Dear old and new friends of F-Secure Lokki!
Hei F-Secure Lokin ystävät!
In Finnish / suomeksi: Tämän tekstin lopussa on suomenkielinen yhteenveto uudesta F-Secure Lokki –sovelluksesta! Voit lukea tekstin alkuosan englanniksi tai hypätä suoraan loppuosaan.
F-Secure Lokki is the most accurate and battery friendly personal location sharing app to connect you with your friends and family members. Across the world thousands of people have been taking Lokki into use since mid August when we launched the first version for iPhone and Android devices. We have this week launched a major update to Lokki for iPhone and Android. You can download the new 3.0 version from iTunes and Google Play. For more information on Lokki please visit the F-Secure product page.
We have received a tremendous amount of feedback from all over the world towards Lokki 1.0 and 2.0. This has been really fantastic as it has helped us to improve Lokki. Some of the feedback has been somewhat contradictory so we have decided which way to go. We have read all emails and we have met with a large number of Lokki users during the last couple of months. BIG THANKS to everyone who have spoken with us or sent us messages! Keep them coming! We are making this product for YOU!
Let me tell a few words about this new version 3.0, especially for the old Lokki users out there.
The new Lokki 3.0 in a nutshell
A short summary of the changes in Lokki 3.0 goes as follows: The location accuracy has gone up and the battery consumption has gone down. This has been accomplished by re-writing the software that connects your phone with the Lokki servers. The old Lokki app in your phone was reporting your location every 5…15 minutes to the server, all the time, and especially when there was no WiFi coverage this was consuming quite a lot of battery. The new Lokki reports your location to the Lokki servers only when you or someone in your Lokki group is requesting your location. As you can imagine, most of the time during the day and night there is nobody requesting this information, so your phone does not need to check its location that frequently from the GPS satellites and WiFi networks. A side effect of this change is that we no longer can show the ”has arrived” and ”has left” notifications — they are likely to come back partially in a future version of Lokki, though.
We removed the chat functionality we had built into Lokki after most Lokki users told us that our chat is not on par with the messaging apps they prefer to use. Lokki is primarily about private location sharing so we decided to put our focus on that area and not start competing against the existing chat apps out there. We will be smoothening the interplay of the Lokki app and the messaging app in your phones in the future releases of Lokki.
The most visible change in Lokki 3.0 is that we have replaced the places with a map view. This was a really difficult decision for us because we had feedback from many people that they were really in love with the cool-looking places. However, we also heard feedback that the places were a bit complicated to use, there were false reports of people arriving and leaving places, some people preferred the map view in general, and some people said that the places look a bit childish. The main reason for our design decision was the drive to simplify the new Lokki version and to get it launched as soon as possible, since we had a continuous flow of feedback indicating that quite a many people were not satisfied with the location accuracy or the power consumption in Lokki 2.0. We have an initial plan of bringing the places back, perhaps a bit simplified, in an upcoming release of Lokki.
As a bonus we are happy to tell that the new version of Lokki on Android has now been built so that it also works in the older Android devices (version 2.3.3), and those are very common among children.
Finally a replacement for Google Latitude!
We have heard from some Lokki users that Lokki has become a Google Latitude replacement for them. Google discontinued their highly popular Latitude service earlier this year and we are happy to see Lokki taking that role now. The new Lokki 3.0 is actually a very compelling Google Latitude replacement, coming from a reputable European security software house, and working on both Android and iOS devices.
That was the SHORT summary! ;-) Below you will get a more detailed description of the new things in the new Lokki 3.0. Parts of that description are somewhat technical because we know that some of the very early users of Lokki 1.0 and 2.0 are somewhat technically-minded, some might even call them nerds, in a positive way. Others may leave this text now, and we say thank you! :-)
From phone numbers to emails
The old Lokki used your phone number as your username or identity and in the new Lokki we have changed to use the email address for this purpose. You need to use a unique email address per device i.e. if you have an Android phone and an iPad, you need to use different email addresses in those to sign up to Lokki. We debated this change internally a lot and eventually chose the email because it is more commonly used in online services as the user ID and it will allow us to e.g. send Lokki users informative updates more easily than over text messaging. In the old Lokki we did not have the email address of users at all, and there are countries in the world that do not allow service providers to send mass postings via text messages, even if there is no direct marketing content in the messages.
