The image above is a screen capture of the newest visualization from the F-Secure Labs: the F-Secure Globe, which you can click here to visit. (Requires WebGL.)

We spoke to to Lew Swee Meng, a software architect with F-Secure Malaysia, about this awesome 3-D project.

So what does this map show us?
F-Secure Globe is a 3-D visualization of locations with malware detections based on F-Secure data over the past 24 hours.

Where does the data come from?
The data is sourced from F-Secure worldmap3 REST interface which provides malware detection data & statistics for the last 24 hours.

The original service is available here: http://worldmap3.f-secure.com.

How does the data vary throughout the day, the week?
I haven’t closely monitored the data can tell some based on my observations so far:

• malware detection increases during daytime for most countries
• same goes with the top locations statistics — for example Taipei ranks top in the morning, and Helsinki takes over as the day passes
• at times, you will see the names of unfamiliar places
• Sunday is usually a quiet day – low detections

How did this map get developed?
This application is originated from F-Secure’s KL Hackathon which was held on 12-13 April 2013. It involved internal and external developers where they have coded for about 26 hours. It has now since moved into F-Secure KickStarter as one our internal pet projects.

Since our virus world maps are mainly in 2-D form, I thought that it’s cool to have a 3-D visualization and different interaction of the map.

On top of that, the data is aggregated for 24 hours and statistics are generated and displayed through the small widgets.

What are some interesting insights you’ve had or heard from people looking at the map?
The most common one is about the 3D globe and people has not seen our data represented so visually before.

Next, visible locations on the globe have given different insight into our protection coverage, for example we have detections at Greenland and Fiji.

People are also paying attention to the locations with the highest malware detections and trying to think about rationale behind it.

Then, I’ve heard some funny comments such as “It looks painful!” and “F-Secure, the new continent”.

Lastly, the globe’s resemblance to an Easter egg has managed to put smile on many faces.

Here’s a visual explanation of what you’re seeing on the map.

Share this

Plan the message – your “personal brand”

Ok, so you want a profile picture. Let’s first think about you and your profile. Why did you create the profile? What are you trying to tell the world? What kind of impression do you want to deliver with the profile and its picture? Do you want to be seen as a leader, an expert, a visionary, an entrepreneur, an entertainer, a trustworthy partner or just as a nice and comfortable person? And what’s the scope? Is it limited to your professional role only, or do you have hobbies, sports, organization memberships etc. that you want to expose as well? But be focused and don’t bring in too many things. And what’s your primary target audience?

Start by thinking about your personal brand for a while.

Plan the image

When you know who you are and what your brand is, then it is time to plan how to express it visually. Here come’s some points you should consider and which hopefully help you decide what your picture should look like.

But you could start by checking your own photo collection, or ask a friend who likes to shoot. There may already be a picture of you that match your personal brand. If you find a candidate you have to decide if it is good enough or if you want build from scratch. Jump straight to the last section if you find a good shot.

• A profile picture is small. It may be displayed at medium size on your profile page but most people see just a small thumbnail of it. Do not plan a picture with a message that depends on small details.
• Make a long-lasting picture. Like the logo of a brand, your picture shouldn’t change frequently. Avoid using visual elements that are in right now, but may be passé tomorrow.
• Portrait or not? Profile pictures were planned to be a portrait of the user, but there is usually no policy or technical limitation that enforce this. You can use any image, but this guide will focus on how to make a portrait of you.
• Color or black & white? BW can be used to create an artistic impression, and it may help gaining attention among vivid color shots. But BW depends a lot more on form and shapes, which are hard to express in small format. Color is a safer choice.
• Think of feelings and adjectives that would support your brand. Like calm, reliable, energetic, empathy, joyful, fun, dignity, etc. Keep the selected words in mind throughout the process.
• Get inspired by others’ profile pictures. Use Google’s image search with keywords like “profile picture” or “portrait”. Add another word to the search if you want pictures with a particular concept. Also browse through your favorite social media and pay attention to others’ profile pictures. Don’t be shy to steal ideas and build upon them, but avoid copying people in the same digital neighborhood.
• How bold do you dare to be? You fight for attention in a boiling kettle full of vivid images, but your role and brand may require some dignity.
• Find out what aspect ratio your favorite social media use for profile pictures. Are they shown as squares or are they higher than they are wide? This should be taken into account when planning the composition.
• Just a portrait or some environment too? Putting a person into an environment tells a lot more than just a face. Could a particular environment be a good way to express your brand? Are you interacting with the environment or just posing in front of it? But do remember the restriction about image size and small details.
• All pictures have a background even if it isn’t an environment. Dark or light? Smooth or textured? Solid color or gradient color? Just remember that the background shouldn’t compete with the object unless it has an important story to tell.
• What colors do you like and what colors would support your brand? If you want to address a global audience, remember that colors have different meanings in other cultures. Check this and this before you decide.
• Your role may demand a certain type of clothing, and you may have some strong personal preferences in this area. You can be mainstream by following the code or revolt by going your own way. As profile pictures are small you are quite likely to do just show head and parts of the upper body rather than full figure, so the lower parts doesn’t matter. A hat works fine, if it fits your brand.
• How do you want to pose? Do not plan a too fancy pose as those rarely feel natural in the final picture. Remember that your hands tells a lot about your feelings, also plan their position.
• Are there any personal attributes that definitively are part of your brand? A typical piece of clothing, or maybe a ponytail?
• The face expression is important. Use the feelings and adjectives mentioned above when figuring out what expression is best for you.
• Even subtle changes in the camera angle can have a significant impact on the feeling of the picture. You are on the same level as your peers. You may look helpless and begging if you look up on your audience. And a powerful rulers looks down on his people. These rules may not apply anymore if you go for dramatic camera angles.
• The lighting of the subject is important. A sharp harsh light creates sharp shadows and make the picture more dramatic. So does light from an unnatural direction, like illuminating a face from below. Smooth even light from every direction eliminates shadows but make the picture dull. The right lighting is usually somewhere between these extremes.
• If you don’t need an environment you can play with the framing of the face. A dramatic effect is to frame the face really tightly, or even focus on a part of it.
• Looking into the camera creates a connection between you and the audience. But you may want to differ by looking out of the picture or at an object in the visible environment.
• Accessories may emphasize your story. You can bring in items that relate to your role and brand.
• You may want to add graphical elements in post processing. It is good to plan that before you start shooting. These elements will become part of the final composition and affect the visual balance of the picture.

Yes, a lot of different aspects to think of. You do not need to pay a lot of attention to all of these, but they are all things that affect the picture. You may pick some of these points and focus on them. Hope this section puts your mind in creative mode so that you can come up with a great idea.

Take the photo

OK, now you should have a visual idea in your mind about what you want to create. Let’s start doing it by shooting the picture. Some hints that makes it easier to succeed.

• Ask someone to help you. Sure, you can use a tripod and timer to shoot by yourself. But it is so much easier if you don’t have to run back and forth between your pose and the camera. It is of course a plus if that someone has experience in portrait shooting. Depending on your planned shot, it might be good to have an assistant as well.
• Plan what camera to use. You do not need the latest megapixel monster as the picture will be shown small. But you should definitively use a camera that produce sharp pictures. Some mobile phone cameras are already good enough, but cheap pocket cameras may not be. Most cameras manage to take decent photos in good light, but use a system camera if you want to play with low-light scenes.
• Scout the place to shoot where you have the right environment or background.
• Plan when to shoot. The light conditions depend on weather and time of day. Other conditions, like traffic for example, may dictate when to shoot if you are planning to do it in a public place.
• Plan the lighting. Will natural light be enough or do you need artificial light to achieve the desired result? If the light is sharp, you may want your assistant to reflect light onto the shadow side of the face using a light flat object, like a sheet of Styrofoam.
• Shoot wide. Leave enough room on all sides of the object. It is easier to crop and create the perfect composition afterwards on the computer.
• Control the balance between object and background. You can make the background less distracting by making it darker or less sharp. You can blur it by moving the object further from the background and/or using a larger aperture setting in the camera.
• If you plan to replace the background using Photoshop, then it should be as even as possible. Select a color that creates a sharp contrast around all parts of you.
• Be careful with focusing, especially if you try to blur the background by using a large aperture. Always make sure the primary area of interest is in focus, which almost always is the eyes in portraits.
• Work on the technical details first without minding pose and face expression. Shoot, check the result on the camera’s screen, adjust something and shoot again until the light and exposure are right.
• Then continue to find the right pose. Just shoot until you are satisfied with what you see on the screen.
• Finally work on the face expression.
• When done, look through the shot carefully and check all the details. Load the picture into a laptop and view it on a proper screen before you pack your stuff and leave the shooting scene. At this point it is still easy to correct small details and take another shot.
• Why not try some variations when you are up to speed. Change clothes or pose or something else and shoot some more. It’s good to have more shots to select from.

Finalize the image

Now you should have a decent picture of yourself. It might be good as is, but all pictures can be improved by post processing. Use Photoshop or your favorite image editing program, or ask a savvy friend to help. These are examples of things that can be used to brush up the picture.

• Adjusting overall exposure, contrast and color saturation.
• Putting more or less attention on objects by making them darker or lighter.
• Selectively blurring unimportant parts.
• Cropping the picture.
• Concentrating focus to the center of the image with a vignetting.
• Cloning out distracting details.
• Replacing the background.
• Adding graphical elements like frames, logos and symbols.
• Maybe doing more advanced manipulations like combining two shots with different face expressions. Your imagination is the only limit. (And the limited picture size of course.)
• Or why not get a cheap round of plastic surgery if your Photoshop operator is savvy enough for that.
• Remember to zoom out and view the picture as small as it will be shown in reality. Does it still work?

OK, that’s it. Now you should have a great profile picture. But as always, testing is important. Show the picture to someone else and ask them for honest opinions. Your test audience should not know how you have planned the picture and what you have tried to achieve. Even better, use people who don’t know you at all. Ask them to describe the person in the picture just based on what they feel when seeing it. (Some persons are better than others on this.) It’s a success if that match what you tried to achieve.

And last but not least. This is important but it is after all just a picture. It helps you get attention and new followers, but in the long run people will still judge you by what you post.

Safe surfing,
Micke

Share this

His first impression is that it’s designed to encourage you to share and encourage your friends’ media consumption.

Coming soon to Facebook… television you’ve watched? And a new timeline layout? Oh please no. #DoNotWant twitter.com/5ean5ullivan/s…

— Sean Sullivan (@5ean5ullivan) April 29, 2013

In the endless attempt to monetize a free service that about one billion human beings rely on, Facebook is also encouraging you to give your friends more than just warm birthday greetings. They want you to give gifts.

Here are some of the gifts my friends are recommended to give to me:

Yes, I am over 21 years old. Sean found that if you’re under 21, Facebook recommends chocolate instead of wine.

It’s natural to speculate that Facebook wants to become a recommendation engine that serves you media and gift recommendations based on your interactions. This — as always — will lead to some unintended consequences.

Perhaps, the next time you change your relationship status to “single”, your friends will see this gift recommendation:

Share this

There seem to be a war between these two groups of photographers, especially in US after 9/11. Ordinary people who take snapshots of fine buildings have noticed this. Photography is often considered suspicious activity and many innocent tourists have been treated like suspect terrorists. Security guru Bruce Schneier has pointed out several times that the authorities watch far too much TV. They try to fight movie-plot threats rather than real terrorism. The war against photography is a good example. TV needs visual elements so the villains often goes on a photo trip before the strike. No pictures are however found when investigating real terrorism. Simply because they are not needed. To fly a jumbo into a skyscraper you need a map, not a photo of the building taken from ground level. But the authorities are desperately seeking ways to show that they are doing something, so photography becomes a convenient target.

What brings this to mind right now is the Boston bombs. There is said to be around 600 surveillance cameras in the area. FBI also had the suspected bomber’s face on file and was able to run automated face recognition against the surveillance footage. But that wasn’t enough, so they turned to the public and asked for photos and videos shot by ordinary citizens. The former enemy suddenly became a friend when FBI didn’t have enough footage themselves.

The request turned out to be successful. Submitted amateur footage is reported to have been crucial in identifying the bombers. This proved that photography in public places contributes to security rather than poses a threat.

I wonder when we reach the point where FBI doesn’t have to ask for these photos? More and more people upload their shots to social media sites. Chances are that the Tsarnaev brothers already are published by many ordinary citizens on their private walls, Flickr-accounts etc. Time and position metadata makes these shots suitable for face recognition scans. Privacy settings are of course an obstacle, but I wouldn’t be surprised if the US authorities demanded full access to such photos bypassing the security settings. An even scarier scenario, what if FBI gets legal access to all shots that smartphones upload automatically? The shots from my mobile camera land on SkyDrive. Personally I don’t like the idea of participating in an intelligence network with global reach but operated by a national agency.

Will this case change anything? I would like to see the Boston incident as an eye-opener that contributes to a less hostile attitude against photographing citizens. But that is probably naive. The war against photography will most likely go on just like before, at least until the next case where FBI need some help. And we may be heading towards a world where the authorities doesn’t ask kindly for these shots, but grab what they want from the net. Let’s hope that the legislators and privacy advocates manage to maintain a balance between privacy and terrorism hysteria.

Micke

Image by R/DV/RS @ Flickr

Share this

You know how it is to ask a lawyer if something is legal or not. It’s impossible to get a straight answer. I start to understand why when digging into this problem. There are really so many aspects that matter and many things that aren’t black and white (no pun intended). And on top of that, the international aspect. Laws are different in every country. I have been looking a long time for a good and comprehensive guide that covers photo law in different countries. In vain so far.

That’s an indication about how big and complex the issue is. But I’m going to give it a try anyway. I have tried to list the basic principles in a very compact form. This list can’t be very precise as it isn’t country specific. So be aware that the law in a specific country can differ from what’s stated below. But the risk that your camera puts you in trouble should be significantly lower if you know at least these principles.

To take a photo

• It is generally OK to take photos in public places, but some limitations may apply.
  • Taking photos that present a person in a defamatory way may be banned.
  • Taking photos of police officers may be banned.
  • Taking photos of military installations and critical infrastructure may be banned.
  • Taking photos of monumental buildings may be restricted or banned.
• It is generally OK to take photos of other persons without permission in public places, but some may have a personal problem with that. It’s polite to comply and cease shooting if someone complains, but these persons do typically not have any legal right to prevent others from photographing them. Unless the shooting can be seen as harassment. Also keep in mind that there may be cultural restrictions. It’s for example considered bad habit to photograph priests, monks and nuns in some countries.
• What’s a public place has typically nothing to do with ownership. It’s a place that the public has free access to, even if it isn’t owned by a public institution. Events and transportation that the public can buy tickets to freely do typically also qualify as public places.
• Some public places, like shopping centers or shops, try to limit or ban photography. Those rules may or may not be legally binding, depending on local legislation. Many shop owners seem to know as little as their customers about the laws regulating photo.
• Photography is typically not allowed without permission in private places and events for invited guests. You should always ask for permission before taking a shot in someone else’s home. Regardless what your local law says, that’s common sense IMO.
• Vehicles where you can stay overnight may be considered private places just like homes. Ordinary cars do not belong to this category.
• Taking photos of kids is typically no different from other kinds of photography from legal point of view. Many parents have however became wary about having pictures of their kids online because of increasing media coverage about pedophilia. So it’s best to be careful when shooting others’ children. Talk to the parents first, if possible.
• Remember that knowing the law and your rights to photograph is important, but so is common sense. If you face a photography ban that is in violation of your legal rights, it’s up to you if you want to challenge the ban or save both parties some trouble. Is it worth it?

