Podrobno so si jo ogledali na ArsTechnici. V brezplačni različici ponuja vsakemu uporabniku 50 GB prostora, kamor lahko shrani svoje datoteke. Da bi se zaščitili pred pregonom, si mora uporabnik takoj po registraciji ustvariti 2048-biten RSA-ključ, s katerim se ob nalaganju že pred prenosom podatkov po spletu v oblak ti šifrirajo. Tako Mega ne vidi in niti ne more videti, kaj imajo uporabniki shranjeno. Hkrati dobijo vsi uporabniki na začetku veliko opozorilo o kaznivosti deljenja avtorsko zaščitenih datotek, s čimer se Mega želi ograditi od odgovornosti.
Na voljo so tudi plačljivi režimi, in sicer Pro I za 10 evrov mesečno (500 GB prostora, 1 TB prenosa), Pro II za 20 evrov (2 TB prostora, 4 TB prenosa) in Pro III za 30 evrov (4 TB/8 TB). Nakup dodatnega prostora je nekoliko zapleten, ker tega ne storimo neposredno pri Megi, temveč prek posrednikih strani (Instra, OnlyDomains, EuroDNS, Digiweb ...) Čeprav je Mega konkurenca Dropboxu in sorodnim stranem, lahko datoteke nalagamo le iz brskalnika (in sicer le iz Chroma, na kar nas stran opozori), ne gre pa iz namenske aplikacije. Naložene podatke je mogoče deliti tudi z drugimi uporabniki, pri čemer jim seveda moramo posredovati ključ. Ne glavnega ključa, ampak bo imela vsaka datoteka svoj ključ, ki bo iz njega izpeljan.
Storitev je torej za zdaj še oskubljena, a Dotcom ima smele načrte. Obetajo se nam odjemalci za mobilne naprave, varna e-pošta in pomenki, integracija kakor pri Dropboxu, podpora za koledar in pisarniške aplikacije itn. - celoten seznam.
“By using Mega you say NO to those who want to know everything about you. By using Mega you say NO to governments that want to spy on you. By using Mega you say YES to Internet freedom and your right to privacy,” he said.
“By using Mega you say NO to those who want to know everything about you. By using Mega you say NO to governments that want to spy on you. By using Mega you say YES to Internet freedom and your right to privacy,” he said.
43. We reserve the right to disclose data and other information as required by law.
If we think it is necessary or we have to by law in any jurisdiction then we are entitled to give your information to the authorities. We reserve the right to assist any law enforcement agency with investigations, including and limited to by way of disclosure of information to them or their agents. We also reserve the right to comply with any legal processes, including but not limited to subpoenas, search warrants and court orders.
@PaX_MaN: Saj niso neka organizacija, neodvisna od vlade dežele, v kateri so strežniki. Tega se zaradi znane usode Megauploada tudi dobro zavedajo in od tu se je rodila potem ta shema, kjer se vsi uporabnikovi podatki šifrirajo. Če je implementacija robustna tudi ni šans, da kdorkoli razen nekdo s ključem dostopa do nešifriranih podatkov.
Bo zanimivo videti, koliko uporabnikov se bo navadilo na takle bolj varen način shrambe. Upam, da dovolj, da bo poslovni model vzdržen in ga začno posnemati tudi drugi ponudniki shrambe v oblaku. Po drugi strani pa je tale Kim.com nekoliko zloglasen, zna to vplivat na percepcijo ljudi o legalnosti tudi novega servisa Mega?
Thanks to HTML5, Mega utilizes in-browser, symmetric key encryption... How it works ... The new Mega is designed around a "see no evil" principle. All your uploads are encrypted on their way up to the server, and downloads are encrypted on the way down, only to be opened afterward. While they're out there floating around in the cloud, they're encrypted using the private seed you and only you have: your password... Don't lose your Mega password, because you won't be getting it back; Mega doesn't have it. The service's carefully calculated ignorance hinges on this point. Your password is--indirectly and complicatedly--used to generate your login credentials and to encrypt all your files on their way to the cloud. Mega won't know so much as the file names, and neither will anyone else ever again if you lose that password.
Torej ni omejitev Chrome, delajo vsi browserji, ki podpirajo HTML5.
They are just pointing out that most browsers (except for Chrome) can't download files that fit into your available RAM.
Če je implementacija robustna tudi ni šans, da kdorkoli razen nekdo s ključem dostopa do nešifriranih podatkov.
Da ni robustna, je tale indic:
Our service may automatically delete a piece of data you upload or give someone else access to where it determines that that data is an exact duplicate of original data already on our service.
Our service may automatically delete a piece of data you upload or give someone else access to where it determines that that data is an exact duplicate of original data already on our service.
Če se ključi generirajo pri uporabniku, potem boš težko ti - z enim ključem -dekriptiral kar je nekdo drug kriptiral - z drugim ključem - če Mega res "pojma nima o ključih".
Če se ključi generirajo pri uporabniku, potem boš težko ti - z enim ključem -dekriptiral kar je nekdo drug kriptiral - z drugim ključem - če Mega res "pojma nima o ključih".
