This weekend larger-than-life entrepreneur Kim Dotcom launched his eagerly anticipated file-hosting and storage site Mega and had a flamboyant party to celebrate this at his New Zealand mansion.
The site went live on Saturday and in under an hour it had acquired more than 100,000 members and the numbers continued to grow at an unprecedented rate reaching a quarter of a million in just a few hours. In fact, the demand for the site was so high that it could not cope and many visitors were unable to access the site that day. Dotcom wasn’t worried by the overload however, tweeting:
Mega’s launch took place exactly a year after MegaUpload was shut down by the U.S. government and Dotcom and his colleagues were thrown in jail by armed police. Dotcom reenacted the raid at the showy launch party when “feds” rappelled onto the mansion rooftop from a helicopter labeled “FBI”.
During the launch, Dotcom addressed the attendees and said:
“Today is the one year anniversary of the raid and destruction of Megaupload. The allegations against us are wrong, we are innocent and we will prevail…This is not about mocking any government or Hollywood. It’s about our right to innovate…The Internet belongs to no man industry or government.”
Mega has been billed as “The Privacy Company” with Dotcom speaking about the importance privacy as a basic human right and boasting that Mega offered its users the highest levels of security. He said:
“By using Mega you say NO to those who want to know everything about you. By using Mega you say NO to governments that want to spy on you. By using Mega you say YES to Internet freedom and your right to privacy.”
In the days following the launch, Dotcom’s claims of super-security have come under some scrutiny from security experts all over the world, who have questioned his claims and examined the site searching for possible flaws that could lead to a privacy breach.
Some of these critics have published their musings and whilst no one has been able to come up with any huge problems, little weaknesses in the site have been discovered. French security researcher Olivier Laurelli (alias Bluetouff) told TorrentFreak that the minor flaws could lead to a major one. He said:
“Confirmation links have already been cracked, the XSS issue could lead to private RSA theft, we also noticed SSL issues. The fact that cryptography can be disabled from the Mega side for a user without notifying him is another serious issue.”
The security researchers’ main concerns focused on the site’s in-browser encryption and the generation and handling of keys to decrypt content. Some of these issues were summarized in an Ars article entitled ‘Megabad: A quick look at the state of Mega’s encryption’.
However Dotcom seemed unfazed by these criticisms and one only needs to look at the numbers of people that are signing up to Mega in their hoards to see that these concerns have not had a detrimental impact on the sites overwhelming appeal.
In response to these critics, Dotcom, in his usual upfront, confident style has announced that he will be launching some kind of cash encryption challenge.
Dotcom tweeted: “We welcome the ongoing #Mega security debate & will offer a cash prize encryption challenge soon. Let’s see what you got.”
Dotcom is basically challenging any hackers or security experts with the task of breaching his site and seeing if they can come up with a safer system. Whether they will be able to or not, remains to be seen.