Privacy gaps you should know about MEGA and its new service Transfer.it

Although MEGA is not recommended by PG or Tech Lore, many people inside and outside the privacy community use it without fully being aware of some of its privacy gaps.

1) MEGA CAN TRACE, ACCESS, AND DELETE YOUR FILES REMOTELY

Even if you’ve never shared your files with anyone, MEGA can trace, access and delete them remotely.

Although MEGA claims to be E2EE, they still have access to your files through a unique type of metadata, which they call a byte sequence. MEGA assigns a unique byte sequence to every file you upload that makes every copy of your files traceable and identifiable across every single MEGA account in existence.

That means that if you share a file you uploaded to your account with other MEGA users, and they copy it into their accounts, all their copies are still linked and traceable to your account as the original uploader. If they in turn share their copies of your file with more Mega users, and so on, all those copies will still be traceable back to you and any other Mega user who has the same copy which contains the byte sequence from your upload.

What you can do

The only way to unlink files you copy from other Mega users is to download them and manually re-upload them yourself to your account. That creates a new, unique byte sequence for each file, making them an original upload that cannot be linked to the previous copies.

You will never have full control of files you copy from other MEGA users unless you re-upload them yourself.

And if you want to avoid the risk of having files you upload being deleted without your consent, do not share them. At least not via MEGA.

2) MEGA SHARE LINKS NEVER GET RENEWED

When you create a share link for a file or folder in your MEGA account, it never gets renewed after you’ve disabled it. That means that every time you generate a share link for the same file or folder, it will be identical to the previous ones because it never changes.

That’s another way your privacy is compromised, because people whom you gave limited access to your files via shared links will always have access to them every time your links are live.

3) DO NOT USE TRANSFER.IT WITH MEGA IF YOU VALUE YOUR PRIVACY

What is Transfer.it?

Last month, Mega launched a new service called Transfer.it that is supposed to compete with WeTransfer. You can upload and share unlimited amounts of data for free. And there are apparently no speed limits. It is not E2EE, though.

Transfer.It doesn’t require an account, but their argument is that you get more value if you use it with an account, which would be through MEGA.

It’s integrated into MEGA

If you have a MEGA account, you have access to Transfer.it inside MEGA as a feature. That means that files already in your MEGA account can be shared instantly via Transfer.it links, which are different from MEGA links. There is no wait time because MEGA & Transfer.it are owned by the same parent company and use the same cloud infrastructure, although one is allegedly E2EE and the other is not. If you have a paid MEGA account, you have access to all the premium features of Transfer.it

The problem with MEGA integration

That being said, DO NOT use Transfer.it with a MEGA account because it makes all your uploads traceable to your MEGA account, especially the files from your MEGA account that you shared via Transfer.it.

My opinion

I have only tried the free version of Transfer.it without an account, and frankly, I’m impressed. It is very useful for sharing non-sensitive large files. You can add a password, limit how long files are available for, and request notifications via email.

Transfer.it’s free features are rich enough that you don’t need an account nor do you need to upgrade, especially if you value your privacy. Even if you have a paid MEGA account, do not use Transfer.it with it if you value your privacy.

Maybe I’m misunderstanding you, but isn’t it obvious that they can delete files from their servers? Like yeah, they’re your files, but you uploaded them to a remote storage service, it’s their storage. Even if that isn’t assumed, they explicitly reserve the right in sections 6.4 and 26 of their Terms of Service, found from a quick Ctrl+F search.

Also, as you’ve described it, it still doesn’t seem like Mega can access your files. I have certainly heard that their encryption model has flaws, but I think that’s a separate issue from what you’re describing.

Furthermore, I would be astonished if Mega didn’t mark files with a unique identifier. If you wanted to untraceably send a file to someone else, you wouldn’t share the file from your Mega account anyway, that’s traceable regardless of a unique byte sequence in the metadata.

I don’t really know much about how they market themselves, though, so they could totally be misleading people about that stuff.

It’s not that obvious. Many people in forums have reported losing files that they had never shared with anyone, and they didn’t understand how that could happen. This post explains why.

Moreover, Transfer.it is a newly launched service, and people might mistakenly believe that their files can’t be traced if they use it with MEGA, when in fact they can. It’s not obvious.

