Flamboyant Internet entrepreneur Kim Dotcom's latest offering Mega has already had a run-in with troubles after its larger than life launch. To start off with, Mega users have been facing troubles using the website, almost since the storage service website was launched.
The site hosted in New Zealand crashed several times since its launch due to what Dotcom himself refers to as 'poor service quality'. Dotcom took to Twitter to say sorry to Mega users. “The massive global PR around the #Mega launch is simply too big to handle for our start-up. I apologise for poor service quality,” he wrote.
Mega has apparently seen one million registrations within a day of its launch, adding to pressure on the nascent service. Dotcom himself has not been forthcoming about the figures.
How will he tackle this issue? (Image Credits: Kim Dotcom on Twitter)
Dotcom also wrote that the launch of his upcoming music storage service, Megabox will be low key. “We are working 24/7 and expect normal operations within 48 hours. Lesson learned… No fancy launch event for Megabox ðŸ˜‰” he wrote. Dotcom hopes to launch Megabox within six months.
Dotcom also lashed out at industry criticism that Mega's security is not up to the mark. While Dotcom in a blog dismissed most of the allegations pinned on to the service, he did concede that certain areas of Mega's security will need improvements, especially when it comes to password options.
In the blog, Dotcom underlined the following about password changes:
- A password change feature will re-encrypt the master key with your new password and update it on its servers.
- A password reset mechanism will allow you to log back into your account, with all files being unreadable. Now, if you have any pre-exported file keys, you can import them to regain access to those files. On top of that, you could ask your share peers to send you the share-specific keys, but that’s it – the remainder of your data appears as binary garbage until you remember your password.
- A feature that allows the user to add as much entropy manually as he or she sees fit before proceeding to the key generation.
The blog post was written to mainly refute points raised by articles in Ars Technica and Forbes. Ars criticised the use of the block deduplication by Mega. Dotcom wrote back, “Fact #1: Once this feature is activated, chunk MACs will indeed be stored on the server side, but they will of course be encrypted (and we will not use ECB!). Fact #2: MEGA indeed uses deduplication, but it does so based on the entire file post-encryption rather than on blocks pre-encryption. If the same file is uploaded twice, encrypted with the same random 128-bit key, only one copy is stored on the server. Or, if (and this is much more likely!) a file is copied between folders or user accounts through the file manager or the API, all copies point to the same physical file.”
Forbes, on the other hand, spoke about how an attacker could potentially gain access to your data on Mega by finding weaknesses and turning off encryption. Dotcom, in an elaborate explanation, detailed how Mega is concerned about keeping user data safe.
It must be remembered that Mega is still in its early days where it will have to struggle with hiccups, but it does look like Dotcom is dedicated to addressing all security related issues with Mega.