younited

Would you trust Finland?

younitedI’m proud to tell you about younited, F-secure’s brand new personal cloud service. Actually so new that it isn’t open for the public yet. But you can sign up to be a tester at younited.com. We will start to send invitations to registered users in November, and the service is scheduled to open to the public in early 2014.

Why younited? It is our vision about how cloud storage can be made engaging, fun and safe. It’s a supercloud that collects data from your other cloud services and helps you manage it in one place. It’s also built for privacy from the ground up. The second argument is certainly a hot topic right now so it’s only natural that younited has gained a lot of attention.

Larry Seltzer of ZDNet joined the party with a slightly critical article. He is asking why anyone should trust Finland and why we should care about the privacy of our cloud storage in the first place. The first question is excellent. Users should definitively care about where their data is stored. That’s why we created younited here in Finland as an alternative to the American services. Let’s clear out Larry’s doubts and see why Finland is an excellent home for your data:

  • Finland’s constitution has a significantly stronger protection of individuals’ privacy than what US has.
  • Finland does not have a clear distinction between own citizens and foreigners in privacy issues like the US has. Your data on younited is protected as well as mine.
  • Finland is consistently rated at the top of international surveys on transparency, lack of corruption, education and innovation, just to name a few.
  • Finland is not panicking about terrorism. This means that we have no need to reduce peoples’ fundamental rights to ensure our security.
  • Finland’s signal intelligence capabilities are minimal compared to US.
  • Finland is not perfect when it comes to transparency and control of the authorities, but the problems we have are really minimal compared to US.
  • Finland does not have a massive system for silencing persons who are forced to assist authorities. There are no National Security Letters over here.

Yes, the unknown is scary. And Finland is unknown to most people. But I can assure you that Finland really is among the best places on earth if you are looking for a safe haven for your personal data.

So a non-US service should be the primary choice if you are outside US and even a little bit privacy aware. And that’s after all most of the world’s population, about 96% are living elsewhere. But what if you are American, like Larry? Is it still a good idea to go off-shore?

Most of the cloud storage service are located in US and you may prefer domestic services. That’s the easy choice. But services overseas can really provide a significant benefit privacy-wise. First remember the four-hop principle. You think you have decent privacy protection as an US citizen, but are you sure that no friend-of-friend-of-friend-of-a-friend is suspected for some obscure reason? That would put you in the same boat as all us aliens. And the US authorities are not exactly open about what they are doing. This is what they have been forced to admit, it’s certainly not the full picture. Also keep in mind that your data is most vulnerable when stored. NSA can still attempt to snoop at your encrypted data connection to younited before it exits US, but that’s quite futile (see note below). And it’s finally game over once your data is on our disks here in Finland under a layer of AES-encryption. So an overseas service eliminates the by far easiest attack point.

You have nothing to hide? Yes, we hear that argument frequently. And it is of course good to be a decent citizen with no secrets. But are you really sure? First, no one can remember all documents and mails they have received and sent. I bet most people have items they rather not share with strangers, even if they can’t remember them right away. Second, we are changing and the world is changing around us. How can you tell that everything you do today is still in line with your profession, role and personality after 20 years? Is what you do today OK by our society’s standards at that time? No, nobody can of course be sure about that. So why take risks when there are easy ways to reduce our digital footprint?

Larry is also pointing out that we have the right to protect our data, but not necessary the need to do it. True. But if you don’t use that right, you are signaling that it isn’t important and can be taken away. And there are plenty of powers that would love to take it. In other words, it’s a lot easier to ban crypto and other privacy measures if they are used by criminals only. Let’s not contribute to a world without the right to use privacy protection.

So why not follow Larry Seltzer’s example and sign up for younited right away. Do you fall in love with the service of its level of safety and privacy, or for the engaging and fun user experience? Or both?

Safe surfing,
Micke

Note about encryption of data in transfer. There’s constant speculation about if NSA can break the SSL/TLS encryption that is used for this kind of connections. There are indications that they have succeeded in some cases, but this typically involve outdated implementations, software modules that have been weakened on purpose or keys that have been shared with NSA by the service owner. NSA’s ability to break full-strength SSL/TLS is speculative, and any such attack would, if possible, require so much resources that only a small number of targets could be followed. Summary: Ordinary people can consider the encrypted link to younited as perfectly safe.

More posts from this topic

dune_tracks

You’re Being Tracked Wherever You Go – Here’s How to Fight Back From Your PC!