As far as I know, MEGA is the only cloud service that assigns a unique identifier to your files so that all of its copies can be traced in all MEGA accounts.

Although it has its advantages, I am personally not a fan of cloud services that don’t allow you to have an original copy of a file if they can detect that someone else already has it and copy it. It might save you time and bandwidth on uploads, but it also means your copy will never be original. Years ago, I had encountered another cloud service that worked that way, but they shut down within a year.

iCloud ADP has a similar issue:

Thanks for letting me know. I did not know that.

Does that mean that when you upload a file to iCloud, it checks if anyone else already has a copy of it so you don’t have to upload it again?

Or does it simply let you upload, but makes note of the fact that other people have copies of this file?

Yes, there’s no difference to you. If we both uploaded identical PDFs then Apple only stores one copy of that file on their drives.

To clarify, if I have a publicly available file within photos and iCloud but with ADP enabled, and another person has the identical file but in standard protection, would it theoretically be within Apple abilities to identify the exact file I have, if say the government compels Apple to access the SP iCloud?

Apple has the keys for standard protection so it should be possible from what I understand to compare the checksum and come up with reasonable proof that I indeed have possession to a specific file. Please correct me here if I misunderstood

This is a pointless question to ask: Had that not been the case, why wouldn’t the govt people be able to just register an iCloud, enable ADP, and reupload the files they obtained from the standard account, then compel apple to provide a list of people who have the same file?

Then I fail to understand whats the problem with ADP. Sure, Apple has some metadata like file name, creation date, and when it was last accessed, but beyond that, everything feels entirely speculative, with it being closed source and everything. Please enlighten me

The problem is the fact that they can match up encrypted files with other encrypted files. If someone has the original file, they can just upload it encrypted and request a list of users that have the same file. Availability of the unencrypted file towards Apple would only help searchability or fuzzy matching.

The correct way to do this is to not use convergent encryption, and simply have all files be unique. Providers don’t like this because storage costs money, while most people aren’t storing unique files.

So basically if I have a pirated version of a movie uploaded to ADP iCloud/Photos, theoretically, one could upload the said movie and find out who has it uploaded to their iCloud too, and issue a DMCA that way, if Apple is compelled.

In same vain, Apple could make a reasonable connection between two accounts if they have many identical photos uploaded to their ADP account; that it used by the same person or at the very least a family member.

Yes.

Well, of course Apple would have to be cooperating as well in this case, to be clear. The MPAA or whoever can’t do it on their own.

Also, one more attack from the “Known Attacks” section of the Wikipedia article on convergent encryption I linked above:

Even more alarming than the confirmation attack is the “learn the remaining information attack” described by Drew Perttula in 2008.[9] This type of attack applies to the encryption of files that are only slight variations of a public document. For example, if the defender encrypts a bank form including a ten digit bank account number, an attacker that is aware of generic bank form format may extract defender’s bank account number by producing bank forms for all possible bank account numbers, encrypt them and then by comparing those encryptions with defender’s encrypted file deduce the bank account number. Note that this attack can be extended to attack a large number of targets at once (all spelling variations of a target bank customer in the example above, or even all potential bank customers), and the presence of this problem extends to any type of form document: tax returns, financial documents, healthcare forms, employment forms, etc.

@bitosi Why the dislike? What is it you disagree with?

We have argued once already on a different topic and i don’t feel like engaging with you, as i got the impression you don’t want to engage in good faith.

To give some clarity in this case, I think you very much exaggerate the concenrs, fear monger about basic server stuff like its exclusive to MEGA when its in the power of ALL cloud based services and i disagree with your conclusions. I don’t want to get into a tiring debate like last time tho.

I dont think its a good idea to push people to explain why they disliked a post. They would have elaborated if they wished to do so.

This is a discussion forum. If someone dislikes a post I or someone else made, and I don’t understand what is objectionable about it, I’m going to be curious. After all, you are signalling something to me and everyone else. It shouldn’t be surprising that your action invites inquiry.

I don’t remember what we had discussed in the past. Was it Simple Login and their 1 alias per third party website policy?

