It’s obvious that a cloud service can delete all your files if you forgot to renew your subscription or haven’t been active in a while. But it was personally never obvious to me, until a couple of years ago, that a cloud service could selectively lock or delete files you have never shared with anyone.
As far as legality is concerned, it’s irrelevant if a file was shared publicly or privately.
If you privately share a copy of a copyrighted book that you bought with your mom, it’s illegal. Even if the cloud service never finds out.
I also know for a fact that Dropbox & Google Drive preemptively detect copyrighted content in your cloud, and will prevent you from sharing them. That’s because they’re not E2EE and can read your files.
Mega does have a demonstrable track record of poor security in the past. I am not sure about the current state of their products.
I agree with @bitosi that Mega’s hash system appears to be (significantly) better than Apple’s convergent encryption strictly speaking, and is only usable in pretty limited situations where your file is probably already publicly leaked. The fact that you can get around this by reuploading the file demonstrates this isn’t terrible. With Apple ADP’s convergent encryption, reuploading the file manually would not help you. However, I still think both systems are bad and wouldn’t trust either one.
If you want my personal opinion, I would consider using Mega because it represents a pretty good value for people storing 2-20 TB of data, but I would only do so in conjunction with a more trustworthy encryption client like Cryptomator, just like any other cloud provider, because of their history.
There are also other threads where I’ve talked about how I do like a lot of Mega’s ideas in this space, like their browser extension to address some web-based E2EE problems. I just don’t trust their team’s execution of them.
I agree that they do bring a lot of value for certain people. They used to be significantly more expensive than Google Drive and Dropbox, but now they are on par if not cheaper for certain tiers. The got rid of their lower paid tiers.
How I’ve used MEGA
I still have my old MEGA account, but I don’t store any personally files in it. For me, personal files are anything that ties to my personal identity. Any content from my personal life, even a receipt for something as mundane as kettle, would count as personal because the name of the store could reveal my location. The kind of stuff I would save in MEGA are for, eg, videos I downloaded from YouTube.
And even under those circumstance, I have never shared a single file from my MEGA account. As a general rule, I avoid sharing any files from any cloud service for which I have an account. I always use a cloud service that doesn’t require an account, like Tresor.it Send.
It used to be very hard to find such services that allowed the sharing of large files, but there are more and more these days, like Swiss Transfer (50GB) and now Transfer.it (unlimited).
Neither of them are E2EE, so I don’t use them for personally identifiable files. For that I use Tresorit Sent.
On Cryptomator
Cryptomator is great tool. I use it on Google Drive and on my FTP server, but I haven’t uploaded new files in my encrypted folders in years. My biggest issue with Cryptomator, is that there’s no way to view your encrypted files via web.
I am grateful for FOSS FTP clients like Cyberduck that have Cryptomator integrated and allow me to view, download, upload, or edit encrypted files seamlessly. I really hope more cloud services allows access via clients like Cyberduck because to me, it’s a game changer to not have to download my files via web, though I like having both options. AFAIK, the only mainstream cloud services that are supported on Cyberduck are Google Drive, Dropbox, and MS Once Drive.
Yes. I’ve been meaning to write this post for a long time, and got reminded of it in part because in a recent video, Henry praised MEGA for their file request features, which allows non-MEGA users to upload files into your account. I hope E2EE cloud services copy this feature.