Mega plans to offer encrypted email service
Posted on 12 August 2013.
With Lavabit's closure and Silent Circle's shutdown of its Silent Mail, the question is where to turn next for a secure email service. has a few suggestions on which to consider trying out and which to definitely don't, whether it's a service or a piece of software.

Mega CEO Vikram Kumar has also announced that they are working on a new secure email service that will run on server networks that will be legally inaccessible to US authorities.

Whether that means New Zealand or another country like Iceland is still to be decided, as Mega founder Kim Dotcom is worried about New Zealand government's apparent inclination for laws that would force service providers to cooperate with the authorities by handing over decryption keys or providing a backdoor into their servers.

Kumar says that they are working on the aforementioned email service, but that it could take many months to deliver a product they are satisfied with.

They are working on finding a solution to keep Mega secure even if SSL/TLS is compromised, and are experimenting with new and still theoretical technologies such as Bloom filters.

"The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side," he shared with ZDNet's Rob OíNeill.

"If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That's] not quite impossible, but very, very hard. That's why even Silent Circle didn't go there."

Mega, which is currently just a file hosting service, opted for client-side encryption so that they don't know what type of content is uploaded, they don't have or store the encryption keys, and consequently can't hand them over to anyone.

Vikram says that "Mega will never launch anything that undermines its end-to-end encryption core security proposition". While he seems optimistic about their plans, only time will tell whether they will succeed in creating a secure and usable encrypted email service.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th