Iz linkanega clanka:
First, you can generate a plain, vanilla link. People who have this link will be able to download your data (if Mega doesn't lock them out entirely) and then...nothing. They'll have exactly what Mega has on its servers: a lump of encrypted garbage. And if they want a lump of decrypted goodness, they'll have to come to you for that file-specific key, that only you have. Your second option is to just generate a link with the file-specific cryptographic key just straight-up bolted on to the end of it. Suffice it to say, that's a less secure option, kind of like old school MegaUpload.
If you choose the second kind, you can share around with anyone and everyone. But if you choose the first, you can put that link wherever you want—shout it from the rooftops—but access is still restricted to people who have the file-specific key, which you have to give them. And there are a few important parties who won't be in that crowd, like Mega itself, copyright holders, and of course, johnny law.
Torej ni omejitev Chrome, delajo vsi browserji, ki podpirajo HTML5.
V Firefoxu meni zateži za Flash plugin. A Chrome .... no ja, tam je itak vgrajen. Vseeno, a uporablja Flash v vsakem primeru? Zanimivo, ne zateži pa za registracijo. A lahko uploadajo tudi neregistrirani uporabniki?
Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!
PS: HTTP link (vsaj včeraj) se vrti v prazno. Večino bo pomislila, da je stran preobremenjena, ampak dejansko pa HTTPS link dela. Ne vem, zakaj tam ne dajo eno 50 bajtov dolgo stran, ki pravi, da se naj gre na HTTPS link.
Motiti se je človeško.
Motiti se pogosto je neumno.
Vztrajati pri zmoti je... oh, pozdravljen!
Izgleda, da v tej beta verziji rabis Flash, moras bit registriran in da imena datotek niso encryptana... Dostop ze dela, ampak upload status je se vedno pending, remaining time: NaN.
Aja, verjetno te moti da nisem citiral stavek ki sledi citiranemu:
In that case, you will access that original data.
Torej, v browserju se zgenerira (tvoj) ključ za dotično datoteko, le-ta se v browserju kriptira, nato pošlje v Mega oblak, tam preveri & zbriše ker "je nekdo drug že isto datoteko naložu" in zdej ti dostopaš do kriptiranga fajla od tega enga druzga. Sam, ta "nekdo drug" je zakriptiral fajl s svojim ključem, kar pomeni da tudi če je enaka datoteka (=plaintext), zaradi različnih ključev dobiš različno zakodirano vsebino(=ciphertext), tko da se pojavi vprašanje kako oni ugotavljajo "exact duplicate of original data" pri čemer ne znajo odkodirat...
@PaX_MaN: nevem kako je konkretno implementirano, lahko pa bi naredil browser poseben hash brez tvojega kljuca in ga potem uploadal na mega in tam preveril z ostalimi?
@kugl - sem ga dobil. KLik na conf. link sicer pripelje na stran, "kolesje" se zavrti in potem - nič. Tudi klik na login ne dela. Bom počakal kak dan, dva. Mogoče bo potem delalo :)
- "Rozi vidm." "S psom!"
- "A vidš, to je pa že delirij... preveč piješ! Dec nemarn..."
Each general filesystem node (files/folders) has an encrypted attributes object attached to it, which typically contains just the filename, but will soon be used to transport user-to-user messages to augment MEGA's secure online collaboration capabilities.
As the server side is unable to see file and folder names, all operations involving them (such as versioning and collision handling) are up to the client. Referencing files or folders by their names requires reading and decrypting all candidate nodes until the desired ones are found.
All symmetric cryptographic operations are based on AES-128... Each file and each folder node uses its own randomly generated 128 bit key.
Each user account uses a symmetric master key to ECB-encrypt all keys of the nodes it keeps in its own trees. This master key is stored on MEGA's servers, encrypted with a hash derived from the user's login password.
Berem in gledam tole mega reč in mi ni jasno, kaj točno je poanta. Že skoraj desetletje imamo namreč freenet, ki ima veliko bolj izdelano razpršeno rešitev, na voljo za ceno nekaj gb lokalnega prostora in nekaj bandwitha. Razen mega pompa in političnega podjebavanja ne vidim smisla.
Berem in gledam tole mega reč in mi ni jasno, kaj točno je poanta. Že skoraj desetletje imamo namreč freenet, ki ima veliko bolj izdelano razpršeno rešitev, na voljo za ceno nekaj gb lokalnega prostora in nekaj bandwitha. Razen mega pompa in političnega podjebavanja ne vidim smisla.
Mogoče je razlika za avg Joe six-pack? User friendly? Ne vem...
@pegasus: Poanta je v realizaciji enkripcije na masovni skali. Dvigniti delez storitev, ki nimajo vpogleda v zasebnost uporabnika... in pri tem se na veliko zasluziti.
Hehe, ti pa še nisi prebral, kaj freenet je in kaj ti ponuja :D
Sem ravno na uncyclopediji prebral, da 90% internetnih uporabnikov za svojo zasebnost skrbi z uporabo freeneta, kjer dosegajo svetlobne hitrosti prenosa, zato je mega cista bedarija ;)
