Dear old and new friends of F-Secure Lokki!
Hei F-Secure Lokin ystävät!
In Finnish / suomeksi: Tämän tekstin lopussa on suomenkielinen yhteenveto uudesta F-Secure Lokki –sovelluksesta! Voit lukea tekstin alkuosan englanniksi tai hypätä suoraan loppuosaan.
F-Secure Lokki is the most accurate and battery friendly personal location sharing app to connect you with your friends and family members. Across the world thousands of people have been taking Lokki into use since mid August when we launched the first version for iPhone and Android devices. We have this week launched a major update to Lokki for iPhone and Android. You can download the new 3.0 version from iTunes and Google Play. For more information on Lokki please visit the F-Secure product page.
We have received a tremendous amount of feedback from all over the world towards Lokki 1.0 and 2.0. This has been really fantastic as it has helped us to improve Lokki. Some of the feedback has been somewhat contradictory so we have decided which way to go. We have read all emails and we have met with a large number of Lokki users during the last couple of months. BIG THANKS to everyone who have spoken with us or sent us messages! Keep them coming! We are making this product for YOU!
Let me tell a few words about this new version 3.0, especially for the old Lokki users out there.
The new Lokki 3.0 in a nutshell
A short summary of the changes in Lokki 3.0 goes as follows: The location accuracy has gone up and the battery consumption has gone down. This has been accomplished by re-writing the software that connects your phone with the Lokki servers. The old Lokki app in your phone was reporting your location every 5…15 minutes to the server, all the time, and especially when there was no WiFi coverage this was consuming quite a lot of battery. The new Lokki reports your location to the Lokki servers only when you or someone in your Lokki group is requesting your location. As you can imagine, most of the time during the day and night there is nobody requesting this information, so your phone does not need to check its location that frequently from the GPS satellites and WiFi networks. A side effect of this change is that we no longer can show the ”has arrived” and ”has left” notifications — they are likely to come back partially in a future version of Lokki, though.
We removed the chat functionality we had built into Lokki after most Lokki users told us that our chat is not on par with the messaging apps they prefer to use. Lokki is primarily about private location sharing so we decided to put our focus on that area and not start competing against the existing chat apps out there. We will be smoothening the interplay of the Lokki app and the messaging app in your phones in the future releases of Lokki.
The most visible change in Lokki 3.0 is that we have replaced the places with a map view. This was a really difficult decision for us because we had feedback from many people that they were really in love with the cool-looking places. However, we also heard feedback that the places were a bit complicated to use, there were false reports of people arriving and leaving places, some people preferred the map view in general, and some people said that the places look a bit childish. The main reason for our design decision was the drive to simplify the new Lokki version and to get it launched as soon as possible, since we had a continuous flow of feedback indicating that quite a many people were not satisfied with the location accuracy or the power consumption in Lokki 2.0. We have an initial plan of bringing the places back, perhaps a bit simplified, in an upcoming release of Lokki.
As a bonus we are happy to tell that the new version of Lokki on Android has now been built so that it also works in the older Android devices (version 2.3.3), and those are very common among children.
Finally a replacement for Google Latitude!
We have heard from some Lokki users that Lokki has become a Google Latitude replacement for them. Google discontinued their highly popular Latitude service earlier this year and we are happy to see Lokki taking that role now. The new Lokki 3.0 is actually a very compelling Google Latitude replacement, coming from a reputable European security software house, and working on both Android and iOS devices.
That was the SHORT summary! ;-) Below you will get a more detailed description of the new things in the new Lokki 3.0. Parts of that description are somewhat technical because we know that some of the very early users of Lokki 1.0 and 2.0 are somewhat technically-minded, some might even call them nerds, in a positive way. Others may leave this text now, and we say thank you! :-)
From phone numbers to emails
The old Lokki used your phone number as your username or identity and in the new Lokki we have changed to use the email address for this purpose. You need to use a unique email address per device i.e. if you have an Android phone and an iPad, you need to use different email addresses in those to sign up to Lokki. We debated this change internally a lot and eventually chose the email because it is more commonly used in online services as the user ID and it will allow us to e.g. send Lokki users informative updates more easily than over text messaging. In the old Lokki we did not have the email address of users at all, and there are countries in the world that do not allow service providers to send mass postings via text messages, even if there is no direct marketing content in the messages.