When you allow other people to see you in Lokki, Lokki will show you the people names with email addresses it retrieves from the contacts list in your phone. If a person does not have an email address defined, she or he won’t be visible in the Lokki invitation list, and you need to add the email address first via the Contacts app in your device. We plan to simplify this further in the upcoming Lokki releases.
Lokki and kids
Children can still use Lokki legally (with the exception being the 13 year age limit in the USA due to the Children Online Privacy Protection Act a.k.a. COPPA) so also they will need to have an email address when signing up for Lokki. Or to be exact, the device they are using to sign up needs to have a unique email address. In any case, it is good to be aware of what kind of apps your kids are installing and using in their mobile devices. Have you checked the age limits of some of the wildly popular social media sites or chat apps your kids may be using, by the way?
Read the small print — a.k.a. the Frequently Asked Questions
Many of the detailed issues around the new Lokki 3.0 are covered in the Frequently Asked Questions and you can find that in the F-Secure community knowledge base.
Lokki for Nokia Lumia and other Windows Phones
A word about Lokki on Windows Phone 8. We have an early test version of the Lokki app that runs in a beautiful yellow Nokia Lumia 520 phone. We hope to be able to release the Windows Phone 8 version in the near future when it is fully tested and free of glitches. The Windows Phone operating system is a bit different from Android or iOS and this has introduced some extra hurdles during the development process.
Beta, lean startup and pivot
We fully realize that the changes introduced with this new 3.0 version of Lokki may look awkward for many of you. You need to sign up again to Lokki and your friends and family members need to do the same. All Lokki users will need to have an email. Plus if you liked your places, you no longer can see them. :-/ However, after you are done with the initial setup, we believe you will love the new Lokki! We began to develop Lokki as a free app last spring with the goal to build the world’s best people location sharing app that is secure and fun. In the summer we had F-Secure fellows testing the beta version and in August we launched the app to the world. In “lean startup” style we have been continuously listening to Lokki users and improving the app. By early November we realized that we will not be able to satisfy Lokki users with our GPS location tracking solution; the continous location reporting simply ate too much battery and the battery consumption optimizations had an impact on the location reporting accuracy. In lean startup terms we decided to “pivot” Lokki into a new direction. Many Lokki users liked the product concept but expected it to work like Sports Tracker or RunKeeper i.e. continuously tracking the location of everyone on your display but at the same time they expected there to be negligible impact on the phone battery life. This unfortunately cannot be done on modern smartphones, especially when the service needs to run reliably on Android, iOS, and Windows Phone devices. We really like the new Lokki and feel it is superior in many ways to the earlier version, and we will be incorporating elements from the old design to the app in the future releases.
To trace or not to trace — what is your opinion?
Our short-term priorities now include a ’family pack’ functionality for Lokki, in addition to the Windows Phone 8 support. One feature that we are debating is people tracking history. As a security software company we are cautious about any ’big brother’ functionalities — yet we get requests that people would like to be able to see where their children have been. How do you feel about this? And is there some other family feature you would like to see in Lokki?
One more thing
Old users of Lokki probably noticed that Lokki 3.0 now has a new app icon. We felt that since the places are gone from this version, at least for a while, we should evolve also the icon a bit to reflect the changing functionality in the app. We hope you like the new icon!
Thanks for your support and please let us know how you feel about the new Lokki! You can reach us at firstname.lastname@example.org as before.
Harri and the Lokki team at F-Secure in Helsinki, Finland
In Finnish / suomeksi lyhyt yhteenveto uudesta Lokki 3.0-versiosta:
Lokin paikannustarkkuus on parantunut ja puhelimen virrankulutus laskenut. Tämän saimme aikaiseksi toteuttamalla puhelimen ja palvelimen välisen paikkatietojen välityksen uudella tavalla. Vanha Lokki lähetti puhelimen paikkatiedon palvelimelle joka 5…15 minuutin välein kellon ympäri ja uusi Lokki lähettää paikkatiedon vain silloin kun joku oman piirini Lokki-käyttäjä sitä kysyy. Kolikon kääntöpuoli on tässä se, että aiemmat ”on lähtenyt” ja ”on saapunut” –viestit on jouduttu jättämään pois — saatamme tosin tuoda niistä jatkossa Lokkiin yksinkertaisemman version.
