free good or bad

Free – good or bad?

It’s always nice to get something for free. Or is it? There are really some free lunches on the net. But what appears to be free can have a hidden price, which often is paid by other means than money.

Internet did for a long time lack payment models and everything on the net was truly free. This was fine on a net that was an academic tool and playground for enthusiasts. Our Internet of today is totally different, and to a large extent business driven. But the culture of getting stuff for free on the net is deeply rooted. People are used to free stuff, or are hesitant to use payment on the net in fear of fraud. This has created a lot of new business models based on free products and services. Either genuinely free or with a hidden compensation. One of the important skills for today’s cybercitizens is to recognize these business models and understand the hidden risks and compensations. Read on to learn how.

Before you take the bait you should always ask yourself: Why is this thing offered for free? That’s the key questions as the vendor’s motives dictate if the product or service is safe to use. First look for info about who made the product and why. Then try to place it in one of the categories below. Now it will be a lot easier to make an educated guess about how safe it is.

Ad-financed

A very common way to provide free products or services. Ads are showed to you and the vendor gets money from the advertisers. Be careful with ad-ware your children are using. You have no control over the ads and some content may be unsuitable. Otherwise these are mostly legit if you don’t find the ads too annoying.

User profiling

“If you don’t pay for the product, then you ARE the product.” This is taking ad-ware to the next level. Big data companies like Facebook and Google offer their services for free, but create extensive profiles over their users and utilize them for marketing purposes. This is a privacy problem as you have no control over what data they collect and how it is (mis)used. Intelligence agencies are on top of that also eager to tap into your data. If Facebook knows something about you, then NSA knows too. The problem here is that it is very hard to know what price you really pay for the “free” service. You should consider if the privacy risk is worth taking for the value you get in return.

Hobby and ideological

Many create programs and web services for fun. Giving it away and seeing that people really use it is part of the joy. Some may also have ideological motives, like fighting corporate dominance, guarding peoples’ privacy or defeating net espionage. Products in this category are genuinely free and there’s no hidden compensation. The Firefox browser is an excellent example. The Linux operating system is another.

This “business model” is safe for the customer, but the products and services may not always be the safest choice technically. Providing safe software is a tough task and requires constant maintenance. Hobbyists are not always professional enough for this. In this category you will find a wide range of products with technical security ranging from excellent to very poor. It’s also futile to expect good support services in this category, unless the product has a well-working user forum that provides peer-support.

Donation financed, “begware”

This is a variant of the previous class. Some providers of free software ask for donations openly. This is like a product with a voluntary payment. A lot of people will use the product for free, but some will contribute a couple of bucks to cover the vendor’s expenses. Wikipedia is a good example. BTW, have you ever donated to them? I have and I think it’s very well spent money. The value I get in return is far greater.

Taxpayers’ money

Some free services are provided with tax-payers’ money. These are typically OK to use. Quality might vary tough, as the public sector often lacks the culture of customer service and competitiveness.

Upselling or service fees

Many vendors provide a basic product or service for free, and more functionality or capacity for a price. This is a nice way to let customers try it out and decide later if they need the paid version. Sometimes the product is entirely free and the business model is based on selling support services for it. There’s nothing wrong with this business model and the products are usually OK if the vendor is trustworthy.

Bundles

Getting something for “free” when buying something else is a common marketing trick. It’s not really a free product, the pricing scheme is just set up to hide its true cost. A common example is receiving a “free” mobile phone or 4G-dongle when signing up for a 2-year subscription. Hardware prices are declining and many people have a misconception that these bundled items are worth more than they really are.

Pirated content

Some content is offered to you free of charge and with no strings attached, but the distributor lacks the right to distribute it. Distributing stuff without permission is illegal practically everywhere, but your status as receiver is not as clear. Whether it is a crime to download the stuff depends on your country’s legislation. Also remember that the common peer-to-peer sharing networks, like BitTorrent, both download and share at once. It’s also common to distribute malware masqueraded as pirated software. The safest way is to look for the content’s original vendor or distribution point, and download it from there. Then you will learn if it really is free, and lose the malware as an extra bonus.

Scams and malware

Malware and scams are often masqueraded as free offerings. Be extremely careful if you are tempted to sign up for anything that sends you “free” information as text messages. Your mobile phone number is a payment method and scammers can charge you for bogus messages sent to your mobile. It can be next to impossible to get them cleaned off the bill. What you think is a handy utility program may also turn out to be malicious software. If you can’t figure out why the tool is free, the real reason may be to plant malware in your computer or mobile device.

Let’s finish with a checklist for people considering using a free service or product:

  1. Find out who made it. Check if the vendor declares openly why the product is free.
  2. Check if the vendor offers paid alternatives to the free version and how they differ.
  3. Try to figure out what category the free offering belongs to.
  4. Is the vendor trustworthy? You shouldn’t use software from untrusted sources even if it’s free.
  5. Finally consider if the free offering really is what you want. Sometimes it’s a great alternative to expensive products, sometimes you pay a high hidden price just to save a couple of bucks. And sometimes the free alternatives just aren’t up to the task and you would be better off with a professionally made product. Consider if it really is smart to save a couple of dollars and insert potentially unreliable code in the system with all your irreplaceable content?
  6. If you still are uncertain, search for user opinions on the net. The true free gems, like Firefox and Linux, have huge user bases and you can find a lot of info about them. Be careful if you have problems finding independent opinions about a free product you consider.

