child protection, parental controls

How parental controls stop online problems before they start

UK child protection charity the NSPCC this week published research into children’s online porn-viewing habits. The results are shocking. One in ten 12-13 year olds are worried they are addicted to porn. This goes beyond children stumbling across inappropriate content, though could be how the addiction started. Tackling the issue head-on, the NSPCC has published advice for parents and calls on the government to educate children in the dangers of online porn. It notes that its discussion forums on the subject get 18,000 hits per month. You can see its advice here. There is no silver bullet to tackling this issue. Your approach will depend on your child. A two-way conversation with them to educate them to the dangers is as important as using technology to limit the risks. So, from a technical perspective, what can you do to protect your children from online porn? The simplest measure is to activate parental controls on your internet security software. This will take two minutes, but will protect your child for years. How do parental controls work? Parental controls are a very useful way to adapt a smartphone, tablet or computer’s settings to only allow content and usage which you, as a parent, feel are appropriate. Suitable content F-Secure’s parental controls start with giving parents the option to choose settings which are appropriate for either a teenager or a younger child. These allow different categories content. For example, it’s unlikely you would want a child of any age viewing information about dating, gambling, drugs, violence or porn – so these are blocked by default (but can be unblocked if you wish). However, teens are not automatically blocked from using email and social networking. Time-limits Time-limits are a very useful tool to curb the amount of time a child spends on different applications on their smartphone or tablet each day. You may choose to only allow an hour of time of Facebook, compared to unlimited access to Wikipedia. On our desktop version, you can also set homework time, by only allowing access to educational sites during certain times of the day when you know your child should be working and are worried about online distractions. There is also the capability to set the amount of time the child can spend online for that week – a particularly useful tool during school holidays. Call blocking For mobile phones, call blocker is a handy tool for parents of children who are being bullied. Incoming calls from specific phones numbers can be blocked, meaning the dialler will receive an engaged tone and then disconnection, with no option to leave a message. Numbers can be added to this blacklist from the incoming call register or the contacts database. Parents can also gain access to the list of blocked calls which have been received. Locate, lock and wipe Our anti-theft feature means a phone can be located when lost – or when a parent wants to check on their child’s location. Of course, this should form part of an open discussion with the child, so they are aware of the phone’s capability. It also means that, should a phone be stolen or lost, the phone can be locked and the data deleted remotely, meaning it can’t fall into the wrong hands. Our parental controls are password-based, which means they can’t be circumvented by a tech-savvy child. Of course, the password needs to be strong for this to work, but that’s another blog post!

Apr 1, 2015
Facebook, I love you, newsfeed

5 ways to take control of Facebook’s News Feed so don’t feel ‘unloved’