Copyright and licenses

• The creator of a creative work, like a photo or a video, has automatically the right to decide about how the work can be used, and to be compensated if the work creates profit. It’s a bit like ownership and it is called copyright.
• Copyright exists automatically. You do not have to apply for it, register the work somewhere or even put a copyright statements in the corner of your photo.
• The copyright holder is the person who has done the creative work, i.e. came up with the idea for the photo. It doesn’t matter who pressed the shutter button or who owns the camera.
• Copyright can be transferred to someone else, which is like giving away the ownership. The copyright holder can also grant licenses to use the work. It is very important to understand the difference between these two.
• There are no usage rights by default. It means that you basically can’t do anything with a photo taken by someone else without permission from the copyright holder. And vice versa for others using your shots. There are however exceptions to this. The fair use concept in US is one example. It states that minor insignificant use is OK without permission, like use for private or some educational purposes.
• If you own the copyright, you have free hands to grant, or refuse to grant, others the right to use your photo. Such rights are called a license. A license can be any kind of free form statement that:
  • Specify what work it affects.
  • Specify who it grants rights to, or grant rights to anyone who want to use the work.
  • Can specify how the copyright holder shall be compensated.
  • Can demand that the copyright holder shall be attributed.
  • Can limit the rights to a defined period of time.
  • Can limit the rights to a specific kind of use.
  • Can limit the rights geographically.
  • Can be exclusive, meaning that the copyright holder agrees to not grant any conflicting licenses to others.
• Creative Commons (CC) is a widely used ready-made system for granting generic licenses to use your photos. This is a nice way to share shots if you don’t mind others using them for free. There are several kinds of CC-licenses, for example licenses that exclude commercial use.

 To publish a photo

• Remember that taking a photo and publishing it is two different things. You do not necessary have the right to publish even if it’s OK to take the photo.
• You can generally publish your own shots freely as long as it is done as a private person on a hobby basis. Like sharing on Facebook or Flickr.
• Publishing a shot that presents a recognizable person in a defamatory situation, state or context is most likely illegal.
• Be careful when publishing pictures of others’ children. It’s typically legal, but the parents may have issues with it.
• People usually can’t prevent others from photographing them in public places, but they have the right to decide if shots of them can be used commercially. An approval of this kind is called a model release. It is a document where a person who is recognizable in the picture grants rights to use the image. A similar property release may sometimes be needed for shots showing buildings etc.
• Some companies are guarding their brands rigorously. They may have a problem if they see their brand exposed in a published photo in a way they don’t like. You may get a letter that threat you with legal actions unless you remove the photo. There’s typically little or no legal substance behind these threats, as companies and brands typically aren’t protected against libel etc. in the same way as individuals. You may comply, ignore them or ask for more details about what paragraphs they refer to and under what jurisdiction. That may make them go away.
• You do by default not have any rights to publish others’ photos (exceptions exist, see for example fair use in US). Many photographers are however adopting a liberal attitude against sharing and publish their work under a CC-license, or similar. If you need to illustrate something, you can search the net for CC-images for example on Flickr. This is how I get most of the pictures I use in these blog posts. Remember to credit the photographer! That’s a small token of appreciation compared to the value you get.
• But what about sharing in social media, Facebook for example? If you take a picture file and upload it so that it is visible to anyone, then it is definitively publishing. But sharing a photo that someone else has uploaded to Facebook is totally different. What you do is really to tell others that the picture exist and where they can find it. You just share a pointer to it, not the image itself. That is of course always OK and only limited by the privacy settings of the photo.

As said. This summary is an attempt to list some generic fundamentals that should be valid pretty much everywhere. That’s a good start, but if you are a serious photographer you should educate yourself with more accurate info for your own country. Also, what’s said about photos also applies to video.

Do you know of a good source that covers international photo law? Or a good guide for your own country? Then post a link as a comment to this article. Maybe there isn’t a comprehensive international guide, but a collection of links to guides for different countries is almost as good.

And finally. Quoting an excellent tweet from @Mikko. “Remember that legal advice you find on the net is worth every penny you paid for it.” Nice disclaimer, isn’t it.

Share this

Thus your profile has all kinds of likes and apps you probably don’t remember adding. That’s why spring is the perfect time to look at your page and try to make it new again. Here are 3 easy steps that will improve your privacy and your Facebook experience.

1. Stop your friends from sharing your private information.
If you take pains to lock down your Facebook profile, it may disturb you that some of your private information may still be shared with strangers by your friends.

They’re doing it not because they want to make your privates public but because you haven’t locked down how they can share your information via Facebook apps.

To fix this, just go to “Privacy Settings” then the “Apps” section. Next to “Apps others use” click “edit”. You’ll see this:

But likely some of the boxes will be checked. Any box that is checked can be shared by your friends to the makers of any app the authorize. Uncheck the boxes and click “Save Changes”

2. Clean out your old apps.
Now, while you’re on this page, you should scroll up do some spring cleaning. Click that little “x” next to any app you don’t use anymore. And if you aren’t sure if you use an app, you can always click “x” and reauthorize it later.

To be extra safe, you can always do what F-Secure Security Adviser Sean Sullivan does turn off Facebook’s “platform” so none of your information can be shared with apps. This also means, you can’t use any apps, of course.

To do this, click “Edit” next to “Apps you use”

Then click “Turn Off Platform.”

3. Audit your friends and ‘likes’
The best way to keep your Facebook account useful and free of annoyances is to review your friends and “likes” to get rid of anyone who doesn’t respect your privacy or clutters your feed.

This sounds easier than it is since most people have dozens if not hundreds of connections of Facebook. As you have to view your “Friends” list and “unfriend” each user one by one. Your “Likes” list is even more annoying. If you have time, you should do this at least once a year. So why not for Spring?

Or you can do this on an ongoing basis whenever you visit your newsfeed. See something offensive, unlike that page or friend, if he or she isn’t really a friend anyway. But be aware that you won’t see all of your friends and “likes” on your feed. Facebook filters it so you only see those you’re most likely to interact with along with the posts they’re being paid to promote.

Jason

[Photo via El Frito]

Share this

What do you think about them? Do you pass them on? Does this kind of messages play on your emotions? Do you like the feeling of helping a poor child somewhere in the word by clicking share? Have you ever tried to verify if the sad story is true? Or do you want to hold on to the dream that you are helping, and avoid checking the background even if there is a grain of doubt? Or are you one of the skeptics who dislike chain letters and write an angry reply instead?

Chain letter may be an old-fashion term from the snail-mail era. But that is really what we are talking about here. They are also called hoaxes, which refer to the content rather than the spreading mechanism. Our modern communities on the net provide an ideal environment for them. It has never before been so easy to share information with a large number of friends globally, just by a click. The content might be anything, but there are some easy ways to identify them.

• They play on your emotions, often empathy or fear.
• They tell you to share it with all your friends.
• There’s often a shocking picture of a claimed victim. (The same picture is often reused in many different chain letters.)
• It may claim that the victim gets money for each share. (This is never true.)
• There’s no or very little details of the claimed victim to make it harder to debunk the story.
• There’s no reference to news articles or other reliable sources, or the article is fake if there is one.

Here comes a couple of examples from different categories.

Help save baby with cancer is a really classical example. Who can resist a sick child? And that thing on the little boy’s face. OMG! In reality, this story is just made up and the boy doesn’t exist. Or the baby in the picture certainly exists, but he has appeared in many different chain letters and nobody knows where the picture comes from or if that thing is fake or real. The promise of one dollar per share is also just made up, there is no such commitment in reality.

YOU COULD SAVE A LOVED ONES LIFE BY KNOWING THIS SIMPLE INFORMATION!!! First aid and medical advice is another common chain letter category. I have attended a number of first aid courses at different levels, and this example is legit as far as I can tell. The described STR-rule is also well known and used elsewhere too. But how do you know that? If you can assess that, you don’t need the advice. And if you can’t, you have no clue if the advice is reliable and accurate. This one might be legit, but that can’t be said about all the other messages of this kind. They can in the worst case be directly harmful! (I have selected to not share one of those here.)

Facebook is not a good info source for matters of life and death. If you truly care about your loved ones and want to be able to help, then there is no substitute for professional first aid training. Trash all chain letters of this kind and sign up for a course today!

[Insert celebrity of your choice] found dead at Dominican Republic resort. This is really a sick form of humor. There’s a web-based generator that can generate hoaxes like this. It even creates fake news pages that can be passed around with the chain letter. I’m including the link to the generator here. I trust that you use it only to learn how to spot these hoaxes, not to make one yourself.

If you see some shocking news like this and the source isn’t one of the big news networks that you recognize, then turn to Google and get a second opinion before you hit share. Well, sites can be faked so Google is a good idea even if you recognize the news source.

But these chain letters are mostly harmless, you might think. Is it really that bad to pass one on? Well, they don’t harm the reader directly. Messages that trick you into downloading a file or opening a site that can contain malware is a different cup of tea. Phishing scams that trick you into entering secret data at a faked site are also truly harmful. Chain letters and hoaxes are not harmful in this way.

But that’s not the full story. There are still several reasons to avoid them:

• Your own reputation. You may feel good when “helping a sick child”, but do your friends think the same way? Some of them may think you are gullible and easily fooled.
• You create unnecessary noise on Facebook, or whatever community you are on. It may already be hard enough to spot the relevant posts from 500+ friends and a load of groups. Your friends do not need more junk to cover the valuable posts.
• Things seem to replicate, especially problems. If you have a habit of sharing chain letters and hoaxes, you contribute to the culture among your friends. You signal that it is OK to share hoaxes and your habit will spread to some of them.
• If you forward a message with some advice about first aid, a friend uses it and it tunes out to be bad advice. How would you feel? If you share info like this, you also carry responsibility for it.
• Passing on jokes about someone killed in an accident is really sick humor, even if you might be in shock and believe it when you press share. Double-check before sharing and spare your friends that unnecessary shock.
• If your account is compromised and misused to spread truly harmful content, it will blend in better in a stream of chain letters. Your friends are less likely to notice any difference and more likely to click on the malicious link from “you”.  Such post will however stick out if your normal posts are strictly no-nonsense.
• A historical note. Old-school computer folks dislike chain letters because they were seen as a bad thing in the early days of e-mail. This was based on the limited capacity of the computers and telecommunications at that time. Technical capacity is not a problem anymore, today’s bottleneck is our capacity to process all the messages we get. But as said above, even if the technical capacity is there, it is still a bad idea to circulate chain letters.

And by the way. Why should you support this particular child? Just because you got a picture of him? There are probably thousands of real children with the same disease. You feel emotionally involved, that’s good. Let’s use your emotions for something more productive than just passing hoaxes around. Look up a local charity organization that work with children and make a donation while watching the picture. That really matters!

So, to summarize. Don’t feel bad if you have shared chain letters like this. As said, they do no direct harm. But I hope that as many as possible become aware of the downsides and start ignoring them. Our Facebook experience would be tidier.

So now you know how to spot a chain letter. Just click the share button and make sure all your friends on Facebook also know. Hey, wait…

Safe surfing,
Micke

Image from About.com Urban legends

Share this

Sharing photos on the net is fun, but did you know how much a single picture can tell? I’m not talking about the traditional “more than 1000 words” here. I’m talking about metadata. This is invisible data that describes the content and is embedded in the picture file. This is some of the data that a photo can contain:

• Date and time when the picture is taken
• Photographic parameters like lens, aperture and exposure time
• Geographical position from a GPS-device
• Information about the device that took the picture, brand, model, serial number, etc.
• Name and contact information of the device’s owner
• Information about the photo’s copyright owner and rights to use the photo
• A lot of other info that professionals and serious amateurs can use to manage large photo collections.

All this data does really provide a lot of added value. You can automatically have shots sorted by capture time, you can plot photo locations on maps, find all shots taken with a certain camera or lens, and so on. The possibilities are almost endless. But metadata is like all other great things, it can be used and misused. The downside is naturally privacy.

I did a quick test with my Nokia Lumia, which is a Windows Phone -device. It turned out that its camera embeds the date and time, photographic parameters and the GPS-location automatically. But data about the owner is not included. This data is also kept when using all share-options that I currently have available; mail, Flickr, Facebook, SkyDrive and DropBox. There’s no setting anywhere that would control this behavior. In theory, I could reveal my exact location every time I upload a photo.

But this is not the full story. The service that you upload to can also decide how to process metadata. Facebook strips it altogether. This design was probably implemented to save storage space, but has a positive side-effect on privacy. Photographers who are interested in the photo parameters are however not happy. Flickr uses a different strategy. Metadata is extracted and used in the interface. You can decide if you want it to be showed or not. Users can also download smaller picture files without metadata, or the original with all data intact, if you choose to allow it. It’s quite natural that Flickr is more advanced as it is a site focusing on photo sharing.

So what should I do about this?

• What data you share depend on many factors, so you really have to find out yourself. Go to the site where your pictures are shared. Download a picture of yours and examine its metadata. This can be done by opening the file’s properties or with some special tool. Photo editing software usually let you examine and manipulate the metadata. Opanda IExif is a free tool for Windows. Think about what data you can see and if you think it is a privacy problem.
• If you share photos from your mobile device, there may not be much you can do to manage metadata. Look for settings controlling metadata in the camera program and all apps used when sharing. You may also look for alternative apps with better controls. If nothing else helps, you may have to accept the situation, restrict your sharing or disable the GPS if position info is your concern.
• Old-school folks who share through a computer have much more options. Most workflow programs have options that control what metadata you embed in the final files. There’s also many tools available that can strip metadata from files before you upload. I already mentioned one above.

To summarize. You do not necessary have a privacy problem with metadata in photos you share. It depends on many factors. The device you take photos with, the software you use to process and transmit the shots and finally the site where they are published. And naturally your own privacy expectation, what data are you ready to share? But the most important point is to be on top of this yourself. Don’t leave it to chance. Check what you share and make up your mind if it’s OK or not.

An exercise for you. Download the photo file in this post and check what kind of metadata you can find in it. It’s taken straight from my workflow program on the PC, no data removed.

