[More from Mashable: Google Glasses Spotted and Two Other Stories You Need to Know]
Thanks to its association with the now-defunct Megaupload -- and the legal issues facing its founder Kim Dotcom -- the amount of press, user interest and hype surrounding Mega is greater than any file hosting/cloud storage launch in recent memory.
According to Dotcom, more than 1 million users signed up for Mega in the first 24 hours. On Twitter, the larger-than-life entrepreneur has continued to share usage stats and traffic graphs that compare Mega with perennial cloud favorite, Dropbox.
[More from Mashable: 9 Fresh YouTube Shows You’ll Love]
If you're curious about the inner workings of Mega, how it works and how it handles security, we've got you covered.
The Phoenix of Megaupload
Mega is the spiritual successor to Kim Dotcom's last business, the insanely popular file-hosting service Megaupload. Last year, the U.S. Department of Justice shut down Megaupload and pursued criminal charges against Dotcom. Dotcom, a New Zealand citizen, is actively fighting U.S. extradition orders.
Megaupload was targeted by the DoJ because of its role in illegally distributing copyright material -- including digital copies of movies, TV shows, books, music and software.
Rather than try to start a new service eschewing the potential for copyright material to be uploaded and shared, Dotcom is positioning Mega as a service that cares about and protects its user's privacy. In fact, Mega's tagline is "the privacy company."
How It Works
On the surface, Mega is a bare-bones cloud storage host. After signing up for accounts, users can upload files and folders of all types to the service. Those files can then be shared with others.
The free plan gives users 50GB of file storage. There are no hard limits on file size, meaning users can use Mega as a way to back up photos, documents and other data. Obviously, this means users can use Mega as a way to store media content -- video files, music, DVD images -- as well.
For now, Mega is optimized to work on desktop web browsers. Mega strongly encourages users to use Google Chrome. And while Mega has big plans for developers and client-side apps, for now, the only way to access files is via the web browser.
Files can be uploaded to the service using drag and drop or a file-upload menu. Users can create folders in the file manager.
Uploads and downloads take place in parallel. If you upload a large number of files at once, each file uploads one at a time. In the future, Mega says users will be able to change the upload order. If you need to upload or download multiple files at once, simply open a new Mega tab in your browser and select that file.
You can upgrade to a higher-tiered storage plan from within your account. Mega doesn't sell these plans itself; instead it has resellers who sell vouchers for a service. A 500GB storage plan with 1TB of enhanced bandwidth is 9.99 euros a month or 99 euros a year (a little over $110 U.S. dollars). That's cheaper than most of its competitors.
The Importance of Passwords
It's very important to remember the password you select when setting up your Mega account. The password is a big part of how Mega encrypts data on both ends.
During the sign-up process, Mega uses your password to create a 2,048-bit RSA key. This is the key that tells the system you are who you say you are. If you forget your password, you're not going to be able to get into your account.
Right now, Mega doesn't even have a password reset or recovery feature. In the future, Mega says it will have a reset mechanism but it will only allow users access to files or folders they have file keys for (more on file keys below). Users won't be able to access other files until or unless they remember their password.
Because your Mega password is also your master encryption key, it's important that users choose a secure password. We recommend using a password manager and printing a copy of the password to store in a safe place.
Understanding File Security
Mega is focused on end-to-end encryption. This means that files are encrypted both on upload and on download. With most traditional file hosts or cloud storage lockers, a public link to a file also includes a file path. With Dropbox, for example, the public or shared link includes the file name.
With Mega, things are a bit different. While users can share specific files to other Mega users or via email, the URL to a file doesn't contain a file name; instead, a cryptographic key is appended to the URL. Without this key, you can't access the file. Once decrypted by the server, a user has the option to download the linked file.
Mega's promise, in other words, is that users control who has access to their files and accounts and no one else.
For important files or folders, users might want to make a note of the file key and keep it in a safe place -- if they are worried about getting locked out of their account.
How Safe Are Your Files
Since Mega is touting itself as "the privacy company," it's important to look at how the company stores files and content.
The end-to-end encryption scheme is only part of how Mega secures data. Still, some are already criticizing the service, noting that it's not as secure as it says it is. An article for Forbes cites two professionals who have problems with Mega's security.
Mega has responded to Green's claims on its own blog, noting that its scheme "basically enables us to host the extremely integrity-sensitive static content on a large number of geographically diverse servers without worrying about security."
Meanwhile, at Ars Technia Lee Hutchinson raises concerns about how Mega comes up with its crypto key at sign-up, as well as how the company handles deduplication, or how it eliminates duplicate copies of data.
Again, Mega has taken to its blog to attempt to clarify its policies and the way it handles data.
While Mega's crypto system certainly doesn't seem any less secure than any other file locker, we do agree with critics who note that the system might be more about giving Mega culpability against claims that it knows infringing content is on its servers, rather than about protecting that data itself.
The service is still in beta and much of its code is available via open source, so security purists might want to watch how Mega's system evolves before trusting it with important, sensitive data.
Will Mega Stick Around?
While security experts can quibble and argue over the way Mega uses cryptography and how it stores data on its array of servers, the bigger issue, for us, is long-term survival.
While I would argue that most users who actively used Megaupload were not using it as a traditional cloud service, the fact remains that when the service was shut down, user files went with it.
Already anti-piracy groups are campaigning to shut down payment processors to Mega's resellers. One of the reasons Mega isn't taking payments itself and is instead using resellers is to prevent those groups from shutting down payment processors or trying to seize funds.
This is worrisome because in addition to outside capital, Mega needs professional accounts to keep its site working.
It's too early to say if Mega will be around for the long haul or not, but our advice is not to use Mega as your only file storage solution. Keep backups of crucial files on disk or other cloud-based services.
What do you think of Mega? Let us know in the comments.
This story originally published on Mashable here.
- Technology & Electronics