Jätimme uudesta Lokista myös pikaviestimen pois. Suuri osa käyttäjistä kertoi meille, että Lokin chat ei ole tarpeeksi hyvä, joten me päätimme keskittyä turvalliseen ja tehokkaaseen paikkatiedon jakamiseen ja jättää pikaviestimen kehittämisen muille. Jatkossa Lokista pääsee helposti hyppäämään puhelimessa oleviin pikaviestinsovelluksiin.
Näkyvin muutos uudessa Lokissa on paikkasymbolien korvaaminen karttanäkymällä. Todella moni on kertonut meille pitävänsä näistä paikoista paljon, mutta vielä useampi on kritisoinut paikannustarkkuuden ja virrankulutuksen tasoa. Halusimme tuoda nämä parannukset Lokin käyttäjille mahdollisimman nopeasti, joten jouduimme jättämään paikat pois tästä Lokki-versiosta. Jatkossa saatamme tuoda paikat takaisin, ehkä vähän yksinkertaisemmassa muodossa.
Uusi Lokki toimii nyt myös vanhemmissa Android-puhelimissa (käyttöjärjestelmäversio 2.3.3) ja myös Windows Phone 8 –versio on meillä työn alla.
Lähitulevaisuudessa keskitymme lisäämään Lokkiin toiminnallisuutta perheitä varten. Haluaisimmekin kuulla teiltä, mitä toivoisitte! Olisiko Lokissa vaikkapa hyvä nähdä, missä lapset ovat olleet menossa vaikka viimeisen parin tunnin aikana, vai olisiko tämä tarpeeton tai jopa ei-toivottu ominaisuus?
Kiitos teille kaikille, jotka jaksoitte lukea tänne asti. Kertokaapa meille, mitä mieltä olette uudesta Lokki 3.0 –sovelluksesta! Saatte meidät kiinni osoitteesta email@example.com kuten ennenkin.
Harri ja F-Securen Lokki-tiimi Ruoholahdessa Helsingissä
[Image by Metropolitan Transportation Authority of the State of New York via Flickr]
Would you give up your firstborn child or favorite pet to use free WiFi? Of course not. Sounds crazy, right? But in an independent investigation conducted on behalf of F-Secure, several people agreed to do just that – just to be able to instantly, freely connect to the Internet while on the go. For the experiment, we asked Finn Steglich of the German penetration testing company, SySS, to build a WiFi hotspot, take it out on the streets of London, and set it up and wait for folks to connect. The purpose? To find out how readily people would connect to an unknown WiFi hotspot. (You can view our complete report, see the video and listen to the podcast below.) Thing is, public hotspots are insecure. Public WiFi simply wasn’t built with 21st century security demands in mind. When you use public WiFi without any added security measures, you leak data about yourself from your device. We know it, but we wanted to find out in general how well people out on the street know, whether or not they take precautions, and what kind of data they would actually leak. We also enlisted the help of freelance journalist Peter Warren of the UK’s Cyber Security Research Institute, who came along to document it all. Accompanying the two was Sean Sullivan, F-Secure’s Security Advisor. [protected-iframe id="4904e81e9615a16d107096f242273fee-10874323-40632396" info="//www.youtube-nocookie.com/embed/OXzDyL3gaZo" width="640" height="360" frameborder="0" allowfullscreen=""] Leaking personal information What we found was that people readily and happily connected, unaware their Internet activity was being spied on by the team. In just a half-hour period, 250 devices connected to the hotspot. Most of these were probably automatic connections, without their owner even realizing it. 33 people actively sent Internet traffic, doing web searches, sending email, etc. The team collected 32 MB of traffic – which was promptly destroyed in the interest of consumer privacy. The researchers were a bit surprised when they found that they could actually read the text of emails sent over a POP3 network, along with the addresses of the sender and recipient, and even the password of the sender. Encryption, anyone? If you aren’t already using it, you should be! The Herod clause For part of the experiment, the guys enabled a terms and conditions (T&C) page that people needed to agree to before being able to use the hotspot. One of the terms stipulated that the user must give up their firstborn child or most beloved pet in exchange for WiFi use. In the short time the T&C page was active, six people agreed to the outlandish clause. Of course, this simply illustrates the lack of attention people pay to such pages. Terms and conditions are usually longer than most people want to