MEGA is a cloud storage service offered by Mega Limited, a New Zealand-based company. For a very long time, MEGA has been praised for being the single most secure alternative to all other "traditional" cloud storage services.
MEGA's service features zero-knowledge encryption, and it is indeed extremely secure. It features mobile, web, and desktop apps, and its prices and usability are very reasonable.
Is MEGA Cloud Storage Secure?
MEGA follows a similar philosophy to that of Tresorit, pCloud, Sync, and Internxt Drive. All these services share the vision of creating a cloud storage service that empowers users with total control, powerful security, and uncompromising privacy of their files.
Unlike traditional cloud storage providers like Google Drive, Apple iCloud, Dropbox, Microsoft OneDrive, and Amazon Drive, MEGA and Internxt encrypt your files not only in transit but also at rest, and both services grant only the user a unique decryption key. That means that your files are encrypted immediately upon storing and that only you can access your files.
Can MEGA View The Files You Store In The Cloud?
However, MEGA is highly controlled by and subject to the New Zealand government. Also, as stated in their TOS, MEGA may keep a copy of your files after being removed from your account.
MEGA is a polarizing service. Some people will claim it’s fine because it’s open-source (front-end clients) and has client-side encryption. Others will claim they’re nothing more than a honeypot and should be avoided at all costs. In a Q&A, Kim Dotcom, one of the original founders of MEGA, said that users should no longer trust MEGA for a number of reason reasons.
“I’m not involved in Mega anymore. Neither in a managing nor in a shareholder capacity. The company has suffered from a hostile takeover by a Chinese investor who is wanted in China for fraud. He used a number of straw men and businesses to accumulate more and more Mega shares. Recently his shares have been seized by the NZ government. Which means the NZ government is in control. In addition, Hollywood has seized all the Mega shares in the family trust that was set up for my children. As a result of this and a number of other confidential issues, I don’t trust Mega anymore. I don’t think your data is safe on Mega anymore.” - Kim Dotcom
Dotcom's words alone could be dismissed as the ramblings of a disgruntled former exec, but facts don't lie, and there are several essential security components that MEGA is lacking. While the service does support 2FA and is GDPR compliant, it’s not 100% open-source and independently verifiable.
What is more worrisome is the news that broke on June 23, 2022. Researchers have found fundamental flaws in MEGA’s encryption scheme. Basically, MEGA can read your data.
In addition, the researchers stated there are at least five different types of attacks that MEGA is openly vulnerable to:
- RSA Key Recovery Attack: MEGA can recover a user’s RSA private key in only 512 login attempts. RSA private key is used to generate digital signatures and for authentication.
- Plaintext Recovery: MEGA can decrypt other vital materials, like node keys, and by using them, can decrypt all users' files and communication.
- Framing Attack: MEGA can insert dummy files indistinguishable from the original uploaded file into the user's storage.
- Integrity Attack: MEGA can accomplish the same result as with a framing attack, but an integrity attack is much less stealthy.
- GaP-Bleichenbacher Attack: MEGA can decrypt RSA ciphertexts, which are used for encryption, making them ineffective.
Unlike MEGA, however, Internxt makes use of file distribution, meaning that files are fragmented, shards are encrypted, and no machine ever holds a whole file. This is a huge differentiator between Internxt Drive and Sync, pCloud, MEGA, etc.
Thanks to this unique architectural design, Internxt Drive can be considered to be the single most secure cloud storage service out there.
Which Storage Providers Have Access to Your Data?
When considering options for cloud storage, not everyone has the time to read the lengthy terms of service and interpret the unclear wording these companies use. Here is a brief breakdown of who can access your personal information according to their terms.
Google Drive writes in its terms of service to give their automated systems permission to access the data stored on their servers so they can make money from their users through advertising.
The terms of service give Box permission to view the files stored on their servers. The purpose of this is to ensure users are in compliance with the terms of service Box uses.
The Dropbox terms of service give their employees and trusted “third parties” permission to access, view and share the files stored on their servers at any time. OneDrive - Microsoft’s terms give their employees permission to view the files stored on their servers. Like Box, Microsoft does this to ensure users comply with their terms of service.
How Much Does MEGA Cloud Storage Cost?
MEGA offers a generous 20 GB of free storage, which is generally more than most of the cloud storage plans available on the market. However, if you wish to make use of other features, such as secure link sharing or password protection of files, then you have to upgrade to a paid plan.
If sending files securely is something that you value, then you can use Internxt Send, a free service that encrypts and secures the files you send, and get up to 10 GB of free storage.
Here are the monthly subscription plans MEGA currently offers.
- 20 GB free storage, for life
- Pro I, 2 TB storage, $9.99
- Pro II, 8 TB storage, $19.99
- Pro III, 16TB storage, $29.99
Is MEGA Cloud Storage Worth It?
MEGA took a big hit when researchers discovered that their cloud storage is not as safe as MEGA claims. Despite efforts to ensure users that your files and data is safe, the damage may already be done for MEGA.
If you wish to choose a cloud storage provider where safety is guaranteed, consider switching to Internxt. We offer various free tools, and our platform offers end-to-end encryption for all our users - free and paid.
Think smart. Make the switch!