PayPal Drops Mega Due to Use of End-to-end Encryption

By Kyle Torpey Feb 27, 2015 8:18 AM EDT

NEW YORK (InsideBitcoins) — Late last night (New York time) cloud storage provider Mega announced that PayPal will no longer process customer payments. Mega claims that the pressure for the move came from Visa and Mastercard, who themselves were influenced by Senator Patrick Leahy. The justification for the payment blockade seems to stem from NetNames, a report on “shadowy” file-hosting sites. The report was partially funded by Digital Citizens Alliance, which is supported by the Motion Picture Association of America (MPAA)

Mega’s encryption is the problem

MegaLogoAlthough Mega noted that PayPal’s decision to immediately break ties with the cloud storage provider was non-negotiable, they also relayed the fact that PayPal didn’t seem to have any personal issues with the company originally founded by the controversial Kim Dotcom. When pressed for a specific issue that led to PayPal’s final decision, the online payments giant noted that Mega’s use of end-to-end encryption is the main problem. In their blog post related to this incident, Mega quoted PayPal as saying the encryption methods create an “unknowability of what is on the platform.”

Unlike many of the other widely-used cloud storage services on the Internet, Mega is unable to see what their customers are storing on their servers. This is due to the company’s use of client-side encryption. All files are encrypted on a customer’s local computer before they are uploaded to Mega’s servers. This is similar to how’s bitcoin wallet works with its management of user private keys. The point of this sort of encryption model is to drastically reduce the amount of trust required in the service provider. Not only is the user’s data protected from the company storing the day, they’re also protected from possible searches of that data from law enforcement.

As we’ve seen with past examples, such as Hushmail and Lavabit, governments generally do not like it when they’re unable to access certain user data due to the use of encryption.

Kim Dotcom hints at a bitcoin solution

Of course, anyone who knows the history of bitcoin will be reminded of Wikileaks when hearing about this story. In 2011, major payment providers were persuaded to block donations to Wikileaks from around the world, which led the company to accepting the censorship-resistant bitcoin. It seems that Mega may take a similar path when it comes to their response to this financial censorship. It has already been possible to purchase storage on Mega servers via bitcoin through resellers for a couple of years, and Kim Dotcom claimed the world should “give bitcoin a boost” in response to PayPal’s decision.

Not compromising on privacy

Although they’ve yet to find a solution for traditional payment options, Mega has vowed not to compromise on their use of end-to-end encryption. They’ve also stated, “[Mega] is proud to not be a part of the USA business network that discriminates against legitimate international business.” Mega has lifted storage limits on all accounts until they’re able to find a proper solution, and current subscribers have also received two more months of storage free of charge. If they’re unable to find a solution for traditional payment options, bitcoin may become the only way to purchase a Mega cloud storage subscription.

Correction: A previous version of this article claimed Lavabit used client-side encryption. This statement was incorrect. More information on Lavabit’s use of encryption can be found in this Moxie Marlinspike blog post.

You can follow @kyletorpey on Twitter.


  • Rick Romero

    I didn’t see anything in legal papers beyond the basics.

    IMHO, it’s even worse if he wrote the software himself, and cannot add a RCPT TO during SMTP. It’s blindingly simple (especially if he’s not running Qmail like I do – it’d be nice to have descriptive variable names longer than 1 char) and no amount of complexity further down the line negates that fact. User’s consent is not required for a code change to meet a warrant request. Had this been an NSL, or FISA order, then there’s cause to fight it. As it stands, there were only two reasons to not comply – maintaining the false claims of security for data at rest and data in motion, and the request for payment to deliver the target’s data.

    You know it took me 2 minutes to find commercial software via Google, that would filter email out of a pcap if you provided the SSL key? I think it was $600. Negotiate that. Don’t put it on your users.

    I’ve had plenty of dealings with all levels of authorities, under all different sorts of restrictions, and I find it difficult to believe the FBI would overstep their bounds. Although in light of the basic ‘SMTP is clear text until something is done to it’, I have just as many issues with the claims of security for data in motion as I’m sure they did.

    I’m also sure he read the target’s email and formed his own opinion – if he’s truly on the level, I would understand that’s where the problem started.

