Would you trust Finland?

younitedI’m proud to tell you about younited, F-secure’s brand new personal cloud service. Actually so new that it isn’t open for the public yet. But you can sign up to be a tester at We will start to send invitations to registered users in November, and the service is scheduled to open to the public in early 2014.

Why younited? It is our vision about how cloud storage can be made engaging, fun and safe. It’s a supercloud that collects data from your other cloud services and helps you manage it in one place. It’s also built for privacy from the ground up. The second argument is certainly a hot topic right now so it’s only natural that younited has gained a lot of attention.

Larry Seltzer of ZDNet joined the party with a slightly critical article. He is asking why anyone should trust Finland and why we should care about the privacy of our cloud storage in the first place. The first question is excellent. Users should definitively care about where their data is stored. That’s why we created younited here in Finland as an alternative to the American services. Let’s clear out Larry’s doubts and see why Finland is an excellent home for your data:

  • Finland’s constitution has a significantly stronger protection of individuals’ privacy than what US has.
  • Finland does not have a clear distinction between own citizens and foreigners in privacy issues like the US has. Your data on younited is protected as well as mine.
  • Finland is consistently rated at the top of international surveys on transparency, lack of corruption, education and innovation, just to name a few.
  • Finland is not panicking about terrorism. This means that we have no need to reduce peoples’ fundamental rights to ensure our security.
  • Finland’s signal intelligence capabilities are minimal compared to US.
  • Finland is not perfect when it comes to transparency and control of the authorities, but the problems we have are really minimal compared to US.
  • Finland does not have a massive system for silencing persons who are forced to assist authorities. There are no National Security Letters over here.

Yes, the unknown is scary. And Finland is unknown to most people. But I can assure you that Finland really is among the best places on earth if you are looking for a safe haven for your personal data.

So a non-US service should be the primary choice if you are outside US and even a little bit privacy aware. And that’s after all most of the world’s population, about 96% are living elsewhere. But what if you are American, like Larry? Is it still a good idea to go off-shore?

Most of the cloud storage service are located in US and you may prefer domestic services. That’s the easy choice. But services overseas can really provide a significant benefit privacy-wise. First remember the four-hop principle. You think you have decent privacy protection as an US citizen, but are you sure that no friend-of-friend-of-friend-of-a-friend is suspected for some obscure reason? That would put you in the same boat as all us aliens. And the US authorities are not exactly open about what they are doing. This is what they have been forced to admit, it’s certainly not the full picture. Also keep in mind that your data is most vulnerable when stored. NSA can still attempt to snoop at your encrypted data connection to younited before it exits US, but that’s quite futile (see note below). And it’s finally game over once your data is on our disks here in Finland under a layer of AES-encryption. So an overseas service eliminates the by far easiest attack point.

You have nothing to hide? Yes, we hear that argument frequently. And it is of course good to be a decent citizen with no secrets. But are you really sure? First, no one can remember all documents and mails they have received and sent. I bet most people have items they rather not share with strangers, even if they can’t remember them right away. Second, we are changing and the world is changing around us. How can you tell that everything you do today is still in line with your profession, role and personality after 20 years? Is what you do today OK by our society’s standards at that time? No, nobody can of course be sure about that. So why take risks when there are easy ways to reduce our digital footprint?

Larry is also pointing out that we have the right to protect our data, but not necessary the need to do it. True. But if you don’t use that right, you are signaling that it isn’t important and can be taken away. And there are plenty of powers that would love to take it. In other words, it’s a lot easier to ban crypto and other privacy measures if they are used by criminals only. Let’s not contribute to a world without the right to use privacy protection.

So why not follow Larry Seltzer’s example and sign up for younited right away. Do you fall in love with the service of its level of safety and privacy, or for the engaging and fun user experience? Or both?

Safe surfing,

Note about encryption of data in transfer. There’s constant speculation about if NSA can break the SSL/TLS encryption that is used for this kind of connections. There are indications that they have succeeded in some cases, but this typically involve outdated implementations, software modules that have been weakened on purpose or keys that have been shared with NSA by the service owner. NSA’s ability to break full-strength SSL/TLS is speculative, and any such attack would, if possible, require so much resources that only a small number of targets could be followed. Summary: Ordinary people can consider the encrypted link to younited as perfectly safe.

More posts from this topic


In what color would you like your new Mercedes?