Safe surfing,
Micke

More posts from this topic

winners

Why F-Secure’s the 4th Most Attractive Employer for IT Students

IT companies used to have a pretty bad image. It’s not that they’re bad companies giving people bad jobs. They just never screamed “job satisfaction” to the general public. The stereotype of IT companies as inhuman, mundane places to work became so well-known that a hilarious comedy from the 90’s called Office Space satirized the idea. The movie told the story of a disgruntled programmer who rebelled against the soulless, life-sucking office environment of the IT company he worked for in order to find happiness. The movie and the stereotype are a bit old now. But I think it’s still safe to assume that the environment represented in Office Space, and the lifestyles of the people who work there, is something everyone would like to avoid. And according to Universum – a research firm that specialized in employer branding – F-Secure is ahead of the game in offering people a place where they’d actually LIKE to work. At least according to IT students. F-Secure was ranked as the 4th most attractive employer amongst Finnish IT students in Universum’s 2016 Most Attractive Employers ranking (up from 5th in last year’s rankings), beat out only by Google, Microsoft, and Finnish game company Supercell. So what is it that makes F-Secure such an appealing employer? Well, here’s a few things we’re doing that separates us from the kind of company shown in Office Space. We don't box people into cubicles People at F-Secure aren’t expected to isolate themselves from other Fellows and sit by themselves in cubicles. Our Fellows work together in whatever way makes them feel comfortable. In fact, as a global company with offices and people working all over the world, we often think outside the box and take whatever approach lets people work together to get the best results. We don’t stop at securing computers – we secure society This sentiment, recently expressed by F-Secure Chief Research Officer Mikko Hypponen, highlights the importance of what we do at F-Secure. We deal with real adversaries and security threats, whether that’s an advanced persistent threat group working on behalf of a government, or a gang of online extortionists looking to spread ransomware or steal data to blackmail people. Having active adversaries to work against presents us with a constantly evolving set of threats to people and companies. The opportunity to combat those threats makes our days challenging, but exciting and fulfilling. We know how to chill out Cyber security is a tough business. As mentioned above, we deal with real adversaries and threats. When we’re doing our jobs, we’re focused 100% on winning. But we also understand it’s important to be able to unwind, so Fellows are encouraged to enjoy themselves at work. Our HQ has things like a sauna, a gym, games, and other things for people to enjoy when they need to step out of the fight for a few minutes. With great power comes great responsibility, but everyone needs some time to chill out (even if it’s in a scorching hot sauna). So F-Secure has a lot going for it, and based on Universum’s rankings, it looks like that’s paying off. But why don’t you tell us what’s most important to you in a workplace. Finnish IT students already think F-Secure would be a great place to work, but we’re always ready to do more. And why not check out our current openings to see if there’s a place that’s right for you. [polldaddy poll=9407357] Image: A team of Aalto University students that won an award for a software project sponsored by F-Secure. Read more here.

May 4, 2016
BY 
mikko hypponen WPFD

VIDEO: Mikko Hypponen at World Press Freedom Day

Today is World Press Freedom Day – a day created by UNESCO in recognition of the importance of free speech, as well as the important role journalists play in using this right to help inform citizens about what’s going on with the world around them. This year’s main event is being held in Helsinki, Finland, and co-hosted by the Finnish government. There was lots happening at Finlandia Hall – the event’s “ground zero”. And because Finland is home to F-Secure’s headquarters, we were there in full force to express our support for the journalists who, according to Reporters without Borders, put their privacy, freedom, and even their lives on the line to keep us all informed. Mikko Hypponen, F-Secure’s Chief Research Officer, delivered a keynote address ahead of a discussion called “Protecting your rights: Surveillance Overreach, Data Protection, and Online Censorship”. “But right now, over the last couple of years, the biggest changes in this field have not been with online crime. They’ve been with governments entering the online, cyber attack business,” Hypponen told the audience. [youtube https://www.youtube.com/watch?v=l4InPx7xraI?start=754] After his speech, Mikko shared some additional thoughts on Apple vs. the FBI, and World Press Freedom Day. [youtube=https://www.youtube.com/watch?v=BBINozrQGlc&w=420&h=315] Sean Sullivan was also there, along with one of F-Secure Labs’ forensic analysts to help journalists check their devices, and provide security tips on how they can protect their data. “Without privacy, we can’t have free press. And without a free press, we cannot have democracy. And without democracy, we cannot have freedom,” Mikko told the audience. And that’s not just rhetoric – it’s something we’re backing up. Any journalist interested in using encryption to protect themselves against unwanted surveillance can get in touch with us before May 15 to get a free, 3-device, 12-month subscription for F-Secure's Freedome VPN, which lets users encrypt their communications, block tracking attempts and malicious websites, and change their virtual location. All journalists need to do is send a confirmation of their valid press credentials (for example, an image) by direct message to our Twitter feed (@FSecure) before May 15. Edited to add: We also caught a panel discussion about digital threats to journalists with F-Secure Cyber Security Advisor Erka Koivunen, Tanzanian journalist and newspaper editor Dennis Msacky, and University professor, writer and journalist Hanna Nikkanen. [youtube=https://www.youtube.com/watch?v=WYifFDj2UaI&w=420&h=315]

May 3, 2016
BY 
842710939_d8f092ed9f_b (1)
April 28, 2016
BY