using latitude

F-Secure Lokki 3.0 is out — what’s new?

Dear old and new friends of F-Secure Lokki!

Hei F-Secure Lokin ystävät!

In Finnish / suomeksi: Tämän tekstin lopussa on suomenkielinen yhteenveto uudesta F-Secure Lokki –sovelluksesta! Voit lukea tekstin alkuosan englanniksi tai hypätä suoraan loppuosaan.

F-Secure Lokki is the most accurate and battery friendly personal location sharing app to connect you with your friends and family members. Across the world thousands of people have been taking Lokki into use since mid August when we launched the first version for iPhone and Android devices. We have this week launched a major update to Lokki for iPhone and Android. You can download the new 3.0 version from iTunes and Google Play. For more information on Lokki please visit the F-Secure product page.

We have received a tremendous amount of feedback from all over the world towards Lokki 1.0 and 2.0. This has been really fantastic as it has helped us to improve Lokki. Some of the feedback has been somewhat contradictory so we have decided which way to go. We have read all emails and we have met with a large number of Lokki users during the last couple of months. BIG THANKS to everyone who have spoken with us or sent us messages! Keep them coming! We are making this product for YOU!

Let me tell a few words about this new version 3.0, especially for the old Lokki users out there.

The new Lokki 3.0 in a nutshell

A short summary of the changes in Lokki 3.0 goes as follows: The location accuracy has gone up and the battery consumption has gone down. This has been accomplished by re-writing the software that connects your phone with the Lokki servers. The old Lokki app in your phone was reporting your location every 5…15 minutes to the server, all the time, and especially when there was no WiFi coverage this was consuming quite a lot of battery. The new Lokki reports your location to the Lokki servers only when you or someone in your Lokki group is requesting your location. As you can imagine, most of the time during the day and night there is nobody requesting this information, so your phone does not need to check its location that frequently from the GPS satellites and WiFi networks. A side effect of this change is that we no longer can show the ”has arrived” and ”has left” notifications — they are likely to come back partially in a future version of Lokki, though.

We removed the chat functionality we had built into Lokki after most Lokki users told us that our chat is not on par with the messaging apps they prefer to use. Lokki is primarily about private location sharing so we decided to put our focus on that area and not start competing against the existing chat apps out there. We will be smoothening the interplay of the Lokki app and the messaging app in your phones in the future releases of Lokki.

The most visible change in Lokki 3.0 is that we have replaced the places with a map view. This was a really difficult decision for us because we had feedback from many people that they were really in love with the cool-looking places. However, we also heard feedback that the places were a bit complicated to use, there were false reports of people arriving and leaving places, some people preferred the map view in general, and some people said that the places look a bit childish. The main reason for our design decision was the drive to simplify the new Lokki version and to get it launched as soon as possible, since we had a continuous flow of feedback indicating that quite a many people were not satisfied with the location accuracy or the power consumption in Lokki 2.0. We have an initial plan of bringing the places back, perhaps a bit simplified, in an upcoming release of Lokki.

As a bonus we are happy to tell that the new version of Lokki on Android has now been built so that it also works in the older Android devices (version 2.3.3), and those are very common among children.

Finally a replacement for Google Latitude!

We have heard from some Lokki users that Lokki has become a Google Latitude replacement for them. Google discontinued their highly popular Latitude service earlier this year and we are happy to see Lokki taking that role now. The new Lokki 3.0 is actually a very compelling Google Latitude replacement, coming from a reputable European security software house, and working on both Android and iOS devices.

That was the SHORT summary! ;-) Below you will get a more detailed description of the new things in the new Lokki 3.0. Parts of that description are somewhat technical because we know that some of the very early users of Lokki 1.0 and 2.0 are somewhat technically-minded, some might even call them nerds, in a positive way. Others may leave this text now, and we say thank you! :-)

From phone numbers to emails

The old Lokki used your phone number as your username or identity and in the new Lokki we have changed to use the email address for this purpose. You need to use a unique email address per device i.e. if you have an Android phone and an iPad, you need to use different email addresses in those to sign up to Lokki. We debated this change internally a lot and eventually chose the email because it is more commonly used in online services as the user ID and it will allow us to e.g. send Lokki users informative updates more easily than over text messaging. In the old Lokki we did not have the email address of users at all, and there are countries in the world that do not allow service providers to send mass postings via text messages, even if there is no direct marketing content in the messages.

