Criminals aren’t just targeting your PC anymore. Whether your on your tablet, phone, Mac or laptop, you’re being targeted for scams designed to get your private information and money into their pockets.
And there’s even more you can do to make sure you’re not leaving yourself vulnerable. How many of these SAFE tips are you already following?
1. Keep your system, browsers, applications and security software patched and updated. Our free F-Secure Health Check makes this easy.
2. Lock your cell phone, tablet and PC when they’re not in use.
3. Use unique, complex passwords for all of your most important accounts. Our Key app makes that easy.
4. Keep your email inbox organized and spam free so you’ll recognize suspicious emails when you get them.
5. Use official app stores to find new software for your mobile devices.
6. Check the reviews on any app before you install.
7. Check your apps permissions to see what you’re sharing. Our free Permissions app for Android.
8. Remember there’s no such thing as “private” on a social network. Your friends can share whatever you post with the world.
9. Use a VPN when connecting through an unsecured WiFi. Freedome by F-Secure gives your phone VPN protection.
10. Are you sharing your location without even realizing it? Your photos and your social media accounts may be announcing where you are to strangers. Check your settings.
11. Set up a separate, Java-free browser dedicated just to shopping and banking.
12. Always check your URLS before filling out a form. You’re looking for a padlock and https, which means secured, and that you’re on the domain you meant to be on.
13. Don’t let your device connect to public WiFi spots automatically and delete old WiFi access points you’ve used when you arrive home.
14. Check the credit card you use for online purchases regularly for unusual activity.
15. When using a business’s WiFi network, check with the establishment you’re at to make sure the network you log onto is really theirs, and not one a snoop has set up to trick you.
16. When at an ATM or using your devices in public, be aware of your surroundings and anyone who could be trying to peek over your shoulder.
17. In many countries you can use a travel router with a prepaid SIM card for your own personal WiFi network.
18. Assume anything you do over public WiFi is part of a public conversation.
19. Put masking tape over your webcam when you’re not using it.
20. Don’t share crucial identification information – Social Security number, account information, Mother’s maiden name—with sites you don’t know.
21. If you have any questions about a strange email you’ve received from your bank or credit card company, contact the institution directly, preferably by phone.
We’re glad you’re staying protected and hope you’ll consider F-Secure SAFE for complete protection for all your devices.
This is the final blog post in a series of three where we cover our privacy principles. I have earlier covered the fundaments and why security is a requirement for privacy. But privacy is not only about guarding your data and keeping it protected. It’s also about how we act as a company. If you select us as your provider, you want to know that we are acting in a responsible way and support your privacy in a broader sense. WE KEEP OUR MESSAGING RELEVANT Messaging and marketing towards customers is always a tricky issue that divides opinions. Some are allergic to all kinds of marketing messaging. Others don’t mind and may even find part of it useful. We may have several reasons to contact our customers. Part of it is no doubt promoting our product and service portfolio (yes, marketing), part is necessary info related to the products you use. We also produce generic security and privacy information that we think is of interest, even if it doesn’t relate directly to our products. Our aim is to give you a messaging stream with an optimal signal to noise ratio. And you can fine-tune the stream by opting in or out to some content. WE ARE THE GOOD GUYS There are strong global forces that want to scarify privacy for economic and diplomatic gains. This means that privacy isn’t just a technical issue anymore, it’s a highly ethical and political issue as well. The time has come when we need to choose sides. F-Secure’s choice is clearly to speak out against the privacy-hostile development. It would not be right to just sell you tools guarding your privacy and at the same time be quiet about the threats. We do demand change, for example in the Digital Freedom Manifesto. Also check out @Mikko at TED, nobody says it better than him. TRANSPARENCY All this sounds fine, but do you believe us and will you trust us? It is so easy to write beautiful phrases, but you as a customer have very little tools to verify our claims. That’s why we need transparency. We want to be a forerunner and openly declare what data we collect, how we handle it and what principles we adhere to. That’s the best way to differentiate from those who just use privacy as a marketing message. These principles will help us provide solutions that protect your privacy. As you can see, that’s not a simple task