Quoted By:
online storage be it a cloud drive, ftp or encryption requires code scripting protocols that takes the data packet you upload thru the browser client and routing network to the storage destination where its stored.
mega uses AES encryption while yes this is secure ish, your browser client is still vulnerable to 3rd parties. Mega specifically with the china buy out deal is vulnerable to MEGA using your client meta data to obtain your half of the AES encryption on your end via remote monitoring on MEGAs part directly using background processes in your browser client.
due to this mega if run by a fruadulent party can just simply decrypt at will all ur uploaded content at their end by obtaining ur half of the AES encryption.
they can then copy and sell what ever they unlock and if you uploaded copyright protected data with out permission or government classified data, its a ToS violation that mega can prosecute you for AND they still get the data for their own use.
which is why MEGA's creator said stop using it when china bought it out via stock options.(gewijzigd)
and in megas case
they use javascript api coding
thing bout javascript
its a two way real time connection accessible by both parties simultaneously.
so due to coding method used its vulnerable on its own due to API insecurity(gewijzigd)
(javascript sessions done via session id is a two way real time connection between you and the service provider
a service provider if fraudulent or malicious can simply use the session connection to remote view your device through the browser client and or application.)
