Leaving aside the issues of whether they've made mistakes in their crypto, I think the more interesting point brought up by tptacek is that you can't truly trust any client-side application that gets downloaded from the server every time you go to the site. As much as Mega wants to protect your privacy, there is always the possibility that some entity forces them to trivially break your encryption by adding some javascript that uploads your private key and steals your password.
Is it possible or desirable to secure a web app from its own creators? The web is by far the largest and most successful software distribution mechanism of all time (depending on how you define 'software') and it's built around the idea that the creator can update the app at any time in a completely agile fashion. But for certain classes of software, maybe it makes sense to protect the users from the authors, or the authors from their future actions.
You might be able to accomplish something like this in a really hacked-up fashion with HTML5 application manifests. Perhaps you could have the application manifest include itself, to prevent the page from ever trying to load itself again, and then have all updates happen though an AJAX mechanism that validated each download and allowed third parties to verify that it was safe.
But rereading the idea, it sounds neither pleasant to use nor particularly safe. Is this "packaged software" mechanism something that should be built into the browser at some level, or are we just doomed to running this class of applications as native apps?
You can't trust any code for which you can't review the source. Even so, you can't trust its interpreter/compiler without verifying its source and the compiler that compiled it. This includes your OS of course. One would probably also want to verify hardware level exploits too.
it is conceivable that such a system could work but it would have to rely on some kind of authenticity check on the binary/script that runs.
when "crossing your t's and dotting your i's" it is usually best to use an out-of-band method to check signatures, e.g. download binary installer, check gpg signature or calling them on the phone to verify fingerprints. even so, this cannot stop a MITM unless you do the key exchange in person, e.g. meet the software creator and exchange gpg pubkeys on the spot.
Is it possible or desirable to secure a web app from its own creators? The web is by far the largest and most successful software distribution mechanism of all time (depending on how you define 'software') and it's built around the idea that the creator can update the app at any time in a completely agile fashion. But for certain classes of software, maybe it makes sense to protect the users from the authors, or the authors from their future actions.
You might be able to accomplish something like this in a really hacked-up fashion with HTML5 application manifests. Perhaps you could have the application manifest include itself, to prevent the page from ever trying to load itself again, and then have all updates happen though an AJAX mechanism that validated each download and allowed third parties to verify that it was safe.
But rereading the idea, it sounds neither pleasant to use nor particularly safe. Is this "packaged software" mechanism something that should be built into the browser at some level, or are we just doomed to running this class of applications as native apps?