Dear old and new friends of F-Secure Lokki!
Hei F-Secure Lokin ystävät!
In Finnish / suomeksi: Tämän tekstin lopussa on suomenkielinen yhteenveto uudesta F-Secure Lokki –sovelluksesta! Voit lukea tekstin alkuosan englanniksi tai hypätä suoraan loppuosaan.
F-Secure Lokki is the most accurate and battery friendly personal location sharing app to connect you with your friends and family members. Across the world thousands of people have been taking Lokki into use since mid August when we launched the first version for iPhone and Android devices. We have this week launched a major update to Lokki for iPhone and Android. You can download the new 3.0 version from iTunes and Google Play. For more information on Lokki please visit the F-Secure product page.
We have received a tremendous amount of feedback from all over the world towards Lokki 1.0 and 2.0. This has been really fantastic as it has helped us to improve Lokki. Some of the feedback has been somewhat contradictory so we have decided which way to go. We have read all emails and we have met with a large number of Lokki users during the last couple of months. BIG THANKS to everyone who have spoken with us or sent us messages! Keep them coming! We are making this product for YOU!
Let me tell a few words about this new version 3.0, especially for the old Lokki users out there.
The new Lokki 3.0 in a nutshell
A short summary of the changes in Lokki 3.0 goes as follows: The location accuracy has gone up and the battery consumption has gone down. This has been accomplished by re-writing the software that connects your phone with the Lokki servers. The old Lokki app in your phone was reporting your location every 5…15 minutes to the server, all the time, and especially when there was no WiFi coverage this was consuming quite a lot of battery. The new Lokki reports your location to the Lokki servers only when you or someone in your Lokki group is requesting your location. As you can imagine, most of the time during the day and night there is nobody requesting this information, so your phone does not need to check its location that frequently from the GPS satellites and WiFi networks. A side effect of this change is that we no longer can show the ”has arrived” and ”has left” notifications — they are likely to come back partially in a future version of Lokki, though.
We removed the chat functionality we had built into Lokki after most Lokki users told us that our chat is not on par with the messaging apps they prefer to use. Lokki is primarily about private location sharing so we decided to put our focus on that area and not start competing against the existing chat apps out there. We will be smoothening the interplay of the Lokki app and the messaging app in your phones in the future releases of Lokki.
The most visible change in Lokki 3.0 is that we have replaced the places with a map view. This was a really difficult decision for us because we had feedback from many people that they were really in love with the cool-looking places. However, we also heard feedback that the places were a bit complicated to use, there were false reports of people arriving and leaving places, some people preferred the map view in general, and some people said that the places look a bit childish. The main reason for our design decision was the drive to simplify the new Lokki version and to get it launched as soon as possible, since we had a continuous flow of feedback indicating that quite a many people were not satisfied with the location accuracy or the power consumption in Lokki 2.0. We have an initial plan of bringing the places back, perhaps a bit simplified, in an upcoming release of Lokki.
As a bonus we are happy to tell that the new version of Lokki on Android has now been built so that it also works in the older Android devices (version 2.3.3), and those are very common among children.
Finally a replacement for Google Latitude!
We have heard from some Lokki users that Lokki has become a Google Latitude replacement for them. Google discontinued their highly popular Latitude service earlier this year and we are happy to see Lokki taking that role now. The new Lokki 3.0 is actually a very compelling Google Latitude replacement, coming from a reputable European security software house, and working on both Android and iOS devices.
That was the SHORT summary! ;-) Below you will get a more detailed description of the new things in the new Lokki 3.0. Parts of that description are somewhat technical because we know that some of the very early users of Lokki 1.0 and 2.0 are somewhat technically-minded, some might even call them nerds, in a positive way. Others may leave this text now, and we say thank you! :-)
From phone numbers to emails
The old Lokki used your phone number as your username or identity and in the new Lokki we have changed to use the email address for this purpose. You need to use a unique email address per device i.e. if you have an Android phone and an iPad, you need to use different email addresses in those to sign up to Lokki. We debated this change internally a lot and eventually chose the email because it is more commonly used in online services as the user ID and it will allow us to e.g. send Lokki users informative updates more easily than over text messaging. In the old Lokki we did not have the email address of users at all, and there are countries in the world that do not allow service providers to send mass postings via text messages, even if there is no direct marketing content in the messages.
When you allow other people to see you in Lokki, Lokki will show you the people names with email addresses it retrieves from the contacts list in your phone. If a person does not have an email address defined, she or he won’t be visible in the Lokki invitation list, and you need to add the email address first via the Contacts app in your device. We plan to simplify this further in the upcoming Lokki releases.
