I was balked at for suggesting that following basic TLS practices, including on the subdomains where they deliver user content from, was a good idea.
It's appearing majority of the internet, including sites teensy and massive, now support 256-bit AES and perfect forward secrecy, but MEGA, which claims to be private and secure, can't be bothered?
It's true that user content is claimed to be end-to-end encrypted, but that really doesn't seem any excuse to skimp on TLS security.
After testing about a thousand disparate sites manually, in-browser, only 4 failed for normal usage, testing the ability to deal with only 256-bit (or ChaCha) with Perfect Forward Security ciphers, as well as safe TLS renegotiation,
*.static.mega.co.nz and *.userstorage.mega.co.nz fail ciphers in both ways, and mega.co.nz as a domain fails safe TLS renegotiation.
In all of the years I've been trying to report sites not following industry standard TLS practices to different companies, MEGA is the only one to find the idea amusing. Most sites reported to fixed the issues pretty quickly.
I think between this and the chrome extension compromise two days ago (which I'll note they have not yet directly notified customers of a serious breach), it's really enlightening as to how MEGA operates as a company.
I don't really trust "the cloud" in general for anything important or sensitive, but has MEGA ever had an independent verified security audit showing that their encryption and security do what they should/claim?
@thegoddessinari, I gave you a vote!
If you follow me, I will also follow you in return!
Enjoy some !popcorn courtesy of @nextgencrypto!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @thegoddessinari! You received a personal award!
Click here to view your Board
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @thegoddessinari! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit