You don’t know what you have until it’s gone, according to the old wise saying. We have learned to value Internet as the ultimate frontier of freedom and equality. Anyone anywhere can use whatever service she likes or communicate with any other person. But will it always be this way? Not necessary. Let’s create a fictive example. Imagine a business development guy at the power company. He’s reading the paper and notices that Apple is in the headlines. They did a nice profit last year, and he gets a brilliant business idea. Their electrical network is used to supply charging power to a lot of Apple devices, so he calls Apple and proposes a deal. The electrical company will continue to provide charging power for Apple devices and Apple will pay them for allowing that. That would of course be on top of the normal fee customers pay for the electricity. Otherwise the electricity company would regretfully be forced to prevent Apple-device from charging in their network. Would that be right? Of course not, it would be extortion. This example is fortunately purely fictive, and even technically impossible as the power company can’t control what customers do with the electricity. But Internet is lot more complex than the power grid. Internet Service Providers can monitor our traffic and see what we are using our broadband connection for. So this scenario is unfortunately possible on the Internet. Not only possible, it’s reality. Do you remember the Netflix vs. Comcast affair about a year ago? Internet Service Provider Comcast’s subscribers received really poor performance on video streaming service Netflix, until Netflix started to pay money directly to Comcast. Some call it a normal peering agreement, some greedy extortion. Netflix vs. Comcast differs from the fictive power company in one way, Netflix sells a high-volume service that cause significant load on Comcast’s network. That makes it a bit easier to understand Comcast’s points, but one fact remains. Comcast’s customers have already purchased broadband connections and paid to get any Internet content, including Netflix-videos, delivered to their homes. And Comcast has gladly taken that money. The Federal Communications Commission in US also agrees that something needs to be done. They made a decision on February 26th 2015 that reclassifies Internet access as a common carrier service. This means more tools to enforce net neutrality and prevent the “greedy power company” business model. Net neutrality activists all over the world are celebrating this as an important win, but let’s not be too happy yet. Anything can happen in US’s legal and political systems and there are still mighty powers who don’t want to let a profitable business model go just like that. It ain't over until the fat lady sings. Internet Service Providers (ISPs) accumulate a significant power when building large customer bases. Not only do they get income from the customers’ fees, they are also in a position where they can control what content is delivered and at what speed. Net neutrality is, among other things, preventing misuse of this power. It may not be a widespread problem today, but there is a significant risk it will become one unless we do something. Imagine Comcast running a service that competes with Netflix. Comcast could simply terminate the deal with Netflix to eliminate one competitor. This would in practice mean that Comcast’s video streaming would be the only working choice for Comcast’s customers. That is unless we have strong net neutrality rules that enforce equal treatment of network services, and ensure that we have a choice no matter what ISP we have signed up with. This is why net neutrality is important for you, me and everybody else. Internet is a fundamental service just like water, electricity and the road network. We don’t want the power company to dictate how we use electricity, and we don’t want our ISP to control how we use Internet. Want to know more? Start with Save The Internet or Battle for the net. Safe surfing, Micke PS. By the way, we have a great tool that is designed to improve security and privacy, but it can also be used to circumvent censorship and other net neutrality violations. F-Secure Freedome. Image by Electronic Frontier Foundation (eff.org)
No, you are almost certainly wrong if you tried to guess. A recent study shows that products from Apple actually are at the top when counting vulnerabilities, and that means at the bottom security-wise. Just counting vulnerabilities is not a very scientific way to measure security, and there is a debate over how to interpret the figures. But this is anyway a welcome eye-opener that helps kill old myths. Apple did for a long time stubbornly deny security problems and their marketing succeeded in building an image of security. Meanwhile Windows was the biggest and most malware-targeted system. Microsoft rolled up the sleeves and fought at the frontline against viruses and vulnerabilities. Their reputation suffered but Microsoft gradually improved in security and built an efficient process for patching security holes. Microsoft had what is most important in security, the right attitude. Apple didn’t and the recent