You should know that Facebook can play with your emotions. If you're reading this you're probably aware that your Facebook feed doesn't simply serve you the latest posts from the friends and pages you follow. Given that most of us follow hundred -- if not thousands -- of people, places and brands, a real-time feed would dramatically  change the Facebook experience. And it would likely greatly reduce engagement, which is the site's life force. But if you do know this, you may be in the minority. A new study from a team of researchers from University of Illinois at Urbana-Champaign, California State University, Fresno and the University of Michigan found that most of a group of 40 Facebook users, 62.5 percent had no idea that their feed is filtered by the world's largest social network. And not knowing that actually seemed to have negative affects on users' psyches. “In the extreme case, it may be that whenever a software developer in Menlo Park adjusts a parameter, someone somewhere wrongly starts to believe themselves to be unloved,” the researchers wrote. The study used a tool to create an unfiltered feed that showed them what they'd been missing. While they weren't thrilled how Facebook decided which friends posts they'd see, "[m]ost came to think that the filtering and ranking software was actually doing a decent job," Fusion's Alex Madrigal writes. In 2014, Facebook partnered in an academic paper that revealed it had manipulated users feeds to adjust how many positive and negative posts they saw. It found that moods were contagious. Positive feeds led to positive posts and vice versa. Users agree to such manipulation in Facebook's terms and conditions -- which you clearly know by heart -- but the revelation still led to a huge backlash. In the recent study, participants found that being aware they were being fed stories by Facebook's algorithm "bolstered overall feelings of control on the site" and led to more active engagement. So if you didn't know a formula was guiding your interactions before you probably already feel better. But there's more you can do if you want to make sure Facebook is showing you the things you actually want to see. 1. Be proactive. Go directly to the pages of the people, companies and artists you want to see more of then engage. Like posts or comments. Comment yourself. Share posts. Facebook's motivation is to keep you on the site as long as humanly possible--and it's very good at it. If it's not showing something you'd enjoy seeing, it probably would like to. So let it know. 2. Choose "Most Recent" posts.     In the left column of your home page, click on the arrow next to "News Feed". If you select "Most Recent", your experience will likely be less filtered. Though you still should not to expect to see every post that ends up on the site. 3. Go to News Feed Preferences. Click on the down arrow that's on every Facebook page and select News Feed Preferences. The goal here is to unfollow anything you're sick of seeing so you get more of what you do want. Or re-follow people or things you've missed. 4. Tell your feed what you like.         Facebook wants you to take an active role in adjusting your algorithm. That's why every post in your feed has a dim down arrow that you can select. If something really bugs you, tell Facebook you don't want to see and Unfollow the person or page. If you really love it, you can "Turn on notifications" which guarantees that every future post ends up in your notifications -- that little globe on the top navigation. Your notifications can act as a secondary newsfeed to make sure you don't miss posts from your favorites. 5. Switch to Twitter and Tweetdeck. If you want complete control over your newsfeed, you're never going to get it on Facebook. Even Twitter is moving away from this method of feeding content for a pretty simple reason, it needs more engagement. Given that Facebook and Twitter employee dozens if not hundred of programmers and experts paid to make their sites captivate you, they figure they're better at it than you. If you want to prove them wrong, Twitter's Tweetdeck app, which works in your browser, still offers unmediated newsfeeds so you can feed your own brain. Twitter isn't quite as personal or ubiquitous as Facebook -- but it is the next best thing. Try it out and see if you feel more loved. Cheers, Jason [Photo by Geraint Rowland | Flickr]

Mar 31, 2015
BY 
Online Surfing in Different Countries

POLL: What country do you want to use for your online surfing?

Online surfing has been around for a while now, and it keeps getting better as technology continues to improve. Websites are better, responsive to different devices, more interactive, and feature a more diverse range of content. All in all, online surfing has managed to stay cool for a very long time. In fact, during a recent interview, Mikko Hypponen specified online surfing as the thing that he’d miss the most if the Internet were to suddenly disappear. The Internet may not suddenly disappear tomorrow, but it is in danger of slowly eroding. While technologies have been steadily improving what people can see and do online, other interests have been trying to develop new ways to regulate and control people’s behavior. Questions about what you can see and do online used to face technical constraints, but now these are transitioning to issues about what other people want you to see and do. Noted anthropologist and author David Graeber recently remarked in an interview with the Guardian that control has become so ubiquitous that we don’t even see it. Geo-blocking is a regulative measure that seems to confirm Graeber’s views. PC Magazine concisely defines it as the practice of preventing people from accessing web content based on where they are (determined by their IP address). Geo-blocking and other types of regional restrictions are used by both companies and governments, and for a variety of purposes (for example, enforcing copyright regimes, running regional sales promotions, censorship, etc.). Freedome is a user-friendly VPN that gives people a way to re-assert control over what they can see and do online. It encrypts communications, disables tracking software, and protects people from malware. It basically gives people the kind of protection they need to surf the web while staying safe from the more prominent forms of digital threats. It also helps people circumvent geo-blocking by letting them choose different “virtual locations”. Virtual locations let people choose where they want to appear to be when they’re surfing online. So if a user selects Canada as their location, the websites they visit will think they are located in Canada. If they select Japan, websites will think they’re in Japan. I’m sure you get the idea. Choosing different virtual locations lets web surfers bypass these geo-blocks so that their access to content remains unrestricted. They can watch YouTube videos reserved for American audiences, access Facebook or Twitter when vacationing in a country that blocks those services, and avoid other measures that attempt to prevent them from enjoying their digital freedom. Freedome recently added Belgium and Poland as new choices, giving Freedome users a total of 17 different places to surf from. But the list needs to keep expanding to keep the fight for digital freedom going, so the Freedome team wants to know: where do you want to do your online surfing? [polldaddy poll=8754876] [Image by Sari Choch-Be | Flickr ]