When you allow other people to see you in Lokki, Lokki will show you the people names with email addresses it retrieves from the contacts list in your phone. If a person does not have an email address defined, she or he won’t be visible in the Lokki invitation list, and you need to add the email address first via the Contacts app in your device. We plan to simplify this further in the upcoming Lokki releases.

Lokki and kids

Children can still use Lokki legally (with the exception being the 13 year age limit in the USA due to the Children Online Privacy Protection Act a.k.a. COPPA) so also they will need to have an email address when signing up for Lokki. Or to be exact, the device they are using to sign up needs to have a unique email address. In any case, it is good to be aware of what kind of apps your kids are installing and using in their mobile devices. Have you checked the age limits of some of the wildly popular social media sites or chat apps your kids may be using, by the way?

Read the small print — a.k.a. the Frequently Asked Questions

Many of the detailed issues around the new Lokki 3.0 are covered in the Frequently Asked Questions and you can find that in the F-Secure community knowledge base.

Lokki for Nokia Lumia and other Windows Phones

A word about Lokki on Windows Phone 8. We have an early test version of the Lokki app that runs in a beautiful yellow Nokia Lumia 520 phone. We hope to be able to release the Windows Phone 8 version in the near future when it is fully tested and free of glitches. The Windows Phone operating system is a bit different from Android or iOS and this has introduced some extra hurdles during the development process.

Beta, lean startup and pivot

We fully realize that the changes introduced with this new 3.0 version of Lokki may look awkward for many of you. You need to sign up again to Lokki and your friends and family members need to do the same. All Lokki users will need to have an email. Plus if you liked your places, you no longer can see them. :-/ However, after you are done with the initial setup, we believe you will love the new Lokki! We began to develop Lokki as a free app last spring with the goal to build the world’s best people location sharing app that is secure and fun. In the summer we had F-Secure fellows testing the beta version and in August we launched the app to the world. In “lean startup” style we have been continuously listening to Lokki users and improving the app. By early November we realized that we will not be able to satisfy Lokki users with our GPS location tracking solution; the continous location reporting simply ate too much battery and the battery consumption optimizations had an impact on the location reporting accuracy. In lean startup terms we decided to “pivot” Lokki into a new direction. Many Lokki users liked the product concept but expected it to work like Sports Tracker or RunKeeper i.e. continuously tracking the location of everyone on your display but at the same time they expected there to be negligible impact on the phone battery life. This unfortunately cannot be done on modern smartphones, especially when the service needs to run reliably on Android, iOS, and Windows Phone devices. We really like the new Lokki and feel it is superior in many ways to the earlier version, and we will be incorporating elements from the old design to the app in the future releases.

To trace or not to trace — what is your opinion?

Our short-term priorities now include a ’family pack’ functionality for Lokki, in addition to the Windows Phone 8 support. One feature that we are debating is people tracking history. As a security software company we are cautious about any ’big brother’ functionalities — yet we get requests that people would like to be able to see where their children have been. How do you feel about this? And is there some other family feature you would like to see in Lokki?

One more thing

Old users of Lokki probably noticed that Lokki 3.0 now has a new app icon. We felt that since the places are gone from this version, at least for a while, we should evolve also the icon a bit to reflect the changing functionality in the app. We hope you like the new icon!

Thanks for your support and please let us know how you feel about the new Lokki! You can reach us at lokki-feedback@f-secure.com as before.

Kind regards,

Harri and the Lokki team at F-Secure in Helsinki, Finland

In Finnish / suomeksi lyhyt yhteenveto uudesta Lokki 3.0-versiosta:

Lokin paikannustarkkuus on parantunut ja puhelimen virrankulutus laskenut. Tämän saimme aikaiseksi toteuttamalla puhelimen ja palvelimen välisen paikkatietojen välityksen uudella tavalla. Vanha Lokki lähetti puhelimen paikkatiedon palvelimelle joka 5…15 minuutin välein kellon ympäri ja uusi Lokki lähettää paikkatiedon vain silloin kun joku oman piirini Lokki-käyttäjä sitä kysyy. Kolikon kääntöpuoli on tässä se, että aiemmat ”on lähtenyt” ja ”on saapunut” –viestit on jouduttu jättämään pois — saatamme tosin tuoda niistä jatkossa Lokkiin yksinkertaisemman version.