take time to read, and often they’re difficult to understand. We, of course, won’t enforce the clause and make people follow through with surrendering their loved ones – but this should give us all pause: What are we really signing up for when we check the “agree” box at the end of a long list of T&C’s we don’t read? There's a need for more clarity and transparency about what's actually being collected or required of the user. The problem So what’s really the issue here? What’s going to happen to your data, anyway? The problem is there are plenty of criminals who love to get their hands on WiFi traffic to collect usernames, passwords, etc. It’s easy and cheap enough for them to set up their own hotspot somewhere (the whole hotspot setup only cost SySS about 200 euros), give it a credible-looking name, and just let the data flow in. And even if a hotspot is provided by a legitimate business or organization, criminals can still use “sniffing” tools to spy on others’ Internet traffic. So be warned: Public WiFi is NOT secure or safe. But we’re not saying don’t use it, we’re saying don’t use it without proper security. A good VPN will provide encryption so even if someone tries, they can’t tap into your data. The Solution F-Secure Freedome is our super cool, super simple wi-fi security product, or VPN. Freedome creates a secure, encrypted connection from your device and protects you from snoops and spies, wherever you go and whatever WiFi you use. (Bonus: It also includes tracking protection from Internet marketers, browsing protection to block malicious sites and apps, and lets you choose your own virtual location so you can view your favorite web content even when you’re abroad.) Still don’t believe that public WiFi poses risks? Take a closer look next time you’re faced with a terms and conditions page for public WiFi hotspot. “A good number of open wi-fi providers take the time to tell you in their T&C that there are inherent risks with wireless communications and suggest using a VPN,” Sullivan says. “So if you don't take it from me, take it from them.” Check out the full report here (PDF): Tainted Love - How Wi-Fi Betrays Us Listen to the podcast, featuring interviews with Victor Hayes, the "Father of WiFi," our Sean Sullivan and others: [audio mp3="http://fsecureconsumer.files.wordpress.com/2014/09/wifi_experiment_podcast.mp3"][/audio] Disclaimer: During the course of this experiment, no user was compromised at any point nor user data exposed in a way that it could have been subject to misuse. We have not logged any user information, and during the experiment a lawyer supervised all our activities to avoid breaching any laws. Video by Magneto Films
This has been a huge week for Freedome. First we added virtual locations in Hong Kong and Singapore. Then the app became available across Asia. Now we're fully iOS 8-compatible on day one. You could use Freedome to protect your private data and choose from 12 different virtual locations on iOS 7. But it could be a hassle, requiring you to switch profiles or possibly lose connection. On iOS 8, your Freedome VPN connects and stays connected. That's it. How does it work? This video walks you through the process of pressing one button and getting on with your life. This simplicity is now available to a huge percentage of the world's population that hasn't had a chance to try out Freedome for free. “As hundreds of millions of users in Asia are hopping online through their broadband wireless and hundreds of Wi-Fi hotspots covering cafes to airports, mobile users are seeking ways to provide more privacy to their online surfing habits, Freedome will be the answer to this," our Security Advisor Su Gim Goh said. Beyond protecting your data when you're connecting on unsecured networks, Freedome offers anti-tracking protection that cloaks your data from the sites you choose to use. “Users in Asia today demand their rights to keeping their data private," he said. "Most important of all, with F-Secure’s Freedome, you're not leaving digital footprints on websites like online stores and social media sites, making them more untrackable to the aggressive advertising and profiling services on the Internet in this region."
On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS. iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.