Mar 27, 2015
BY 

Latest Posts

child protection, parental controls

UK child protection charity the NSPCC this week published research into children’s online porn-viewing habits. The results are shocking. One in ten 12-13 year olds are worried they are addicted to porn. This goes beyond children stumbling across inappropriate content, though could be how the addiction started. Tackling the issue head-on, the NSPCC has published advice for parents and calls on the government to educate children in the dangers of online porn. It notes that its discussion forums on the subject get 18,000 hits per month. You can see its advice here. There is no silver bullet to tackling this issue. Your approach will depend on your child. A two-way conversation with them to educate them to the dangers is as important as using technology to limit the risks. So, from a technical perspective, what can you do to protect your children from online porn? The simplest measure is to activate parental controls on your internet security software. This will take two minutes, but will protect your child for years. How do parental controls work? Parental controls are a very useful way to adapt a smartphone, tablet or computer’s settings to only allow content and usage which you, as a parent, feel are appropriate. Suitable content F-Secure’s parental controls start with giving parents the option to choose settings which are appropriate for either a teenager or a younger child. These allow different categories content. For example, it’s unlikely you would want a child of any age viewing information about dating, gambling, drugs, violence or porn – so these are blocked by default (but can be unblocked if you wish). However, teens are not automatically blocked from using email and social networking. Time-limits Time-limits are a very useful tool to curb the amount of time a child spends on different applications on their smartphone or tablet each day. You may choose to only allow an hour of time of Facebook, compared to unlimited access to Wikipedia. On our desktop version, you can also set homework time, by only allowing access to educational sites during certain times of the day when you know your child should be working and are worried about online distractions. There is also the capability to set the amount of time the child can spend online for that week – a particularly useful tool during school holidays. Call blocking For mobile phones, call blocker is a handy tool for parents of children who are being bullied. Incoming calls from specific phones numbers can be blocked, meaning the dialler will receive an engaged tone and then disconnection, with no option to leave a message. Numbers can be added to this blacklist from the incoming call register or the contacts database. Parents can also gain access to the list of blocked calls which have been received. Locate, lock and wipe Our anti-theft feature means a phone can be located when lost – or when a parent wants to check on their child’s location. Of course, this should form part of an open discussion with the child, so they are aware of the phone’s capability. It also means that, should a phone be stolen or lost, the phone can be locked and the data deleted remotely, meaning it can’t fall into the wrong hands. Our parental controls are password-based, which means they can’t be circumvented by a tech-savvy child. Of course, the password needs to be strong for this to work, but that’s another blog post!