Jätimme uudesta Lokista myös pikaviestimen pois. Suuri osa käyttäjistä kertoi meille, että Lokin chat ei ole tarpeeksi hyvä, joten me päätimme keskittyä turvalliseen ja tehokkaaseen paikkatiedon jakamiseen ja jättää pikaviestimen kehittämisen muille. Jatkossa Lokista pääsee helposti hyppäämään puhelimessa oleviin pikaviestinsovelluksiin.

Näkyvin muutos uudessa Lokissa on paikkasymbolien korvaaminen karttanäkymällä. Todella moni on kertonut meille pitävänsä näistä paikoista paljon, mutta vielä useampi on kritisoinut paikannustarkkuuden ja virrankulutuksen tasoa. Halusimme tuoda nämä parannukset Lokin käyttäjille mahdollisimman nopeasti, joten jouduimme jättämään paikat pois tästä Lokki-versiosta. Jatkossa saatamme tuoda paikat takaisin, ehkä vähän yksinkertaisemmassa muodossa.

Uusi Lokki toimii nyt myös vanhemmissa Android-puhelimissa (käyttöjärjestelmäversio 2.3.3) ja myös Windows Phone 8 –versio on meillä työn alla.

Lähitulevaisuudessa keskitymme lisäämään Lokkiin toiminnallisuutta perheitä varten. Haluaisimmekin kuulla teiltä, mitä toivoisitte! Olisiko Lokissa vaikkapa hyvä nähdä, missä lapset ovat olleet menossa vaikka viimeisen parin tunnin aikana, vai olisiko tämä tarpeeton tai jopa ei-toivottu ominaisuus?

Kiitos teille kaikille, jotka jaksoitte lukea tänne asti. Kertokaapa meille, mitä mieltä olette uudesta Lokki 3.0 –sovelluksesta! Saatte meidät kiinni osoitteesta lokki-feedback@f-secure.com kuten ennenkin.

Terveisin,

Harri ja F-Securen Lokki-tiimi Ruoholahdessa Helsingissä

[Image by Metropolitan Transportation Authority of the State of New York  via Flickr]

More posts from this topic

5825408292_11759e3304_o

Only 10% protected – Interesting study on travelers’ security habits

Kaisu who is working for us is also studying tourism. Her paper on knowledge of and behavior related to information security amongst young travelers was released in May, and is very interesting reading. The world is getting smaller. We travel more and more, and now we can stay online even when travelling. Using IT-services in unknown environments does however introduce new security risks. Kaisu wanted to find out how aware young travelers are of those risks, and what they do to mitigate them. The study contains many interesting facts. Practically all, 95,7%, are carrying a smartphone when travelling. One third is carrying a laptop and one in four a tablet. The most commonly used apps and services are taking pictures, using social networks, communication apps and e-mail, which all are used by about 90% of the travelers. Surfing the web follows close behind at 72%. But I’m not going to repeat it all here. The full story is in the paper. What I find most interesting is however what the report doesn’t state. Everybody is carrying a smartphone and snapping pictures, using social media, surfing the web and communicating. Doesn’t sound too exotic, right? That’s what we do in our everyday life too, not just when travelling. The study does unfortunately not examine the participants’ behavior at home. But I dare to assume that it is quite similar. And I find that to be one of the most valuable findings. Traveling is no longer preventing us from using IT pretty much as we do in our everyday life. I remember when I was a kid long, long ago. This was even before invention of the cellphone. There used to be announcements on the radio in the summer: “Mr. and Mrs. Müller from Germany traveling by car in Lapland. Please contact your son Hans urgently.” Sounds really weird for us who have Messenger, WhatsApp, Facebook, Twitter, Snapchat and Skype installed on our smartphones. There was a time when travelling meant taking a break in your social life. Not anymore. Our social life is today to an increasing extent handled through electronic services. And those services goes with us when travelling, as Kaisu’s study shows. So you have access to the same messaging channels no matter where you are on this small planet. But they all require a data connection, and this is often the main challenge. There are basically two ways to get the data flowing when abroad. You can use data roaming through the cellphone’s ordinary data connection. But that is often too expensive to be feasible, so WiFi offers a good and cheap alternative. Hunting for free WiFi has probably taken the top place on the list of travelers’ concerns, leaving pickpockets and getting burnt in the sun behind. Another conclusion from Kaisu’s study is that travelers have overcome this obstacle, either with data roaming or WiFi. The high usage rates for common services is a clear indication of that. But how do they protect themselves when connecting to exotic networks? About 10% are using a VPN and about 20% say they avoid public WiFi. That leaves us with over 70% who are doing something else, or doing nothing. Some of them are using data roaming, but I’m afraid most of them just use whatever WiFi is available, either ignoring the risks or being totally unaware. That’s not too smart. Connecting to a malicious WiFi network can expose you to eavesdropping, malware attacks, phishing and a handful other nasty tricks. It’s amazing that only 10% of the respondents have found the simple and obvious solution, a VPN. It stands for Virtual Private Network and creates a protected “tunnel” for your data through the potentially harmful free networks. Sounds too nerdy? No, it’s really easy. Just check out Freedome. It’s the super-simple way to be among the smart 10%.   Safe surfing, Micke   PS. I recently let go of my old beloved Nokia Lumia. Why? Mainly because I couldn’t use Freedome on it, and I really want the freedom it gives me while abroad.   Image by Moyan Brenn  