Safe surfing,
Micke

PS. Also keep this in mind if you feel tempted to cheat about when and where a shot is taken. You are unlikely to get away with it if you have photo-savvy friends.

Photo by Micke-fi @ Flickr

Share this

But before you do, now is an excellent time to think about something that’s going to be a much bigger issue soon — your photo privacy. The new newsfeed is all about highlight photos and making them easier to share.

In a recent survey of Facebook users, we found out that 1 out 5 have had a picture of piece of content posted on Facebook reused without their permission*.

This is why it’s important to remember the key rule of Facebook privacy: Nearly anything you share on Facebook can be reshared by your friends — no matter how locked down your privacy settings are. You do technically own the content you post on Facebook, meaning Facebook probably won’t claim control of your content (even though its terms and conditions suggest it might be able to.)

But once you post anything on a social network, you’re basically setting it free in the world.

There are also a few key things about photos that many Facebook users are not aware of, though they are listed in Facebook’s privacy help pages:

• The privacy setting for your Cover Photos album is always public.
• If there’s a photo of you in an album that someone else posted, only the person who posted it can change the album privacy. If you don’t like the photo, you can remove a tag or escalate the issue.
• If you share a high resolution photo or album with someone, that person will be able to download those photos.
• Unlike other photo albums you create, you can choose an audience for individual photos in your Timeline Photos and Mobile Uploads albums. Each time you post a new photo, you pick who sees that photo using the audience selector.

You can always change the privacy setting of any individual album or photo by adjusting the icon. If you want to avoid your friends seeing an embarrassing photo of you that you didn’t post but were tagged in before you do, be sure to use the “Activity Log.” Here’s how:

How do I get to my activity log?

You can get to your activity log from your privacy shortcuts:

1. Click your privacy shortcuts in the upper-right corner of the page and select Who can see my stuff?
2. Click Use Activity Log.

Note: Only you can see your activity log. However, stories in your activity log may appear other places on Facebook, like on your timeline, in search or in your friends’ News Feeds.

Cheers,
Jason

*Based on a survey of 495 Internet users contacted in December 2- 31 2012 through Facebook, Twitter and the F-Secure Safe and Savvy blog and conducted through Surveygizmo.

Share this

You may have heard about Storify. A new tool that you can use to publish private conversations in Facebook. Scary, isn’t it? Or that’s at least the angle many headlines take. But the full picture is a lot less dramatic. In fact, Storify does not enable you to do anything that you couldn’t do before, it just makes it easier. And it is an excellent reminder about the risks with so called private messages.

Most legislations provide a fairly high level of protection for messages in transit. The goal is to prevent 3^rd parties from eavesdropping and tampering with the messages. But what many forget is that the parties involved in the communication have rights to use the message. It means that the recipient has fairly free hands to use what you write as soon as the message hits the inbox. Your only protection is really your trust in the other part. You may write things that both parties understand should remain private, and it may be sufficient protection today. But what about the future? We all know that trust can change. Many who have gone through a divorce know that the person you trust the most of all may become your worst enemy.

So what about Facebook and Storify? It’s just a good reminder about what can happen to “private” messages. The same threat exists in any kind of messaging service. Not only on the Internet, phone calls can be recorded and misused as well. Letters on paper can be copied, scanned and published. Facebook didn’t provide tools for publishing private messages, but that never prevented users from using copy-paste or taking screenshots of the messages. And our good old e-mail is no better. It has a button called Forward for this purpose.

The only thing that can protect you from this kind of leaks is to not write things that would be embarrassing if published. Be polite and adopt a no-nonsense attitude even in private communications. Think twice before reveling secrets over electronic communication systems. Even if you use encryption it only protects you against 3^rd parties, not against the recipient. And last but not least. Do not turn your friends into enemies. That’s probably the biggest reason for leaked private messages.

Micke

Photo by Sam Catanzaro @ Flickr

Share this

A few years ago, its growth seemed unsustainable. Everyone assumed that some other social network would eventually rise up to replace it as had happened to its precursors Friendster and Myspace. And its privacy controls felt purposely confusing.

Now, with more than a billion active users, the site is still growing. Its biggest competitor is Google+, which is isn’t setting the world on fire yet. And it finally has privacy controls that the average user has some hope of understanding.

Why is Facebook finally offering privacy settings that make sense?

Because they’re about to start using your information in new ways that may make you squirm.

You may have already taken Facebook’s tour of the new settings. If you haven’t, you should then consider these 3 recommendations to take control of your profile.

Find this  near the upper right hand corner, click on it and select “See more settings” at the bottom of the menu that pops up.

You’ll see this screen:

1. Use “friends” as a default.
Under “Who can see my stuff?” you’ll see “Who can see my future posts?” Unless you have a good reason, go with “Friends”. This will save you from having to backtrack and change the settings on something you didn’t want to get out. Of course, your friends can still share what you put out — as Facebook founder Mark Zuckerberg’s sister Randi learned — so keep in mind that anything you put on Facebook could end up on the front of a newspaper. Also consider using “Friends” as the setting for “Who can look you up using the email address or phone number you provided? and “Who can look up your timeline by name?”

Facebook is going to be making more and more of your information easily accessible. While it’s smart to consider that anything you post on Facebook could easily made public, you may want to restrict what information strangers can easily browse through.

2.  Do not let other search engines link to your profile.
Unless you use your Facebook profile as a professional tool, you probably don’t want it to be one of the first things people find when they search your name. So we recommend selecting “off” for “Do you want other search engines to link to your timeline?”

3. Turn of “tag review”.
Next click  on Timeline and Tagging on the left menu.

You’ll see this screen:

Most people want to allow friends to post on your wall but if protecting your images is your priority, you may want to make it available only for you. Either way, it’s a good idea to select “friends” for “Who can see what others post on your timeline?” This will prevent strangers or even potential mates or employers happening to catch your page right as a friend posted some hilariously sick image on your timeline.

We recommend you turn on “Review posts friends tag you in before they appear on your timeline?” This won’t stop your friends from tagging you in something embarrassing but it will stop it from showing up on your wall if they do.

We definitely recommend you enable “Review tags people add to your own posts before the tags appear on Facebook?” This so called tag review will keep you from being in ridiculous tagged pictures or posts that show up in search results.

If you don’t want to be tagged much or don’t like the idea of photo recognition, you may want to select “No one” for “Who sees tag suggestions when photos that look like you are uploaded?”

That’s a good start. Next time, we’ll walk through Facebook’s security settings.

Jason

Share this

If you’re on the Internet, you’re probably being monitored. If you’re using a free service, you’re giving up some of your privacy as a payment. If you post something online, you have to assume that it could easily be shared with anyone with an Internet connection.

But that doesn’t mean you have to give up your privacy when you turn on your PC or phone. Here are 5 basic resolutions that will help you make sure that prying eyes can’t get easy access to your data online.

1. I will have a strong, unique password for every account that contains private information.
If you’re super concerned about protecting your privacy, you’ll use unique, unguessable passwords for all your accounts and update them 3-4 times a year. For your most important accounts, this is essential. But for your webmail, banking and Facebook accounts, if you have them, good password hygiene is a must. Here’s a system to create strong passwords you’ll remember.

2. I will go “Friends only” on Facebook.
Sharing your digital life with your friends only won’t guarantee your privacy — ask Randi Zuckerberg. But it will help limit your potential leakage from private to public. Facebook isn’t completely private, of course, ever. But if you want to share everything, Twitter or a blog are probably better options.

3. If I use Gmail, I will turn on two-factor authentication.
If you use your Gmail for business, the extra-layer of security of two-factor authentication is essential. Just make sure that your phone also has some sort of anti-theft or Find My iPhone app installed in case a thief gets ahold of your device. You may also want to clear your Google history, if you’re not interested in that existing.

4. I will log out of any account I’m not using and lock my PC and phone when it’s not in use.
This is just good common sense that I personally ignore on a regular basis. Not in 2013! It reduces how you’ll be tracked, it makes it less likely your own accounts will be used against you.

5. I will keep my software updated.
Our smartphones and PCs are actually quite secure if we keep them patched and protected with update system and security software. This, as you know, can be time consuming, so I’ll update as they come up and for my PC, I’ll use F-Secure’s free Health Check.

Happy 2013,

Jason

[Photo by Triple Tri]

Share this

I love this grainy, quirky picture. I emailed it to my wife. I Facebooked it. I tweeted it.

I love it so much that I brought it to my local photo lab to be blown up so I could frame it and put it on my wall. Unfortunately, the resolution is so low that it’s hardly worth the print, let alone the frame.

The picture was taken with my iPhone, which is handy to catch perfect poses like this. This method is great for capturing digital images to share but they just don’t transfer into the real world all that well.

So here are two quick tips to make sure the irreplaceable images you create this holiday season.

1. Make sure you capture the images you want to turn into actual printed images on photo paper are taken with a high-resolution camera, meaning NOT your smartphone.

2. Keep a backup of all your images–high quality or not–somewhere outside of your home in case damage to your equipment and even your storage disks.

Facebook is probably better than nothing but you probably don’t share every image you want to keep. You can try our Online Backup for free.

Cheers,

Jason

Share this

1. The end of the Internet as we know it?
“Depending on the outcome of an important conference taking place now in Dubai, a lot of things could happen in 2013,” says Sean Sullivan, Security Advisor at F-Secure Labs.That event, the World Conference on International Telecommunications, could have a major impact on the Internet as we know it. “The Internet could break up into a series of smaller Internets,” Sullivansays. “Or it may start to be funded differently, with big content providers like Facebook and Google/YouTube having to pay taxes for the content they deliver.”

The WCIT event is a meeting convened by the International Telecommunication Union (ITU) to finalize changes to the International Telecommunications Regulations treaty. In attendance are regulators representing governments from around the world, not all of whom are interested in Internet freedom. There is concern that some regimes would want to shift control of the Internet “from the geeks, and give it to governments,” as Sullivan puts it. New measures are also being proposed in the name of Internet security that privacy advocates suggest would mean the end of anonymity on the Internet.

2. Leaks will reveal more government-sponsored espionage tools
“It’s clear from past leaks about Stuxnet, Flame, and Gauss that the cyber arms race is well underway,” says Mikko Hypponen, Chief Research Officer at F-Secure Labs. While we may not always be aware of nation-states’ covert cyber operations, we can expect that governments are more and more involved in such activity. In 2013, we’ll most likely see more leaks that definitively demonstrate this, and from countries who haven’t previously been seen as a source of attacks. As the arms race heats up, the odds of leaks increase.

3. Commoditization of mobile malware will increase
The Android operating system has solidified in a way that previous mobile operating systems haven’t, extending from phones to tablets to TVs to specialized versions of tablets. The more ubitiquous it becomes, “the easier to build malware on top of it and the more opportunities for criminals to innovate businesswise,” Sullivan says. Mobile malware will become more commoditized, with cybercriminals building toolkits that can be purchased and used by other criminals without real hacking skills. In other words, malware as a service, for Android.

4. Another malware outbreak will hit the Mac world
2011 saw scareware called Mac Defender, and in 2012 Flashback took advantage of flaws in Java. The Labs predict 2013 will bring another Mac malware outbreak that will have some success within the Mac community.

“The author of the Flashback Trojan is still at large and is rumored to be working on something else,” Sullivan says. “And while there have been smart security changes to the Mac OS, there’s a segment of the Mac-using population who are basically oblivious to the threats facing Macs, making them vulnerable to a new malware outbreak.”

5. Smart TVs will become a hacker target
Smart TVs are plugged into the Internet, they’ve got processing power, and since they typically aren’t equipped with security, they’re wide open to attacks. Adding to their vulnerability is that unlike home computers, many smart TVs are directly connected to the Internet without the buffer of a router, which deflects unsolicited traffic. Also, consumers often don’t change the factory default username and password that have been set for web administration, giving easy access to hackers.

“It’s very easy for hackers to scan for smart TVs on the Internet,” says Sullivan. “When found, they only need to use the default username and password, and they’re in.” 2012 already witnessed LightAidra, a breed of malware that infected set top boxes. 2013 could see smart TVs being used for such purposes as click fraud, Bitcoin mining, and DDoS attacks.

6. Mobile spy software will go mainstream
2013 may see a rise in popularity of tracking software, and not just for parental control purposes. There has already been growth in child safety apps that monitor kids’ activities, for example, their Facebook behavior. “Of course this kind of software can also be used to spy on anyone, not just kids,” Sullivan says. “The more smartphones there are, the more people will be seeking out software like this – to find out what their ex is up to, for example.”

7. Free tablets will be offered to prime content customers
Tablets and e-readers are all the rage, and more and more often in closed ecosystems such as the iPad with iTunes or the Kindle with Amazon. As the Kindle price keeps dropping, the Labs predict that 2013 may bring a free e-reader or tablet for prime customers of companies who charge for content, like Amazon or Barnes & Noble. “Closed ecosystems are more secure, but you have to trust the provider to protect your privacy,” says Sullivan.

For ongoing analysis from the F-Secure Labs, follow News from the Lab.

Share this

The fact is that the average Facebook user has over 120 friends and likes another 100 groups or pages.

This means the news feed generally moves very quickly pushing down updates almost immediately. In an effort to improve engagement, Facebook has developed Edgerank which pushes the updates your most likely to engage with to the top of your feed. It also pushes Promoted Posts to the top, to monetize the tremendous amount of time about a billion people around the world spend on the site. If you don’t interact with a friend or a page, you’ll eventually stop seeing their posts in your feed.

Facebook isn’t like email. You can’t expect every friend to see every post. Depending on how many friends you have and how active they are, they are probably much more likely to see your status update than a tweet—which fly, by usually only seen by a tiny fraction of your followers.

Cuban’s main complaint is that Facebook doesn’t understand what its business is. He says the site is a “time waster” like television. For that reason, he thinks users would be better are determining what they’d like to engage with than Facebook is—if the site would only make it easier to “unlike” things and sort through the feed.

Cuban is right about what the site’s value is—a way to pass time enjoyably. But it does offer a more authentic, unique, interactive experience than TV in that it makes your friends and family your entertainment. If relationships are easily made and broken the site becomes a little less like life. It’s that relationship to reality that gives Facebook its advantage over old media. Still the accumulation of likes and relationships on the site creates your experience but it also makes it messier and less enjoyable if you aren’t getting to the good stuff fast.

In a recent survey we found that about 6 out of 10 Facebook users think the site as good or better than it has been. That left 4 out of 10 who think it’s worse.

So does Marc Cuban have a point? Could you do a better job managing your feed than Facebook?

The reason the site has taken it upon its self to manage our feeds is because it knows that most people won’t take the time to do so. They’ll just stop using when it gets boring.

But if you’re reading this, you care more than the average user. So here are a few suggestions to improve your Facebook experience.

