That's far from the worst of Mega's problems. The service has already come under fire from a number of security experts who question how serious Dotcom really is about providing seamless encryption, noting a number of flaws that could allow a third party (say, a three-letter federal agency) to take over and change encryption keys on users. Others have noted cross-site scripting vulnerabilities on the Mega site and shoddy code in the open source encryption software Mega is using.
"It's a nice website, but when it comes to cryptography they seem to have no experience," says Nadim Kobeissi, a 22-year old cryptographer and creator of the secure chat software Cryptocat, who began poring over the public portions Mega's code as soon as it debuted over the weekend. "Quite frankly it felt like I had coded this in 2011 while drunk."
The battle over music piracy is over, and the music industry lost. The movie industry is determined to not go down quite so easily and ineptly -- hence the over-the-top commando assault on Dotcom's New Zealand compound last January. Somebody with a lot of juice is trying to take Dotcom down; Mega is his response.
But is the idea really to provide secure storage that's untouchable by Johnny Law? Or is Mega really just a "see no copyright violations, hear no copyright violations" cover-his-sizable-assets clone of Megaupload? Going from the business of piracy to privacy is easy -- just change a few letters. Actually pulling it off is much harder.
You have to believe some of the millions of Mega registrants are employees of government agencies or the MPAA's private investigators. I'd bet serious money on that. Then all you need to do to bring Mega down is start seeding the service with agents, upload a few illicit files as bait, and entrap people to share with you. Another round of warrants, another series of dramatically staged arrests, and we're back where we started.
Even if that doesn't happen, the copyright cops want you to think it might. That would also explain why our government refuses to release files to people it knows didn't break any copyright laws. By punishing legit users of Dotcom's enterprises, they hope to frighten the nonpirates away.
If you've joined Mega to run your digital piracy business and Johnny.brylcream@NotTheFBI.com suddenly wants to swap contact details, don't say I didn't warn you.
This article, "Don't call it a comeback: Megaupload goes legit," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.