Follow me on:

latest posts from Jason


This has been a huge week for Freedome. First we added virtual locations in Hong Kong and Singapore. Then the app became available across Asia. Now we're fully iOS 8-compatible on day one. You could use Freedome to protect your private data and choose from 12 different virtual locations on iOS 7. But it could be a hassle, requiring you to switch profiles or possibly lose connection. On iOS 8, your Freedome VPN connects and stays connected. That's it. How does it work? This video walks you through the process of pressing one button and getting on with your life. This simplicity is now available to a huge percentage of the world's population that hasn't had a chance to try out Freedome for free. “As hundreds of millions of users in Asia are hopping online through their broadband wireless and hundreds of Wi-Fi hotspots covering cafes to airports, mobile users are seeking ways to provide more privacy to their online surfing habits, Freedome will be the answer to this," our Security Advisor Su Gim Goh said. Beyond protecting your data when you're connecting on unsecured networks, Freedome offers anti-tracking protection that cloaks your data from the sites you choose to use. “Users in Asia today demand their rights to keeping their data private," he said. "Most important of all, with F-Secure’s Freedome, you're not leaving digital footprints on websites like online stores and social media sites, making them more untrackable to the aggressive advertising and profiling services on the Internet in this region."

Sep 18, 2014

On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS.  iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.    

Sep 9, 2014
Screen Shot 2014-08-14 at 4.01.30 PM

Our smartphones have rapidly transformed our lives for the better. We always know where we are. We're always connected. Most any bar bet can be settled in seconds. However they aren't as smart as they could be, says The New York Times' Farhad Manjoo. "For instance, your phone has access to your calendar, and it also knows your physical location," he wrote. "So why isn’t it smarter about sending you the right notification at the right time — for instance, not during a first date? Why can’t it prioritize alerts from your wife and your boss over notifications for tweets from your high school pals?" I'd add: Why isn't it better about letting you know when your connection is safe enough the activity you're engaged in? Because our phones and tablets are mobile, we're more likely to be using them over unsecured connection. And because these gadgets are so powerful, we're more likely to be using them to do the stuff we normally do on our PCs like banking and shopping. "Even if a Wi-Fi network has a password, that doesn't keep you safe from other people on the network," The Guardian's Daniel Tomilson notes. "It's very simple for any of them to see what you're doing and, in some cases, steal personal information or passwords." Tomilson's solution is to use a VPN on your device like our Freedome for iOS and Android devices. This way your activity is protected along with your personally identifiable data. You're more secure when you're using your cell providers 3G  or 4G network but if you're using your phone for financial transaction you need the anti-virus and anti-phishing protections on your device that you have on your PC. Freedome includes those too. And you'll always see that little [VPN] reminder on your device's screen to let you know you're safe. Even if you are using a VPN, you should also follow the basic standards of keeping your software updates and using some sort of remote wipe solution that allows you to erase all your data should you lose your device. Our phones are smart but not as smart as us -- yet. So take that extra step to make sure your device is safe wherever you're using it. Cheers, Jason [Image via Roland Tanglao | Flickr]

Aug 14, 2014
Sarah Van Quickelberge |Flickr.com http://www.flickr.com/photos/103361005@N06/

While heading to Heathrow Airport last month, our Security Advisor Sean Sullivan made a rather unsurprising discovery. The terms and conditions of his shuttle's free Wi-Fi told him something as a security expert he already knew: YOU ARE RESPONSIBLE FOR YOUR SECURITY AND PRIVACY One of the subtle ways we give up our privacy on the internet -- and our legal rights -- is by accepting terms and conditions. It's a must for any web company that wants to stay in business -- including F-Secure. But  every time you click "Yes" to a product's legal gibberish, you are agreeing to a huge list of things you may not say yes if they were asked one-by-one. For instance,did you know Twitter and Google track your IP address, browser type, operating system, the referring web page, pages visited along with a half-dozen pieces of information to find out more about how you found and use the site? Meanwhile Facebook can use the photos and video you post in any way it like and even tracks the stuff you decide not to post. Recently Facebook and dating site OKCupid have gotten a lot of attention for running experiments on some users in the hopes of finding out more about how the site effects users. Is this that different than the typical A/B testing that developers have been using for years? Such data may actually improve users' site's experience. OKCupid's tests connected members in a purposely bad way in order to improve how it matches users. Some argue Facebook went beyond this in its 2012 test. "Facebook manipulated content in users’ feeds to see if the emotional tone of their News Feeds impacted the tone of their own posts on the social network, deliberately making people sad," Techcrunch's Cat Zakrzewski wrote. "After conducting the test on almost 700,000 users, it published those results in an academic journal." Regardless, users submitted themselves to all sorts of tests by clicking yes on terms and conditions, putting their faith in these sites that are enmeshed with our emotional lives in ways we couldn't have imagined just a little more than decade before. Ironically OKCupid's Terms specifically tell you that you can't use the site to "use the Website solely to compile a report of compatible singles in your area, or to write a school research paper." You have to be there to actually meet someone. No testing. But that's a condition that benefits users looking for love. The site's terms also reminds users that "perfect security does not exist on the internet." Wise words. But does anyone care? How do sites convince us to surrender our fears of being hacked or watched as we share our lives online? Social media addiction, it seems, has a similar effect on the brain as drug addiction. The highs -- and lows -- it offers make us less focused on the costs of using the site. In fact, most of us would rather stay willfully oblivious. "There are roughly 1.5 billion smartphone users in the world today," Quartz's Leo Mirani recently wrote. "Fewer than 10 million of them have downloaded MyPermissions." MyPermissions -- like our free Permissions app -- tells users exactly what each app is monitoring. If you would rather not sign your privacy and security away each time you say yes, consider tools that attempt to restore your privacy like Tor or our Freedome, a VPN solution that protects you from trackers and allows you teleport your phone around the world by setting your location from several choices all over the globe. It won't stop sites from being able to play games with your experiences. But it will keep you from volunteering information you may not even know you're sharing. [Photo by Sarah Van Quickelberge |Flickr.com ]  