When you allow other people to see you in Lokki, Lokki will show you the people names with email addresses it retrieves from the contacts list in your phone. If a person does not have an email address defined, she or he won’t be visible in the Lokki invitation list, and you need to add the email address first via the Contacts app in your device. We plan to simplify this further in the upcoming Lokki releases.
Lokki and kids
Children can still use Lokki legally (with the exception being the 13 year age limit in the USA due to the Children Online Privacy Protection Act a.k.a. COPPA) so also they will need to have an email address when signing up for Lokki. Or to be exact, the device they are using to sign up needs to have a unique email address. In any case, it is good to be aware of what kind of apps your kids are installing and using in their mobile devices. Have you checked the age limits of some of the wildly popular social media sites or chat apps your kids may be using, by the way?
Read the small print — a.k.a. the Frequently Asked Questions
Many of the detailed issues around the new Lokki 3.0 are covered in the Frequently Asked Questions and you can find that in the F-Secure community knowledge base.
Lokki for Nokia Lumia and other Windows Phones
A word about Lokki on Windows Phone 8. We have an early test version of the Lokki app that runs in a beautiful yellow Nokia Lumia 520 phone. We hope to be able to release the Windows Phone 8 version in the near future when it is fully tested and free of glitches. The Windows Phone operating system is a bit different from Android or iOS and this has introduced some extra hurdles during the development process.
Beta, lean startup and pivot
We fully realize that the changes introduced with this new 3.0 version of Lokki may look awkward for many of you. You need to sign up again to Lokki and your friends and family members need to do the same. All Lokki users will need to have an email. Plus if you liked your places, you no longer can see them. :-/ However, after you are done with the initial setup, we believe you will love the new Lokki! We began to develop Lokki as a free app last spring with the goal to build the world’s best people location sharing app that is secure and fun. In the summer we had F-Secure fellows testing the beta version and in August we launched the app to the world. In “lean startup” style we have been continuously listening to Lokki users and improving the app. By early November we realized that we will not be able to satisfy Lokki users with our GPS location tracking solution; the continous location reporting simply ate too much battery and the battery consumption optimizations had an impact on the location reporting accuracy. In lean startup terms we decided to “pivot” Lokki into a new direction. Many Lokki users liked the product concept but expected it to work like Sports Tracker or RunKeeper i.e. continuously tracking the location of everyone on your display but at the same time they expected there to be negligible impact on the phone battery life. This unfortunately cannot be done on modern smartphones, especially when the service needs to run reliably on Android, iOS, and Windows Phone devices. We really like the new Lokki and feel it is superior in many ways to the earlier version, and we will be incorporating elements from the old design to the app in the future releases.
To trace or not to trace — what is your opinion?
Our short-term priorities now include a ’family pack’ functionality for Lokki, in addition to the Windows Phone 8 support. One feature that we are debating is people tracking history. As a security software company we are cautious about any ’big brother’ functionalities — yet we get requests that people would like to be able to see where their children have been. How do you feel about this? And is there some other family feature you would like to see in Lokki?
One more thing
Old users of Lokki probably noticed that Lokki 3.0 now has a new app icon. We felt that since the places are gone from this version, at least for a while, we should evolve also the icon a bit to reflect the changing functionality in the app. We hope you like the new icon!
Thanks for your support and please let us know how you feel about the new Lokki! You can reach us at firstname.lastname@example.org as before.
Harri and the Lokki team at F-Secure in Helsinki, Finland
In Finnish / suomeksi lyhyt yhteenveto uudesta Lokki 3.0-versiosta:
Lokin paikannustarkkuus on parantunut ja puhelimen virrankulutus laskenut. Tämän saimme aikaiseksi toteuttamalla puhelimen ja palvelimen välisen paikkatietojen välityksen uudella tavalla. Vanha Lokki lähetti puhelimen paikkatiedon palvelimelle joka 5…15 minuutin välein kellon ympäri ja uusi Lokki lähettää paikkatiedon vain silloin kun joku oman piirini Lokki-käyttäjä sitä kysyy. Kolikon kääntöpuoli on tässä se, että aiemmat ”on lähtenyt” ja ”on saapunut” –viestit on jouduttu jättämään pois — saatamme tosin tuoda niistä jatkossa Lokkiin yksinkertaisemman version.