You're searching online for a baby gift for a friend's newborn, and then for a while you're followed by diaper ads on practically every site you visit. Ever notice something like that happening to you? Yes, the web can be an eerie place. Intelligence agencies and criminals aren’t the only people who may be tracking your online behavior - there’s a lot more to your browsing session than meets the eye. Take, for example, this F-Secure Labs study that found that of the 100 most popular URLs in the world, only 15 percent are actually accessed by real people. The other 85 percent are third-party sites that are accessed behind the scenes of your browsing session, by the sites you visit. And over half of these third-party sites are tracking-related. They are helping build up an online profile of you and your browsing habits. Why? So marketers can better target you with ads that meet your interests and preferences - or at least try to, in the case of the diaper ads. How does it work? When you visit a site with ads, you'll be tracked by the marketing company behind the ads on that site. And one marketing company may be working with a huge network of other websites. So whenever you visit another site that also has a relationship with that marketer, the marketer captures more and more data about you and your online behavior. All this data goes into an extensive profile that is being built up about you. If that sounds a little creepy, rest assured that you can regain control of your digital privacy. There’s an easy way to block advertisers from tracking you everywhere you go. Last year we launched F-Secure Freedome to stop tracking on your mobile device (to date, Freedome has already blocked over 900 million tracking attempts globally). And now there's good news - today we're unveiling Freedome for your Windows PC! Freedome for Windows has the same privacy features as the mobile versions, protecting you from trackers and hackers. It's got the same VPN technology to protect your browsing session from snoops while using public Wi-Fi. In addition, it also includes a new Private Search feature that offers tools so you can get your search engine results without the tracking. Since the Snowden revelations, we as consumers have become more and more aware that we may be revealing the most intimate details of our lives through our connected devices. According to a recent study by the Pew Research Center Internet Project, 91% of adults in the survey agree that consumers have lost control over how personal information is collected and used by companies. If you're concerned too, download a free 14-day trial of Freedome for your Windows PC. And let us know what you think!   Banner image courtesy of Filip Goc, flickr.com  

Jan 21, 2015
BY 
David Cameron

Why David Cameron’s comms promise is foolish

British Prime Minister David Cameron has announced that, should the Conservatives win the general election in May, they will ban forms of communications which can’t be accessed by law enforcement if they have a warrant. It appears that messaging apps which use encryption will be banned in the UK. There are a number of reasons why this idea is a flawed knee-jerk reaction to the tragedies which happened in Paris. Here, F-Secure looks into them… Il n’est pas Charlie Each terror attack and paedophile ring which is busted gives the Government an opportunity to introduce laws which curtail the British people’s freedom and privacy. This is not the sentiment which has been shared across the world in the past two weeks, as people stood together against the massacre at Charlie Hebdo’s offices in Paris. Without civil liberties, Charlie Hebdo would not be allowed to exist. Self-censorship would ensue Knowing that your communications could be read by the Government would lead to self-censorship, possibly unconsciously. This could gravely affect activist groups and NGOs whose purpose it is to hold the Government to account. The Universal Declaration of Human Rights Article 12 states: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. If that wasn’t enough, mass surveillance also contravenes Article 8 (the right to respect for private and family life) and Article 10 (the right to freedom of expression) of the European Convention on Human Rights. The European Court of Human Rights has repeatedly stated that surveillance, if conducted without adequate judicial oversight and with no effective safeguards against abuse, will never be compatible with the European Convention. Ultimately, international law does not support Cameron’s intentions. Who will regulate open source encryption services? It is one thing to demand a large company, such as Facebook, abides by the law, but who will they approach for open source standards which have no single owner, such as OpenPGP? How do you regulate peer-to-peer communications app such as FireChat? What about mesh networks? This technology has not been widely adopted yet, but it has been available for some time and is bound to gain users if Cameron’s plans go ahead. Already used in Barcelona, Greece and Baghdad, mesh networks wirelessly connect computers and mobile devices to each other without the need for a service provider (such as an ISP). With this direct form of communication, there is no one to serve a warrant to. It can’t be monitored It is still unclear how Cameron expects to implement a ban. How will he stop people downloading software from outside Britain? Will resources (which could be spent on, say, targeted surveillance of people on the Government’s watch lists) then be spent on policing innocent people using encrypted communications? The British economy would suffer Start-ups wanting or needing to use end-to-end encryption are likely to avoid Britain as a base, taking their taxes and jobs with them. The Government would suffer The Government uses encryption for communications too. Will it be one rule for them and a different one for businesses and the public? It would wipe Britain off the technology map Take any number of services which could be affected by this law – WhatsApp and iMessage probably being the most widely used. These are not British companies bound by British laws. As such, are they likely to re-write their privacy source code or will they simply pull out of the market? When a new technology is launched, Britain is usually one of the test-beds before global roll-outs. Making Britain unviable for such programmes would see it fall behind its western competitors, bringing all the economic woes attached to it. So much for Cameron’s ‘Digital Britain’. It puts Britain in bad company Cameron is not the first to try this. He would be following Russia, Syria and Iran. All of whom have struggled to implement it. A warrant from the Home Secretary won’t help with end-to-end encryption It appears that Cameron is unaware that, with end-to-end encryption, the users hold the encryption keys, not the service provider. Turning up at, for example, the WhatsApp offices with a warrant for access to a specific user’s communications would be pointless. WhatsApp don’t hold the encryption keys, so wouldn’t be able to provide the unencrypted data. Did Cameron really mean what he said? The Prime Minister is not a technology expert, neither is his speech writer. Did this cause confusion? It is possible that Cameron’s intent is to make anonymity-enabling encryption abnormal, so that those using it are suspicious? It gives the authorities a tip on who to be watching. If we all use encrypted communications, they don’t have this advantage, so they would prefer it remained in fringe technology. Will it even happen? The plan has been called everything from ‘crazy’ to ‘cloud cuckoo land’ by security experts who understand the complexity of what Cameron intends. There is every chance that a ban on encrypted communications will not happen. However, the Government has shown its intentions. Not content with the mass surveillance being conducted by GCHQ (with no judicial oversight), they have also introduced the Regulation of Investigatory Powers Act (RIPA) and the Communications Data Bill. The message is clear, the British Government wants to unilaterally invade the British people’s privacy. Britain as a surveillance state is becoming a reality.