vulnerability study shows the result. Here’s four points for people who want to select a secure operating system. Forget reputation when thinking security. Windows used to be bad and nobody really cared to attack Apple’s computers before they became popular. The old belief that Windows is unsafe and Apple is safe is just a myth nowadays. There is malware on almost all commonly used platforms. Windows Phone is the only exception with practically zero risk. Windows and Android are the most common systems and malware authors are targeting them most. So the need for an anti-malware product is naturally bigger on these systems. But the so called antivirus products of today are actually broad security suites. They protect against spam and harmful web sites too, just to mention some examples. So changes are that you want a security product anyway even if your system isn’t one of the main malware targets. So which system is most secure? It’s the one that is patched regularly. All the major systems, Windows, OS X and Linux have sufficient security for a normal private user. But they will also all become unsafe if the security updates are neglected. So security is not really a selection criteria for ordinary people. Mobile devices, phones and tablets, generally have a more modern systems architecture and a safer software distribution process. Do you have to use a desktop or laptop, or can you switch to a tablet? Dumping the big old-school devices is a way to improve security. Could it work for you? So all this really boils down to the fact that you can select any operating system you like and still be reasonable safe. There are some differences though, but it is more about old-school versus new-school devices. Not about Apple versus Microsoft versus Linux. Also remember that your own behavior affects security more than your choice of device, and that you never are 100% safe no matter what you do. Safe surfing, Micke Added February 27th. Yes, this controversy study has indeed stirred a heated debate, which isn’t surprising at all. Here’s an article defending Apple. It has flaws and represent a very limited view on security, but one of its important points still stands. If someone still thinks Apple is immortal and invincible, it’s time to wake up. And naturally that this whole debate is totally meaningless for ordinary users. Just keep patching what you have and you will be fine. :) Thanks to Jussi (and others) for feedback.
The newest leak from Edward Snowden may be coming at a terrible time for the Obama White House but it's not particularly shocking news to security experts. The Intercept's report about the "Great SIM Heist" reveals American and British spies stole the keys that are "used to protect the privacy of cellphone communications across the globe" from Gemalto, the world's largest manufacturer of SIM cards. It goes on to report that "With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments," which sidesteps the needs for legal warrants that should be the foundation of ethical law enforcement. While this is certainly troubling and speaks to the agencies wanton regard for privacy and some amateurish procedures being used to transport keys, it likely won't alter the security landscape much. "The best summary is that an already unreliable communication method became even more unreliable," F-Secure Labs Senior Researcher Jarno Niemela, the holder of 20 security-related patents, explained. "Nobody in their right minds would assume GSM [Global System for Mobile Communications --the digital cellular network used by mobile phones] to be private in the first place," he said. "Phone networks have never been really designed with privacy in mind." Mobile operators are much more concerned with being able to prevent their customers from avoiding billing. While a scope of such a breach does seem huge, Jarno points we're not sure how many of the billions of cards manufactured by Gemalto may be affected. Keys sent to and from operators via without encryption in email or via FTP servers that were not properly secured are almost certainly compromised. But according to The Intercept, GCHQ also penetrated “authentication servers,” which allow it to "decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network" regardless who made the cards. With the cracked keys, users' calls would be vulnerable but likely only in a limited manner. "I am told that these keys only expose the encryption and authentication between the mobile device and the local cell tower," F-Secure Security Advisor David Perry explained. "This means that the NSA or (whoever else) would have to be locally located within radio range of your phone." So could the NSA or GCHQ be listening to your calls without a warrant? Maybe. Here's what you can do about it. Add a layer of encryption of your own to any device you use to communicate. A VPN like our Freedome will protect your data traffic. This would not, however, protect your voice calls. "Maybe it’s time to stop making 'traditional' mobile phones calls," F-Secure Labs Senior Researcher Timo Hirvonen suggests. "Install Freedome, and start making your calls with apps like Signal." [Image by Julian Carvajal | Flickr]