Jätimme uudesta Lokista myös pikaviestimen pois. Suuri osa käyttäjistä kertoi meille, että Lokin chat ei ole tarpeeksi hyvä, joten me päätimme keskittyä turvalliseen ja tehokkaaseen paikkatiedon jakamiseen ja jättää pikaviestimen kehittämisen muille. Jatkossa Lokista pääsee helposti hyppäämään puhelimessa oleviin pikaviestinsovelluksiin.
Näkyvin muutos uudessa Lokissa on paikkasymbolien korvaaminen karttanäkymällä. Todella moni on kertonut meille pitävänsä näistä paikoista paljon, mutta vielä useampi on kritisoinut paikannustarkkuuden ja virrankulutuksen tasoa. Halusimme tuoda nämä parannukset Lokin käyttäjille mahdollisimman nopeasti, joten jouduimme jättämään paikat pois tästä Lokki-versiosta. Jatkossa saatamme tuoda paikat takaisin, ehkä vähän yksinkertaisemmassa muodossa.
Uusi Lokki toimii nyt myös vanhemmissa Android-puhelimissa (käyttöjärjestelmäversio 2.3.3) ja myös Windows Phone 8 –versio on meillä työn alla.
Lähitulevaisuudessa keskitymme lisäämään Lokkiin toiminnallisuutta perheitä varten. Haluaisimmekin kuulla teiltä, mitä toivoisitte! Olisiko Lokissa vaikkapa hyvä nähdä, missä lapset ovat olleet menossa vaikka viimeisen parin tunnin aikana, vai olisiko tämä tarpeeton tai jopa ei-toivottu ominaisuus?
Kiitos teille kaikille, jotka jaksoitte lukea tänne asti. Kertokaapa meille, mitä mieltä olette uudesta Lokki 3.0 –sovelluksesta! Saatte meidät kiinni osoitteesta email@example.com kuten ennenkin.
Harri ja F-Securen Lokki-tiimi Ruoholahdessa Helsingissä
[Image by Metropolitan Transportation Authority of the State of New York via Flickr]
This year’s Mobile World Congress (MWC) is coming up next week. The annual Barcelona-based tech expo features the latest news in mobile technologies. One of the biggest issues of the past year has enticed our own digital freedom fighter Mikko Hypponen to participate in the event. Hypponen, a well-known advocate of digital freedom, has been defending the Internet and its users from digital threats for almost 25 years. He’s appearing at this year’s MWC on Monday, March 2 for a conference session called “Ensuring User-Centred Privacy in a Connected World”. The panel will discuss and debate different ways to ensure privacy doesn’t become a thing of the past. While Hypponen sees today’s technologies as having immeasurable benefits for us all, he’s become an outspoken critic of what he sees as what’s “going wrong in the online world”. He’s spoken prominently about a range of these issues in the past year, and been interviewed on topics as diverse as new malware and cybersecurity threats, mass surveillance and digital privacy, and the potential abuses of emerging technologies (such as the Internet of Things). The session will feature Hypponen and five other panelists. But, since the event is open to public discussion on Twitter under the #MWC15PRIV hashtag, you can contribute to the conversation. Here’s three talking points to help you get started: Security in a mobile world A recent story broken by The Intercept describes how the American and British governments hacked Gemalto, the largest SIM card manufacturer in the world. In doing so, they obtained the encryption keys that secure mobile phone calls across the globe. You can read a recent blog post about it here if you’re interested in more information about how this event might shape the discussion. Keeping safe online It recently came to light that an adware program called “Superfish” contains a security flaw that allows hackers to impersonate shopping, banking, or other websites. These “man-in-the-middle” attacks can be quite serious and trick people into sharing personal data with criminals. The incident highlights the importance of making sure people can trust their devices. And the fact that Superfish comes pre-installed on notebooks from the world’s largest PC manufacturer makes it worth discussing sooner rather than later. Privacy and the Internet of Things Samsung recently warned people to be aware when discussing personal information in front of their Smart TVs. You can get the details from this blog post, but basically the Smart TVs voice activation technology can apparently listen to what people are saying and even share the information with third parties. As more devices become “smart”, will we have to become smarter about what we say and do around them? The session is scheduled to run from 16:00 – 17:30 (CET), so don’t miss this chance to join the fight for digital freedom at the MWC. [Image by Hubert Burda Media | Flickr]