Jan 20, 2015
New MERCEDES

In what color would you like your new Mercedes?

A new Mercedes. Nice. Or maybe an Audi R8? That would be cool. But hold it! Don’t sell your old car yet! Liking and sharing that giveaway campaign on Facebook will NOT give you a new car. Those prizes doesn’t even exist. They are just hoaxes. Internet and Facebook is full of crap, junk, rubbish, nonsense and gibberish. Nobody knows how many chain letters there are spreading some kind of unbelievable story. False celebrity news, bogus first-aid advice, phony charity campaigns and this kind of giveaways. We tend to think about these chain letters as hoaxes, pretty harmless jokes that doesn’t hurt us. But that’s not the full story. A hoax can be harmful, like the outright dangerous first aid advice that some people keep spreading. But a car giveaway is probably a harmless and safe prank, even if it’s false? No, not really. These chain letters are actually not traditional hoaxes, they are like-farming scams. There’s no free lunch, you don’t pay for Facebook with money but with your private data. The like-farming scams work in the same currency. You will not lose any money even if you like the page and share it. Instead you will participate in building a page with a lot of supporters, which is valuable and can be sold later. Needless to say, you will not get any of that money. Here’s how it works. Any business has a problem when starting on Facebook. An empty page without likes isn’t trustworthy. So the scammers set up a page containing anything that can go viral. A promise to get a luxury car works well. They just have to tell everyone to like the page and to share it as much as possible, to keep the chain reaction going and get even more likes. The scammers wait until there’s enough likes before they clean out the content, rename it and start looking for a buyer. The price is in “$ per k”, meaning dollars per 1000 likes. A page with 100 000 likes could sell for over $1000. So sharing the page can make quite a lot of money for the scammers if you have a lot of gullible friends, who in turn have a lot of gullible friends, and so on … The downside for you is that the likes stick even if the page is redesigned for some totally different purpose. Your face will be an evangelist for the page’s new owners and show up next to their brand. And you have no idea about what you will be promoting. I have friends who are anti-fur activists. You can probably imagine what one of them would feel when discovering that she likes a fur-coat designer! And finally some concrete advice. Review your list of old likes regularly. Remove everything except those things you truly like and want to support. When you encounter a giveaway post like this, check the involved brand’s main page in Facebook by searching for the brand name. You will in most cases notice that the giveaway is a totally different page that just is named similarly. That’s a strong scam indicator. Use common sense. From the above you get an idea about what likes in Facebook are worth. Does it make sense to give away luxury cars for this? Don’t participate in scams like this. It might feel tempting, but remember that your chance to win is exactly zero. Spread knowledge every time you see a scam of this kind. Comment with a link to this post or the appropriate description on Hoax-Slayer or Snopes.   Those sites are by the way fun and educating reading. I recommend spending some time there getting familiar with other types of hoaxes too. Read at least these two articles: Facebook car giveaway on Snopes and Facebook like-farming scams on Hoax-Slayer .   Safe surfing, Micke  

Dec 16, 2014
BY