MEGA vs. Filen? Help me choose

Looking between 2 different cloud storage providers who have zero access encryption: MEGA and Filen. I need to store my photos and documents in my cloud drive. Which provider should I choose? What are the pros and cons of the privacy/security of each provider? What are your experiences with them? And how are the recovery options with each?

Both are imperfect solutions with less-than-stellar security histories (Filen: Filen cloud storage by DanielProg39 · Pull Request #345 · privacyguides/privacyguides.org · GitHub, Mega: MEGA Security Update - Mega Blog). Filen’s clients are open-source and Mega’s are source-available. I tried Filen briefly, and wasn’t blown away, but your mileage may vary. From a privacy and security perspective I think they’re both fine for mild-moderate threat models. I wouldn’t store any super sensitive info there. I think Mega has a slightly better reputation than Filen just because it’s been around a bit longer and has had more eyes on it.

I’d use filen over MEGA because MEGA has been known to have serious security issues. I’m not 100% sure filen is actually secure, but if you’re worried you could encrypt files before you upload them. That way, you don’t have to trust your storage provider not to snoop/lie about security.

I recently came across Filen and decided to give it a try. It appears to be a robust and reliable cloud storage service. Like MEGA, Filen also prioritizes privacy and utilizes end-to-end encryption. However, there are some notable differences between the two. While MEGA has servers located worldwide, Filen’s servers are situated in Germany, operating under the jurisdiction of EU privacy laws. Filen’s pro plans offer more comprehensive features compared to MEGA, although it’s worth noting that Filen does not currently accept cryptocurrency payments. Another advantage of Filen is the absence of transfer limits, which is a definite plus. Ultimately, the choice between Filen and MEGA will depend on your specific requirements and preferences for cloud storage.

Trusting either (and anything else) is pretty much impossible unless you are the one that encrypted the file is my opinion. You will lose some functionality that those providers offer, but if security is your #1 concern, encrypt files yourself and use whatever service is the cheapest.

I’m going to do that for my temporary documents. But for my cloud backups, for photos and long term documents, and can’t encrypt those using Cryptomator or VeraCrypt. I need to access those on multiple devices.

Is Cryptomator available on Android? And does Cryptomator use a password to encrypt my files?

Does using Cryptomator increase my chances of losing access to my data? Especially since this is a cloud backup, I want to be able to access it in case my local backups fail. If cryptomator requires a password, I’ll use the same password as for my password manager.

Sure, I’ll use Cryptomator for my temporary files like documents and slideshows. But for things I need to access on my phone, like photos and videos, it’s kind of hard to use client side encryption on those.

you can buy it for a small price. It works fine and you contribute to the development of the software. I’m a fan

Is my data encrypted using a password?

https://docs.cryptomator.org/en/latest/android/cloud-management/

All you need to know

Why don’t you use a USB stick or is this old fashioned?
Or a Nas like synology? you can install nextcloud on it perfectly.
Personally I don’t use cloud services . You never know what happens to your data in the future or when they change their revenue model or their ‘terms of use’ .

But if I had to choose between filen.io or mega.io I would go for filen.io.

Filen!

Filen is audited(but not publicised yet), important ensuring there’s no encryption/security flaws. MEGA is not.

Filen also use ASE-256 encryption, MEGA use ASE-128.

Jurisdiction doesn’t really matter that much but MEGA is in the 5 eyes and Filen is in the 14 eyes.

Filen(the company) is not shady like MEGA(if you know the drama).

Both aren’t fully open source

That is false.

All of our clients are open sourced on GitHub under the AGPL v3 open source license. - Filen’s Offical Website (Filen – Encryption)

That is also false. They accept Crypto payments for one-time plan payments.

For monthly and annually (recurring) subscriptions we accept Stripe (Credit/Debit Cards) and PayPal. For one time payment plans we accept PayPal, Stripe and Cryptocurrencies. - Filen – Pricing

I would go with Filen IMO. I am using it and it is great, I use Cryptomator with some of my files and it works perfectly. The plans are stackable (including lifetime ones) which many providers don’t offer. In my experience their customer service is also really helpful and quick.

Filen is still a new company so they haven’t been ‘stress-tested’ for as long as some other providers. Mega has been around for a while but has had a few scandals and issues in the past, so I just decided to stay clear of it.

I would also recommend not putting all your trust in Filen or any single cloud provider for that matter. You should always have copies of data elsewhere, including offline and online; you never know when something could suffer data loss or disappear of the face of the earth.

In the end, if it works for you and you are happy with it, that is all that matters.

Hope this helps

Proton Drive, Filen, Ente for just photos.

I appreciate the correction!

I do, that’s my local backup of my data.

Need to put my data somewhere that’s not my house. Maybe I can set up my NextCloud server at a family member’s house.

Yeah, I have a local backup of my data on a USB drive. Do I need a copy of my data backed up on another cloud storage service? I think if my cloud storage provider of choice goes down, I should still have a local copy of my data so I can switch to another cloud service.

Tell me a little bit about the privacy of using Google Drive or DropBox with cryptomator.

On an unrelated note, a flash drive backup is more unstable than your live environment, so consider changing mediums lol.

Do you have a chance to use Borg (which is what I use and recommend) or Restic? If you choose borg, there is BorgBase as an off-site backup location.

Your encrypted data is pretty much 100% “private”. All that differs is the data they ask you during sign up and usage.

No problem! Happy to help

As long as you have a local backup of whatever you store on the cloud then that should be enough.

They cannot see your files as they are encrypted, however they will still be able to see certain meta-data;

"To allow a working synchronization with the cloud, there are some meta information that Cryptomator does not encrypt. These are:

• access, modification, and creation timestamp of files and folders,
• number of files and folders in a vault and in the folders, and
• size of the stored files."

~ Cryptomators Website - Security Target — Cryptomator 1.7.0 documentation

In summary, they can’t see your files, but they can see some meta-data. This is the same for any cloud provider as the aforementioned meta-data is necessary for a cloud service to function.

Hope this helps