Kim Dotcom's MEGA cloud storage service now with native iOS app

There's a bright idea let's save our personal information on a public server and pay them to do so. Then they can see what we have, are doing, and sell our personal info to the highest bidders, where can I sign up? ;D And if we are lucky someone can break into that server and steal our personal belongings, great plan....

Encrypted on a private server, actually, and by an organization with a leader that does NOT have any love for (or cooperate with) government agents.

Good luck with that no matter the love, I'll stand with my initial sediment, regardless, bad idea.

Um, standing in sediment certainly has to be bad for your shoes.

The point is, unless your system has an "air gap" between in and the internet (in other words, NO connection by cable OR any other device such as a smartphone, USB stick from another PC, etc.), it simply is not as secure as you think it is.

New Mega:
4.2 stars (8900 reviews) for Android app. Almost 2 million installs.
https://play.google.com/store/apps/deta...ware.mega&hl=en

Originally posted by Mr-Movies:

---

There's a bright idea let's save our personal information on a public server and pay them to do so. Then they can see what we have, are doing, and sell our personal info to the highest bidders, where can I sign up? ;D And if we are lucky someone can break into that server and steal our personal belongings, great plan....

---

Not all things one might need to store online matters if others can get assess or not. I for one like options so that when I need to store something for easy access from any location it is there. At that point I can consider if the security risk is worth the convenience or not.

Originally posted by Bozobub:

---

Um, standing in sediment certainly has to be bad for your shoes.

The point is, unless your system has an "air gap" between in and the internet (in other words, NO connection by cable OR any other device such as a smartphone, USB stick from another PC, etc.), it simply is not as secure as you think it is.

---

More secure then someone's server on the internet were many others personal info is and stands as a target for hackers! So I still remain on my original statement...

Originally posted by Mr-Movies:

---

Originally posted by Bozobub:

---

Um, standing in sediment certainly has to be bad for your shoes.

The point is, unless your system has an "air gap" between in and the internet (in other words, NO connection by cable OR any other device such as a smartphone, USB stick from another PC, etc.), it simply is not as secure as you think it is.

---

More secure then someone's server on the internet were many others personal info is and stands as a target for hackers! So I still remain on my original statement...

---

Actually, if it is secured in the way that it is supposedly secured, each file is next to impossible to hack/be worth the processing time to brute force it. Of course, when I upload something I need secure I run it through my own encryption first. Mega is running everything through aes 128 ON EACH LEVEL! So, your password encrypts a root folder key, which encrypts keys for things underneath, which encrypts file keys... so as long as your password is hard to brute force the computational cost of decrypting one file is probably not going to be worth it to most people... much less all of the files. Unless you are a super paranoid security guy yourself, your computer is easier to get information off of than mega.

The fact is people won't be doing that in the first place especially from their smart phone. Now let's say you did encrypt all of your files you better have several places it would be backed up too and whatever you do don't loose the password either, because if your system goes down you'll really be screwed as recovery software won't save you at that point more than probably. And if you keep that password somewhere on your system or even write it down it is subject to being viewed by someone you wouldn't want to have access to. Bottom line is it just doesn't make sense to put your stuff on someone else's server were you have to pay or loose it month to month, and again it will be up to the holder on what they sell or use.

I've loss stuff putting too complicated of a password on it so I've learned from that experience, being too anal over security can actually be detrimental as is not being smart about how you operate is too, balance and common sense needs to prevail.

I do not use social media either for the same reason but since most have no problem using facebook, twitter, linkedin, or whatever, I can see why people think this might be a great deal, not me.

Stay anonymous the most you can is the answer; when people use social networks & use the clouds for things you don't care to share or lost.

Cloud encryption is ok now; but not for long.

Agree fully!

I reiterate: If you have a PC that's connected to the internet at all it is not secure. Period. You can only mitigate the level of that insecurity. That's exactly why "air gaps" exist in the CIA/NSA. Imagining otherwise is simply self-delusion.

