File Hoster Mega not secure anymore?

Martin Brinkmann
Aug 1, 2015

In an interview on Slashdot, Kim Dotcom mentioned that he is no longer involved in the file hosting service Mega and that he does not trust Mega anymore.

According to Kim, Mega suffered from a hostile takeover by a Chinese investor who managed to accumulate shares of the company.

Interestingly enough, the shares were seized by the New Zealand government which means according to Kim that the government is now in control of the service.

The company has suffered from a hostile takeover by a Chinese investor who is wanted in China for fraud. He used a number of straw-men and businesses to accumulate more and more Mega shares. Recently his shares have been seized by the NZ government. Which means the NZ government is in control.

Kim Dotcom launched the file hosting service Mega about a year after Megaupload was taken down by the authorities. Mega, Kim promised, was secure thanks to the use of encryption on the site.

Kim emphasizes that data is not safe on Mega anymore without going into further detail.  He also mentions that he plans to release a Mega competitor at the end of the year that is using Wikipedia's model by making it a free service that keeps everything going with the help of community donations.

What should users do who host files on Mega? It is highly suggested to create a backup of important files and keep it safely stored either locally or online (check out these alternatives).

Many Megaupload users were completely unprepared when authorities took down the service. Files were suddenly not accessible anymore and users without backups were wondering if they would ever get their files back. Up until today, that did not happen.

It needs to be mentioned that no distinction was being made between legitimate files and files with copyright claims. All files were no longer accessible suddenly.

The Slashdot interview highlights Kim's perspective on what transpired. Mega has not responded yet to the allegation. If the company does, we will update the article to reflect that. (via Caschy)

Now You: What is your take on this?

File Hoster Mega not secure anymore?
Article Name
File Hoster Mega not secure anymore?
In an interview on Slashdot, Kim Dotcom mentioned that he is no longer involved in the file hosting service Mega and that he does not trust Mega anymore.

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Doc said on August 3, 2015 at 5:09 am

    Shoe’s on the other foot, now, isn’t it, DotCom?

  2. techminator said on August 2, 2015 at 5:00 pm

    Generally speaking, all cloud services are insecure and cannot be relied on. Your best bet is to keep local copies of your files. You can additionally also backup on the cloud but sensitive files which you would rather not share with anyone should not be backed up online no matter how secure the cloud service claims it to be.

  3. Bob said on August 2, 2015 at 11:22 am

    You would have to be either a fool or a thief to believe KDC.

  4. Nebulus said on August 1, 2015 at 11:45 pm

    IMO no cloud provider is safe, unless you encrypt your data yourself before sending it to the cloud provider.

  5. Rick said on August 1, 2015 at 10:23 pm

    Hostile takeover my foot!

    The guy was also once owner of projectw .. a very large warez site that he transferred ownership to a ‘friend’ to avoid that asset from being seized. When he finally was able to, ownership was transferred back to him and he quickly attempted to sell the site. Fortunately, authorities were notified of the situation and he lost that site.

    Any assets that he owns, or will own in the future, will continue to be seized by authorities until his penalties / fines from previous litigation have been paid. He has made enough enemies, legit and no-so-legit, that you can be sure anything he starts will be reported.

    There isn’t a ‘new’ owner or there wasn’t a hostile takeover. This site suffered the same fate as many others, including projectw.

    The reason it’s not safe? The law enforcement now controls it. For people that were using it for nefarious purposes, that could mean trouble. Encrypted and no logging of IPs? NOPE. From personal knowledge of the projectw site, IPs were logged and all user info that was possible to collect were sold on a regular basis; so who knows where mega info will turn up. The privacy policy by the way stated, as you might imagine, that no information would be disclosed / sold / etc, unless required by law.

    Really, the best thing to do is stay away from anything he has his fingers in.

    Now if NZ could get their hands on his porn sites .. JACKPOT!

  6. Decent60 said on August 1, 2015 at 5:31 pm

    One part of the interview questions I disliked:

    “Q: If, hypothetically, you had emigrated to San Francisco USA rather than NZ and Megaupload had been a US-based company do you think it would have been more or less vulnerable to the kind of action it was shut down by? Bonus points for an insightful discussion of the value of political contributions, etc.

    Dotcom: The US government would not have taken such overreaching and drastic action if 220 Americans would have lost their jobs. There has never been a case like this before and never since the almost 4 years since the raid. The DOJ called this a test case. The New Zealand government is so corrupt and so eager to please the US that they did not even question any of the bogus legal theories the DOJ is using in this case. The only hope they have is that I don’t have the funds to afford a good legal defense, which is why they are pursuing an aggressive starve-out strategy.”

