I have been itching to check out the new MEGA Cloud Storage service, was released to the public exactly 1 year after Megaupload was shutdown, ever since Kim Dotcom announced it back in November 2012, so when I received my invitation invite on Sunday I was set to explore. However, so apparently was the rest of the world, which meant that the site’s servers were hit by a massive friendly DDoS as more and more people wanted to take a look and register their accounts.
Why so popular? (Short version, The Streisand Effect)
Well, you can thank Hollywood (pushed hard by the MPAA’s Chris Dodd) and the FBI for that as Dotcom’s original storage service Megaupload, was seized back in January 2012 for allegedly storing and providing a way for pirates to distribute copyrighted materials online. The raid on Kim Dotcom’s private home composed of some 70 police officers, dog units, 2 helicopters and multiple police vehicles, resulting on the worlds media turning to New Zealand in an attempt to find out what was going on. The arrests resulted in the sizing of nearly $17 million in assets including art work and cars. Along with Dotcom being arrested (the raid also happened to be his birthday) were Finn Batato (CMO; 38, from Germany), Mathias Ortmann (CTO and co-founder; 40, from Germany) and Bram van der Kolk (29, from the Netherlands). His wife Mona was heavily pregnant at the time of the raid with twins.
Since the raid, the US and NZ governments have faced embarrassment from all angles. The actual raid was found to be illegal by Judge Winkelmann, the copying and exporting of data to the US was also deemed illegal (due to the fact the warrants were illegal), the spying by New Zealand’s Government Communications Security Bureau (GCSB ) on a NZ resident was also illegal. Then the Prime Minister of New Zealand made a public apology to Dotcom for the illegal spying on him and his family. It also cast New Zealand in a very bad light as being a puppet of the US. Kim Dotcom released a video interview with 3News regarding the raids which is pretty enlightening.
Lastly, Dotcom has given people what they want. Affordable storage and security and a very reasonable price with the bonus of also giving all users 50GB for free to start.
So, now you know why the media and public have been so interested in the new MEGA service, let’s take a look around.
Firstly after you have signed up for an account, which is free and gives you 50GB of Cloud storage, you will be presented with your page. Everything is done within the browser, so you don’t require a separate program to manage your files like Megaupload’s MEGA Manager. The site used standard hierarchical file/folder paradigm, meaning that users are easily able to see what are where their data is stored. Each file and folder can have multiple sub-folders with the exception of the Inbox, Trash Bin and Contacts.
Note: The area on the left of your File Manager is drag re-sizable.
Uploading and Downloading files and folders
There are two ways users can upload files to MEGA. Firstly users can drag’n'drop their files or folders directly, or by selecting one of the options at the top of the page (Folder Upload/File Upload). You can also create a new folder just as simply, by selecting New Folder. For downloading, simply double-click on the file or folder and your browser will start downloading.
Cancelling a Transfer
Select the transfer in progress, located at the bottom, and hit Cancel Transfer
Organising Files and Folders
Simply use drag’n'drop to move files where you’d like. For example I uploaded a few image albums and files that I wanted stored in the parent Pictures folder, so I don’t have to start hunting for certain files once I have uploaded quite a few. I just click on the Folder I want to dump into my Pictures folder and let go.
This is made easy, as you just have to right-click on your folder and select one of the options. There are slightly different options for sharing depending on whether or not you are sharing a file or folder. For example, when right-clicking on a folder, you are given the option Sharing where you can just add an email and grant someone access via their email address. This is very similar to Dropbox with the exception that you can grant additional privileges to the user like Read Only/Read & Write and Full Access.
Removing someone from a shared folder
Simply right-click on the folder that you have shared and remove the email address of the person that you were going to share it with.
Create a new folder
Select New Folder at the top of the window (in File Manager) and start creating folders.
Sharing files, as above is just as simple. Just right-click on the files that you wish to share and select Get Link which will open a new window where you can edit the link you send. This will typically be the type of link that you will post should you wish to share a file or folder with someone on a forum or in an email for work. It would be better if you also included the File Name and File Size, as this will allow the end user to see what the file contains and how large it actually is.
