MEGA is a cloud storage service offered by Mega Limited, a New Zealand-based company. For a very long time, MEGA has been praised to be the single most secure alternative to all other "traditional" cloud storage services.
MEGA's service features zero-knowledge encryption, and it is indeed extremely secure. It features mobile, web, and desktop apps, and its prices and usability are very reasonable.
MEGA follows a similar philosophy to that of Tresorit, pCloud, Sync, and Internxt Drive. All these services share in the vision of creating a cloud storage service that empowers users with total control, powerful security, and uncompromising privacy of their files.
Unlike traditional cloud storage providers like Google Drive, Apple iCloud, Dropbox, Microsoft OneDrive, and Amazon Drive, MEGA and Internxt encrypt your files not only in transit but also at rest, and both services grant only the user a unique decryption key. That means that your files are encrypted immediatly upon storing and that only you can access your files.
However, MEGA is highly controlled by and subject to the New Zealand government. Also, as stated in their TOS, MEGA may keep a copy of your files after being removed from your account.
MEGA is a polarizing service. Some people will claim it’s fine because it’s open-source (front-end clients) and has client-side encryption. Others will claim they’re nothing more than a honeypot and should be avoided at all costs. In a Q&A, Kim Dotcom, one of the original founders of MEGA, has said that user should no longer trust MEGA for a number of reason reasons.
“I’m not involved in Mega anymore. Neither in a managing nor in a shareholder capacity. The company has suffered from a hostile takeover by a Chinese investor who is wanted in China for fraud. He used a number of straw men and businesses to accumulate more and more Mega shares. Recently his shares have been seized by the NZ government. Which means the NZ government is in control. In addition, Hollywood has seized all the Mega shares in the family trust that was set up for my children. As a result of this and a number of other confidential issues, I don’t trust Mega anymore. I don’t think your data is safe on Mega anymore.” - Kim Dotcom
Dotcom's words alone could be dismissed as the ramblings of a disgruntled former exec, but facts don't lie and there are several essential security components that MEGA is lacking. While the service does support 2FA and is GDPR compliant, it’s not 100% open-source and independently verifiable.
What more worrisome is the news that broke on June 23, 2022. Researchers have found fundamental flaws in MEGA’s encryption scheme. Basically, MEGA can read your data.
In addition, the researchers stated there are at least five different types of attacks that MEGA is openly vulnerable to:
- RSA Key Recovery Attack: MEGA can recover a user’s RSA private key in only 512 login attempts. RSA private key is used to generate digital signatures and for authentication.
- Plaintext Recovery: MEGA can decrypt other vital materials, like node keys and by using them can decrypt all of users' files and communication.
- Framing Attack: MEGA can insert dummy files into the user's storage which are indistinguishable from the original uploaded file.
- Integrity Attack: MEGA can accomplish the same result as with framing attack but an integrity attack is much less stealthy.
- GaP-Bleichenbacher Attack: MEGA can decrypt RSA ciphertexts, which are used for encryption, making them ineffective.
Unlike MEGA, however, Internxt makes use of file distribution, meaning that files are fragmented, shards are encrypted, and no machine ever holds a whole file. This is a huge differentiator between Internxt Drive and Sync, pCloud, MEGA, etc.
Thanks to this unique architectural design, Internxt Drive can be considered to be the single most secure cloud storage service out there.
Additionally, unlike MEGA, Internxt Drive comes with 24/7 support, a seamless user experience, and many other perks. Internxt also includes in its pricing access to all its additional services that are part of Internxt’s privacy hub such as Drive, Photos. and Send, with many more services to come.
Think smart, make the switch!