The newest leak from Edward Snowden may be coming at a terrible time for the Obama White House but it's not particularly shocking news to security experts. The Intercept's report about the "Great SIM Heist" reveals American and British spies stole the keys that are "used to protect the privacy of cellphone communications across the globe" from Gemalto, the world's largest manufacturer of SIM cards. It goes on to report that "With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments," which sidesteps the needs for legal warrants that should be the foundation of ethical law enforcement. While this is certainly troubling and speaks to the agencies wanton regard for privacy and some amateurish procedures being used to transport keys, it likely won't alter the security landscape much. "The best summary is that an already unreliable communication method became even more unreliable," F-Secure Labs Senior Researcher Jarno Niemela, the holder of 20 security-related patents, explained. "Nobody in their right minds would assume GSM [Global System for Mobile Communications --the digital cellular network used by mobile phones] to be private in the first place," he said. "Phone networks have never been really designed with privacy in mind." Mobile operators are much more concerned with being able to prevent their customers from avoiding billing. While a scope of such a breach does seem huge, Jarno points we're not sure how many of the billions of cards manufactured by Gemalto may be affected. Keys sent to and from operators via without encryption in email or via FTP servers that were not properly secured are almost certainly compromised. But according to The Intercept, GCHQ also penetrated “authentication servers,” which allow it to "decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network" regardless who made the cards. With the cracked keys, users' calls would be vulnerable but likely only in a limited manner. "I am told that these keys only expose the encryption and authentication between the mobile device and the local cell tower," F-Secure Security Advisor David Perry explained. "This means that the NSA or (whoever else) would have to be locally located within radio range of your phone." So could the NSA or GCHQ be listening to your calls without a warrant? Maybe. Here's what you can do about it. Add a layer of encryption of your own to any device you use to communicate. A VPN like our Freedome will protect your data traffic. This would not, however, protect your voice calls. "Maybe it’s time to stop making 'traditional' mobile phones calls," F-Secure Labs Senior Researcher Timo Hirvonen suggests. "Install Freedome, and start making your calls with apps like Signal." [Image by Julian Carvajal | Flickr]
This comes as no surprise after the Snowden revelations. British signal intelligence agency GCHQ has been spying illegally on a large number of internet users. What’s positively surprising is that the UK Surveillance Tribunal finally developed from a rubber stamp into something capable of making real decisions. In short, their recent decision states that the secret information exchange between the NSA and GCHQ was illegal. It’s also a welcome indication that unnecessary secrecy isn’t acceptable. Secrecy is needed in intelligence work, but has widely been misused to hide unlawful activities. We are, of course, grateful to Privacy International and its supporters, for their important work in this case. But they are not done yet! Their next step is to let you know if you’re a victim. You can submit your contact info and join a campaign where they will reveal if GCHQ has data on you. That’s nice. The more privacy-savvy of you are probably smiling right now. The campaign page clearly states “I authorise Privacy International and their legal team to pass my information to GCHQ …” That’s naturally necessary when asking GCHQ if they have data on you. But what if they didn’t? Now they have. Submitting private info to an agency that just has been exposed with illegal data processing might not sound as a good idea. And it’s not just your name, email and phone number. What may be less obvious is that your submission ties these pieces of info together. If they had just your mail, now they know to whom it belongs. Ok, time to take off the tin foil hat. I think Privacy International’s campaign is great and a unique opportunity to get a glimpse into the secret world of intelligence. One should not worry too much about revealing info through this form. What you submit is probably already known to them and they could easily find out, if they had a real interest in you. So just go ahead. But the above is a great reminder that you should think twice before submitting private info. Always think about whom you submit to and for what purpose. Micke P.S. This reminds me of an old web form at a Russian server. “Enter your credit card number to check if it has been stolen on the net.” No, I didn’t enter mine either.