Jul 31, 2014
Screen Shot 2014-07-22 at 4.03.08 PM

If you read all the terms and conditions you come across, it would take you 76 work days. And even if you had all that time, most are written in legal language designed to obscure what the site really does with your information. So it's no wonder most of us have no idea what we're agreeing to as we join a new site or start a new service. There's an old rule online: if you're not paying, you're the product. How are you a "product"? First, the obvious way: you may buy stuff so the site will use your information to sell you more stuff. The second way is your data is valuable for providing a site and its advertisers more information about how to get you to engage and buy more. There has never been a greater treasure trove of information that what users are volunteering on social media and Facebook. For this reason, its terms and conditions give the company access to almost everything you do. "Nothing you do on Facebook is private," writes the Huffington Post's Amanda Scherker. "Repeat: Nothing you do on Facebook is private." Scherker looked at the sites terms and conditions and found it can not only track everything you have done, it's already tracking things you haven't done yet. "Facebook has even begun studying messages that you type but end up deciding not to post." Facebook can use this information to sell your attention to advertisers more effectively. In exchange, you get access to 1 billion of your closest friends. And they're honest about it! If you read the find print. So here's a good rule: Treat every social media site as if it were Twitter. On Twitter, nearly everyone has all their tweets public. These tweets can be shared, embedded and used to shame you. Facebook isn't going to actively shame you but it will use the information you type -- whether it's in a status update, a private message or a chat, whether it's sent or not -- to productize you. If you agree to go public, you have to remember there's no privacy. [Image via davitydave on Flickr.]

Jul 22, 2014
Screen Shot 2014-06-24 at 4.28.26 PM

1. Online criminals are using our sense of shame to rob us. According to the F-Secure Labs: Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. Typically, the ransomware will either 'lock' the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data. The ransom demand will then be displayed, usually either via a text file or as a webpage in the web browser. This type of malware leverages the victim's surprise, embarrassment and/or fear to push them into paying the ransom demanded. Ransomware may arrive as part of another malware's payload, or may be delivered by an exploit kit such as Blackhole, which exploits vulnerabilities on the affected computer to silently install and execute the malware. 2. It can infect you regardless where you live whether you're on your PC or mobile device. The internet erases geography.  If you often install applications from third-party Android markets and happen to download a Trojan:Android/SLocker app, then you can get infected.  If you stay within the official markets then this risk is minimized. 3. Prevention is better than the cure. Make sure you have updated security protection for all your PCs and devices. Practice good computing habits on your PC and your mobile.  Be very cautious when installing any application on your device.  Although official markets have served up malware, the risk is minimized heavily. Always keep your phone’s OS and apps up-to-date. Once a malware is able to encrypt your data, there’s usually very little chance to decrypt them yourself so regularly backup important files with either offline or online/cloud solutions. 4. Once your files are encypted, you probably won't get them back. For instance Trojan:Android/SLocker uses AES for encryption, which is a really strong encryption. You can try to use our removal tool but remember number 3. 5. Don't pay. Giving into the scheme only encourages the bad guys. Cheers, Jason [Image by rawdonfox via Flickr]

Jun 24, 2014

While Finland is known for being the first country in the world to make access to broadband internet a human right, it doesn't offer access to my favorite American streaming service. So I when I travel to F-Secure headquarters, I go without music -- until my latest visit. Freedome lets me choose from 9 different locations. I accessed the globe view to select the United States. And though I was in the sauna of the Holiday Inn near Ruoholahti, my phone was teleported. I turned my music app and enjoyed the station I've spent years building. Being able to set your own location is just one of the many features of Freedome VPN solution -- but it may be the most unique. With it, you can use your favorite services when you're abroad, avoid location trackers and check out sporting events you may not have access otherwise. In the last month, Sweden, Canada, Italy, Netherlands and Spain locations were added so users would have plenty of connections to choose from during the World Cup. The Android app has also been localized into 10 languages and the iOS version will soon be too. And what you do with the app is your business. F-Secure does not log your traffic, contact details or even your user name. The product is designed to be simple -- one-button simple. It gets a bit more complicated on my iPhone but the Freedome team is continually innovating based on customer feedback. In the second half of this year, access for Asian countries will roll out along with desktop versions for Windows and OSX. An always-on Android anti-virus will also be added to protect your device even when Freedome isn't running. A product that's so simple yet so inventive and versatile has to be experienced to be understood. That's why we're offering a chance for new users to check it out for 6 months for free. Get the app from the Google Play or iTunes store. Cheers, Jason

Jun 23, 2014