So Kim Dotcom's got himself a new, encrypted file locker service called Mega. Ars has described the
launch party and
interviewed Dotcom himself, but their most interesting feature on the subject is
a quick look at its encryption scheme.
tl;dr it could be better.
The keys are generated with JavaScript and it looks like there's a problem generating entropy.
Encryption is based on the user's password, which necessitates not letting users change their passwords.
And there appears to be a deduplication scheme in place -- which, while obviously smart from the perspective of saving storage space, has at least one major security concern: if multiple users upload the same file, there is a record of every user who has that same file. So if one user is compromised, everybody else who has the same file is implicated.