Apr 1, 2015
Facebook, I love you, newsfeed

You should know that Facebook can play with your emotions. If you're reading this you're probably aware that your Facebook feed doesn't simply serve you the latest posts from the friends and pages you follow. Given that most of us follow hundred -- if not thousands -- of people, places and brands, a real-time feed would dramatically  change the Facebook experience. And it would likely greatly reduce engagement, which is the site's life force. But if you do know this, you may be in the minority. A new study from a team of researchers from University of Illinois at Urbana-Champaign, California State University, Fresno and the University of Michigan found that most of a group of 40 Facebook users, 62.5 percent had no idea that their feed is filtered by the world's largest social network. And not knowing that actually seemed to have negative affects on users' psyches. “In the extreme case, it may be that whenever a software developer in Menlo Park adjusts a parameter, someone somewhere wrongly starts to believe themselves to be unloved,” the researchers wrote. The study used a tool to create an unfiltered feed that showed them what they'd been missing. While they weren't thrilled how Facebook decided which friends posts they'd see, "[m]ost came to think that the filtering and ranking software was actually doing a decent job," Fusion's Alex Madrigal writes. In 2014, Facebook partnered in an academic paper that revealed it had manipulated users feeds to adjust how many positive and negative posts they saw. It found that moods were contagious. Positive feeds led to positive posts and vice versa. Users agree to such manipulation in Facebook's terms and conditions -- which you clearly know by heart -- but the revelation still led to a huge backlash. In the recent study, participants found that being aware they were being fed stories by Facebook's algorithm "bolstered overall feelings of control on the site" and led to more active engagement. So if you didn't know a formula was guiding your interactions before you probably already feel better. But there's more you can do if you want to make sure Facebook is showing you the things you actually want to see. 1. Be proactive. Go directly to the pages of the people, companies and artists you want to see more of then engage. Like posts or comments. Comment yourself. Share posts. Facebook's motivation is to keep you on the site as long as humanly possible--and it's very good at it. If it's not showing something you'd enjoy seeing, it probably would like to. So let it know. 2. Choose "Most Recent" posts.     In the left column of your home page, click on the arrow next to "News Feed". If you select "Most Recent", your experience will likely be less filtered. Though you still should not to expect to see every post that ends up on the site. 3. Go to News Feed Preferences. Click on the down arrow that's on every Facebook page and select News Feed Preferences. The goal here is to unfollow anything you're sick of seeing so you get more of what you do want. Or re-follow people or things you've missed. 4. Tell your feed what you like.         Facebook wants you to take an active role in adjusting your algorithm. That's why every post in your feed has a dim down arrow that you can select. If something really bugs you, tell Facebook you don't want to see and Unfollow the person or page. If you really love it, you can "Turn on notifications" which guarantees that every future post ends up in your notifications -- that little globe on the top navigation. Your notifications can act as a secondary newsfeed to make sure you don't miss posts from your favorites. 5. Switch to Twitter and Tweetdeck. If you want complete control over your newsfeed, you're never going to get it on Facebook. Even Twitter is moving away from this method of feeding content for a pretty simple reason, it needs more engagement. Given that Facebook and Twitter employee dozens if not hundred of programmers and experts paid to make their sites captivate you, they figure they're better at it than you. If you want to prove them wrong, Twitter's Tweetdeck app, which works in your browser, still offers unmediated newsfeeds so you can feed your own brain. Twitter isn't quite as personal or ubiquitous as Facebook -- but it is the next best thing. Try it out and see if you feel more loved. Cheers, Jason [Photo by Geraint Rowland | Flickr]

Mar 31, 2015
Online Surfing in Different Countries

Online surfing has been around for a while now, and it keeps getting better as technology continues to improve. Websites are better, responsive to different devices, more interactive, and feature a more diverse range of content. All in all, online surfing has managed to stay cool for a very long time. In fact, during a recent interview, Mikko Hypponen specified online surfing as the thing that he’d miss the most if the Internet were to suddenly disappear. The Internet may not suddenly disappear tomorrow, but it is in danger of slowly eroding. While technologies have been steadily improving what people can see and do online, other interests have been trying to develop new ways to regulate and control people’s behavior. Questions about what you can see and do online used to face technical constraints, but now these are transitioning to issues about what other people want you to see and do. Noted anthropologist and author David Graeber recently remarked in an interview with the Guardian that control has become so ubiquitous that we don’t even see it. Geo-blocking is a regulative measure that seems to confirm Graeber’s views. PC Magazine concisely defines it as the practice of preventing people from accessing web content based on where they are (determined by their IP address). Geo-blocking and other types of regional restrictions are used by both companies and governments, and for a variety of purposes (for example, enforcing copyright regimes, running regional sales promotions, censorship, etc.). Freedome is a user-friendly VPN that gives people a way to re-assert control over what they can see and do online. It encrypts communications, disables tracking software, and protects people from malware. It basically gives people the kind of protection they need to surf the web while staying safe from the more prominent forms of digital threats. It also helps people circumvent geo-blocking by letting them choose different “virtual locations”. Virtual locations let people choose where they want to appear to be when they’re surfing online. So if a user selects Canada as their location, the websites they visit will think they are located in Canada. If they select Japan, websites will think they’re in Japan. I’m sure you get the idea. Choosing different virtual locations lets web surfers bypass these geo-blocks so that their access to content remains unrestricted. They can watch YouTube videos reserved for American audiences, access Facebook or Twitter when vacationing in a country that blocks those services, and avoid other measures that attempt to prevent them from enjoying their digital freedom. Freedome recently added Belgium and Poland as new choices, giving Freedome users a total of 17 different places to surf from. But the list needs to keep expanding to keep the fight for digital freedom going, so the Freedome team wants to know: where do you want to do your online surfing? [polldaddy poll=8754876] [Image by Sari Choch-Be | Flickr ]