1. Unlike, unlike, unlike.
If you’re on Facebook and see something that annoys you—like spam or a not safe for work posting, go ahead and unlike the person or page. It takes a second, you have to go to profile, click on the wheel thing and select “Unfriend” or “Unlike”. You can always reconnect later. But unless you get in the practice or trimming your feed, you’re never going to improve your experience.

2. Switch your feed view from “Top Stories” to “Most Recent”.
This won’t guarantee that you’ll see all the posts from all your friends in linear order. Facebook’s algorithm seems to make that impossible. But it will prevent Facebook from controlling your feed entirely.

3. Use “Close Friends”.
On the left-hand column of your Facebook feed, you’ll see a Friends category. You may have to click on “More” to get to it. Click on “Close Friends” and Facebook will give you suggestions on who to add to this list. Only add the people you’re most interested in following. This won’t improve your feed, but Facebook will give you a notification when one of your favorite friends post. With this feature, you don’t need to worry about missing the posts from the people you care about most.

Cheers,

Jason

Share this

This link almost inevitably leads to something you don’t want–a phishing scam or a malicious page.

There’s one way to avoid this problem complete: Don’t click on links people send you via Direct Messages on Twitter.

But is there a larger message here, something that extends beyond Twitter? Sure!

Don’t click on that link in an email from your “bank.” Don’t click on that link on Facebook that promises an outrageous video. Don’t click on that link that screams “FREE!” In this era of shortened and spoofed URLs, you can’t be sure where any link will take you.,

It’s always best to go directly to your bank or financial institution’s site or Google for videos or images related to the hottest scandal. Nothing is a hundred percent reliable but you’re adding a layer of protection.

If you really must click on a questionable link, check it with our free Browsing Protection first.

Cheers,

Jason

Share this

Consumers are adopting these technologies just as quickly. According to F-Secure’s 2012 global consumer survey, 45% of consumers are already using smartphones to access the Internet, 18% are using tablets and 10% smart TVs. And the numbers are increasing all the time.

You might say that these developments are finally heralding the era of ubiquitous computing. But it’s important to remember that the attackers will follow the users. That’s why having up-to-date protection on all your devices is as critical as ever.

To that end, the newest version of F-Secure Mobile Security offers universal Android protection – for all your Android devices, even your smart TV or set top box. Smart TVs are a new frontier for threats from cybercriminals, so it’s reassuring to know that our solution is there to protect as the technology develops and the threats grow.

Share this

If you’re looking to connect constantly with friends online constantly and seamlessly there is no better way to do it than using Facebook. Since I use the site for free, I’m aware that I am Facebook’s product, meaning they need to market or monetize as much as what I do on the site to make it profitable. Knowing this, I do not think it’s a great place to be private but that’s not why I go on the site. For me it’s about sharing and connecting.

I’m also a believer in Facebook as a business. In a world where people where are doing whatever they can to avoid advertisement, people are friending brands and artists to get more information (also known as more ads). This creates relationships between people and brands that have never really existed in history. The many ways this platform can be used to build or grow businesses cannot yet be imagined. I expect that this holiday season and every holiday season, Facebook will set new records for enabling commerce and helping people find perfect gifts.

But as a devoted Facebook fan and user, I am aware that the financial trouble the company is in will affect my use of the site. When the company went public earlier this year, the stock did not maintain its value and recently it has tested new lows. What made Facebook great was a focus on experience but only a fool would assume that the financial situation the company is in won’t force it to try new methods to grow revenues.

One of the first examples of how your information will be used to market to you has just been announced. Companies that have your email or phone number will soon be able to use that information to serve you ads on the site. Facebook will anonymize the data so the companies won’t get any extra information on you unless you respond to the ad.

A natural response would be to wonder if you want this kind of targeting based on your information. Should you delete your number from the site? (Your email address is required.)

I’ve decided I will not because I like the ability to use my phone to get my account if it’s hacked, two-factor authentication and to get one-time passwords for use on public computers. And the companies that already have my email and phone number are likely companies I trust.

(You can remove your number if Facebook has it by going to Account Settings > Mobile.)

I am aware that anything I do on Facebook my ultimately be used to market me or to try to increase my friends’ interactions on the site. I’m also used to this idea of paying for content by enduring advertisement from television, radio, Google… But the thought of my social life being that content is always a bit scary.

Still, nothing much has changed. Facebook will only be able to share what I give it share. As always, my privacy is up to me.

Image by Johan Larsson.

Share this

In the US, we’re in the middle of an election where social media is playing a huge role in seeking support and donations. For millions of Americans, “liking” a candidate on Facebook is an easy way to keep stay in touch with or show a little support for a candidate. Of course, your friends will see that you’ve liked a page. But that’s just one quick event in your newsfeed.

However, there’s another way your political “likes” may show up on the site that you should keep in mind. Facebook automatically opts you into your social ads program. This means it can use your name to tell your friends that you’ve liked a page on Facebook. So you may see an ad that says “Your  friend likes Mitt Romney” or “Your friend likes Barack Obama” if they’ve liked that candidates page. Or let’s say you’ve liked the page of a candidate you don’t actually like to keep up with his or her activities. That candidate can still use your name to advertise to friends.

If you’re worried about your political views getting between you and your friends and family on Facebook, there’s two simple things you can do.

1. Avoid liking political pages on Facebook.

2. If you enjoy keeping up with politics on Facebook but want to keep your views to yourself, just turn off Facebook’s social Ads.

• Just go to “Account Settings”.
• Click on “Facebook Ads”.
• Click on “Edit social ads setting”
• Next to “Pair my social actions with ads for” select “No one”.
• Click “Save Changes”.

There you go.
Cheers,
Jason

[CC image by west.m]

Share this

Take a look:

Our Content Anywhere solution gives you the ability to share any of your content on any of your devices anytime without losing control of it. Until that’s available to all users, here are a few suggestions on how to keep control of your content.

1. Share your images through email.
It’s never a good idea to broadcast your location on Facebook or any social network to anyone you wouldn’t tell in purpose. Still, many of us like to share our images in real time. So you can always share the old fashioned way — email. This removes the worry of who exactly you’re sharing with when you don’t want your pictures to spread out over your network.

2. Be careful when sharing “unlisted” YouTube videos.
YouTube has a handy option that allows you to share a video directly only with people who have the link. This feature doesn’t prevent anyone from sharing that link or posting that link on other sites. There have been instances of unlisted videos going viral. To be safe when you want to keep a video private, choose the private setting and invite specific users to see it.

3. Remove the location data from your images.
Even if you’re sharing your content, you may may not want to reveal your location or the location of your kids. Yet the images you share may be doing just that unless you’ve made sure to turn off the location data stored in your images. Here’s how to disable the location meta-data your phone may be adding to your images.

Share this

When I started tweeting 2007, it took a while to find out how to make Twitter part of my life, or why I even would. Now I know that it’s the perfect way to share and enjoy observations, jokes and content from around the world.

Twitter is both business-friendly and casual. It’s silly and serious. A passing fancy and completely addictive. When the game is on or news is breaking, Twitter is the perfect way to have a conversation with the world. If you get your feed right, it’s like a never-ending cocktail party with the people you want to hear from most.

That all may sound nice. BUT WHAT IS IT REALLY?

That’s what a colleague at F-Secure wanted to know. So he sent me series of questions that he called “Twitter for Dummies”. I hope he doesn’t mind but I decided to turn my answers into a blog post since his questions are the perfect way to introduce to service to a new user.

1. What’s a tweet ?
A tweet is a 140 character message. That includes punctuation and emoticons. The limit inspires a precision of language.

Want to know what a popular tweet looks like? Go to Favstar.fm You’ll see most are quips or jokes. But nearly every publication and writer in the western world is on Twitter. Ricky Gervais, Stephen Fry and Steve Martin all tweet.

Here’s an example of one of @Mikko‘s most popular tweets:

“Siri, I’m bleeding really bad, can you call me an ambulance?” imgur.com/2cY3m.jpg

— Mikko Hypponen (@mikko) December 27, 2011

2. Who sees it when I send one?
The only people likely to see a tweet are the people who follow you. At first, that may be no one or not many people. BUT it is important to note that unless you protect your tweets in your settings it still could be seen by anyone—if they go looking for it.

Twitter has two privacy settings: public and protected. Nearly all users choose public. And of course, even if it’s protected, the information in your tweet could be shared by anyone follows you.

3. Where do I send it to?
First you need to sign up either by going to Twitter.com or by downloading the Twitter app for your phone. There are other ways but going to the website is easiest. You’ll need to choose a unique user name that isn’t more than 15 characters. You’ll also be able to write a bio and choose an icon to identify you. But these are optional steps that you can do later.

Once you have an account, Twitter can search your webmail accounts to find out if you have any friends on Twitter. You surely do. Once you follow them, they’ll likely follow you.

Now you’re ready to tweet. Go to the Compose a tweet button and type directly into the pop-up.

4. What does this symbol signify…#xxxxx
It’s called a hashtag and it was invented by Twitter users as a way to create a channel or thread of people discussing the same topic. Most TV shows and events have their own hashtags these days. Companies use them to promote themselves. Often they are added by users as jokes as in #TMI or #firstworldproblems.

5. What does this symbol signify…@xxxxx
That indicates a Twitter username. It was also invented by Twitter users. When you tweet someone’s username in that format, the person gets a notification—that they probably turned off but they can still your message even if they’re not following you by clicking on the @Connect tab on Twitter.com

6. Can I add pictures?
Yes! It’s very simple now to add pictures to a tweet. When you have the Compose window open, click the camera button. Add your photo in the same way you’d add an email attachment. Your mobile app will have a similar button that works about the same way.

7. Links ?
You can add a link to any tweet—if there is room. Don’t worry. Twitter both on its website and its mobile app automatically shortens your links so they take up about 20 characters and won’t let you tweet if you’re over the limit.

8. How do I ensure I don’t mess up?
Excellent question. It happens all the time. People have lost their jobs for Tweets. At least one man has been arrested for a tweet. Yet millions and millions of people tweet all the time, enjoying mostly positive experiences. The easiest answer is don’t tweet anything you wouldn’t say in a crowded room of colleagues. If you do, delete it as soon as possible.

If you’re very worried about what you might say, open an account with an email account you don’t regularly use. You can then obscure your identity and tweet with impunity—as long as you don’t threaten or libel anyone.

There’s lots more we can go into. But I think this is more than enough to get started—if it sounds interesting to you.

If you’re already Twitter user, what made you fall in love with Twitter? What should new users know and whom should they follow?

Cheers,
Jason

[CC iPhone image by SteveGarfield]

Share this

Hopefully you have some time to get away this summer. But before you, we think now is an excellent time to clean up your online accounts.

1. Change your passwords on your most important accounts.
It’s good password hygiene to update your passwords at least a couple of times a year. If you haven’t updated the passwords on your most important accounts, do that now.

Remember to use different passwords for all of your accounts that matter. Need help remembering strong passwords for all your accounts? We suggest this system.

2. Clean out the apps you aren’t using on your Facebook and Twitter accounts.
If you’re an active user you’ve probably given third-parties access to your Facebook and Twitter accounts to get the benefits of different applications. Now is a great time to erase any apps you aren’t using.

On Facebook:
Go to the down arrow in the upper right hand corner, and select “Account Settings”. On the left side of the next screen select “Apps” and click the “X” on the far right next to any app you do not use. If you’re not sure if you use it, feel free to click the “X” because you can always add it again later.

On Twitter:
Under “Settings”, go to Apps. Click “Revoke Access” next to any app you aren’t using. You can also add any app you miss back later.

3. Close down any accounts you aren’t using.
Did you join Classmates.com? How long has it been since you’ve been there? If there is an online account you started and do not use, the smart move is to close it down before your information is sold to another service you never intended to sign up for. Some services purposely make closing an account difficult. In that case, just erase as much of the information as you possibly can.

Ahh, doesn’t that feel better? Now you’re ready to enjoy your Midsummer.

All the best to you and yours,
Anna

[CC image by darkismus]

Share this

F-Secure Labs has covered the recent discovery of the Flame malware, a cyberweapon that is being used to target very specific users for surveillance purposes. Unless you’re a nuclear scientist or the system administrator of a weapons developer, you’re not likely to be targeted by such advanced malware.

Still regular, everyday cyber criminals will take advantage of any sloppy mistakes you make while relaxing. So let’s get a few security precautions out of the way so you can have a good time.

1. Update your devices before you go.
Make your system software is updated on your PC, smartphone and tablet at home on your safe and secure network. A patched and protected system along with updated security software is your best protection against threats. (Our free Health Check makes that easy.) Avoid taking software updates while on the road, especially while using hotel Wi-Fi. Criminals have used faked updates on hotel Wi-Fi to infect users with malware. If you follow Krebs’s Number One Rule for Staying Safe Online–“If you didn’t go looking for it, don’t install it!”—you’ll be fine.

2. Back up your hard drives and put a remote lock on your phone.
Traveling with the only digital copy of irreplaceable data or media is not a wise choice. Before you leave your house, back up your devices hard drives. (If you don’t have a backup option, you can try our Online Backup for free.) You should also put a software on your phone that gives you the ability to lock a lost phone and erase it if necessary. (Our free Anti-Theft for Mobile does this for Android and Symbian phones.)

3. Use direct DSL or cable connection when you can; if not, use encrypted Wi-Fi with a VPN.
If free public Wi-Fi is your only option and you do not have a VPN, consider yourself watched. Try to use one-time passwords for services that offer them such as Facebook and Hotmail. Using free Wi-Fi or a public computer for shopping and banking is definitely not recommended.

4. Don’t click on links or attachments in email, especially from email you were not expecting.
This is a piece of advice from the Labs that we keep repeating because everyone knows the attachment but the link part is new. Links can lead to scams, which on your phone especially may look as official as any bank website.

5. Be careful about sharing your location.
Most of the fear about sharing location online comes from a very few examples of people being robbed by Facebook friends. The basic rule is don’t tell anyone online that you’re not home who you wouldn’t tell in real life. So you probably don’t want to broadcast your vacation on your public social networks. Why not use email—like we did in the olden days?

Using your devices to improve your vacation is not a problem as long, as you take a few precautions. You earned the chance to rest and relax so enjoy it.

Cheers,
Jason

[CC image by gavdana]

Share this

But for most of us, we’re willing to trade a litte of our privacy for a service we like, or a little company.

Thorin Klosowski recently published a piece on Lifehacker called “Living in Public: What Happens When You Throw Privacy Out the Window”. In it, he describes how he, a very private person, decided to live his life in public.

For three weeks, Thorin shared his location through location-based social networks wherever he went. He made all of his activity on his favorite apps public. He allowed all of his Internet activity to be tracked by anyone who wanted to track it.

After three weeks, he asked a stranger to take a look at all of his activity and tell him what she thought. What she said and what Google thought about him (see what Google thinks about you here) turned out to be pretty accurate.