I never suggested it was exclusive to MEGA, though I personally did not know of any E2EE cloud service that could do this outside of MEGA. I’m sharing knowledge that a lot of people did not know or understand. As I said, I’ve seen many MEGA users complain about losing files that they never shared with anyone, and didn’t understand how that could happen.

Also in the comments, there were some people who didn’t know that Apple’s ADP has a similar system, myself included. Neither MEGA nor Transfer.it are recommended by PG. If I’m fearmongering, are they doing the same?

We talked about Telegram last time.

Neither MEGA nor Transfer.it are recommended by PG.

PG recommendation pre-requisites don’t mean a tool is good nor not. Its just a general filtering bar to disqualify low quality tools. Often times even if a tool meets the requirements it still wont get recommended because of history, bias, etc. For example: MEGA meets all criteria. It shouldn’t mean that something is ill-advised to use if its not recommended yet. The recommendations are pretty spot-on but MEGA is overall a solid service as well.

As I said, I’ve seen many MEGA users complain about losing files that they never shared with anyone, and didn’t understand how that could happen.

To say this, it would need to proven it was MEGA messing with them and not their own fault like not paying the montly fee, not paying attentionto the trial period, or they themselves deleting/corrupting files etc. If they didn’t share it MEGA has no way of knowing what they upload for what reason.

Unless I’m missing something, couldn’t a hash achieve the same result? I mean if this is known to be done by MEGA, that’s not great. But it’s worth mentioning that any cloud storage provider could probably do the same thing without the user knowing. Sorta like having to trust a VPN service, you’d have to put some trust in the cloud provider for some things.

Since its verifiably (via megasync source code) encrypted on the client before being uploaded the hash is different for every user even if they upload the same file.

This “byte sequence” is even shittier in some ways for “tracking” than a normal hash because it gets renewed if you reupload the same file where a hash would stay the same. This byte sequence stuff is done to trace back illegal material to the original account that shares it publicly. They would have to see the actual file first (of they learn to know the share link online for example) before they know its suspicious. So the byte sequence thing is moot by default unless you share your files on a discord channel where you essentially made the file public anyway.

True. But I’ve seen PG staff specifically criticize MEGA and even question the claim that it’s E2EE. Not saying PG is always right, but I personally take their critiques seriously, especially if it’s about something I don’t have technical knowledge about.

Some people definitely lose files because they are at fault, but sometimes they don’t know and are not told the reason.

MEGA has no way of knowing what they upload if they didn’t share it. The key word here is upload. Many MEGA users copy files into their account from other MEGA users instead of uploading them. They do it because it’s a feature of MEGA, and it is easier and faster than re-uploading the files themselves, especially if they are large.

Many of those users don’t know that if they copy files from another MEGA users, it can get deleted because it is not their upload, and copies that have been shared can be traced to every user who has a copy, including them. Since they have no way of controlling how other people’s uploads are being shared, they have no control over the files they copy, and they don’t realize that.

Also, MEGA doesn’t just have the power to delete your files. Their can also lock them instead. Meaning that the file is still in your account, but you cannot download it.

I’m sorry, I’m not as technical as you. I don’t know what a hash is.

The file in question doesn’t have to be illegal. For e.g., you’re allowed to have copyrighted content that you bought and own. It’s sharing it that risk you getting into trouble. And you don’t have to share it publicly for that to happen. If you privately share a large file via MEGA with a friend, there’s always the chance that they will share that link publicly, or privately with someone else, who in turn will share it publicly.

This is why I personally would not use MEGA for whistleblowing, because the risk of losing your files is always present when you share them regardless of if its privately or publicly.

Also, MEGA doesn’t just have the power to delete your files. Their can also lock them instead. Meaning that the file is still in your account, but you cannot download it.

Again. Not exclusive to mega. Cloud works like that.

The file in question doesn’t have to be illegal. For e.g., you’re allowed to have copyrighted content that you bought and own. It’s sharing it that risk you getting into trouble. And you don’t have to share it publicly for that to happen. If you privately share a large file via MEGA with a friend, there’s always the chance that they will share that link publicly, or privately with someone else, who in turn will share it publicly.

Sharing your own movies is copyright infringement (illegal). They have the right to link it back to you even though i don’t think thats moral or would hold up in court because you were not the one who made it public.