Mar 27, 2015
MikkotalksCeBit

"Securing the future" is a huge topic, but our Chief Research Officer Mikko Hypponen narrowed it down to the two most important issues is his recent keynote address at the CeBIT conference. Watch the whole thing for a Matrix-like immersion into the two greatest needs for a brighter future -- security and privacy. [youtube https://www.youtube.com/watch?v=VFoOvpaZvdM] To get started here are some quick takeaways from Mikko's insights into data privacy and data security in a threat landscape where everyone is being watched, everything is getting connected and anything that can make criminals money will be attacked. 1. Criminals are using the affiliate model. About a month ago, one of the guys running CTB Locker -- ransomware that infects your PC to hold your files until you pay to release them in bitcoin -- did a reddit AMA to explain how he makes around $300,000 with the scam. After a bit of questioning, the poster revealed that he isn't CTB's author but an affiliate who simply pays for access to a trojan and an exploit-kid created by a Russian gang. "Why are they operating with an affiliate model?" Mikko asked. Because now the authors are most likely not breaking the law. In the over 250,000 samples F-Secure Labs processes a day, our analysts have seen similar Affiliate models used with the largest banking trojans and GameOver ZeuS, which he notes are also coming from Russia. No wonder online crime is the most profitable IT business. 2. "Smart" means exploitable. When you think of the word "smart" -- as in smart tv, smartphone, smart watch, smart car -- Mikko suggests you think of the word exploitable, as it is a target for online criminals. Why would emerging Internet of Things (IoT) be a target? Think of the motives, he says. Money, of course. You don't need to worry about your smart refrigerator being hacked until there's a way to make money off it. How might the IoT become a profit center? Imagine, he suggests, if a criminal hacked your car and wouldn't let you start it until you pay a ransom. We haven't seen this yet -- but if it can be done, it will. 3. Criminals want your computer power. Even if criminals can't get you to pay a ransom, they may still want into your PC, watch, fridge or watch for the computing power. The denial of service attack against Xbox Live and Playstation Netwokr last Christmas, for instance likely employed a botnet that included mobile devices. IoT devices have already been hijacked to mine for cypto-currencies that could be converted to Bitcoin then dollars or "even more stupidly into Rubbles." 4. If we want to solve the problems of security, we have to build security into devices. Knowing that almost everything will be able to connect to the internet requires better collaboration between security vendors and manufacturers. Mikko worries that companies that have never had to worry about security -- like a toaster manufacturer, for instance -- are now getting into IoT game. And given that the cheapest devices will sell the best, they won't invest in proper design. 5. Governments are a threat to our privacy. The success of the internet has let to governments increasingly using it as a tool of surveillance. What concerns Mikko most is the idea of "collecting it all." As Glenn Glenwald and Edward Snowden pointed out at CeBIT the day before Mikko, governments seem to be collecting everything -- communication, location data -- on everyone, even if you are not a person of interest, just in case. Who knows how that information may be used in a decade from now given that we all have something to hide? Cheers, Sandra  

