Yes, the flaws pointed out are easily fixed. Mega will probably have a fixed version uploaded later today as the fix should be about 15 minutes of work. The good part about javascript cryptography is also the bad part - if any changes need to be made, they can be instantly pushed out to all clients and the clients are upgraded at the next page view.
Of course, this leaves open the main problem people have with javascript cryptography - at any point, Mega can change their javascript to no longer be secure. This means you can't actually trust that your data is secure from Mega - but then, I very much doubt anybody trusted this to start with?
It's the same thing as when I sign into my bank using my browser. My bank could at any time change their website to read in my account number and password, and then email this password to China, along with all my bank statements. I have to trust that my bank will not do this every time I use them. I also have to trust that the policeman I walked past earlier today would not shoot me with his handgun. You have to trust at some point.
But the entire point of client-side encryption is to avoid having to trust a server. If you have to trust the server, then there's no reason to do the client-side encryption at all. It's just overhead at that point.
Agree completely if the goal was to provide encrypted storage. However, as noted in other comments, this isn't actually the goal. The goal is to create a plausible legal defense against legal threats from the RIAA and similar.
If the encryption is done on the server side, Mega can legally be required to make a log of all copyrighted works uploaded to their servers and be liable for distribution. If the file is encrypted before it is uploaded, then Mega cannot physically store a log of copyrighted works. This is pretty major as take-down requests can then only be sent for a single upload. The most that could be done is for a court to publicly order Mega to cease and desist, at which point everyone can move on with no legal liability.
This is a piracy platform, not a genuine secure storage. It's fairly clever.
Sidenote regarding comment below:
I live in Africa, I'm not sure who I trust less out of my bank, the police, or Mega. Probably not Mega!
No, client-side encryption makes sense even if you have to trust the server. When Mega's server gets compromised, the attackers cannot get a user's private keys until he visits Mega's site. Without client-side encryption, attackers could get all the user's keys and thus all their data immediately.
> If you have to trust the server, then there's no reason to do the client-side encryption at all. It's just overhead at that point.
Think of it as bootstrapping. If they released a service you couldn't use from a browser, probably nobody would use it. But if they release one, even if it isn't as secure as it ought to be, and get millions of users, then someone will write a browser plug in that makes it so you don't have to trust the javascript anymore, and anyone who needs better security will use that. At that point the javascript is irrelevant because no one who needs better security is (or should be) relying on it, but first you have to get to that point. What the javascript becomes is a gateway into the service for people who don't need security and just want to take advantage of 50GB free storage, or who interact with people who have a different threat model.
For example, here's a use case: You're a whistleblower. You want to distribute something to the world and you can't allow anyone to know who you are. So you don't use the javascript, you use an open source native client, and you make your upload using TOR or pick your favorite anonymizer. Then Mega has an encrypted copy of what you want to publish, they have no idea what it is. Now all you have to do is post the link and password to a public forum (again using an anonymizer, and possibly from a different country from where you made the upload) so that by the time any third party can even know what it is that you've uploaded, it's available to the world and you're in a safe place. Meanwhile none of the downloaders who don't need protection from anyone has to install any special software because they can use the javascript.
I totally agree with half of your comment, Mega will fix all these glitches and the service will be better (eventually).
I'm not sure about the trust part. Both your bank and the policeman have are committed to follow strict regulation, and have something to lose if they fail to do so.
There's a trust factor too, but I don't think Mega has the reinforcement of regulation or the consequences if they don't deliver what they promise.
Of course, this leaves open the main problem people have with javascript cryptography - at any point, Mega can change their javascript to no longer be secure. This means you can't actually trust that your data is secure from Mega - but then, I very much doubt anybody trusted this to start with?
It's the same thing as when I sign into my bank using my browser. My bank could at any time change their website to read in my account number and password, and then email this password to China, along with all my bank statements. I have to trust that my bank will not do this every time I use them. I also have to trust that the policeman I walked past earlier today would not shoot me with his handgun. You have to trust at some point.