Content Anywhere from F-Secure enables operators to offer branded services to store and retrieve their data and content easily, flexibly and securely – giving expanded market reach, increased ARPU, and additional branding opportunities.
Your customers win because they can store, sync, share and access their photos, videos, documents and other data securely, from any device. They get a consistent user experience across their digital life with security based on F-Secure’s proven technology. You win through additional revenue opportunities and association of your brand.
Consumers are adopt more and more devices for daily use – from smart phones to tablets to laptops and pcs. And they want those devices to share and have access to more and more content – from simple documents to photos and videos and more. Research shows that consumers want personal cloud services and that they want to know their photos, videos, documents, and data are safe, secure, and under their control. According to our research* 68 percent of consumers are concerned about third parties gaining access to their content due to vulnerabilities in cloud storage providers’ technology, and 42 percent feel they are losing control of their content. Yet, these are issues that should be of concern for everyone!
“Content Anywhere is the world’s safest cloud,” says Timo Laaksonen, Vice President, Content Cloud at F-Secure. “We are a security company with over two decades of security expertise. Our cloud is built and managed according to proven security processes. It’s not simply an afterthought like some other services out there.”
Designed with platform openness, data portability and data sovereignty in mind, Content Anywhere can easily be configured under your brand’s look & feel, while the service platform integrates directly to your authentication, provisioning and billing systems. Further VAS services can also be launched on the platform with ease – giving you the opportunity to provide your customers with access to their precious content from any device with confidence it’s private and secure because it is offered from a brand they trust: yours.
*The F-Secure broadband survey covered web interviews of 6,400 broadband subscribers aged 20–60 years from 14 countries: France, the UK, Germany, Sweden, Finland, Italy, Spain, the Netherlands, Belgium, USA, Canada, Brazil, India and Japan. The survey was completed by GfK, 25 May–1 June 2012.
[Image by ^riza^ via Flickr]
You don’t know what you have until it’s gone, according to the old wise saying. We have learned to value Internet as the ultimate frontier of freedom and equality. Anyone anywhere can use whatever service she likes or communicate with any other person. But will it always be this way? Not necessary. Let’s create a fictive example. Imagine a business development guy at the power company. He’s reading the paper and notices that Apple is in the headlines. They did a nice profit last year, and he gets a brilliant business idea. Their electrical network is used to supply charging power to a lot of Apple devices, so he calls Apple and proposes a deal. The electrical company will continue to provide charging power for Apple devices and Apple will pay them for allowing that. That would of course be on top of the normal fee customers pay for the electricity. Otherwise the electricity company would regretfully be forced to prevent Apple-device from charging in their network. Would that be right? Of course not, it would be extortion. This example is fortunately purely fictive, and even technically impossible as the power company can’t control what customers do with the electricity. But Internet is lot more complex than the power grid. Internet Service Providers can monitor our traffic and see what we are using our broadband connection for. So this scenario is unfortunately possible on the Internet. Not only possible, it’s reality. Do you remember the Netflix vs. Comcast affair about a year ago? Internet Service Provider Comcast’s subscribers received really poor performance on video streaming service Netflix, until Netflix started to pay money directly to Comcast. Some call it a normal peering agreement, some greedy extortion. Netflix vs. Comcast differs from the fictive power company in one way, Netflix sells a high-volume service that cause significant load on Comcast’s network. That makes it a bit easier to understand Comcast’s points, but one fact remains. Comcast’s customers have already purchased broadband connections and paid to get any Internet content, including Netflix-videos, delivered to their homes. And Comcast has gladly taken that money. The Federal Communications Commission in US also agrees that something needs to be done. They made a decision on February 26th 2015 that reclassifies Internet access as a common carrier service. This means more tools to enforce net neutrality and prevent the “greedy power company” business model. Net neutrality activists all over the world are celebrating this as an important win, but let’s not be too happy yet. Anything can happen in US’s legal and political systems and there are still mighty powers who don’t want to let a profitable business model go just like that. It ain't over until the fat lady sings. Internet Service Providers (ISPs) accumulate a significant power when building large customer bases. Not only do they get income from the customers’ fees, they are also in a position where they can control what content is delivered and at what speed. Net neutrality is, among other things, preventing misuse of this power. It may not be a widespread problem today, but there is a significant risk it will become one unless we do something. Imagine Comcast running a service that competes with Netflix. Comcast could simply terminate the deal with Netflix to eliminate one competitor. This would in practice mean that Comcast’s video streaming would be the only working choice for Comcast’s customers. That is unless we have strong net neutrality rules that enforce equal treatment of network services, and ensure that we have a choice no matter what ISP we have signed up with. This is why net neutrality is important for you, me and everybody else. Internet is a fundamental service just like water, electricity and the road network. We don’t want the power company to dictate how we use electricity, and we don’t want our ISP to control how we use Internet. Want to know more? Start with Save The Internet or Battle for the net. Safe surfing, Micke PS. By the way, we have a great tool that is designed to improve security and privacy, but it can also be used to circumvent censorship and other net neutrality violations. F-Secure Freedome. Image by Electronic Frontier Foundation (eff.org)