Mar 23, 2015
freedome, screenshot, freedome, VPN, best privacy

We were recently asked a series of questions about how Freedome protects private data by TorrentFreak.com. Since we believe transparency and encryption are keys to online freedom, we wanted to share our answers that explain how we try to make the best privacy app possible. 1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long? We do not keep any such logs. If ever required by law under a jurisdiction, we would implement such a system, but only where applicable and keeping storage time to the minimum required by law of that respective jurisdiction. Note also that no registration is required to use our service, so any log information would generally map to an anonymous, random user ID (UUID) and the user’s public IP address. 2. Under what jurisdiction(s) does your company operate? Freedome is a service provided from Finland by a Finnish company, and manufactured and provided in compliance with applicable Finnish laws. 3. What tools are used to monitor and mitigate abuse of your service? We have proprietary tools for fully automated traffic pattern analysis, including some DPI for the purpose of limiting peer-to-peer traffic on some gateway sites. Should we detect something that is not in line with our acceptable use policy, we can rate limit traffic from a device, or block a device from accessing the VPN service. All of this is automated and happens locally on the VPN gateway. 4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users? We do not use any external email providers, but our users can, for example, sign up for beta programs with their email address and send us feedback by email. The email addresses are used only to communicate things like product availability. In the future, paying customers can also use our support services and tools such as chat. In those cases, we do hold information that customers provide us voluntarily. This information is incident based (connected to the support request) and is not connected to any other data (e.g. customer information, marketing, licensing, purchase or any Freedome data). This data is purely used for managing and solving support cases. 5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled? There is no content in the service to be taken down. Freedome is a data pipeline and does not obtain direct financial benefit from user content accessed while using the service. While some of the other liability exclusions of DMCA (/ its European equivalent) apply, the takedown process itself is not really applicable to (this) VPN service. 6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened? The law enforcement data requests can effectively be done directly only to F-Secure Corporation in Finland. If a non-Finnish authority wants to request such data from F-Secure, the request will be done by foreign authorities directly to Finnish police or via Interpol in accordance to procedures set out in international conventions. To date, this has never happened for the Freedome Service. 7. Does your company have a warrant canary or a similar solution to alert customers to gag orders? We do not have a warrant canary system in place. Instead, Freedome is built to store as little data as possible. Since a warrant canary would be typically triggered by a law enforcement request on individual user, they are more reflective on the size of the customer base and how interesting the data in the service is from a law enforcement perspective. They are a good, inventive barometer but do not really measure the risk re: specific user’s data. 8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? BitTorrent and other peer-to-peer file sharing is rate limited / blocked on some gateway servers due to acceptable use policies of our network providers. Some providers are not pleased with a high volume of DMCA takedown requests. We use multiple providers (see Question #12) and these blocks are not in place on all the servers. 9. Which payment systems do you use and how are these linked to individual user accounts? There are multiple options. The most anonymous way to purchase is by buying a voucher code in a retail store. If you pay in cash, the store will not know who you are. You then enter the anonymous voucher code in the Freedome application, and we will then confirm from our database that it is a valid voucher which we have given for sale to one of our retail channels. The retail store does not pass any information to us besides the aggregate number of sold vouchers, so even if you paid by a credit card, we do not get any information about the individual payment. For in-app (e.g., Apple App Store, Google play) purchases you in most cases do need to provide your details but we actually never receive those, we get just an anonymous receipt. The major app stores do not give any contact information about end users to any application vendors. When a purchase is made through our own e-store, the payment and order processing is handled by our online reseller, cleverbridge AG, in Germany. Our partner collects payment information together with name, email, address, etc. and does store these, but in a separate system from Freedome. In this case we have a record who have bought Freedome licenses but pointing a person to any usage of Freedome is intentionally difficult and against our policies. We also don’t have any actual usage log and therefore could not point to one anyway. 10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection? Our application does not provide user selectable encryption algorithms. Servers and clients are authenticated using X.509 certificates with 2048-bit RSA keys and SHA-256 signatures. iOS clients use IPSEC with AES-128 encryption. Other clients (Android, Windows, OS X) use OpenVPN with AES-128 encryption. Perfect Forward Secrecy is enabled (Diffie-Hellman key exchange). We provide DNS leak protection by default, and we also provide IPv6 over the VPN so that IPv6 traffic will not bypass the VPN. Kill switches are not available. The iOS IPSEC client does not allow traffic to flow unless the VPN is connected, or if the VPN is explicitly turned off by the user. The Android app, in “Protection ON” state keeps capturing internet traffic even if network or VPN connection drops, thus there is no traffic or DNS leaks during connection drops. If the Freedome application process gets restarted by the Android system, there is a moment where traffic could theoretically leak outside the VPN. Device startup Android 4.x requires user’s consent before it allows a VPN app to start capturing traffic; until that traffic may theoretically leak. (Android 5 changes this, as it does not forget user’s consent at device reboot.) 11. Do you use your own DNS servers? (if not, which servers do you use?) We do have our own DNS servers. 12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located? In most locations we utilize shared hardware operated by specialized hosting vendors, but we also have our own dedicated hardware at some locations. Providers vary from country to country and over time. In some countries we also use multiple providers at the same time for improved redundancy. An example provider would be Softlayer, an IBM company whom we use in multiple locations.