and it requires commitment at all levels of the organization. Publishing these principles is just the tip of the iceberg, what really matters is how we do our ordinary daily work. We need to keep the principles in mind at all time when designing systems and processes, to ensure they never are violated. Maybe I’m a dreamer, but I would very much love to be a digital citizen in a society that fully implement principles like this. It seems like a futile wish at the moment, but we are at least doing what we can to strive for it. The society may be hostile towards your privacy, but we at F-Secure work hard to make the principles real at least in a small part of the digital world. Our own products. That’s a good start, now you have a choice. If you like these principles, you can improve your privacy by selecting F-Secure. Safe surfing, Micke
In his recent video interview with The New Yorker, Edward Snowden advised viewers to get rid of Dropbox, Facebook and Google, saying such services are dangerous and should be avoided. But what do consumers think? Are you and I ready to follow his advice and switch to more secure services? To find out what people really think, we consulted our recent global consumer survey* where we had asked people just those types of questions. Here's what we found: 53% of survey respondents said they’d be willing to switch from services like Google to other more private services to avoid search-based profiling. 56% of people said they have become more wary of US-based Internet services in the past year. 46% of people said they would be willing to pay to be sure that none of their personal data transits via the US. 70% said they are concerned about the potential of mass surveillance by intelligence agencies in countries through which their data may be passing. 68% of respondents said they try to protect their privacy at least some of the time through the use of private browsing or incognito mode or by encrypting their communications. 57% of people said they are not okay with companies using their profile data in exchange for getting a free service. Germany, Brazil and the Philippines showed some of the highest levels of concern about data privacy. For example, when asked whether they’ve changed some of their Internet habits in recent months due to increased concerns about data privacy, an average of 56% of people said they had: 45% in the UK, 47% in the US, and 49% in France, and going even higher to 60% in Germany and 67% in both Brazil and the Philippines. Are you ready to start using more private, secure services too? If so, F-Secure has some great options. Our online storage and sync service, younited, is fully encrypted for security and privacy from the ground up. F-Secure Freedome encrypts your connection wherever you are, even on public WiFi, and protects you from hackers and Internet trackers. And free F-Secure App Permissions lets you know which mobile apps you've installed are a threat to your privacy. *The F-Secure Consumer Values Study 2014 consisted of online interviews of 4,800 age, gender and income-representative respondents from six countries, 800 respondents per country: US, UK, France, Germany, Brazil and the Philippines. The study was designed together with Informed Intuitions. Data was collected by Toluna Analytics in July 2014. Image courtesy of greensefa, flickr.com
Whistleblowers have changed the world and there’s still a lot of hidden secrets that the public really should know about. High-profile leakers like Snowden, Manning and Assange are known globally, and are paying a high price for their courage. But only a few are dedicated enough to blow the whistle in public - most leakers want to carry on with their normal lives and remain anonymous. Snowden did no doubt show the way for others, and there are already several who have tried to leak and remain anonymous. That’s not easy and the stakes are high! Which is underlined by the recent news about the feds discovering one leaker. But is it even possible to leak anonymously in this word that in many ways is worse than Orwell’s fictive surveillance nightmare? Let’s list some advice for the case you would like to leak by phone to a journalist. I guess not many of you readers will ever be in a situation where you need this. But read on, this is highly interesting anyway and tells a lot about how our digital word works. Ok, let’s assume the worst case. The secrets you want to leak affects US national security, which means that your enemy is powerful and can use top surveillance against you. Let’s also assume it’s info you have authorized access to. And that you want to talk on the phone to a journalist. Here’s some basic rules and hints that may prevent you from ending up behind bars. First you need to assess how many persons have access to the data. They will all be on a list of suspects, together with you. The shorter the list, the bigger the risk for you. Your mobile phone is a tracking device. The cell phone network knows what base station you are connected to at any time. Other services can record and store even GPS-accurate position data. All this is accessible to