Many techie terms in the headlines lately. Supercookies, supertrackers, HTTP headers and X-UIDH. If you just skim the news you will learn that this is some kind of new threat against our privacy. But what is it really? Let’s dig a bit deeper. We will discover that this is an issue of surprisingly big importance. Cookies are already familiar to most of us. These are small pieces of information that a web server can ask our browser to store. They are very useful for identifying users and managing sessions. They are designed with security and privacy in mind, and users can control how these cookies are used. In short, they are essential, they can be a privacy problem but we have tools to manage that threat. What’s said above is good for us ordinary folks, but not so good for advertisers. Users get more and more privacy-aware and execute their ability to opt out from too excessive tracking. The mobile device revolution has also changed the game. More and more of our Internet access is done through apps instead of the browser. This is like using a separate “browser” for all the services we use, and this makes it a lot harder to get an overall picture of our surfing habits. And that’s exactly what advertisers want, advertising is like a lottery with bad odds unless they know who’s watching the ad. A new generation of supercookies (* were developed to fight this trend. It is a piece of information that is inserted in your web traffic by your broadband provider. Its purpose is to identify the user from whom the traffic comes. And to generate revenue for the broadband provider by selling information about who you really are to the advertisers. These supercookies are typically used on mobile broadband connections where the subscription is personal, meaning that all traffic on it comes from a single person. So why are supercookies bad? They are inserted in the traffic without your consent and you have no way to opt out. They are not visible at all on your device so there is no way to control them by using browser settings or special tools. They are designed to support advertisers and generate revenue for the mobile broadband provider. Your need for privacy has not been a design goal. They are not domain-specific like ordinary cookies. They are broadcasted to any site you communicate with. They were designed to remain secret. They are hidden in an obscure part of the header information that very few web administrators need to touch. There are two ways to pay for Internet services, with money or by letting someone profile you for marketing purposes. This system combines both. You are utilized for marketing profit by someone you pay money to. But what can and should I do as an ordinary user? Despite the name, this kind of supercookies are technically totally different from ordinary cookies. The privacy challenges related with ordinary cookies are still there and need to be managed. Supercookies have not replaced them. Whatever you do to manage ordinary cookies, keep doing it. Supercookies are only used by some mobile broadband providers. Verizon and AT&T have been most in the headlines, but at least AT&T seems to be ramping down as a result of the bad press. Some other operators are affected as well. If you use a device with a mobile broadband connection, you can test if your provider inserts them. Go to this page while connected over the device’s own data connection, not WiFi. Check what comes after “Broadcast UID:”. This field should be empty. If not, then your broadband provider uses supercookies. Changing provider is one way to get rid of them. Another way is to use a VPN-service. This will encapsulate all your traffic in an encrypted connection, which is impossible to tamper with. We happen to have a great offering for you, F-secure Freedome. Needless to say, using Freedome on your mobile device is a good idea even if you are not affected by these supercookies. Check the site for more details. Last but not least. Even if you’re unaffected, as most of you probably are, this is a great reminder of how important net neutrality is. It means that any carrier that deliver your network traffic should do that only, and not manipulate it for their own profit. This kind of tampering is one evil trick, throttling to extort money from other businesses is another. We take neutrality and equal handling for granted on many other common resources in our society. The road network, the postal service, delivery of electricity, etc. Internet is already a backbone in society and will grow even more important in the future. Maintaining neutrality and fair rules in this network is of paramount importance for our future society. Safe surfing, Micke PS. The bad press has already made AT&T drop the supercookies, which is great. All others involved mobile broadband providers may have done the same by the time you are reading this. But this is still an excellent example of why net neutrality is important and need to be guaranteed by legislation. (* This article uses the simplified term supercookie for the X-UIDH -based tracker values used by Verizon, AT&T and others in November 2014. Supercookie may in other contexts refer to other types of cookie-like objects. The common factor is that a supercookie is more persistent and harder to get rid of than an ordinary cookie. Image by Jer Thorp
Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good. Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.