Lokki and kids
Children can still use Lokki legally (with the exception being the 13 year age limit in the USA due to the Children Online Privacy Protection Act a.k.a. COPPA) so also they will need to have an email address when signing up for Lokki. Or to be exact, the device they are using to sign up needs to have a unique email address. In any case, it is good to be aware of what kind of apps your kids are installing and using in their mobile devices. Have you checked the age limits of some of the wildly popular social media sites or chat apps your kids may be using, by the way?
Read the small print — a.k.a. the Frequently Asked Questions
Many of the detailed issues around the new Lokki 3.0 are covered in the Frequently Asked Questions and you can find that in the F-Secure community knowledge base.
Lokki for Nokia Lumia and other Windows Phones
A word about Lokki on Windows Phone 8. We have an early test version of the Lokki app that runs in a beautiful yellow Nokia Lumia 520 phone. We hope to be able to release the Windows Phone 8 version in the near future when it is fully tested and free of glitches. The Windows Phone operating system is a bit different from Android or iOS and this has introduced some extra hurdles during the development process.
Beta, lean startup and pivot
We fully realize that the changes introduced with this new 3.0 version of Lokki may look awkward for many of you. You need to sign up again to Lokki and your friends and family members need to do the same. All Lokki users will need to have an email. Plus if you liked your places, you no longer can see them. :-/ However, after you are done with the initial setup, we believe you will love the new Lokki! We began to develop Lokki as a free app last spring with the goal to build the world’s best people location sharing app that is secure and fun. In the summer we had F-Secure fellows testing the beta version and in August we launched the app to the world. In “lean startup” style we have been continuously listening to Lokki users and improving the app. By early November we realized that we will not be able to satisfy Lokki users with our GPS location tracking solution; the continous location reporting simply ate too much battery and the battery consumption optimizations had an impact on the location reporting accuracy. In lean startup terms we decided to “pivot” Lokki into a new direction. Many Lokki users liked the product concept but expected it to work like Sports Tracker or RunKeeper i.e. continuously tracking the location of everyone on your display but at the same time they expected there to be negligible impact on the phone battery life. This unfortunately cannot be done on modern smartphones, especially when the service needs to run reliably on Android, iOS, and Windows Phone devices. We really like the new Lokki and feel it is superior in many ways to the earlier version, and we will be incorporating elements from the old design to the app in the future releases.
To trace or not to trace — what is your opinion?
Our short-term priorities now include a ’family pack’ functionality for Lokki, in addition to the Windows Phone 8 support. One feature that we are debating is people tracking history. As a security software company we are cautious about any ’big brother’ functionalities — yet we get requests that people would like to be able to see where their children have been. How do you feel about this? And is there some other family feature you would like to see in Lokki?
One more thing
Old users of Lokki probably noticed that Lokki 3.0 now has a new app icon. We felt that since the places are gone from this version, at least for a while, we should evolve also the icon a bit to reflect the changing functionality in the app. We hope you like the new icon!
Thanks for your support and please let us know how you feel about the new Lokki! You can reach us at firstname.lastname@example.org as before.
Harri and the Lokki team at F-Secure in Helsinki, Finland
In Finnish / suomeksi lyhyt yhteenveto uudesta Lokki 3.0-versiosta:
Lokin paikannustarkkuus on parantunut ja puhelimen virrankulutus laskenut. Tämän saimme aikaiseksi toteuttamalla puhelimen ja palvelimen välisen paikkatietojen välityksen uudella tavalla. Vanha Lokki lähetti puhelimen paikkatiedon palvelimelle joka 5…15 minuutin välein kellon ympäri ja uusi Lokki lähettää paikkatiedon vain silloin kun joku oman piirini Lokki-käyttäjä sitä kysyy. Kolikon kääntöpuoli on tässä se, että aiemmat ”on lähtenyt” ja ”on saapunut” –viestit on jouduttu jättämään pois — saatamme tosin tuoda niistä jatkossa Lokkiin yksinkertaisemman version.
Jätimme uudesta Lokista myös pikaviestimen pois. Suuri osa käyttäjistä kertoi meille, että Lokin chat ei ole tarpeeksi hyvä, joten me päätimme keskittyä turvalliseen ja tehokkaaseen paikkatiedon jakamiseen ja jättää pikaviestimen kehittämisen muille. Jatkossa Lokista pääsee helposti hyppäämään puhelimessa oleviin pikaviestinsovelluksiin.
Näkyvin muutos uudessa Lokissa on paikkasymbolien korvaaminen karttanäkymällä. Todella moni on kertonut meille pitävänsä näistä paikoista paljon, mutta vielä useampi on kritisoinut paikannustarkkuuden ja virrankulutuksen tasoa. Halusimme tuoda nämä parannukset Lokin käyttäjille mahdollisimman nopeasti, joten jouduimme jättämään paikat pois tästä Lokki-versiosta. Jatkossa saatamme tuoda paikat takaisin, ehkä vähän yksinkertaisemmassa muodossa.
