Riding on the popularity wave of Kim Dotcom’s latest venture – the new storage service, Mega, launched 10 days ago – a third-party link aggregator site called mega-search.me was quietly created. This new website, designed to look like any other search engine, was actually an interface to search files and encryption keys needed to unlock those files on Mega that its users had allowed to be shared with other users.

Earlier this week, after mega-search.me received a lot of traction from its users and eventually came into Mega’s radar, it was shut down. The site was aggregating links using Mega's logo without permission to use Mega's trademark. In a blog post published yesterday, Mega explains its move: “It has come to MEGA's attention that there are micro search engines that use our (M) logo and other MEGA branding without authorization. Worse, such site(s) were reported in a highly publicized manner and purport to be globally available search engines, but don't have their own DMCA takedown policy or registered DMCA agent.”

mega search

Homepage of mega-search.me

The blog post elucidates that one of the goals of Mega is providing greater privacy and security compared with other cloud services. With encryption keys being shareable and searchable, the goal was being defeated. Mega has cautioned users against making their encryption keys public. Also, those users whose files pointed to mega-search.me were sent notices for a DMCA takedown of the content they had uploaded, related to copyright infringement. This invited some outcry from users that Mega was “censoring” content. The blog post states, “We apologize to the very small number of users who, due to MEGA's cautious legal practices, had some of their authorized files mistakenly taken down. We do believe that by ignoring our advice and making encryption keys public, especially through sites that do not even implement a proper notice-and-takedown protocol, you were not entirely unprepared for negative repercussions.”

Mega.co.nz, the latest offering from Internet entrepreneur Kim Dotcom, has been experiencing hiccups since its launch last month. The site hosted in New Zealand crashed several times since its launch due to what Dotcom himself refered to as “poor service quality”. Mega saw one million registrations within a day of its launch, adding to pressure on the nascent service. Mega has put an onus on the privacy and security of its users. The cloud storage site offers a 2048-bit RSA encryption key to its users.

In a blog post, Dotcom underlined the following about password changes:

  • A password change feature will re-encrypt the master key with your new password and update it on its servers.
  • A password reset mechanism will allow you to log back into your account, with all files being unreadable. Now, if you have any pre-exported file keys, you can import them to regain access to those files. On top of that, you could ask your share peers to send you the share-specific keys, but that’s it – the remainder of your data appears as binary garbage until you remember your password.
  • A feature that allows the user to add as much entropy manually as he or she sees fit before proceeding to the key generation.

Tags: , , , , , , , , , , , , , , ,