    The DMCA would had the company shutdown 5x over the same amount of time it took the New Zealand to (finally) shut him down.
    I don’t think he fully understands how quickly there would have been a reaction and lawsuits over it. At the very least, the server hosting company or ISP would have shut them down due to complaints.
    Also any of the other items (wire fraud, racketeering, etc) would have made them seize any intellectual property that he could have potentially had used to accomplish it with. Then they would have thrown Copyright violation into the search warrant(s) also so that they would have at least reason to keep the seized equipment.

  7. Chains The Bounty Hunter said on August 1, 2015 at 4:07 pm

    All those file share forum users are suddenly going into a panic once again.

  8. Dave said on August 1, 2015 at 3:41 pm

    Why did the Gov’t take the shares?

  9. juju said on August 1, 2015 at 12:30 pm

    Why would anyone trust a word convicted felon is saying who doesn’t even use his real name?

    1. wybo said on August 1, 2015 at 4:49 pm

      You know darn well that I do not mean it that way!.

    2. wybo said on August 1, 2015 at 1:11 pm

      A tad harsh… about second chances. He legally changed his name!.

      Anyway it is basically human nature to lie.

      Read the TorrentFreak article too as it has the views on this issue from the CEO of Mega.

      1. juju said on August 1, 2015 at 1:55 pm

        by any chance do you mean second chance for more of the same? It’s not so easy to execute hostile takeover by using tactics he describes unless he was willing participant to transfer assets to someone/proxy who’s word has more weight in these matters.

  10. wybo said on August 1, 2015 at 11:38 am

    Oh dear. Why did KDC let this happen and did not keep a 51% of “his baby” which is my main i cloud storage provider.

    I think we need to know more to come to conclusions about the new owner. Although I am not very fussed on any Chinese goods, services….lol and even the food with the exception of dim sum…..Anyway it seems now to be in the hands of the head Kiwi. So let’s see what happens. I’ll keep my fingers crossed.

    1. Decent60 said on August 1, 2015 at 5:26 pm

      He stepped down as director shortly after launching it.
      Not sure when he left any of the managerial position tho. Basically he gave up control after it started.

  11. Pants said on August 1, 2015 at 9:27 am

    “Mega has not responded yet to the allegation”

    They have responded to TF

    1. Nerdebeu said on August 1, 2015 at 9:51 am

      The end of this sentence bothers me:

      “(Turning to the security of Mega itself, the company says that the full source for its client-side software SDK is available on Github) and the source for its MEGAsync and mobile applications will be published in due course.”

      1. Pants said on August 1, 2015 at 1:10 pm

        Indeed > “For now, their JavaScript site code is the only official sample code available” – wikipedia

  12. Pants said on August 1, 2015 at 9:20 am

    I read TF’s article last night – I don’t know what to make of it. On one hand KDC has never lied to us before and he still has an indirect interest in a 6% shareholding (in a family trust for his children, managed by his wife). But he also plans to build a new cloud service once his non-compete clause expires. Mega on the other hand, encrypts files locally before uploading, and some source code is on github, and there have been audits, not to mention that the security/protection/privacy/encryption on Mega’s launch was probably one of the most scrutinized ever. Encryption works – if you’re doing it right, then Mega is secure. The company’s business model is based on this – it they were foudn to be compromised, the entire service would collapse. It could always do with some more scrutiny though, and a better/bigger-name/open audit.

    Personally, I think KDC is partially right. This is a private investor company, and their will be internal squabbles/politics, and KDC is no longer any part of that. His “baby” is not going in the direction he envisioned. Personally, I agree. Megaupload was worth gazillions, accounted for around 5% of internet traffic, had a huge base of users, and was about to go IPO (and only after it’s demise did iCloud, OneDrive, Google Drive etc get ramped up or start – I still believe megaupload’s takedown was purely economic espionage for American interests). This was a company at the top of it’s game (cyberlockers/cloud storage) with a huge majority of the market – it would have been huge, one of the bigger IT companies worldwide. Mega, when it finally launched two years later, was behind the curve. It’s never recovered, but I do believe it has been hampered non-stop by outside interference (NZ stock listing, Hollywoood paid for piracy reports on cyberlockers etc) and likely from within. It’s insanely undervalued and nowhere near what it could be – and there’s no real reason for that. I wouldn’t put it past Hollywood and John Key and the USA DoJ’s intense systemic hatred of the man to destroy everything he has ever touched.

    So – I believe KDC, but I also believe that Mega is secure (but I would now also want definitive outside confirmation/audit from an authoritative, respected figure such as Bruce Schneier ).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.