Note: By default MEGA will create a link with the File Link and File Key included. You can choose to also include the File Name and File Size if you wish. I tested this by first copying the File Link only and opening it in Internet Explorer 10. MEGA isn’t a fan of IE and results in the following message when opening a MEGA link in IE 10.0 (haven’t checked older versions)
Just hit No, Thanks and you will get the standard MEGA download window appear.
Note that to download the file you will need to enter the File Key also. If it wasn’t included in the link you were sent you will see the following error window when hitting download:
Now here is what the end-user will see when you share a file/folder with the File Link/File Key/File Name and File Size. Note that you no longer have to input the File Key as it was included with the original link.
Downloading of the linked file will then begin
Navigating away whilst Uploading/Downloading
As everything is done within the browser on MEGA, navigating away will result in a warning. You can still click on different tabs if you have multiple ones open as most people do, but clicking on say, My Account, when you are currently uploading files will get you a warning:
Your Account Page
This is what my Account page looked like after uploading a few files. You can see that as a free user you get 50GB of storage for free which is pretty awesome. You also have control over your uploads and downloads under Transfer Settings. To adjust these simply use the sliders to increase/decrease the number of parallel upload/download connections. You can also adjust your upload speeds here as well if you wish. This is good for people who may live somewhere where the internet connection is shared and they don’t wish to hog all the upload bandwidth. If this isn’t an issue for you, set it to None. You can also Skip identical files when uploading, and choose whether to use SSL for file transfers. Disabling SSL improves performance and does not decrease security.
You will also be able to keep an eye on your Session History (at the bottom), which will allow you to see the IP addresses that your account has been accessed from.
There are currently 32 languages available for MEGA. If you know of one that is missing then you can offer to help translate.
This is the area where you can navigate MEGA with ease. You can find everything from the MEGA blog, membership information, terms of service, re-sellers and contact information. Developers also have their own area.
Different Pro Options (Pricing)
As with all Cloud Storage sites you can pay for more space if you wish, as well as bandwidth. There are 3 tiers for paying members:
1. Pro 1
- 500GB Storage
- 1TB Bandwidth
- €9.99 per month
2. Pro 1
- 2TB Storage
- 4TB Bandwidth
- €19.99 per month
3. Pro 1
- 4TB Storage
- 8TB Bandwidth
- €29.99 per month
The prices are great and beat Dropbox by a long way for the amount of space you get. For example, it will cost you approx €37 (USD$49.99) for 500GB of storage on Dropbox compared to €9.99 (USD$13.20 approx) with MEGA. Google Drive is slightly better, but still no where near MEGA in terms of price.
I can definitely see a price war in the future once the other major Cloud Storage providers see that MEGA is going to be around for a while.
Encryption (copied directly from MEAGA’s developer page)
All symmetric cryptographic operations are based on AES-128. It operates in cipher block chaining mode for the file and folder attribute blocks and in counter mode for the actual file data. Each file and each folder node uses its own randomly generated 128 bit key. File nodes use the same key for the attribute block and the file data, plus a 64 bit random counter start value and a 64 bit meta MAC to verify the file’s integrity.
Each user account uses a symmetric master-key to ECB-encrypt all keys of the nodes it keeps in its own trees. This master-key is stored on MEGA’s servers, encrypted with a hash derived from the user’s login password.
File integrity is verified using chunked CBC-MAC. Chunk sizes start at 128 KB and increase to 1 MB, which is a reasonable balance between space required to store the chunk MACs and the average overhead for integrity-checking partial reads.
In addition to the symmetric key, each user account has a 2048 bit RSA key pair to securely receive data. Its private component is stored encrypted with the user’s symmetric master-key.