The reason that social networks are addictive, I’d argue, is that they are pretty good representations of who we are in real life. The problem arises as we share we may create evidence online that can look bad out of context—like those party pictures. The old notions of a private self that your boss doesn’t know are transforming drastically every day. Some of it is beyond your control. But there is a lot you can do.

The first thing to do is to think about the tools that may give away your privacy.

Here are a few:

• Social networks—Facebook, Twitter, LinkedIn. Do we need to mention Google+?
• Location-sharing services like Foursquare or posting pictures that include your location data on it.
• Browsing the Internet without turning off tracking tools.
• Allowing services like Google to track your history.
• Apps that encourage social sharing.

How can you limit the privacy you give away?

• Master the privacy settings on every social network you use.
  You always need to keep whom you’re sharing with in mind. And it’s always best to share under the premise that anyone in the world could come across your post. Settings for Facebook may be ‘Labyrinthian’. But settings generally resemble Twitter’s two basic choices: public or locked down. You should also enable two-step authentication tools when available, such as for Google.
• Avoid using private computers or open Wi-Fi networks when you don’t have a VPN running.
• Use strong passwords your friends can’t guess.
• Use tools that stop your web activity from being blocked. Klosowski has a good list of them in his post under the heading “Letting Websites Track and Collect All the Data They Want”.
• Avoid apps that encourage social sharing and turn off location data in your images.
• Keep ALL of your devices patched and protected with the latest system and security software. Our free Health Check makes that easy for your PC.
• Always think before you click publish, post or check-in.

For every free service we use, there is a cost. On the Internet that cost is usually privacy.

You can’t always expect people to respect your privacy. But you can always respect your own.

What tools am I missing that give away or protect your privacy?

Cheers,
Jason

(CC image by Lance Nielsen.)

Share this

To bring us some cheer, Karolina (shown here with her son), an F-Secure fellow from Poland, created this precious little Easter chick (click here to download it). We especially like it as it celebrates some of F-Secure’s successes over the last few years.

It’s a free, fun project to share with your family.

The best to you and yours,

Anna

Share this

“We never expected anyone to believe that we’d risk alienating our user base in the midst of our company’s IPO. But when we laid the seeds for what we hoped would become a legendary April Fool’s six months ago, many people ate them right up.”

During the first stages of the so-called Timeline, thousands of people signed up as Facebook developers just to play with the new look.

“We thought then, we better come up with something operational, just to keep it going. Then it just kept snowballing and snowballing till today.”

Facebook says that those who have opted into the new look will be allowed to keep it. The rollback will begin at the end of business April 1.

“When people and companies started uploading content from their entire lives, at first we were worried,” Zuckerberg wrote. “We were sure no one would do that. Then analysts saw this further proof of the site’s stickiness. The FTC actually complimented us for once on the privacy measures. At the end of the day, someone should have ended this thing months ago. But here we are on April 1.”

Many Facebook members are cheering the news. Others are smirking. Several of the 45,567 members of the “Timeline Must GO AWAY” Facebook group announced that they had never really believed it was coming. “H8ers can H8 but I was right,” said user Maggie Simpson.

We at F-Secure had taken the Timeline extremely seriously offering “4 Things You Should Do as Soon as You Get Your New Timeline”.

We’ll now add a fifth thing to the list: Blush.

Cheers,
Jason

Share this

Are we letting our ecological footprint grow out of control? What kind of planet we want leave to the next generations?

A warming planet alters weather patterns, water accessibility and food suplies. It also threatens a sustainable way of life for us and the world’s wildlife. At F-Secure, we believe it’s our responsibility to leave our children and their children an environment where they can thrive.

Earth Hour is a global call to action for individuals, businesses and governments around the world to unite against the climate change.

F-Secure will participate in this weekend’s Earth Hour movement. All of the lights in our Helsinki headquarters will be turned off between 20.30 and 21.30 local time on Saturday evening. It’s a small step but an important reminder that we can all do our part individually and together.

We invite you to join Earth Hour to help protect the irreplaceable earth we all share.

This earth will grow cold,
a star among stars
and one of the smallest,
a gilded mote on blue velvet

I mean this, our great earth.

This earth will grow cold one day,
not like a block of ice
or a dead cloud even
but like an empty walnut it will roll along
in pitch-black space …

You must grieve for this right now
–you have to feel this sorrow now–

for the world must be loved this much
if you’re going to say “I lived” …

-Nazim Hikmet

Cheers,

Ulla

CC image by  Mișu Trașcă

Share this

As Billy on our Facebook page points out, asking for a private password would certainly violate the rights of citizens of the European Union. And even in a country where this might be legal, it seems to violate every notion of both privacy and security.

As a basic rule, you should not share your passwords with anyone. For the accounts that matter to you the most, you should choose a unique password that cannot be guessed. We recommend this system.

Lawmakers in the US have tried to make sharing a password to a content site such as Netflix illegal. But might there be some instances where you’d want to share your password.

For instance, 1 out of 10 people in the United Kingdom reported that they included their passwords to their online accounts in their will. And certainly some couples share their passwords with each other. And some parents make sure they know their kids’ passwords. These personal reasons for sharing passwords are up to a family’s discretion.

But when it comes to professional life, no one needs to know your password – including your boss.

Can you think of a situation when you’d share your password with an employer?

Cheers,

Jason

CC images by woodleywonderworks

Share this

Since the winter of 2011, Facebook has been slowly rolling out its new profile look to the nearly one billion people who use the world’s largest social network.

Facebook has indicated every user will be forced to move over to the new profile look called Timeline. All Facebook brand pages now have the look but Facebook is still rolling it out to profiles. (To get it now, go here and click “Get it Now.”) Some will be annoyed by this change, of course. They’ll note that the old profiles worked and there are some unforeseen consequences that raise privacy issues. This inevitable when Facebook makes changes that affect so many people.

But the world’s largest network seemed to learn a valuable lesson from its vanquished competitors Friendster and MySpace: change happens. Unless they continually give users fresh new social experiences, their users will move on.

The Timeline is definitely new. Looking at the Timeline from a social media security and privacy perspective alone, I say that the new Timeline and the updated privacy settings Facebook put in place in late 2011 are both improvements.

The average Facebook user is “friends” with well over 100 people. Add that to the 100 pages more users like and you have an account that is out of hand. Sensing this, Facebook has made it easier than ever to unlike the people and pages you no longer wish to connect with.

The rollout of the Timeline gives you the perfect opportunity to take control of your Facebook and edit your account. (It also gives you a space to post a cool cover photo, which is completely optional.)

Here’s what you need to do now:

1. Decide if you want to hit the “reset button”.
The goal of Timeline is to make your life story available to as many people as you are willing to share it with. Facebook has reduced its privacy options to three levels.

They’ve eliminate “Friends of Friends”, which leaves some of your posts in a limbo. To make up for this, they’ve added what I call the “reset button”. You can with one click turn all of your past public and “Friends of Friends” posts into “Friends Only”. If you do this, you can reverse it. You’ll have to adjust each post or picture individually.

If you are a privacy minded person, hitting this button is a great idea and a great way to start your new Timeline. To do this:

a. Go to the arrow in the upper right corner and select “Privacy Settings”.
b. Next to “Limit the Audience for Past Posts” click “Manage Past Post Visibility”.
c.Then click “Limit Past Posts”.

2. Audit your Friends.
The best way to get a better news feed free of spam and distractions is to only people who share content you’re interested in.

Now that you have the Timeline, you can access your friends list easier than ever. Best of all: by simply scrolling over their images, you can unlike anyone quickly. Here’s how:

a. Go to your Timeline and click on your Friends navigation.
b. Put your mouse over any of your Friends’ names. This box will come up.
c. Put your mouse over the “Friends” box.
c. You can choose “Unfriend” or if you don’t want the person to have any idea you don’t want his or her updates, just click on “Show in News Feed”. This will automatically unsubscribe you from their updates. You can get pretty granular about which updates you want. This makes your Facebook life infinitely more complicated.

Facebook is simplest when you think of friending as an all or nothing thing. Either you want to stay in touch with someone or you don’t. If you don’t, unfriending is the best bet.

Go through your entire Friends list and get rid of anyone you don’t want to be in contact with. You can always go back and friend someone again if you make a mistake.

3. Audit your “Likes”
Unfortunately, Facebook does not make it so easy to stop following the pages you’ve liked.

Click on the Likes button. If the page happens to fit into the categories of music, books, movies or television, you can easily put your mouse over the page name, then the “Liked” button and choose unlike.

If you want to unlike any of the other pages you’ve liked, you have to scroll down the Likes page. There you’ll see the pages you’ve liked listed by the year you liked them. To unlike these pages, you have to open them in a new tab and click and the “Like” button there. Then click unlike. This process can take a long time.

Why did Facebook make it so easy to unlike friends and not pages? You probably would guess, as I have, that they’re doing businesses a service. The ads business buy on Facebook often use people who like a page to target their friends. Facebook is a business and this is a design that helps that business more than it helps you. Still, it’s worth taking a look at the pages you’ve liked to decide which you want to get rid of.

4. Audit your apps
Facebook’s new Timeline aims to make the music and media you consume part of your profile. For this reason, some apps—such as Spotify and Goodreads—have the ability to post directly on your Timeline.

Apps, like most software, come with terms and conditions most people skip over. Often, we have no idea how much access an app has to our private data. That’s why it’s always a good time to edit your apps to get rid of ANY that you are not using. Here’s how to do it.

a. In the upper right corner of your Facebook page, click on the arrow
b. Select “Privacy Settings”.
c. Scroll down to “Apps and Websites” and click on “Edit Settings”.
d. Under “Apps You Use” click on “Remove unwanted or spammy apps.”
e. Click the little blue x on the far right for any app you do not use.

Share this

Many users see the permissions apps ask for as something we just have to click through in order to get to the software they want. But these permissions have real world consequences. You’re giving developers an opening to your contacts, your communication and more.

The best solution is to stick to official marketplaces and developers you trust. And always check the permissions when you’re installing an app.

You can go back and check the permissions on your Android apps by going to going to Settings > Applications > Manage Applications. Select your application and then scroll down. Don’t like the permissions you’ve granted? Delete the app.

Apps are playing an increasingly large role in our lives. Phones have apps. Browsers have apps. Even your apps have apps. You should regularly check your Facebook Apps and your Twitter apps, for instance, and remove any that you are not using. If you invite an app in to your life, it’s your job to make sure that it behaves.

Cheers,

Jason

CC image by Johan Larsson

Share this

The fact is millions, if not billions, of relationships have begun online. And that number is growing as the lines between offline and online merge.

Online dating is an especially interesting issue for us because it merges many of the issues we think about most: security, online safety, content control and social networks.

The fact is by “putting yourself out there” online, you do open yourself to risks you might avoid otherwise. You may also open yourself up to the person you’ll spend your whole life with. If you want to give it a try or try it again, we recommend a few precautions.

1. Trust your instincts.
A rule of dating that is often mocked is “Be yourself.” It’s so vague and unhelpful. But what people seem to be saying is “Trust you gut.” If something gives you a bad feeling, if you regret signing up for a site, if you regret making a date, step back. The great thing about dating online is that you’re increasing your options. So don’t worry about blowing one opportunity. If something gives you a bad feeling, back off and apologize. Don’t be afraid to cut off contact or even erase emails before you open them. It’s your gut, protect it.

2. Remember that the Internet never forgets.
Anything you do online creates some sort of data trail. Any message you send can be made public. Any picture you post can be reposted. In the past, only celebrities had to worry about their private activities being made public. Now we all do. So imagine that anything you share could go public and definitely close any accounts once you’re done using them.

3. Secure your PC.
When using any social network, you should make sure all the applications and your security software are patched and protected. (Our Health Check makes that easy.) Also keep in mind that by putting your email out in the world, you’re making yourself more vulnerable to email scams. For this reason we recommend never clicking on the links in emails.

4. Get the low down.
Talk to your friends who have tried out online dating. Ask them for their tips and regrets. If you don’t feel comfortable chatting with someone you know, Match.com has a nice list of all the possible safety precautions you should be taking. Also, Google the people you’ll be meeting, and their email addresses. You may be surprised at what you find.

5. Go the extra mile.
The Electronic Frontier Foundation recommends, “Get a throw-away email address, avoid using your name, and avoid paid sites that would elicit your credit card number and billing information. To maintain the highest levels of privacy, consider taking steps to obfuscate your IP address, such as using a VPN.” Also, you should use https on secured networks whenever possible. Keep in mind that any site you trust with your data is only as good as its privacy policy and its word.

Cheers,

Jason

CC image: Julien Haler

Share this

Here’s how Facebook states the ownership of your content in its terms and conditions:
You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings.

So, by posting content or information, you grant Facebook the license to use your content in accordance with your privacy and application settings. That means unless you’ve set the setting for a piece of content for “Custom” > Only Me”, someone can see it.

If someone can see your content on Facebook, they can likely copy it or capture it in some way. You’ll still own the content, but you may have lost control of it. In fact, even if you delete your pictures on Facebook, they still may not be technically deleted.

Your name and image are even set up by default to show up in Facebook’s advertising shown to your friends. (To adjust this, go to “Account Settings”> “Facebook Ads” > “Edit social ad setting”.)

This why a good rule of thumb is: Don’t post anything on Facebook you would not like to see go public, even if your settings are completely locked down.

(And if you’re in the US, you should take extra care not to post anything negative about your employer using your employers’ computers or mobile devices.)

The issue of who controls our content is likely to become more controversial as the cloud makes it possible to store, sync and share content from any PC or device any time. People want access and the ability to share. But they want to do so without giving up control of their irreplaceable images, videos and documents.

This is why F-Secure has created Content Anywhere.

Content Anywhere is a safe personal cloud service provided through operators and ISPs that makes accessing your content wherever you are easy. With Content Anywhere, Internet providers will move beyond being ‘data pipeline’ to become the ‘king of the content cloud.’

We’re looking forward to sharing more about the our move into safe cloud technology, which we believe is the future of sharing and enjoying your content in a smart and secure way.

Cheers,

Jason

CC image credit: jurvetson

Share this

Wir sind stolz auf diese Community, aber zugegebenermaßen gab es bisher ein
Problem: Alle Beiträge sind auf Englisch. Unser Kundensupport ist natürlich
in mehreren Sprachen über Chat, E-Mail oder Telefon erreichbar. Aber nur
unsere englischsprachigen Kunden hatten bislang die Möglichkeit, sich
gegenseitig in der Community zu helfen.

Das ändert sich ab heute, denn jetzt ist unser deutschsprachiges Forum
online. Leider können wir dort noch nicht all das Wissen zur Verfügung
stellen, das sich bereits in der englischen Community angesammelt hat. Aber
da kommt Ihr nun ins Spiel!