    My core problem with him is – you can’t take plaintext data and a plaintext password from a user, encrypt AND decrypt their data, then claim it’s impossible for you to access. I never believed that, never expected anyone else to, and IMHO the NYT quote shows the code existed to store the pw somewhere in cleartext for ‘offline data retrieval’. And now he’s taken in how much money from people after shutting them out of their email? I wouldn’t be surprised if it was $500k. It’s just not ethical. If it was about the users, then he’d suck it up, eat the $600 for 3rd party sniffing/filtering software, and truly protect his user’s privacy.

    Unless he’s just incompetent, and actually believed his system was impenetrable. There’s always that. Developers usually aren’t very good outside the IDE. That doesn’t make me feel any better about a new solution from him though.

  • sbenfsck

    His system was a custom written In C, there were open source pieces, like the virus scanner and the underbelly of the storage engine, but most everything was handled in the core software, he spent 10 years constantly adjusting it. It was no simple matter to do a bcc without the user’s consent. There were outright lies in the government docs, for instance, they said he went out the back door to avoid them, he lived on the fifth floor of a high rise apt, there was no “back door”. He offered to pull the PGP encrypted files from the system and comply with the warrant initially, but they kept saying no, they were under the impression that if the target had an email address there and by following the PGP server metadata, if he had spoken with any others, they might as well have the whole enchilada.
    He was pushing back, and they were moving way beyond what anyone would consider is legal. The initial quote was to attempt to appease them and get the idea of forcing the security of all users to be destroyed. He went all the way as far as he could, but ultimately he decided to kill the service. It was no easy matter to break the service he custom wrote, but he was trying all angles to comply legally.

    This is a problem, he was not running standard open source software, it was designed to get the people out, the service SSL delivered to the antivirus, where it was anti viruses in protected memory, then encrypted to disk using the user’s keys. All protected from admin moves as much as was possible within that model.

    I respect you and your business, but to call a man who I personally know is kind and massively concerned with the privacy of people and the upholding of the constitution as a scumbag is not fair.

    He is restricted from saying many things by orders he can’t even disclose the existence of, orders with no expiration dates.
    Think of that, you have to listen to what is said about you and your life’s work but can do nothing in your defense.

    He is working darkmail as is it something they did not explicitly deny him, like they did not envision he would shut down, hell, gmail and others never did, why would they even consider it.

    I followed you on Twitter, follow me back and DM me, I will call you and gladly answer questions that I know the answer to.

    Ladar is no scumbag, nor some quisling. He is just like you, a business owner who cares about his customers and was caught in a steel trap that forced him to chew his own leg off.

  • Rick Romero

    VFEmail was created long before Lavabit. It was based on Virus protection because at the time – believe it or not – nobody was virus scanning emails.

    The original wiretap request was for a single account and was fulfilled – but not in real time. Read the NYT article or the legal filings.
    NYT: “He would log the target’s communications, unscramble them with the
    encryption keys and upload them to a government server once a day. The
    F.B.I. told him that was not enough. It needed his target’s
    communications “in real time,” he said.”

    I’ve gone over all of this on my blogspot page in 2013.
    Lavabit didn’t do Anti-Virus? Spam Scanning? Allow user filtering? Highly improbable. In any case, it’s just the easiest example to explain to people that ‘delivery to INBOX’ encryption doesn’t mean the ESP doesn’t have your email in clear text. Even if it’s PGP encrypted at the source – Again – a simple BCC (adding an additioanl RCPT TO:) during the SMTP process (upon seeing the target’s address in the previous RCPT TO/or within the AUTH command) and he could have met the FBI’s demands without screwing his userbase.

    His system was based on open source software – I know of NO open source email system that cannot be easily configured to BCC and filter. All that stopped him was greed – plain and simple. He found himself in over his head and had no choice – either give up all his users to the government, or shutdown and try and martyr himself. Since so many people actually believed his BS “Not even we can read your mailbox” (see Moxie Marlinspike’s Lavabit page), it was pretty obviously going to be the martyr choice.

    In addition, the order was NOT a secret NSL, and NOT from a questionable FISA court. It was 100% on the level – exactly what you want if you wish to allow Privacy and the ability for checks/balances and oversight in legal and lawful investigations.

    Levison may truly be attempting to ‘fill the gap’, now – but if you don’t trust the government because of NSA overreach and indiscretions, why would you trust a single individual who lies about his core service for 10 years and then lies about screwing over his userbase?
    I don’t trust him. He hasn’t earned it.