August 24, 2015
BY 
suicide

Forget the personality tests – Ask Facebook instead (Poll)

It’s amazing how advertising can power huge companies. Google has over 57 000 employees and some 66 billion US dollars in revenue. And Facebook with 12 billion and 10 000 employees. These two giants are the best know providers of ad-financed services on the net. And modern advertising is targeted, which means that they must know what the users want to see. Which means that they must know you. Let’s take a closer look at Facebook. We have already written about their advertising preferences and I have been following my data for some time. Part of the data used to target ads is input by yourself, age, gender, hometown, movies you seen etc. But Facebook also analyzes what you do, both in Facebook and on other sites, to find out what you like. It’s obvious how the tracking works inside Facebook itself. Their servers just simply record what links you click. Tracking in the rest of the net is more sinister, it’s described in this earlier post. Your activity record is analyzed and you are assigned to classes of interest, called “Your Ad Preferences” by Facebook. Advertisers can then select classes they want to target, and the ad may be shown to you based on these classes. You can view and manage the list using a page that is fairly well hidden deep in Facebook’s menus. Let’s check your preferences in moment, but first some thoughts about this. Advertising may be annoying, but it is the engine that drives so many “free” services nowadays. So I’m not going to blame Facebook for being ad-financed. I’m not going to blame them for doing targeted ads either. That can in theory be a good thing, you see more relevant ads that potentially can be of value to you. But any targeted ad scheme must be based on data collection, and this is the tricky part. Can we trust Facebook et al. to handle these quite extensive personal profiles and not misuse them for other purposes? It’s also nice that Facebook is somewhat open about this and let you view “Your Ad Preferences” (Note. Not available in all countries.). But that name is really misleading. The name should be “Facebook’s Ad Preferences for You”. Yes, you can view and delete classes, but that gives you a false sense of control. Facebook keeps analyzing what you do and deleted classes will reappear shortly. I made a full clean-up a couple of months ago, but now I have no less than 210 classes of interest again! This is really amazing if you take into account that I block tracking outside of Facebook, so those activities are not contributing. And I have a principle of not clicking ads in any on-line media, including Facebook. And liking commercial pages in a very restrictive manner. But the thing is that Facebook has realized that people dislike ads. “Suggested posts” or “Sponsored posts” are in fact masqueraded ads and any interaction with them will record your interest in the classes they represent. I have to admit that I do click this kind of content regularly. And where did that suicide thing come from? No, I’m fine. I’m not going to jump off a bridge and I’m not worried about any of my dearests’ mental health. I have not interacted with any kind of Facebook content related to suicide. Except that I can’t know that for sure. Facebook tries to give an open and honest image of itself when presenting its Ad Preferences settings and the possibilities to manage them. But this rosy picture is not the full truth. The inner workings of Facebook advertising is in reality a very complex secret system. When you interact with something on Facebook, you have no way of knowing how it affects your profile. Something I have clicked was apparently associated with suicides even if I had no clue about it. Ok, time to take the Facebook personality test. Let’s see what kind of person they think you are. Follow these instructions: Go to Facebook and locate an ad, a “sponsored post” or a “suggested post”. These items should have a cross or a down-arrow in the upper right corner. Click it. Select “Why am I seeing this?” from the pop-up menu. This screen contains some interesting info but proceed to “Manage your ad preferences”. Review the list and come back here to tell us what you think of it. Delete the inappropriate classes. Deleting all may reduce the number of ads you see.   So let’s see what people think about this test’s accuracy:   [polldaddy poll=9023953]   So using Facebook’s Ad Preferences as a personality test may be entertaining, but not very accurate after all. You should probably look elsewhere for a real test. The catch is that you can select what test to take, but not how others collect data about you. Someone else may rely on this test when evaluating you. You have actually granted Facebook the right to share this data with basically anyone. Remember this clause in the agreement that you read and approved before signing up? “We transfer information to vendors, service providers, and other partners who globally support our business, such as providing technical infrastructure services, analyzing how our Services are used, measuring the effectiveness of ads and services, providing customer service, facilitating payments, or conducting academic research and surveys.” You did read it before signing, didn’t you?   Safe surfing, Micke   Image: Screenshot from facebook.com  

