Kim Dotcom launches encrypted MegaChat service

Kim Dotcom has launched a free voice and video chat service called MegaChat, promoted as encrypted end-to-end and a rival to Skype

Controversial hacker-turned-entrepreneur Kim Dotcom has launched a free voice and video chat service called MegaChat, promoted as being encrypted end-to-end and a rival to Skype.

“We are releasing #MegaChat beta step by step, starting with video calling today. Text chat and videoconferencing will follow soon,” he announced on Twitter. Dotcom has also promised mobile apps as soon as possible.

According to Dotcom, cloud storage and file hosting service Mega has over 15 million registered users. “I think MegaChat could elevate us to 100+ million users by the end of 2015,” he said.

MegaChat runs purely in the browser and does not require any software to be downloaded, but plug-ins for Chrome and Firefox are available for “faster loading and added resilience against attacks”.

The calling service also enables users to share encrypted files if they have previously shared a personal decryption key, according to the Guardian newspaper.

Dotcom has claimed that “no US-based online service provider can be trusted with your data” and that “Skype has no choice – they must provide the US government with backdoors”.

Several top US internet service providers suffered a market backlash after whistleblower Edward Snowden revealed that US intelligence agencies had access to encrypted messages.

Many of these companies, including Skype owner Microsoft, have been at pains to distance themselves from the National Security Agency (NSA, the US intelligence service) by introducing transparency reports and additional privacy measures.

They have in turn come under fire from intelligence and law enforcement agencies in the US and UK who say that encrypted services hamper their ability to monitor criminal and terrorist activities.

The UK prime minister, David Cameron, has proposed a ban on encrypted messaging services, but appears to have backed off in the face of strong criticism and doubts over its feasibility.

Dotcom is pitching MegaChat as a secure alternative to Skype that cannot be accessed by national intelligence agencies.

In an attempt to allay concerns about safety of log-in credentials given that passwords have been stolen in the past from Mega, Dotcom tweeted: “Fact: #Mega encryption has never been broken. #Mega user passwords have never been compromised. Your files and chats are safe with #Mega.”

Dotcom added: “For two years #Mega has offered security bounties to anyone who can crack our encryption. Were still waiting for someone to collect,” and “Mega offers a security bounty again. Please report any security flaw to us. We'll fix it and reward you. Thanks for helping.

However, independent security consultant Graham Cluley pointed out that just a year ago Mega was criticised by experts for a range of security holes, ranging from cross-site scripting flaws to a poor implementation of encryption, and the easy extractability of Mega passwords.

“So can you trust Mega now to secure your private online chats? The jury is out…,” he wrote in a blog post. “Maybe it would be sensible to wait and see before you trust any sensitive communications to the service.

Read more on Privacy and data protection