  • sbenfsck

    The reason a law abiding company would not compy with a legal wiretap is if, unlike a normal 4th amendment based warrant it was an attempt to driftnet all users while looking for one, a general warrant if you will. He had complied with warrants in the past, as i am sure you do. He shut down his business versus what he and many think is absolutely unconstitutional methods by the U.S. Government. i don’t really have to time to respond to every statement on the Internet, but what you said was false. Your business is based upon a virus protected model, and even that thought was modeled into Darkmail with the reputation system. Please look and see who your enemies are, Ladar is working to cover all the blind spots and deny govt access to info they shouldn’t be asking for. I have never met anyone more focused and concerned with respecting the privacy of his users and concerned about the constitutional aspect of the past couple of year’s disclosures. His focus is a system which ensures end to end user security, minimizes metadata, and helps the provider stay out of the loop, forcing the government to get a local warrant for the user’s system from a local court, destroying the FISA based ability to driftnet the provider. He stood there, risking his freedom, for the sole reason of protecting his user’s privacy. the first rule of combat upon entering the battlefield is to identity the enemy and identify your allies before you shoot.

  • Rick Romero

    The FBI is the government. They don’t need to break Tor or do overly complex things. They simply need a signed warrant for an individual’s data and any law-abiding company will comply.

  • Rick Romero

    I run VFEmail.

    Are you telling me Lavabit wasn’t doing Virus Scanning? Spam Scanning? Bull. They had unencrypted data, because that’s how email works. Plan and simple. The only way to protect your data is to encrypt it at the client, that’s what PGP does. That’s what Mega does.
    No amount of documented tomfoolery will change that. What Lavabit wanted was a system like a bank box. You go into the vault with the manager, and both of you have keys to open your box. That’s not how it works in the real world. In email, you give your key to the teller and she opens your box and gives you your stuff. Levison had a whitepaper that described the teller being required to circle the bank 3 times on a unicycle while whistling dixie, but it’s totally inconsquential.
    The FBI wanted the SSL keys so they could get the data realtime – You just sniff and filter the traffic. It was disclosed in an NYT article, and in the court papers that Levison was already giving them data on a daily basis – futher destroying your claims that 1. The data at rest was secure, and 2. that the FBI just wanted to decrypt data at rest.

    There is no reason a law-abiding company wouldn’t comply with a legal wiretap warrant for a single user. Levison got over his head because he demanded far too much money to implement a simple BCC.

    VFEmail will never use anything that Levison is involved and I’m sad that Phil Zimmerman is associated with that scumbag.

  • sbenfsck

    Wow, speaking of FUD, let me clarify. In no way was Ladar working with any govt agency, they were leaning on him like the Mafia. Read the court transcripts. He was using any tactic to delay them. How long does it take logs to roll on a Linux system with logrotate? The system held most user messages In the following method: SSL encryption from client to server, then encrypted to disk, a common and secure method for the threat environment as people knew it at the time. They (the FBI) wanted the server side SSL key and paraphrase so they could decrypt the sessions and catch the user passwords, allowing them to read all the mail for everyone on the system. Ladar was not willing to do this, even with the threat of jail. They were delayed long enough to roll the logs and for him to get to the server and shut down. A massive risk for him personally for the sole reason of protecting user’s privacy. All docs are online, and he has been doing nothing since but tweaking the government’s nose and working on getting a more secure, metadata minimized standard out there to protect people from the huge overreach that we have been witnessing. They went after him, they went after Kimble. If I were you I would worry more about the people who claim security yet are not molested by the government, why are they still up? It is your privacy. Learn the facts, get mad, and do something about it. Encryption is the only method we have to defeat them, and they know it. That is why we see these companies feeling the pressure. I hope Kimble keeps fighting, and I am confident he will.

  • jimbit

    where the heck did my post go?

    anyway, mega should accept darkcoin and bitcoin

  • jimbit

    mega needs to take darkcoin and bitcoin! what are they waiting for?

  • CryptoReporter

    I agree. Easy online transactions. Some people do like to buy in person and a better place besides localbitcoin might be LibertyX. I havent tried them yet but seems pretty easy.

  • “SMTP is clear text, TLS is a tunnel.”