A new Mercedes. Nice. Or maybe an Audi R8? That would be cool. But hold it! Don’t sell your old car yet! Liking and sharing that giveaway campaign on Facebook will NOT give you a new car. Those prizes doesn’t even exist. They are just hoaxes. Internet and Facebook is full of crap, junk, rubbish, nonsense and gibberish. Nobody knows how many chain letters there are spreading some kind of unbelievable story. False celebrity news, bogus first-aid advice, phony charity campaigns and this kind of giveaways. We tend to think about these chain letters as hoaxes, pretty harmless jokes that doesn’t hurt us. But that’s not the full story. A hoax can be harmful, like the outright dangerous first aid advice that some people keep spreading. But a car giveaway is probably a harmless and safe prank, even if it’s false? No, not really. These chain letters are actually not traditional hoaxes, they are like-farming scams. There’s no free lunch, you don’t pay for Facebook with money but with your private data. The like-farming scams work in the same currency. You will not lose any money even if you like the page and share it. Instead you will participate in building a page with a lot of supporters, which is valuable and can be sold later. Needless to say, you will not get any of that money. Here’s how it works. Any business has a problem when starting on Facebook. An empty page without likes isn’t trustworthy. So the scammers set up a page containing anything that can go viral. A promise to get a luxury car works well. They just have to tell everyone to like the page and to share it as much as possible, to keep the chain reaction going and get even more likes. The scammers wait until there’s enough likes before they clean out the content, rename it and start looking for a buyer. The price is in “$ per k”, meaning dollars per 1000 likes. A page with 100 000 likes could sell for over $1000. So sharing the page can make quite a lot of money for the scammers if you have a lot of gullible friends, who in turn have a lot of gullible friends, and so on … The downside for you is that the likes stick even if the page is redesigned for some totally different purpose. Your face will be an evangelist for the page’s new owners and show up next to their brand. And you have no idea about what you will be promoting. I have friends who are anti-fur activists. You can probably imagine what one of them would feel when discovering that she likes a fur-coat designer! And finally some concrete advice. Review your list of old likes regularly. Remove everything except those things you truly like and want to support. When you encounter a giveaway post like this, check the involved brand’s main page in Facebook by searching for the brand name. You will in most cases notice that the giveaway is a totally different page that just is named similarly. That’s a strong scam indicator. Use common sense. From the above you get an idea about what likes in Facebook are worth. Does it make sense to give away luxury cars for this? Don’t participate in scams like this. It might feel tempting, but remember that your chance to win is exactly zero. Spread knowledge every time you see a scam of this kind. Comment with a link to this post or the appropriate description on Hoax-Slayer or Snopes.   Those sites are by the way fun and educating reading. I recommend spending some time there getting familiar with other types of hoaxes too. Read at least these two articles: Facebook car giveaway on Snopes and Facebook like-farming scams on Hoax-Slayer .   Safe surfing, Micke  

Dec 16, 2014

5 of the best answers from @mikko’s reddit AMA

Fresh off his latest talk at at TEDxBrussels, our Chief Research Officer Mikko Hypponen sat down for a little session of "ask me anything" on reddit. You can read all of the questions people had for him and answers here. WARNING: There is a lot to go through. With over 3,200 comment's, Mikko's AMA ranks among one of the more popular threads in the subreddit's history. For a quick taste of what Mikko had to say about artificial intelligence, Tor, and Edward Snowden, here are slightly edited versions of 5 of our favorite questions and answers. How safe are current smart phones and how secure are their connections? - Jadeyard The operating systems on our current phones (and tablets) are clearly more secure than the operating systems on our computers. That's mostly because they are much more restricted. Windows Phones and iOS devices don't have a real malware problem (they still have to worry about things like phishing though). Android is the only smartphone platform that has real-world malware for it (but most of that is found in China and is coming from 3rd party app stores). It is interesting the Android is the first Linux distribution to have a real-world malware problem. Lots of people are afraid of the viruses and malware only simply because they are all over the news and relatively easy to explain to. I am personally more afraid of the silently allowed data mining (i.e. the amount of info Google can get their hands on) and social engineering style of "hacking". How would you compare these two different threats and their threat levels on Average Joes point of view - which of them is more likely to cause some harm. Or is there something else to be more afraid of even more (govermental level hacks/attacks)? - BadTaster There are different problems: problems with security and problems with privacy. Companies like Google and Facebook make money by trying to gather as much information about you as they can. But Google and Facebook are not criminals and they are not breaking the law. Security problems come from criminals who do break the law and who directly try to steal from you with attacks like banking trojans or credit card keyloggers. Normal, everyday people do regularily run into both problems. I guess getting hit by a criminal attack is worse, but getting your privacy eroded is not a laughing matter either. Blanket surveillance of the internet also affects us all. But comparing these threats to each other is hard. Hi, Mikko! Do you subscribe to Elon Musk's statements and conceptions of AI being the single biggest threat to humans? - matti80 Elon is the man. I've always thought of Tony Stark as my role model and Elon is the closest thing we have in the real world. And he's right. Artificial Intelligence is scary. I believe introducing an entity with superior intelligence into your own biosphere is a basic evolutionary mistake. Europol's cybercrime taskforce recently took down over a hundred darknet servers. Did the news shake your faith in TOR? - brain4narchy People use Tor for surfing the normal web anonymized, and they use Tor Hidden Service for running websites that are only accessible for Tor users. Both Tor use cases can be targeted by various kinds of attacks. Just like anywhere else, there is no absolute security in Tor either. I guess the takedown showed more about capabilities of current law enforcement than anything else. I use Tor regularly to gain access to sites in the Tor Hidden Service, but for protecting my own privacy, I don't rely on Tor. I use VPNs instead. In addition to providing you an exit node from another location, VPNs also encrypt your traffic. However, Tor is free and it's open source. Most VPNs are closed source, and you have to pay for them. And you have to rely on the VPN provider, so choose carefully. We have a VPN product of our own, which is what I use. If you ever met Snowden what would be the first question you would ask him? - SaPro19 'What would you like to drink? It's on me.' Cheers, Sandra

Dec 5, 2014