"Fundamental flaws uncovered in Mega's encryption scheme show service can read your data."


oh no!
"Customers who have logged into their MEGA account at least 512 times (the more, the higher the exposure). Note that resuming an existing session does not count as a login. While all MEGA client products use permanent sessions by default, some third-party clients such as Rclone do not, so their users may be exposed."

This is one of the many reasons when a service says it is encrypted, (e.g. OneDrive Private Vault), I still use rclone's crypt!

Reading the blog:

For MEGA, as an end-to-end-encrypted (E2EE) storage provider with high standards, this is a serious matter, whereas for providers not using E2EE, such as Dropbox, OneDrive or Google Drive, a compromised back-end or man-in-the-middle attack is of course always fatal. Their privacy guarantees to users are entirely based on policy .

Makes sense but man does it feel slimy to have both a "we screwed up" and "we're better than the competitor" in the same article. Though, to be fair, they are right.