Wir hoffen, dass Ihr Euch bei dem neuen Forum anmeldet und dort munter
mitmacht. Bereichert die Community mit Eurem Wissen über F-Secure oder über
Computer- und Internet-Sicherheit allgemein und macht Euch selbst dort
schlau. Wir freuen uns, Euch in unserem neuen deutschsprachigen Forum zu
treffen!

Hier geht es zum deutschen F-Secure-Forum:
http://community.f-secure.com/t5/Deutsch/ct-p/Deutsch?skin=de

CC image by:  jimwinstead

Share this

That’s why we thought now would a good time to discuss why password security is so important on a site like Facebook.

What does a hacker get if he gets your password?

He gets immediate access to your account and the opportunity to change your password to deny you access. That’s bad. What’s worse? He could then get access to any other sites where you use the same combination of login and password. If this includes your email, he could wreck major havoc.

How to protect yourself

1. You should use a unique combination of login and password for ANY site that matters to you.
2. Choose a strong password that can’t be guessed.
3. Watch where you click on Facebook.
4. Keep your system and security software patched and protected.
5. Don’t click on links in your email.

What should you do if you think you’ve been hacked?

Change your password immediately. Then change the password of any account that uses that same password.

Cheers,

Jason

CC image by familymwr

Share this

F-Secure’s Customer Care team has been taking away features that don’t work—such as my failed attempt at starting a Social Media Security board—and adding new, cool features—such as the Idea Exchange where you can submit or recommend an idea for an F-Secure product.

What’s especially exciting is how the Community team loves to create fun events like this  Q&A with F-Secure Labs’ Mikko and Sean. Until December 9^th, you can ask these two world-renowned virus researchers any security question you have in mind. Ask them about Brain, Stuxnet or Duqu. Or ask them why a neighbor stealing Wi-Fi might be a bad thing, or not. It’s up to you. And after December 9, you’ll probably still be able to find some expert to answer most any question you might have about F-Secure security, mobile or backup.

You probably know Mikko, Sean, the Labs Weblog and F-Secure are active on Twitter. But you may not know that now our Customer Care team has joined the world’s largest mini-blogging site as @FSecureCares. So now you can contact support by chat, email, phone and Twitter.

Thanks for following us as we try to connect in most useful ways possible. Your support and time are appreciated. If you haven’t joined the Community, we hope you’ll do so now.

Cheers,

Jason

Share this

It’s probably better for app makers and brand pages that benefit from the credibility they get from prominent mentions in your Timeline. And it’s probably also better for people who love to use Facebook to tell the story of their lives. But is it better for you? You’ll have to decide.

The idea behind Timeline is: “Tell your life story with a new kind of profile.” Knowing that Facebook’s goal if for you to share your story with the widest possible audience, you should take a few steps to make sure you are only sharing the chapters of your life you really want to.

1. Get your friends’ settings right and audit your friends.
Whenever there are big changes on Facebook, outrage follows. Then it fades and Facebook grows. You can expect a similar cycle as Timeline rolls out. The Timeline is designed to tell your story through the content you’ve posted on Facebook. Some will find that unsettling.

The fact that Facebook built a setting that automatically makes all of your past posts “Friends Only” along with the slow roll out of Timeline indicates that Facebook is anticipating some backlash. Facebook has made the basic friend settings easy and you can now easily change the settings on any old post.

If you’re a “Friends Only” user like me, I recommend that you take advantage of the “reset button” set all of your old posts to “Friends Only”. To do this, go to the arrow in your upper right corner > Privacy Settings> Under “Limit the Audience for Past Posts” click “Manage Past Post Visibility.” If you use this setting, you can’t undo it. You can edit each post’s settings individually but you can’t change them back all at once. You can always make any post only available to you by selecting the “Custom” setting.

2. Check how you are tagged
Anyone can now tag anyone on Facebook. And if a friend tags you in something it could end up in your profile. You can always remove a tag but unless you have your settings right, a joke picture could pop up right at the moment a potential employer happens to click on your Timeline.

Go to the arrow in your upper right corner > Privacy Settings> Under “How Tags Work” click “Edit Settings.”

Here are my recommendations for tagging:

I have Timeline Review and Tag Review on for maximum Timeline control.  Timeline Review lets me approved anything tagged with my name before it shows up on my profile. Tag Review lets me approve tags on my content. I also have Maximum Timeline Visibility set to “Custom” “Only Me” for an extra layer of protection.  I don’t let Facebook recognize me in photos nor do I let friends check me into Places.

This is about as locked down as you can get. But I’ve found erring on the side of privacy has never been a problem for me on Facebook.

3. Edit your apps.
An app can write directly to your “wall”/timeline if you’ve given it permission to do so. Fact is you probably don’t remember if you’ve done so. And now apps play a more prominent role in your profile. So you should go through your approved apps and delete any that you are a) not using and b) would never like to see show up in your profile.

Go to the arrow in your upper right corner > Privacy Settings> Under “Apps & Websites” click “Edit Settings”> Under “Apps You Use” click “Edit Settings”> Click the light blue “x” next to any app you want to get rid of. Now, whenever you use an app, actually read the permissions the apps want. And it the app can write to your profile, your activity will become visible in your timeline

Extra Tip: Turn of Instant Personalization
Go to the arrow in your upper right corner > Privacy Settings> Under “Apps & Websites” click “Edit Settings”> Under “Instant Personalization” click “Edit Settings”> Uncheck the box that says “Enable instant personalization on partner websites.”

Why?
Facebook has been automatically sharing your public Facebook data with third- party partners through apps for over a year now. Now that apps will be posting to your timeline, you may end up having your activity on sites you didn’t mean to make public show up on your timeline. This is being very cautious. But it could help avoid some unintended consequences.

In Conclusion

The fact is we can’t be fully aware of the implications of Timeline until its widely implemented. When will that be?

On Quora, a, a Facebook employee speculated that it would be before the end of October. (If you’re dying to get the profile, here’s one way people have been able to get it.) The one thing you have to understand up the Facebook Timeline is that it can make your life feel way more public. More than LinkedIn, Twitter or most any other site, Facebook has the content to tell the story of our lives over the past few years.

Going forward, Facebook—I believe—hopes that you will embrace Facebook as the channel for your lifecast and mindcast in a public way. And if you do, Facebook will hit the billion-user mark before the end of 2011.

Cheers,

Jason

Share this

In the US, there is no explicit right to privacy. While courts have ruled that “penumbras” that implicitly protect citizen’s rights to family lives and correspondence, Americans give up most of their privacy when they go to work.

Here’s a look at how the digital privacy laws of the world’s two largest democracies compare.

The Workplace

EU
In the EU even your personal correspondence on your work computer is protected. Thanks to Data Protection Directive employers not only have to notify employees if any private data is being monitored, they also have to prove there is a good reason to do so.

US
As Melissa Ngo, the publisher of Privacy Lives, points out, in the United States, “Employees have few privacy rights in the workplace.” In most cases, employers can even read personal email sent on a work computer, even if the mail is not stored on work servers.

Recruiting

EU
It is even against the law for companies to Google a job applicant in Finland. Germany is considering a law that would make it illegal to look up an applicant on Facebook . In general, public information may be viewed. But companies must explicitly state what information they keep and how they use it in accordance with the Data Protection Directive.

US
Nearly 90% of American companies use LinkedIn for recruitment.  A recent decision by the Federal Trade Commission indicates that the last seven years of your social media activity may be fair game in a background check.  Americans should expect that any public post that includes their name may be accessed by a potential employer.

State Surveillance

EU
When the Chaos Computer Club (CCC) identified a software backdoor, which they claimed was being used by the German government, many assumed this was in violation of the German constitution. In fact, the German Federal Constitutional Court declared in 2008 that the “integrity in information-technology systems” is a “fundamental right”. However, German courts have approved over 50 requests by law enforcement to use spyware. So in Germany, at least, spyware is being used by law enforcement, with courts supervising the activity.

US
Government documents indicate that the US government is using spyware to track persons of interest, sometimes without a warrant.  Potential government surveillance seems to be an accepted fact of American life as the PATRIOT Act is continually renewed.

(Note: F-Secure joined several anti-virus makers in blocking the German federal malware, though no F-Secure customers had been infected by the backdoor. F-Secure Labs has never been asked to ignore a government backdoor, and would never do so.)

Right to Be Forgotten

EU
The European Union has stated that its citizens should have the right to be forgotten online.  This means that  “individuals should have the right to have their data fully removed when it is no longer needed for the purposes for which it was collected.” Europe v. Facebook has been advocating that European Facebook users petition the world’s largest social network for a copy of their data. European law gives all citizens the “right to access” such data but the site says Facebook has been ignoring this.

US
US citizens currently have no “right to be forgotten” though the Privacy Act of 1974 requires that all companies disclose how customer data will be used.   Senators John Kerry and John McCain have proposed the “Commercial Privacy Bill of Rights Act of 2011” which includes a reasonably scoped “Right To Be Forgotten”. That bill is currently in committee.

***

In April, Google decided to end Street View in Germany. The decision came after a protracted battle with German citizens who saw this initiative to create a digital image record of the country’s public streets as an invasion of their privacy.

Google met no such widespread opposition to Street View in the United States where many realtors and real estate sites depend on Street View to maximize a property’s exposure to potential buyers. Are home owners in Germany sacrificing a powerful tool in favor of privacy? Is this a choice that Americans would be willing to make?

Let us know if your privacy sensibilities are closer to the European or American point-of-view in the comments.

Cheers,

Jason

CC image by rpongsaj

Share this

The launch of Facebook’s new timeline has sparked many Internet users’ fear of their personal data being used in unethical ways. Early users spotted ways of figuring out who defriended you (which have since disappeared). F-Secure Security Advisor Sean Sullivan points out that you can still go through your Messages and wall posts and figure out if a friend has cut you off.

Many users were particularly alarmed to learn that Facebook was tracking users even after they log out.  Facebook says they have fixed this “bug” and is no longer tracking you if you are logged out, unless the site you’re on integrates with Facebook.

Past Facebook changes have triggered a backlash that quickly abated as the the site grew. Generally, the privacy concerns of the new Facebook in mirror the new Facebook. And there are some privacy tools that you can take advantage of including the “reset” button along with Profile Review and Tag Review.

If you’re afraid of snoopers on your timeline, make sure to edit your friends list, set your default privacy setting to “Friends Only” and only share with your friends.  If you want to take extra steps to secure your browsing from Facebook, here are two things you can do now.

1. Use a separate browser in Privacy Mode for anything you don’t want “anybody” to see.
When it comes down to it, we know what activity we’d like to hide. By separating your Facebook activity from your browsing, you’re removing the chances of your “private” browsing being tracked. In Firefox, you turn on Privacy Mode by pressing Ctrl+Shift+P. It doesn’t make you anonymous, but it will keep the information from being tracked on your computer.

2. Consider quitting Facebook.
If you’re still not comfortable, you can quit Facebook and perhaps start over with Google+. But before you do this, ask someone who uses Gmail and gets ads based on their most intimate communication, “Is this a company you trust not to track you?” Google’s +1 buttons are becoming as common as Facebook’s “Like”. Not to mention the endless Google ads and services that proliferate across the web. And if you’ve ever created any sort of Google account, you may be shocked at what a detailed history Google keeps of your activity. Go to https://www.google.com/history/ to check it out.

Cheers,

Jason

Share this

As we get better at avoiding traditional threats, online crooks have to innovate. Not only do they have to count on you making quick decisions, they will use anything you share online against you. Hacktivists may just use your content to humiliate you. And criminals may use it to hack you or your employer.

LinkedIn presents many of the security and privacy issues of Facebook. Yet you rarely hear the concerns or horror stories that seem to come out of Facebook on a regular basis. Why? People tend to treat it as a function of work. Best behavior abounds.

Still whenever you’re using social media, you need to make sure your system and security software are up to date (our Health Check makes that easy). And here are a few additional precautions you can take to safeguard your online life.

1. Connect wisely.
Facebook says that they expect you to really know all your friends. Then they make millions off games the encourage you to befriend strangers. LinkedIn expects you to have some sort of connection with the people you connect with. As these are opt-in relationships, you have to decide what your boundaries are. If you are searching for work or sales, you may wish to extend your network, if you’re feeling secure and/or overexposed you can trim your connections by going to Contacts > Connections > (Upper right) Remove Connections>.

2. Revisit what you share.
LinkedIn offers an opportunity to share both your email address and your phone number. The more people who have this information, the easier it can be for someone to use it against you. If you share your email, you need to remind yourself that the right attachment can still get around your security if you make the wrong click. To see if you what you’re sharing, go to Profile > Edit Profile> (Scroll all the way down to find “Personal Information”).

If your security is extremely important to you and others, you probably shouldn’t share your contact information online voluntarily. And you should also not share your connections with your connections. By letting people know who you expect emails from, you’re tipping potential hackers who to pose as. You can turn this feature off by looking in the right corner for your name > Settings. On Settings, click “Select who can see your connections.” Select “Only Me.”

3. Be careful about what you post on any site, of course.
The power of the Internet turned against an individual can be frightening. If you share anything online, a digital copy may exist even if you take it down. Anything truly private should not be shared through anything but private channels protected with secure passwords. If you do not want a future employer to see something, don’t take the risk. Don’t post it on a social site. EXTRA STEP: Google your name and image so you know what others are finding when they search for you now. Try to improve your Google results with new more positive posts that feature your name in the title.

Your LinkedIn profile is your digital resume. Using the service with caution and savvy will help you build relationships and impress your peers.

Cheers,

Anna

Share this

Profile Review keeps photos and posts tagged with your name from showing up on your profile without your approval. Tag Review gives you the ability to approve tags that are added to your pictures.

Here’s how to activate Profile Review:

A. Go to Account> Privacy Settings.
B. Next to “How Tags Work” click “Edit Settings”.
C. In the “How Tags Work” pop-up, click “Edit” next to “Profile Review”.
D. In the next pop-up, click “Turn on Profile Review”.

Now, whenever you are tagged in a photo or a post, you’ll have to approve it before it appears on your wall. Tagged posts and photos will appear in your profile wall in a new section called “Pending posts.”

This feature is important because it gives you control over your profile. If a potential employer or an organization considering you for a scholarship is viewing your profile, you don’t want to give others the ability to post questionable images directly on your wall. And even if you aren’t worried about looking professional (or you’ve locked down your profile effectively), there are just some pictures of you that you may not want to help your mom or your friends see.

Photos or posts tagged with your name will still appear on your friend’s wall and feed, so your mutual friends will see them. But Facebook now gives you the option to ask your friend to take down photos of you that you don’t like. And you can always block a friend who refuses to consider your opinions.

Tag Review gives you the power to approve tags from your friends as they are as added to pictures or posts. Facebook is now in the process of allowing any Facebook user to tag any Facebook user in a post or a picture. You’ll be asked to review any tag by a non-friend before it shows up on your wall and feed. Tag Review extends that approval function to your friends’ tags.