No, you should not store sensitive data off-site, to be transmitted in any way over the internet. But frankly, any data THAT sensitive should be held fully offline, perhaps on an optical disk or the like (only used when needed), if you can't maintain an air gap.

The encryption on the MEGA site is already far stronger than the industry average. It certainly is quite sufficient for general consumer-grade needs, and for that matter, most corporate needs.

Your wrapped up on encryption so your not going to get it.

Nope. YOU are wrapped up in some kind of fantasy, where your internet-connected PC is safe ^^' . Nothing can be farther from the truth. Certainly, you can make it more safe, but just plain "safe"? Not a chance. A false sense of security is possibly even more dangerous than no security at all.

I have reiterated several times here: I agree that no, you should NOT be sending extremely sensitive material over the internet, much less to be stored off-site. That's simply 2 extra layers of potential risk. But to imply Kim Dotcom's service is especially vulnerable is pretty disingenuous, considering the history he has with intelligence services, especially US ones, as well as the specs MEGA has made public.

Furthermore, most cloud services are actually FAR more difficult to break into than home PCs, and that doesn't take into consideration the additional measures MEGA has taken. And of course, you can always pre-encrypt anything you store, as rigorously as you like.

Sure, if you're recording crimes, pornographic material, your business' cooked books, the plans for your new invention, or whatnot, that's a little more of a big deal, but even then, I'd like you to point out where one of the cloud storage brokers actually was compromised in any way (beyond LOSING the data, as happened to Megaupload, in a rather unique case). Note: I'm not including specialized photo services like Picasa here, btw, because they generally use no encryption at all (a fellow got busted for child porn on Picasa recently).

You can argue about the possibility of man-in-the-middle attacks, but those are not only rare, they're also fantastically difficult and expensive, if you use an encrypted connection to the cloud service. They're also not the cloud service's fault.

TL;DR? Don't sweat pretty much any cloud storage service, when storing nonsensitive data. And guess what? Your family pictures are only sensitive to you and your family. If you find cloud storage convenient, use it.

Amazing....

Sorry, that's not a counterpoint =) .

Wow. As a person who works in the network security field for the military, I sometimed forget that many people are so naive.

Mr-Movies, besides your clear lack of understanding of the English language (which, perhaps, is not your native tongue) you have demonstrated a significant "ostrich/head-in-sand" take on general Internet security.

As stated, the files on the Mega servers are likely FAR more safe from hackers than those that are on your home PC. Besides being distributed over multiple (hundreds+) physical locations, from a virtual attack vector the multiple levels of encryption make illicit data recovery undesirable at a minimum, and effectively unobtainable. Trust me. There are white hats that are trying.

Now, it is always possible that a forced turnover of data would make the data available, but that would require a legal decision for YOU - the end user - to provide your encryption hash.

And your comment that smartphone users aren't going to encrypt their files...they don't have to from the end user perspective. It is encrypted as it is transmitted, and then encrypted and salted at multiple levels on the server.

Nothing is impossible, but if anyone wanted your files, it is a lot easier to (physically) break into your home and steal your PC. Or infiltrate from the Internet.

I find it amazing that people still feel their (especiall Internet connected) home PCs are more secure than reputable data repositories.

timekills, your post is not entirely correct.
"And your comment that smartphone users aren't going to encrypt their files...they don't have to from the end user perspective. It is encrypted as it is transmitted, and then encrypted and salted at multiple levels on the server."
didn't stop the NSA & other countries' security agencies from accessing cell phone messages.

He's wrong on multiple levels but it isn't really worth the effort you either get it or you don't. But you make valid points ddp... And the End User doesn't necessarily have complete control as tk might think, but again is it worth the bother.

i don't go for the cloud storage idea anyhow because of what happened to his storage before or if a company with cloud storage were to suddenly go bankrupt, there goes your info.

Very true, something I wasn't even considering but a real possibility.