Mar 18, 2015
ICE

Another Internet and Facebook chain letter you no doubt have seen. Paramedics recommend adding a contact record named ICE in your mobile phone. It stands for In Case of Emergency and helps contacting your closest relatives if you have an accident. Sounds great, but let’s take a closer look first. This is actually not a typical hoax chain letter because it’s based on facts. The idea emerged in UK in 2005, and was indeed introduced by paramedics. It’s a novel idea with good intentions and might have worked in the era before the smartphone. But it’s badly outdated now. I sincerely hope that people start circulating updated instructions rather than the original 10 years old idea. Here’s why. First, ICE is a nice idea. But it’s NOT the primary interest of paramedics. Their job is to save your life. They are going to concentrate on that rather than playing with your gadget. But ICE-info may still come in handy later at the hospital when the dust settles a bit. Knowledge of some medical conditions is important to paramedics helping a trauma patient. Persons with conditions of this kind wear special medical IDs, necklaces or bracelets, and paramedics are trained to look for them. This has nothing to do with ICE. Our smartphone is a key to all our on-line accounts, e-mail, Facebook, Twitter, cloud storage, you name it. It MUST be locked with a good password, otherwise you take a huge digital risk. And that unfortunately kills the idea with an ICE phonebook record. It’s not worth leaving the phone unprotected because of the ICE-record. Don’t even consider that! Sometimes good old low-tech solutions are far better than digital technology. This is one of those cases. Write the ICE info on a sticker and put it on your phone or anything you carry with you. ID papers, like your driving license, are probably the best items as they are likely to be brought with you to the hospital. If you are a bit nerdy, like me, you may still want a digital solution. Check your mobile for a function or app that puts free form text on the lock screen and use it for ICE. Some phones may even have a separate ICE function for this purpose. But use it as a complement to the good old sticker, not as a replacement. So to summarize. ICE is in theory a good idea, but not really crucial for your survival. It’s not worth sacrificing your digital safety for it. Especially when you simply need a pen and paper to create an ICE record that is more reliable, safer and easier to use!   Safe surfing, Micke   PS. Full medical ID can also be put on the mobile’s lock screen, at least on Android and iPhone. I’m not sure if this is a good idea. A solid necklace of stainless steel somehow feels better for stuff that can mean the difference between life and death. A complement to the necklace is of course never wrong but I really hope that nobody who really needs it trust this as their only medical ID!   Image by Ragesoss through Wikimedia  

Mar 16, 2015
cyber censorship

For this year's World Day against Cyber Censorship, F-Secure is giving away free subscriptions for our one-button Freedome app. You can use the key qsf257 to get a free 3-month subscription to Freedome! Freedom of expression is an important issue for everyone. Developments over the past year have highlighted how sensitive the matter is. It transcends national and cultural borders, yet these borders shape the issue differently for people across the globe. It belongs to us all, but it means different things to different people. Reporters without Borders launched the World Day against Cyber Censorship in 2008. Its intent is to raise awareness that our rights to say what we really think are not something to take for granted. Free speech is a dynamic concept that constantly grows and contracts in the face of developments that threaten its growth. While the Internet has given many people across the globe a powerful new voice, there are always threats mobilizing against this invaluable resource. The World Day against Cyber Censorship draws attention to this struggle. Last year Reporters without Borders compiled a list of what they call “Enemies of the Internet” as part of the annual event. If you look through it you’ll notice a diverse list of government agencies from nations across the world. Many of the events that highlight the fragility of our digital freedoms are attributable to these institutions, such as the Gemalto hack that saw the encryption keys to millions of phone calls stolen by the NSA and its fellow conspirators. And in some cases surveillance is just the beginning, as once these institutions identify their targets they can escalate their actions to include oppression. Hong Kong protestors saw this when local pro-democracy websites became infected with malware. Turkish people saw this during the Twitter crackdown. Drawing attention to these agencies as “enemies” of the Internet places the struggle within a larger dichotomy – enemies and allies. Even if it is a bit of a cliché or oversimplification of the conflict, it points out that people still have an opportunity to mobilize and assert their rights. And nobody is alone in this fight - we all have enemies and allies in this struggle. Having said all of this, World Day against Cyber Censorship isn't all about doom-and-gloom. Reporters without Borders is working to circumvent a number of websites blocked by governments. The Electronic Frontier Foundation continues to work to inform, educate, and represent the voices crying out for a free and open Internet. And F-Secure wants to help by making privacy and security solutions easy and accessible for people all over the world. Just get your trial version of the app and then use the key when it asks for your subscription number. Freedome gives you a one-button app that lets you encrypt your communications, disable trackers, and even change your virtual location. Check out this blog post for more information about the app. It's first come first serve, so don't miss this chance to take control of your digital freedom!