Here’s how to Activate Tag Review:

A. Go to Account> Privacy Settings.
B. Next to “How Tags Work” click “Edit Settings”.
C. In the “How Tags Work” pop-up, click “Edit” next to “Tag Review”.
D. In the next pop-up, click “Turn on Tag Review”.

Why is Facebook finally improving its tagging systems?

Clearly, Facebook is obsessed with making it so easy to tag others.  It has even put together what could be the largest facial recognition database ever to make it easy to tag your friends.

Tagging creates feed and wall activity even when you’re not logged in while encouraging the one feature probably most responsible for Facebook’s success: photo sharing. Unfortunately, tagging is also one of the most problematic identity/privacy issues that Facebook users face.

While these privacy updates do include some potentially troubling changes, especially in how your information is shared through apps, Facebook has given you a tool to make it a little less easy for others to tag you. We say: turn them on.

Follow F-Secure on Facebook for more security and privacy tips.

Cheers,

Jason

(Thanks to Andreas on our Facebook page who pointed out Tag Review.)

Share this

How do  you know if the new features are available to you? Go to Account> Privacy Settings. If you see the settings above, you’re in.

F-Secure Labs Security Advisor Sean Sullivan walked me through the updates, identifying the most relevant changes for cautious users. Based on what we’ve found, here’s what you need to do now—if you haven’t already—to secure your Facebook account.

1. Secure your PC and password.
How to do it:
A. Update your system and security software. Our Health Check makes this easy.
B. Choose a password that can’t be guessed. Make it a password that you only use for this account and none of your “friends” will able to guess. Don’t choose a word in the dictionary or any word mentioned on your profile. Here’s system that our Labs recommend.

Why?
Updated Windows 7 or Mac OSX software along with updated security software will protect you from most threats in case you ever make a mistake online. I also recommend you back up your data in a remote location (off-site physical backup or online backup) for complete protection.

2. Go “Friends Only”.
How to do it:
A. Go to Account> Privacy Settings.
B. Under “Control Your Default Settings” click “Friends.”

Why?
Go with “Friends Only” because you can now choose how to share any post or picture with “Public”, the maximum audience, “Friends” or “Custom”. Custom includes options to select specific friends, “Friends of Friends” or “only me.” Or you can block specific people from each post. You can make this decision each time you post. So start it’s smart to start with the safest setting just in case you post something you shouldn’t have.

Also, you can now change the privacy setting of any old post or media you posted. This is a good new addition. However, certain things like your name, friends lists and the comments you make on Facebook pages will always be public.

You can decide how and who can find and contact you on Facebook in your Privacy settings by clicking “Edit Settings” for “How You Connect”.

3. Hit the “reset button” and turn all your past posts to “Friends Only”.
How to do it:
A. Go to Account> Privacy Settings>
B. Next to “Limit the Audience for Past Posts” click “Manage Past Post Visibility”.
C. In the pop-up, click “Limit Old Posts”.
D. In the next pop-up, click “Confirm”.

Why?
Why not? You can always change an old post to make it public again if necessary. Anything you share on Facebook can be reshared in some way by anyone who has access it. With this one step you’re saying I only want my friends who I trust to have access to everything I’ve done on Facebook. Facebook assumes you know your friends. That’s the official word in a recent official Guide to Facebook Security (PDF).

Of course, Facebook also profits from social games that flourish because people friend new people ravenously. So it’s a good idea to give your Friends List a quick scan and unfriend anyone you don’t know or trust—unless you’re a game player. Then you should know that Facebook appreciates your business but isn’t designed to protect your privacy

4. Turn on Profile Review to approve all posts and pictures tagged with your name before they’re posted on your wall.
How to do it:
A. Go to Account> Privacy Settings.
B. Next to “How Tags Work” click “Edit Settings”.
C. In the “How Tags Work” pop-up, click “Edit” next to “Profile Review”.
D. In the next pop-up, click “Turn on Profile Review”.

Why?
Anyone on Facebook can now tag you in a photo or a post. With Profile Review, you’ll be able to decide which photos and posts tagged with your name show up on your wall.

While you’re on the “How Tags Work” pop-up, you may also want to disable “Friends Can Check You Into Places”. This won’t stop someone from saying you’re at a bar on your lunch break, but it may prevent your friends from seeing such a fictional check in. If you don’t want Facebook to put you in its facial database to recognize you when you appear in your Friends pictures, click “Edit” next “Tag Suggestions” on the “How Tags Work” pop-up. Then select “Disable”.

5. Set your Account Security.
How to do it:
A. Go to Account> Account Settings>
B. On the left-hand column, click “Security”.
C. Click “Edit” next to the “Security Question”. Pick a question only you will be able to answer.
D. Click “Edit” next to “Secure Browsing”. Click the box next to “Browse Facebook on a secure connection (https) when possible” and then click Save Changes. You’re browsing will now be secured when it can be.
(Many apps and games are not yet updated for secure browsing. Using these may boot you out of Secure Browsing. But Facebook seems to put you back into secure browsing as soon as it can.)
E. For extra protection, click “Edit” next to Login Approvals. Then click the box next to “Require me to enter a security code each time an unrecognized computer or device tries to access my account” and click Save Changes. This will create a little hassle but could also prevent your account from being hacked.

Why?
These tools are the extra protection you need to greatly reduce the chances of your account being hacked. And if you do get hacked, an active secondary email account and a good security question will help you get it back.

6. Turn off Public Search
How to do it:
A. Go to Account> Privacy Settings>
B. Next to “Apps and Websites” click “Edit Settings”.
C. Next to “Public search”, click “Edit Settings”.
D. Make sure the box next to “Enable public search” is NOT checked.

Why?
Do you want your Facebook page to be the first thing to come up if an employer, an ex or your mom does a Google search of you? If your answer is yes, click that box. If not, limit the ability to find you within Facebook and Facebook apps.

7. Click with caution.
How to do it:
A. Think twice before you ever click the “Post” button.
B. Think thrice before you click on the links posted by friends.

Why?
Clicking on a bad link could expose you to malware or scams. This is when you need your updated software to protect you most. For extra protection, use our free ShareSafe App to share links with your Facebook friends. You’ll even earn points that can be used to win rewards.

8. Limit the information shared with Apps.
How to do it:
A. Go to Account> Privacy Settings>
B. Next to “Apps and Websites” click “Edit Settings”.
C. Next to “Apps you use”, click “Edit Settings”.
D. Click the “X” box to delete any app you aren’t using.
F. Go back to App settings, and click “Edit Settings” next to “How people bring your info to apps they use”. Uncheck every box and click Save Change.
E. For extra protection, turn off all applications until you need them. Do this by clicking “Turn off all platform apps” in the Apps, Games and Websites settings.
F. For even more protection, turn off “Instant Personalization” which automatically shares your public information with Facebook’s partner sites. Do this clicking Edit Settings next to “Instant personalization”. UNCHECK the box next to “Enable instant personalization on partner websites.”

Why?
When you’re dealing with apps, you’re dealing with third-party developers who you may not know or trust. The actual language Facebook uses to clarify how and when your information may be shared through apps and friends is difficult to decipher.

The more you limit the data you’re sharing, the more control over your identity you have. We say eliminate the unknowns; opt out of sharing until you have a reason to opt in. You should also know if you use an app, there’s a chance your friends could find see that. So keep that in mind every time you try out a new app.

BONUS TIP: Tell Facebook not to use your  image or name in ads.
How to do it:
A. Go to Account> Account Settings>
B. On the left-hand column, click “Facebook Ads”.
C. Click “Edit third party ad settings”.
D. Next to “If we allow this in the future, show my information to” select “No one.”
E. Click Save Changes.
F. Click “Facebook Ads” again and click on “Edit social ads setting”.
G. Next to “Pair my social actions with ads for” select “No one.”

Now check your work. See how other people see your profile.
How to do this:
A. Go to Profile.
B. In the upper right corner, click on View As…
C. View how specific friends or the “public” sees you.

A sign posted on a wall in Facebook headquarters says: “Move fast and break stuff.”

Facebook’s transition into secure/https browsing, is a good example of how Facebook improves privacy and security in a steady, if occasionally buggy, way.  As you explore these new features, you may notice, for instance, that Facebook still may use the word “Everyone” in one or two places, though they announced that they’re transitioning to the word “Public.” But the changes here are for the better.

These updates are, of course, not enough for some critics. As usual, you should expect some unforeseen consequences, as there nearly always are when 750 million active users have to reexamine how they use the largest social network ever created.

Your security depends on you and your friends knowing how Facebook works. Now that you know how to protect yourself, I hope you share this information with someone you care about.

Follow F-Secure on Facebook for more security and privacy tips.

Cheers,

Jason

Share this

•  For adults, “Friends”, “Public”, or “Customize” are now the three standard privacy settings for sharing. “Friends of Friends” is no longer an upfront option.
• “Everyone” is now “Public”, which is the maximum audience for any adult post.
•  For minors, “Friends of Friends” is still the maximum audience for a post.
• Inline profile controls will now allow adults to choose share status updates with “Friends”, “Public”, or “Customize”.
• You can now set the privacy levels of the elements on your profile through settings actually located on your profile.
• You can change the privacy setting of a status update after it has been posted.
• You can now choose to approve all posts or a photos you are tagged before they appear on your profile with Profile Review.
•  It’s a little easier to check how others see your profile with a prominent button on your profile.
• You can now tag anyone on Facebook. If a non-friend tags you, it will only appear on your profile if you approve it.
•  You can tag a location on “anything” you post to Facebook.
• Places is gone—Facebook is no longer in the Foursquare business.
• You can now remove a tag of yourself on a photo, remove a tag and ask a friend to take it down or remove a tag and block the person who tagged you.

If you think that list is long, check out Facebook’s Dig Into the Details chart to get a sense of how much these changes will affect your Facebook experience . Yep. Much is changing.

Some say that these changes are a response to Google+. However Larry Magid, who works with Facebook’s Safety Advisory Board, says these changes have been in the works for months.

2. Make sure you are comfortable with your current settings.

This grid thing is going away.

It’s always a good time to check your Facebook privacy settings. The settings you have now will be converted into the new settings. You shouldn’t end up being shocked by what you’re sharing, unless you’re not aware of what you share now. Keep in mind that ‘Friends only’ will still exist in the new settings. Assuming you know your friends—which Facebook does, as stated in its recent Guide to Security (PDF)—“Friends Only” should be a safe route for most of what you share on Facebook.

 3. Be ready to opt-in into Profile Review
For  F-Secure Labs Security Advisor Sean Sullivan, the most promising new privacy feature is Profile Review. This feature allows you to approve of every photo or post that includes a tag of you before it appears on your profile. As you probably know, Facebook tends to opt you into any new feature, except if it prevents your from sharing. Hopefully as the changes go live, you’ll be asked to opt in to Profile Review.

If not, you’ll have to go to your Privacy Settings> Manage How Tags Work and click on “Change Settings”> Next to Profile Review click “Edit” > Click Turn On Profile Review. Note: This will not be available to you until all the changes have been completely rolled out to you.

We’re still investigating these changes and looking forward to bringing you more insight on the evolving Facebook privacy situation in the near future

Cheers,

Jason

Share this

ShareSafe helps you share better. Win rewards for sharing great links while protecting your friends from spam and malicious links. This video shows you how it works:

You earn 10 points whenever you share a link with ShareSafe. Earn even more points when your links are clicked or liked. If a friend of yours accept your invitation to join ShareSafe, you earn 50 points plus bonuses as more and of your friends join. And these points will help you win prizes picked out just for you.

This is the beginning of a movement to make Facebook an even better place for connecting with your loved ones. Thanks for checking it out and sharing it with the people you want to protect most.

Cheers,

Sandra

Share this

However, it’s clear that the search giant has created a social platform with interesting features—like Circles and Hangouts—worth checking out. And for me, Google+ represents more than a Facebook clone that lets me know I have new friends whenever I log into my Gmail or Google Reader. It’s a chance to rebuild my social network using what I learned from years of using Facebook, Twitter and MySpace.

In many countries you can start your Google+ account now, by logging in here. Here’s a nice preview of what you’ll find there:

To be honest, I’m not the world’s biggest Google fan. I’ve even tried to get it out of my life. But I do recognize that there is an opportunity here to make my social interactions on the web more interesting with a little less risk. So here’s how you can start your social network over on Google+.

1. Know why you’re using a Google+.
When Nirvana’s Kurt Cobain used to complain about the burdens of fame, critics would say, “No one ever started a rock band to NOT become famous.” And no one goes on a social network to be ignored. We just want control over what kind of attention we get.

Google is a business that gives away the vast majority of its products for free. Why? The old saying goes, “If you aren’t paying, you are the product.” Google makes billions selling you to advertisers. When you search (or check your Gmail), you pay for it by experiencing ads. Search will always be the core of Google’s business. So what you share on Google+, if you allow it to be public, is likely to show up in a Google search.

Some say Google+ isn’t a vast improvement over Facebook. The same potential to share information you shouldn’t exists and soon even things like games and apps that create privacy problems on Facebook will appear on +. I agree. However, you have improved. You are get what is at stake when using a social network. You know that people have lost jobs and scholarships because of their social media presences. And in the US, your social networking history is even fair game for potential employers. Knowing all this, there are tools in Google+ that make sharing more logically and potentially safer.

If you’re at the point that you feel you still want to be social but you’re existing network doesn’t work anymore…. If you’re sick of having your information shared and being opted into new features all the time… If you just want to start over, Google+ is perfect for you.

2. Get your privacy settings right.
Are Facebook’s privacy settings purposely confusing or is there just so much going on with the site that they have to be complex? Both answers are true. Some features—like facial recognition, using your identity in ads and Instant Personalization—are, I believe, purposely hidden. Others just naturally are buried to make the site easy to use.

Google+ is still relatively simple. It will become more complex but you still can quickly get most of your privacy settings right. Here are the three most important settings.

Prevent anyone on Google+ from emailing you

As my social networks use has grown, my email has become more sacred. I use it for business and close family and friends, exclusively. Google+ as a default gives everyone on the network the right to email you.

To turn this off, go to the gear in the top right corner and select “Google+ Settings”.

Select “Profile and privacy”.

Next to Public profile information click “Edit visibility on profile”.

Under your profile image, you’ll a “Send an Email” box. Click on that.

Until, at least, you have your circles set uncheck the box next to “Allow people to email you from a link on your profile”.

Turn off email notifications

Go to the gear in the top right corner.

Click on Google+ settings.

On the left of the next screen click on “Google+”.

I recommend you uncheck every box on this screen. How will you know if you have any Google+ activity? There’s a notification box that will automatically pop up in red on the black interface bar that appears whenever you use any Google site.

Now, while you’re on this page.

