The ever-controversial hacker-turned-millionaire-entrepreneur Kim Dotcom has announced the public beta launch of an end-to-end encrypted audio and video chat service, which he calls MegaChat.
Anyone with an account on Mega’s
file-sharing file-syncing service can now access what is claimed to be a more secure alternative to Skype, boasting end-to-end encryption.
If it does what it claims, MegaChat can allow you to communicate with someone over the net (via audio or video, video conferencing and text chatting apparently will come later) through your browser, without anyone having the ability to intercept or snoop on your messages in between.
I thought I should test the service, so created an account to give it a go. Unfortunately I don’t know anyone else who uses Mega, so I had to chat with a toy womble instead. The conversation wasn’t amazing, but it did work.
What I cannot vouch for, of course, is whether MegaChat did a good enough job of ensuring that the conversation was secured and end-to-end encrypted.
It would be great if it was, because increasingly politicians like UK Prime Minister David Cameron are raising the stakes, calling for end-to-end secure messaging to be outlawed if there are no backdoors through which law enforcement can access what is being said.
In the opinion of many security experts, that’s a dangerous step. Because anytime you have watered-down security there is the potential for not only the authorities to access messages but also – potentially – hackers, foreign governments and organised criminal gangs.
One also has to wonder how businesses would feel operating from a country where secure messaging cannot be guaranteed.
Kim Dotcom’s Mega, of course, doesn’t have a spotless record when it comes to security.
Last year, Mega was roundly criticised by experts for a range of security holes ranging from cross-site scripting flaws, to a poor implementation of encryption, and even the discovery that Mega passwords could be easily extracted.
So, can you trust Mega now to secure your private online chats?
The jury is out…
Because of Kim Dotcom’s notoriety and aggressive PR machine, there is no doubt that there will be plenty of people keen to expose any vulnerabilities if they find this competitor to Skype is anything less than water-tight.
Perhaps mindful of that, Kim Dotcom has announced that he is offering a security bounty for anyone who can find flaws in the service.
#Mega offers a security bounty again. Please report any security flaw to us. We'll fix it and reward you. Thanks for helping.
— Kim Dotcom (@KimDotcom) January 22, 2015
So maybe it would be sensible to wait and see before you trust any sensitive communications to the service.