Of all the problems that entrepreneur Kim Dotcom has faced in the last decade, including several arrests, insider trading charges and even a raid on his New Zealand home involving black helicopters and dozens of agents in body armor, the criticism of the cryptography employed by his new Mega cloud-storage service would seem to be fairly low on the list. However, Dotcom is taking that criticism rather personally, if the €10,000 reward he’s offering to anyone who can break the service’s crypto is any indication.
The Mega cloud service only debuted a couple of weeks ago and is meant to be a replacement/improvement on the old MegaUpload service, which the United States government, with help from New Zealand authorities, shut down a year ago over alleged copyright infringements. The MegaUpload takedown touched off a lot of protests and outrage online, including some DDoS attacks from Anonymous against the Department of Justice and some media companies.
MegaUpload allowed users to upload and share all kinds of files and the U.S. authorities alleged that a portion of that content was copyrighted material such as music, movies and other media, and that the company knew there was infringing content on its servers and didn’t do enough to remove it. The massive raid on Dotcom’s mansion in New Zealand that was part of the takedown of the company was seen as being over the top by many observers, and the New Zeland government eventually apologized to Dotcom for illegally spying on him.
When the beta of Mega, the new cloud service Dotcom started, was made available late last month, security and privacy experts immediately began looking at the service’s cryptography and other security protections. That did not go well. Several experts said that the service’s cryptography scheme needed serious improvement, with the biggest problem being that the service relies on browser-based cryptography.
In response, officials at Mega addressed the claims in a blog post one by one, in many cases saying that the criticisms were true and that there were good reasons for each of the decisions the company made regarding security and privacy. Now, Dotcom is challenging those critics and offering a reward of €10,000.
It’s not clear what the threshold for breaking the crypto would be, but Dotcom said that more details would be included in a forthcoming blog post.