Mar 12, 2015
data privacy, transparency, encryption, data control

With Net Neutrality close to becoming a reality in the United States, Europe's telecom companies appear ready to fight for consumers' trust. At the Mobile World Congress in Barcelona this week, Telefonica CEO Cesar Alierta called for strict rules that will foster "digital confidence". Vodafone CEO Vittorio Colao's keynote highlighted the need for both privacy and security. Deutsche Telekom's Tim Höttges was in agreement, noting that "data privacy is super-critical". "80% [of consumers] are concerned about data security and privacy, but they are always clicking 'I accept [the terms and conditions], I accept, I accept' without reading them," said Höttges, echoing a reality we found when conducting an experiment that -- in the fine print -- asked people to give up their first born child in exchange for free Wi-Fi. The fight for consumers' digital freedom is close to our hearts at F-Secure and we agree that strong rules about data breach disclosure are essential to regaining consumers trust. However, we worry that anything that limits freedom in name of privacy must be avoided. Telenor CEO and GSMA chairman, Fredrik Baksaas noted the very real problem that consumers face managing multiple online identities with multiple passwords. He suggested tying digital identity to SIM cards. This dream of a single identity may seem liberating on a practical level. But beyond recently exposed problems with SIM security, a chained identity could disrupt some of the key benefits of online life -- the right to define your identity, the liberty to separate work life from home life, the ability to participate in communities with an alternate persona. GMSA is behind a single authentication system adopted by more than a dozen operators that is tied to phones, which could simplify life for many users. But it will likely not quench desires to have multiple email accounts or identities on a site nor completely solve the conundrum of digital identity. The biggest problem is that so many of us aren't aware of what we've already given up. The old saying goes, "If it's free, you're the product".  This was a comfortable model for generations who grew up trading free content in exchange for watching or listening to advertisements. But now the ads are watching us back. F-Secure Labs has found that more than half of the most popular URLs in the world aren't accessed directly by users. They's accessed automatically when you visit the sites we intend to visit and used to track our activity. Conventional terms and conditions are legal formalities that offer no benefits to users. As our Mikko Hypponen often says, the biggest lie on the Internet is "I have read and agreed with terms and conditions." This will have to change for any hope of a world where privacy is respected. In the advanced world, store-bought food is mandated to have its nutritional information printed on the packaging. We don't typically read -- nor understand -- all the ingredients. But we get a snapshot of what effect it will have on us physically. How about something like this for privacy that informs us how data is treated by a particular site or application. What data is captured? Is is just on this site or does it follow you around the web? How long is stored? Whom is it shared with? Key questions, simply answered -- all with the purpose of making it clear that your privacy has value. Along with this increased transparency, operators and everyone who cares about digital rights must pay close attention to the effort to ban or limit encryption in the name of public safety. The right of law-abiding citizens to cloak their online activity is central to democracy. And all the privacy innovations in the world won't matter if we cannot expect that right to exist. We are entering an era where consumers will have more reasons, need and opportunities to connect than ever before. The services that offer us the chance to be more than a product will be the ones that thrive. UPDATE: Micke reminds me to point out that F-Secure has already taken steps towards simple, clean disclosure with documents like this Data Transfer Declaration.

Mar 12, 2015