First off, a bit ago I suggested compiling a list of reasons to care about giving out your data. Reddit’s delivered, partially (http://www.reddit.com/r/AskNetsec/comments/14g4ig/hypothetical_you_somehow_have_a_copy_of_the/) in the form of speculating just what someone could do if they had the entire Facebook database:
“On an individual scale: impersonation, social engineering, generating probable passwords/security questions.
On a mass scale: manipulate job/housing advertisement to throw elections [by reverse gerrymandering], […] stock market prediction, […] prediction of secrets (e.g sexuality, based on analysis across all accounts) to be used for blackmail,[…] prediction of people who will become important (beyond just checking if they are a bush or a Kennedy) and use this to gain influence over them.”
It seems Kim Dotcom has put a lot of effort into integrating encryption in his new site. His claims that “within five years half of all Internet traffic will be encrypted [via Mega]” are perhaps a bit overblown, but a substantial fraction is probably within reach. It used to be that I’d go apoplectic on people attaching 30MB worth of photos to an email to whatever publication I was working on… or ask how I could get them the n-GB video file I’d edited. Now those kinds of people tend to use [Mediafire|Dropbox|Rapidshare|whatever].
That means that a) rather more people get used to encryption and b) there’s a lot more incentive for others to make easy-to-use crypto in order to keep up. Hopefully all following Mega’s example of opening their crypto engines to scrutiny.
No, browser-based crypto isn’t new: HushMail’s in-browser PGP was possibly the first. HushMail’s willingness to cooperate with court orders and trojan its Java engine became a major sticking point among activists. (This precedent also brought withering fire to bear on the later CryptoCat’s in-browser encrypted chat, to the point that CryptoCat shifted entirely to a downloadable plugin model. No doubt we’ll see similar questions around Mega.)
It’s the application on such a large scale that makes Mega interesting.
“Before users upload their files to Mega they will be encrypted using the AES algorithm. Advanced security, but based on code that will be open source.
“File transfers and storage are encrypted with military strength and you don’t have to take our word for it, that part of the code is open,” Dotcom told TorrentFreak.
Encryption is the future according to Dotcom, who believes that with help from Mega encryption will be the file-sharing standard in five years, accounting for half of all Internet traffic.
“Our easy to use one-click privacy feature will turn encryption into a mass product. We believe within five years half of all Internet traffic will be encrypted with solutions born from our new API,” Dotcom says.
“I believe in our rights to privacy and legal sharing. I intend to protect those rights when governments are acting in the interest of corporations rather than society and progress,” he adds. “