MEGA supports secure cross-account access to folders. The owner of the folder is solely responsible for managing access; shares are non-transitive. All participants in a shared folder gain cryptographic access through a common share-specific key, which is passed from the owner (theoretically, from anyone participating in the share, but this would create a significant security risk in the event of a compromise of the core infrastructure) to new participants through RSA. All keys of the nodes in a shared folder, including its root node, are encrypted to this share key. The party adding a new node to a shared folder is responsible for supplying the appropriate node/share-specific key.
MEGA supports secure unauthenticated data delivery. Any fully registered user can receive files or folders in their inbox through their RSA public key.
Now the way that MEGA encrypts user data is currently a contentious issue. On the one hand you have quite a few security experts warning that the way MEGA encrypts isn’t reliable enough at the moment and there are possible security holes. Then you have Kim Dotcom tweeting that ‘There have been a few wrong reports about our encryption & security. Expect a blog post on
#Mega later today‘. As at the time of writing this, MEGA have still yet to post a blog regarding this subject. When they do, I shall update.
There have been a few wrong reports about our encryption & security. Expect a blog post on #Mega later today.
— Kim Dotcom (@KimDotcom) January 22, 2013
Does this mean that you should trust your highly secure files on MEGA at the moment? That is really up to you and what you are sharing. Also bear in mind that this service is very, very new and wasn’t tested in a Beta, so bugs are bound to come to light in the beginning. It’s just that most companies rarely come under the spot light so much as MEGA has over the past few days. But hey, all scrutiny is good scrutiny. That is after all how we improve upon ourselves.
[Update] Kim Dotcom and the MEGA team have just released an article on their blog that discusses some of the keep points regarding the encryption that MEGA uses. The blog is specifically aimed at articles that appeared on ars technica and Forbes.
What features can we expect in the future
Well, there are actually quite a few nifty features planned for MEGA. There will be mobile apps for Android and iOS to start with as well as integrated on-site applications foe Calendar, Word processing and Spreadsheets which I would assume will be using the Google API. Here is the complete development roadmap:
Developer documentation enhancements:
- Add missing command-specific documentation to the API reference
File transfer queue enhancements:
- Vertical resizing
- Drag & Drop to modify transfer sequence
- Clicking on a pending transfer navigates to/marks the source file or the target folder
- Stop/continue buttons
File manager enhancements:
- Re-implement from scratch without underlying third-party UI framework for better performance
- Adaptively eliminate the leftmost file path buttons at the top to maintain visibility of the upload and search buttons (we have a hack in place for this, but it only works in Chrome)
- “Properties” option in the file context menu
Collaboration feature enhancements:
- MEGA user-to-user messaging with file attachments, plus external RFC 4880/OpenPGP and S/MIME gateway for secure off-site e-mail communication
- MEGA user-to-user instant messaging
- Exported link enhancements
- Allow for the creation of folder links (with associated crypto key) which then display the folder content live
- Secure unauthenticated delivery web widget
- Allow unauthenticated users to securely deliver files to MEGA users’ inboxes, e.g. to submit very large files to print shops
- Activate storing all block MACs on the server (encrypted) after an upload to allow for integrity-checked partial reading. Right now, the file has to be downloaded fully to be checked.
- Enable forking encrypted time-stamped delta file support to allow for random writing to existing files with full rollback capability
- Complete the API documentation
- Provide client libraries in various languages
- A Windows filesystem mount is currently in beta and will be available shortly
- Linux/MacOS X filesystem mounts
- Mobile access
- Sync tools for all major platforms
Integrated on-site applications
- Word processing
MEGA as a local “appliance”
- Be immune against new bugs of any kind
So, what do you think of the new MEGA? Have you or will you be using it and what effect do you think MEGA will have on the existing Cloud Storage market?
To be honest I found the site to be very easy to navigate which for me is a must. You get 50GB free storage straight off the bat with the option to pay for more if you wish. Yes, it’s a brand new service that didn’t go through a public beta, so there are bound to be a few bugs and niggling issues which by and large are being taken care of as they are found. There really is nothing like it around at the moment, and I have a good feeling that it is bound to be a hit. Give it a chance and see what you think.