won't have the same fate at some point, considering the services
are basically identical.
How do they differ from any other cloud storage provider, other than
having support for client-side encryption? Nothing stops copyright
infringers from uploading encrypted blobs to Amazon S3 and sharing links
and keys. Their business model, which was the basis for the closure of
Megaupload, seems quite different.
Was Megaupload encrypted? I do not recall that it was:
https://en.wikipedia.org/wiki/Megaupload
What led (allegedly) to Kim Dotcom's downfall was threatening the
business model of the media-industrial complex and (allegedly) boasting
about it on chat:
https://en.wikipedia.org/wiki/Megaupload_legal_case
The indictment is not clear cut and yet to be examined by the courts:
https://en.wikipedia.org/wiki/Megaupload_legal_case#Basis_of_indictment
Kim Dotcom has kept the New Zealand public entertained for years:
https://en.wikipedia.org/wiki/Kim_Dotcom
https://en.wikipedia.org/wiki/Internet_Party_(New_Zealand)
3. Their server software is not auditable. Even though the client-side
and API are public, unless the server side is auditable, you cannot
effectively trust it any better than Google Drive or Dropbox. Of course,
few storage providers are, and even if they are, you should be using
client-side encryption that you control, anyway.
If you are using megatools, you are already using open source
client-side encryption software that you control. And if you are
super-paranoid, double-encrypt with "gpg --symmetric --cipher-algo
AES256 --s2k-digest-algo SHA512" using a different passphrase before
uploading.
4. There's always been something shady about Mega that I can't put my
finger on.
The whole internet is a bit shady. Perhaps Mega are behind fluoridation
and chemtrails? The whole point of client-side encryption is that you do
not have to trust them.
Granted, these aren't the strongest reasons, but for me they are strong
enough. Maybe I'm wrong though?
You may be proven right, but, because it is impossible to prove a
negative, you will never be proven wrong.
Kind regards,
--
Ben Caradoc-Davies <b...@transient.nz>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