Uusi Lokki toimii nyt myös vanhemmissa Android-puhelimissa (käyttöjärjestelmäversio 2.3.3) ja myös Windows Phone 8 –versio on meillä työn alla.
Lähitulevaisuudessa keskitymme lisäämään Lokkiin toiminnallisuutta perheitä varten. Haluaisimmekin kuulla teiltä, mitä toivoisitte! Olisiko Lokissa vaikkapa hyvä nähdä, missä lapset ovat olleet menossa vaikka viimeisen parin tunnin aikana, vai olisiko tämä tarpeeton tai jopa ei-toivottu ominaisuus?
Kiitos teille kaikille, jotka jaksoitte lukea tänne asti. Kertokaapa meille, mitä mieltä olette uudesta Lokki 3.0 –sovelluksesta! Saatte meidät kiinni osoitteesta email@example.com kuten ennenkin.
Harri ja F-Securen Lokki-tiimi Ruoholahdessa Helsingissä
[Image by Metropolitan Transportation Authority of the State of New York via Flickr]
Not good enough. That's the assessment of the Parliament's Joint Committee that has been investigating the Draft Investigatory Powers Bill, which will set the guidelines for how the UK carries out intelligence gathering in this era when terror and cyberthreats are merging. And our Cyber Security Advisor Erka Koivunen who testified in front of the committee, agrees. "Sharper, clearer definitions are required in order to protect both the privacy of citizens and viability of the British tech industry," he said after reviewing the 198-page report. Legislators hope to pass the bill before the Data Retention and Investigatory Powers Act 2014 expires in December of this year. A few major problems stood out for Erka. "The committee’s case for Equipment Interference, known by some as 'hacking,' is persuasive and also give voice to the equally persuasive critics of the Government having the power to intrude upon communications in way that lawfully captures evidence," he said. "However, there appears to be little discussion about collateral damage caused by bulk equipment interference activities. We’ve seen in the Stellar Wind and Belgacom cases that equipment interference activity on non-terrorist and non-combatant organizations can be used to create stepping-stones to the intended targets, or as way to hide the intelligence traces that would point the operation back to GCHQ." Limiting the scope of investigations is key, along with allowing developers that ability to preserve the integrity of their products. "We support Mozilla and the open source community in the insistence that all vulnerabilities should be identified and fixed, regardless of who put them there," Erka said. The committee made a strikingly straightforward case for bulk collection of data, noting that search tools can make such information relevant. "However, the justification for such powers -- 'why would the authorities request the bulk powers if they didn't believe them to be effective' -- is simply naïve," Erka said. "It has been demonstrated many times over that GCHQ and NSA have invested lots of time and resources in bulk collection. It is only natural for them to defend their investment and seek to continue their work without interruption. Doing otherwise would put past conduct under scrutiny and future activities in question." Privacy advocates generally agree that the bill should not become law in its current form. "It needs more than mere tweaking, it needs to be fundamentally rethought and rebuilt," said Lord Paul Strasburger, who was on the committee. "Like the other two committees, [we] found the Bill to be sloppy in its wording and short on vital details," he said. Erka notes that the clock is ticking quickly. "The 'sunset clause' now forces the UK Government to work against the clock as the old RIPA authorities will cease to exist in the near future. Talk about "going dark!'" The threat of a complete lapse in surveillance will be wielded by proponents of a purposely vague and broad law. That should not happen, especially given the abundance of input the government has. "The bill, as written, fails to address our concerns about the potential for abuse and lack of oversight. We applaud the committee for addressing these shortcomings—and encourage the Government not to use the rush to pass the law as an excuse to pass a flawed bill." Photo: GCHQ/Crown Copyright/MOD
Tuesday February 9th is Safer Internet Day this year. An excellent time to sit down and reflect about what kind of Internet we offer to our kids. And what kind of electronic environment they will inherit from us. I have to be blunt here. Our children love their smartphones and the net. They have access to a lot of stuff that interest them. And it’s their new cool way to be in contact with each other. But the net is not designed for them and even younger children are getting connected smartphones. Technology does not support parents properly and they are often left with very poor visibility into what their kids are doing on-line. This manifests itself as a wide range of problems, from addiction to cyber bullying and grooming. The situation is not healthy! There are several factors that contribute to this huge problem: The future’s main connectivity devices, the handhelds, are not suitable for kids. Rudimentary features that help protect children are starting to appear, but the development is too slow. Social media turns a blind eye to children’s and parents’ needs. Most services only offer one single user experience for both children and adults, and do not recognize parent-child relationships. Legislation and controlling authorities are national while Internet is global. We will not achieve much without a globally harmonized framework that both device manufacturers and service providers adhere to. Let’s take a closer look at these three issues. Mobile devices based on iOS and Android have made significant security advances compared to our old-school desktop computers. The sandboxed app model, where applications only have limited permissions in the system, is good at keeping malware at bay. The downside is however that you can’t make traditional anti-malware