    I’ve seen STARTTLS defined as connection upgrading (similar to HTTP 101) rather than tunneling.

    “If they intercepted SSL traffic with a new key, Lavabit would know.”
    “[…] OR Lavabit’s only client would be the FBI proxy.”

    They’d not initiate all connections from the same IP, that’d make it obvious; they’ll use lots of relays, maybe even TOR, to make it look natural. And even then, I do agree with you that Lavabit would discover the attack some day or another.

    “The FBI’s intention isn’t to break the chain of trust (as poor as I think the CA’s position is there – SSL cert costs are a scam, IMHO), it’s to simply gather evidence for a court case as quietly as possible.”

    I kinda see your point now. But if I were Edward Snowden, would I trust my email provider that runs in the United States just after I’ve been caught?

    Potential evidence was probably off Lavabit’s servers at the time intelligence agencies got interested in Lavabit, IMO.

  • Machiavellian

    Crypto does not fall under the guidelines of V or MC, they are shutting down crypto entities left and right in an attempt to stun the growth. We need to pay people direct with Crypto and circumvent big banks. bottom line, there are more ants then grasshoppers. they cant stop crypto currency.

  • fullforce098

    Mega quoted PayPal as saying the encryption methods create an “unknowability of what is on the platform.”

    …that’s the whole point. You realize you literally just released a statement saying you are against user privacy? You disapprove of us doing things you can’t see. You just said that. Fire your publicist then fire yourself.

  • hupp

    bitcoin needs to be easier to buy

    Debit card easy. UKash easy. PayPoint easy.

    NOT run around localbitcoins looking for an alternative.

  • Rick Romero

    Yes. Levison owned Lavabit.

    SMTP is clear text, TLS is a tunnel. Levison owned one end of the encrypted tunnel – and can see everything unencrypted. For a simple example, the RCPT TO: occurs after STARTTLS, and the connection was encrypted – if the server at the other end can’t see the RCPT TO, the email couldn’t be delivered.

    Yes, they wanted the SSL key. I was keeping it simple. See how easily you got the SMTP part wrong? 🙂

    The FBI weren’t waiting patiently, it was the last straw against a person who was defying a court order, simply because the FBI wouldn’t pay him ([what he wanted] They would pay, it’s a federal law, but only reasonable costs – not $500/month). Do you think they’d pay whatever hefty ransom a full fledged CA would charge? If they intercepted SSL traffic with a new key, Lavabit would know. You can’t break SSL transparently with two different keys – OR Lavabit’s only client would be the FBI proxy. The FBI’s intention isn’t to break the chain of trust (as poor as I think the CA’s position is there – SSL cert costs are a scam, IMHO), it’s to simply gather evidence for a court case as quietly as possible.

  • Disclaimer: I don’t know much about Lavabit and their story. I just pointed up some parts of your comment that don’t make much sense.

  • Who is Levison? Owner of Lavabit?

    “SMTP is clear text”

    Not really. SMTP is clear text, but a STARTTLS command will switch it into an encrypted connection. And I’m sure Lavabit was using the feature. But see next one.

    “they requested the SSL cert to do it themselves”

    That doesn’t make any sense. They didn’t need to request the SSL cert; it’s public and the server gives it to anyone that connects. If they wanted to request something, it’d be the private key.

    And even then, come on, do you think they’d patiently wait until they got the key? They’d just pay a CA to give them another cert and use this one!

  • Rick Romero

    “As we’ve seen with past examples, such as the shutdown of webmail provider Lavabit, the US Government does not like it when they’re unable to access certain user data due to the use of client-side encryption.”

    No. Wrong. SMTP is clear text, and Levison was already decrypting the data and dumping it to the FBI on a daily basis. The shutdown occurred because Levison thought the FBI warrant for a realtime wiretap was a B2B transaction and tried to negotiate a $2000 fee to implement a simple BCC. He only flipped out when they requested the SSL cert to do it themselves and remove the middleman’s cut.

    Stop the FUD.

  • Simon


  • FeedTheBaby

    So sick of payment processors, paypal, etc. The US needs to declare processing payments a public utility.

  • Kim, forget Paypal, you can use DOLLAR as payment in the future.

Read more:
Citi Suggests UK Government Create its Own Digital Currency

The United Kingdom, is often one of the friendlier places when it comes to Bitcoin legality, especially when compared to US...