August 13, 2015
BY 
Password Manager

3 Password Tips from the Pros

Passwords are the keys to online accounts. A good password known only to account owners can ensure email, social media accounts, bank accounts, etc. stay accessible only to the person (or people) that need them. But a bad password will do little to prevent people from getting access to those accounts, and can expose you to serious security risks (such as identity theft). And sadly, many people continue to recycle easy to guess/crack passwords. A recent study conducted by researchers from Google attempted to nail down the most common pieces of advice and practices recommended by security researchers, and unsurprisingly, several of them had to do with passwords. And there were several gaps between what security experts recommend people do when creating passwords, and what actually happens. Here’s 3 expert tips to help you use passwords to keep your accounts safe and secure. Unique Passwords are Better than Strong Passwords One thing experts recommend doing is to choose a strong and unique password – advice many people hear but few actually follow. Chances are, if your password is on this computer science professor’s dress, it’s not keeping your accounts particularly secure. Many major online service providers automatically force you to choose a password that follows certain guidelines (such as length and character combinations), and even provide you feedback on the password’s strength. But security researchers such as F-Secure Security Advisor Sean Sullivan say that, while strong passwords are important, the value of choosing unique passwords is an equally important part of securing your account. Basically, using unique passwords means you shouldn’t recycle the same password for use with several different accounts, or even slight variations of the same word or phrase. Google likens that to having one key for all the doors in your house, as well as your car and office. Each service should get its own password. That way, one compromised account won’t give someone else the keys to everything you do online. A strong password will be long, use combinations of upper-case and lower-case letters, numbers, and symbols. The password should also be a term or phrase that is personal to you – and not a phrase or slogan familiar to the general public, or something people that know you could easily guess. But there are still many ways to compromise these passwords, as proven by The Great Politician Hack. So using unique passwords prevents criminals, spies, etc. from using one compromised password to access several different services. Sullivan says choosing strong and unique passwords for critical accounts – such as online banking, work related email or social media accounts, or cloud storage services containing personal documents – is a vital part of having good account security. Experts Use Password Managers for a Reason One study showed that the average Internet user has 26 different online accounts. Assuming you’re choosing unique passwords, and you fit the bill of an “average Internet user”, you’ll find yourself with a large number of passwords. You’ve now made your account so safe and secure that you can’t even use it! That’s why experts recommend using a password manager. Password managers can help people maintain strong account security by letting them choose strong and unique passwords for each account, and store them securely so that they’re centralized and accessible. Keeping 26 or more online accounts secure with strong and unique passwords known only to you is what password managers do to keep your data safe, which is why 73% of experts that took part in Google’s study use them, compared to just 24% of non-experts. Take Advantage of Additional Security Features Another great way to secure accounts is to activate two-factor authentication whenever it’s made available. Two-factor (or multi-factor) authentication essentially uses two different methods to verify the identity of a particular account holder. An example of this would be protecting your account with a password, but also having your phone number registered as a back-up, so any kind of password reset done on the account makes use of your phone to verify you are who you say you are. While the availability of this option may be limited, security experts recommend taking advantage of it whenever you can. You can find a list of some popular services that use two-factor authentication here, as well as some other great tips for using passwords to keep your online accounts secure. [Photo by geralt | Pixabay]

August 10, 2015
BY