products for these environments. These products used to carry an overall responsibility for what happens in the system and monitor activity at many levels. The new model helps fight malware, but there’s a wide range of other threats and unsuitable content that can’t be fought efficiently anymore. We at F-Secure have a lot of technology and knowledge that can keep devices safe. It’s frustrating that we can’t deploy that technology efficiently in the devices our kids love to use. We can make things like a safe browser that filters out unwanted content, but we can’t filter what the kids are accessing through other apps. And forcing the kids to use our safe browser exclusively requires tricky configuration. Device manufacturers should recognize the need for parental control at the mobile devices. They should provide functionality that enable us to enforce a managed and safe experience for the kids across all apps. Privacy is an issue of paramount importance in social media. Most platforms have implemented good tools enabling users to manage their privacy. This is great, but it has a downside just like the app model in mobile operating systems. Kids can sign up in social media and enjoy the same privacy protection as adults. Also against their parents. What we need is a special kind of child account that must be tied to one or more adult accounts. The adults would have some level of visibility into what the kid is doing. But full visibility is probably not the right way to implement this. Remember that children also have a certain right to privacy. A good start would be to show whom the kid is communicating with and how often. But without showing the message contents. That would already enable the parents to spot cyberbullying and grooming patterns in an early phase. But what if the kids sign up as adults with a false year of birth? There’s currently no reliable way to stop that without implementing strong identity checks for new users. And that is principally unfeasible. Device control could be the answer. If parents can lock the social media accounts used on the device, then they could at the same time ensure that the kid really is using a child account that is connected to the parents. The ideas presented here are all significant changes. The device manufacturers and social media companies may have limited motivation to drive them as they aren’t linked to their business models. It is therefore very important that there is an external, centralized driving force. The authorities. And that this force is globally harmonized. This is where it becomes really challenging. Many of the problems we face on Internet today are somehow related to the lack of global harmonization. This area is no exception. The tools we are left with today are pretty much talking to the kids, setting clear rules and threatening to take away the smartphone. Some of the problems can no doubt be solved this way. But there is still the risk that destructive on-line scenarios can develop for too long before the parents notice. So status quo is really not an acceptable state. I also really hope that parents don’t get scared and solve the problem by not buying the kids a smartphone at all. This is even worse than the apparent dangers posed by an uncontrolled net. The ability to use smart devices and social media will be a fundamental skill in the future society. They deserve to start practicing for that early. And mobile devices are also becoming tools that tie the group together. A kid without a smartphone is soon an outsider. So the no smartphone strategy is not really an alternative anymore. Yes, this is an epic issue. It’s clear that we can’t solve it overnight. But we must start working towards these goals ASAP. Mobile devices and Internet will be a cornerstone in tomorrow’s society. In our children’s society. We owe them a net that is better suited for the little ones. We will not achieve this during our kids’ childhood. But we must start working now to make this reality for our grandchildren. Micke
Adblocking made waves last summer after Apple announced that it would bake content blocking capabilities into iOS 9. Content blocking lets users filter out content that they don’t want to load, and in this case, it worked with Apple’s Safari web browser. And there’s one kind of content that typically irritates people more than anything else – ads. So Apple’s content blocking capabilities swiftly lead to adblocking on iOS devices, with many companies developing these apps to help secure and improve people’s web browsing experience. This includes F-Secure, who released a free adblocking app last September. Now, F-Secure Labs has written up a brief whitepaper explaining, in detail, how F-Secure Adblocker works. Without getting into too much detail, F-Secure Adblocker basically checks for information about web traffic with F-Secure Security Cloud (a cloud-based service that powers many of F-Secure’s security products). If F-Secure Security Cloud is able to identify the source of web traffic as an advertising server, it lets Adblocker know, and Adblocker can filter out the advertising content, leaving you with the information about sports, news, business, or whatever else you’re browsing for. Using Adblocker also speeds up your browsing, protects you from malvertising, and saves bandwidth for those of you trying to save money on your data plans. Not bad for a free app. Plus, it all operates in accordance with F-Secure’s Privacy Principles. F-Secure can’t connect the information about your web traffic with anything else about you, so you don’t have to worry about sharing information with companies looking to exploit your personal data. The paper is a quick easy read and gives you a comprehensive breakdown about how Adblocker works, so it’s worth checking out if you’re interested in learning how products being ad free can improve your web browsing experience. [Image by Chris Schmich | Flickr]