"All that matters is the operators of Mega can claim they don't have the technical ability to inspect the contents on the server for copyright infringement," Marlinspike said.
Like any new online service, Mega's code is already being prodded. On Sunday, it was revealed the site had a cross-site scripting flaw, which in some cases can allow an attacker to steal a user's cookies, which would allow at least a temporary takeover of a victim's account. It was quickly fixed.
"XSS issue was resolved within the hour," wrote Bram van der Kolk, one of the founders of Mega and Megaupload, on Twitter on Sunday. "Very valid point, embarrassing bug."
Efforts to reach Mega were not immediately successful.
Sign up for Computerworld eNewsletters.