the agents and you must make sure it doesn’t reveal you. Needless to say, your own phone does not participate in this project. You need to find out who you should leak to. Never do this research from your own computer because your search history can reveal you. It leaves traces both in your computer and in your user profile at Google (unless you know what you are doing and use privacy tools properly). Do this research from a public computer. Make sure you have never logged in to any personal account from this computer. You need a “burner phone” to do the leaking. This is a phone that can’t be connected to your identity in any way. Here’s some rules for how to use it: It is always switched off with the battery removed when not in use. Just using the power button does not cut power from all parts of the device. It is never switched on in or close to your home. The agents can easily find out what base station it was connected to and turning it on near home can make you more suspected than others. It is never switched on in or close to your vehicle. Base station records for the phone may correlate with traffic cameras storing your registration plate. This is especially important if you have a modern car with a built-in data connection for service monitoring etc. Never user the burner for any other contacts. Even a single call to your spouse creates a record that ties you to the phone. Needless to say, never store any other info in the phone than what you need for this project. You always leave your own phone at home when going out to use the burner phone. Otherwise the agents can see that your own phone “happen” to be in the same base station when the burner is used. Leave your own phone turned ON at home when you go out with the burner. Otherwise you create a recognizable pattern where your own phone turns off and the burner turns on, and vice versa, in a synchronized manner. Leave any other wireless devices at home. Tablets, wireless mobile payment devices, anything else with a radio transmitter. Using a voice changer is necessary especially if the list of suspects is short. Assume that your calls can be recorded and your own voice checked against the recording. Get the burner phone. Scout for a dealer with old-looking or insufficient security cameras located not too close to your home. Remember that the agents may locate the shop where the burner phone was sold, get the security camera recording and compare against the list of suspects. Even better, ask someone else to buy the phone for you. Choose a cheap non-smart prepaid phone with removable battery. Pay cash and make sure you don’t reveal your identity to the seller in any way. Safely destroy any receipts and other paperwork related to the purchase. Think about where to store physical items that can tie you to the leak. Such items are the burner phone and related documents or data media. This is especially important if the list of suspects is short. Storing such items at home, at your workplace or in your vehicle will reveal you if the agents perform a search. Try to find some other place that is safe and can’t be tied to you. Now you are ready to contact the journalist. Be very rigid with the rules for how to use the burner phone. There are also some additional rules for this situation: Dress discreetly to avoid sticking out in surveillance camera footage. Be far enough from home when making the call. Turn the burner on, make the call and turn it off again right away. Avoid public places with surveillance cameras when the burner is on. Do not use your credit card during this trip. Pay cash for everything. Any other personal payment instruments, like public transportation payment cards, is a big no-no as well. You have to assume that journalists dealing with leaks are being watched constantly. Assume that the hunt is on as soon as you have made the first contact. Try to wrap up the project as quickly as possible and minimize the number of times you turn on the burner phone. When you are done, dispose all items related to the leak in a secure way. The trash can of your own house is NOT secure. Dump the phone in the river or put it in a public trash sack far enough from home. The truly paranoid leaker will break the phone with gloves on. The outer shell can contain fingerprints or traces of your DNA and the electronics the traceable phone ID. It’s good to make sure they end up in different places. Huh! That’s a lot to remember. Imagine, all this just for maintaining privacy when making a phone call! But you really need to do it like this if the big boys are after you and you still want to continue as a free citizen. I hope you never need to go through all this, and also that you do it right if you have to. Disclaimer. This text is mainly intended as a demonstration of how intrusive the surveillance society is today. We provide no guarantee that this will be enough to keep you out of jail. If you really plan to become a whistle blower, research the topic thoroughly and get familiar with other sources as well (but remember what I wrote about researching from your own computer). Safe whistle blowing, Micke