Edit who can see your pictures and videos

On the bottom of the Google+ Settings screen, you’ll see “You can change the visibility of your photos and video tabs on your profile.”

Click on “photos” first.

Until you set up your Circles, you may want to turn this tab off.

When you’re done adjusting these settings, click save then go back in your browser and do the same thing for videos.

3. The most important step: Take your circles seriously.
The average Facebook user has 120 friends. They also follow over 100 groups, brands, celebrities and organization. This produces a tremendous amount of information. As a result, Facebook edits your feed to give you the updates you’re most likely to interact with.

You may be following people you haven’t talked with in years and missing updates from your mom. And you’re probably sharing everything with everyone—unless you use Lists or Groups, which are challenging. As a result, people are often sharing much more than they realize.

Google+ aims to fix that. You don’t want to share your travel plans with anyone but your family? Only Google+ that is easy if you take your Circles seriously. As you add new friends, place them in the right circles.

And as you share, only share with the Circles who you want to reach. It’s much simpler than Facebook’s Groups and just requires a little thought before each post.

More on Google+

Many people think Google+ isn’t just about competing with Facebook, it’s a social backbone for web. Regardless, these 21 Google+ Privacy Tips will put you ahead of the curve on the fastest growing social network in history.

Cheers,

Jason

Share this

In a recent Facebook Question, we found that more than 83% of respondents plan to use the Internet in one way or another while on holiday. 41% will connect on their laptops while 35% will depend on their mobile devices for their digital fix.

Using your devices while away from home presents some security risks. Whether you chose to plug in, tune out or a little of both, a few precautions will help keep your data and your identity safe while you enjoy a little rest and relaxation.

Before

Backup your PC and update your system and security software
A patched and protected PC is your best defense against any online threat. But because you can’t always predict what will happen to your actual laptop or device, you should make certain your irreplaceable documents and media are all backed up and safe in cloud or at home.

Contact your credit card company to let them know if you’ll be traveling abroad
If you’ve ever been a victim of credit card fraud, you know the charges can start coming from anywhere. Thus credit card companies often block transactions that are made far away from your home. While this is for your own protection, it can hinder you when you’re in the midst of your travels. Be proactive. Let your card company know your travel plans when you’re going abroad.

Don’t post your travel plans on your public social networks
When you live online, it makes feels comfortable to share your personal lives with people you don’t know that well. If you’re a master of privacy settings or Google+ Circles, you can feel more comfortable sharing your itinerary. They key point: don’t tell anyone your travel plans who you online wouldn’t tell in real life.

During

Secure your browsing when using public Wi-Fi
If you’re connecting to a wireless network you don’t control, use a VPN. If you can’t, secure your browsing whenever possible with https connections.

Use extra precautions on public computers
You never can know for sure what sort of malware is on a public computer. Your every keystoke could be logged. When using a public computer, avoid online banking and shopping. And use one-time passwords if they are available as they are for Facebook and Google.

Watch for shoulder surfers
Keep on an eye who is watching what you type and input. And if you leave your laptop in your room, leave it in a safe when available.

After

Check the credit card you used for irregularities
Reviewing the bill of the card or cards you’ve used for travel and/or online purchases  is always a good idea. Report any questionable charges ASAP.

Backup your pictures and videos from your trip
The sooner you get your media backed up, the better the chance that you’ll be enjoying digital  memories of your trip for years into the future.

Now share your pictures with you social networks
Or don’t. Either way, you’re safely back up home with your PC and your memories intact.

Cheers,

Jason

CC image by Spree2010

Share this

Turn off Instant Personalization and audit your apps.

In 2010, Facebook began sharing users account information along with profile pictures with sites including Yelp, Rotten Tomatoes and Bing. These partner sites then serve Facebook users public information from the users’ friends.

Facebook calls this Instant Personalization. And you’re probably already using it on the following sites:

• Bing – Social Search
• Pandora – Personalized Music
• TripAdvisor – Social Travel
• Yelp – Friends’ Local Reviews
• Rotten Tomatoes – Friends’ Movie Reviews
• Clicker – Personalized TV Recommendations
• Scribd – Social Reading
• Docs – Document Collaboration

Do you LOVE seeing all of your Facebook friends’ activity on any web site you visit? Then keep Instant Personalization on and simply opt out of each site you don’t want to have access to your Facebook account individually. Otherwise, I recommend you do the following now.

How to turn Instant Personalization and Audit Your Apps

1. Go to Account and click on Privacy Settings.
2. Below Apps and Websites click “Edit your settings”.
3. Under Instant Personalization click Edit Settings.
4. Close the video, unless you have a lot of spare time.
5. Uncheck the box next to “Enable instant personalization at partner websites”.
6. Click Back to Apps.
7. Under “Apps you use” click Edit Setting.
8. Click the little blue x next to any app you aren’t using.
9. Don’t worry if you remove an app you still use, you can add it again later.

Here’s why you should turn Instant Personalization off

A general principle of privacy is you should not give anyone who you do not need to have access to your data. This is why if you’re not using an app, that app’s developers do not need access to your account.

The problem with Instant personalization is that Facebook makes the choice about which third-parties get access to your information. Additionally, Facebook makes it too difficult to turn Instant Personalization off—especially if you’re trying to shut off one partner but not the others.  This is good for a social experience but a privacy problem.

You may now be sharing information with people you didn’t mean to ever see it. Do you want your boss to see your scathing review of microbrewery? Do you need your child’s babysitter seeing that you liked the movie Borat when she’s searching on Bing?

Facebook will be adding more and more sites to Instant Personalization. Doing so is crucial because they have to make as many of your favorite sites social before a competitor like Google+ does it first.

We know Facecbook has the incentive to share. But do you?

The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook

1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
2. Turn on Secure Browsing.
3. Secure your account.
4. Control how the world sees you via Facebook.
5. Turn off Instant Personalization and audit your apps.
6. Watch where you click.
7. Decide if you want your name and image to appear in Facebook ads.
8. Start using Facebook lists.

Share this

1. To build up buzz for a new product—as in the case of Gmail and now Google +.
2. To test and improve a piece of software nearing release.

Right now we are in the middle of the beta for Internet Security 2012. And if you are now thinking, “Yes, I want to test this piece of new software till smoke is coming out of my PC” then we hope you’ll sign up for our beta program. However, as Internet Security 2012 is still being developed we don’t think the beta is for everyone.

We offer free licenses for our Anti-Theft for Mobile and have in the last year given out licenses to our Mobile Security and even our 2010 AV-Test Product of the Year Award-winning Internet Security via our Facebook Page. And when Internet Security 2012 is available to the public, we hope the whole world will take our free trial.

But for the beta, we’re only looking for passionate software experts who will help break our software. Yes, break it. Or at least tell us how to make it perform better for you. That’s how we work to bulletproof the protection we provide. It’s hard work and the finished result is a tribute to the beta testers’ tenacity and ingenuity.

Are you a software aficionado yourself ? Do you know any experts that would like to put our protection to the test?

The sign up process is in-depth and it will help you or your friends and us know if the program is a good fit.

Thanks for following us. Your interest in F-Secure is greatly appreciated.

Cheers,

Sandra

CC image by Ryan Tir

Share this

Facebook’s Facial Recognition

This feature only identifies your friends and it’s probably already on in your account, as Facebook opts you into most new features. The biggest privacy risk of Facial Recognition, as it exists, is that you may end up being identified in photos you don’t want people to find.

How to Turn Off Facebook Facial Recognition

• Go to Account>
• Privacy Settings>
• Click on “Customize settings”>
• Under “Things Others Share” find “Suggest photos of me to friends” and click the Edit Settings button >
• Click the button that says Enabled and select Disabled.

You may also want to take these other steps to control your image on Facebook.

Background

This week on our Facebook page we’ve been experimenting with Questions. We got some good news: 38% of those who responded said that they had gotten rid of an app they weren’t using and another 30% said they don’t install apps they don’t use. And we got some bad news: 35% of those who we asked if they’d turned off Facebook’s Facial Recognition responded with “WTF??”, an answer added by one of our followers.

That over one-third of our followers seemed to be saying they were confused by Facebook Facial Recognition led me to believe that my post on the topic wasn’t clear enough.

Share this

What is Facebook facial recognition?

Is it on in my account?
Yes. It probably is. Facebook opts all users into facial recognition, as it does to most new features.

Ew. Can I turn this off now?
Yes. Go to Account> Privacy> Click on “Customize settings”> Under “Things Others Share” find “Suggest photos of me to friends” and click the Edit Settings button > Click the button that says Enabled and select Disabled.

Am I safe now?
You’re probably safe, unless you’re reading this as you’re driving. But if you’re worried about controlling your image on Facebook, you should probably check your profile, adjust your photo tagging settings and stop search engines from finding your profile.

Okay. I can feel my hands again. Now why was I so scared?
You’re not alone. Maybe you thought strangers would be able to identify you by just posting a picture?

Yes. I don’t want strangers to be able to point their phones at me and know who I am. Can they do that?
Not using Facebook’s facial recognition. Only your friends will be able to identify you in pictures. For strangers to have access to your faceprint, Facebook would have to radically change the feature. This seems unlikely given how sensitive users are to facial recognition. Google has indicated they wouldn’t pursue such a stranger search because the former CEO found the technology “very concerning.”

So there’s no danger?
Well, are you looking for a job or might you be at some point?

Probably.
Then your images could end up as part of a pre-employment background check. And this feature may help your friends tag you in a photo that may not impress your future employer.

How can I make sure that never happens?
You can’t opt out of new photos you are tagged in on a one-by-one basis. Or you can just make sure you’re the only one who can see that you’ve been tagged in a photo…

I want to do that. I want to be the only one who can see if I’m tagged in a photo. How do I do that?
Go to Account> Privacy> Click on “Customize settings”> Under “Things Others Share” find “Photos or videos I’m tagged in” and click Edit Settings>  Next to “Who can see photos and videos I’m tagged in” select Custom> Below “Make this visible to” select “Only me.”

Why does Facebook make it so hard to make it so I’m the only one who can see if I’m tagged in a photo?
Facebook has complex settings because it has complex features. Additionally, photo tagging is also extremely important to Facebook’s growth. Photo sharing is the site’s core competency and photo tags generate updates in your feed that bring you back to the site. Additionally, Facebook’s growth is coming from countries where mobile phone adoption is massive. Quick tagging tools enable mobile users to tag on the go. Facebook really does want to make photo tagging easy for you—for business and not surveillance reasons.

Shouldn’t this be something that I have to opt into?
Lots of people say, “Yes.”Facebook opts users into new features because Facebook is a business and this feature is much more useful to its business if everyone is using it. Since Facebook didn’t see a change in what you share with whom, it rolled facial recognition out to all users. Facebook has said it should have been “more clear’ about the feature.

So it’s not the end of the world.
It’s the beginning of a new world. Privacy issues involving facial recognition and location sharing are evolving on a daily basis. All of us have to think of the practical implications of making ourselves easier to identify and locate. Numerous unforeseen benefits and costs likely await us all.

Cheers,
Jason

Share this

It seems to always make the news when someone loses a job over something they did on Facebook. What we don’t hear about is the countless jobs, opportunities and relationships that may have been lost because of Facebook activity.

Even if you have nothing to hide and no opportunities to lose, you still have to recognize that you will be judged by how the world sees you on Facebook. This brief guide will show you in 4 quick steps how to control your Facebook identity.

1. See how the world sees your Facebook profile.

Go to Account > Privacy Settings

Under “Connecting on Facebook” click “View Settings”

In the upper right corner, click on the Preview My Profile button

This is how most of the world sees you. If you don’t like what you see, go back and adjust your privacy settings. If you’re okay with what you see, continue on.

2. Decide if you want your Facebook profile to show up in search engines.

Depending how unique your name is, your Facebook page could show up at the top of a Google search for you. If you’re fine with how your profile represents you to all past and potential friends, family and employers, you don’t need to do anything. If you’d rather not be found on Facebook, do the following:

Go back to Account > Privacy Settings

Under “Apps and Websites”, click “Edit your settings”

At the bottom, next to “Public search”, click the Edit Settings button.

Uncheck the box next to “Enable public search”

Note the message there that explains your information may still be accessible on some search engines for a while.

3. Decide who can see photos you’re tagged in.

Facebook wants to tag you in as many photos as possible. Why? They know they became the world’s biggest social network by becoming the world’s biggest photo sharing site. The more photos, you’re in, the more you use Facebook. But allowing others to tag you in photos allows others to control your identity. You can be misidentified or shown in situations that you do not want made public. And these photos can end up representing you, as Facebook displays the last 5 pictures in a row on top of your profile.

You can always un-tag yourself from photos one-by-one, but I suggest that you adjust this setting to only allow friends to tag you in photos. Personally, I only allow myself to tag me in photos, which is the surest way to control my identity.

To adjust who can tag you in photos, go to Account > Privacy Settings

Under “Sharing on Facebook”, click “Customize settings”

In the “Things others share” section next to “Photos and videos you’re tagged in” click Edit Settings

Next to “Who can see photos and videos I’m tagged in” select Friends Only

Or for increased protection, select Customize then under “Make this visible to” select Only Me

4. Decide if you want Facebook to “Suggest photos of me to friends”.
As a Facebook user, you have to be aware that you will most likely be opted in to any new features they offer. This policy is controversial but it’s also part of the price of using Facebook to communicate with friends. Facebook’s “Suggest photos of me to friends” is an especially creepy new feature since it employs facial recognition. It’s been available in the United States since 2010 and will roll out across the globe in 2011. You should be aware that Facebook may already be identifying you in your friends pictures to make it easier for you to be tagged.

You may want to turn off this feature simply because it is so new that it is difficult to imagine the ways it can be used or misinterpreted. Or you may just not like the idea of your identity being determined by a machine. Here’s how to turn it off.

go to Account > Privacy Settings

Under “Sharing on Facebook”, click “Customize settings”

In the “Things others share”, next to “Suggest photos of me to friends” click on Edit Settings

Next to “Suggest photos of me to friends” select Disabled

The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook

1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
2. Turn on Secure Browsing.
3. Secure your account.
4. Control how the world sees you via Facebook.
5. Turn off Instant Personalization and audit your apps.
6. Watch where you click.
7. Decide if you want your name and image to appear in Facebook ads.
8. Start using Facebook lists.

Share this

Our Facebook accounts have become, in many ways, our online selves. Our digital identities mirror our real identities in that there is some information we don’t want to share with everyone.  Even if you have your Facebook privacy settings literally set to “everyone”, you still may have private messages that you do not want public. Our challenge to share the right things with the right people. And to do that, you need to keep control over your account.

There are endless ways to hack unsecured accounts . While account cracking is a tough thing for a stranger to pull off, sloppy Facebooking can make it easy for your friends to take control of your account.

You’ve already secured your browsing. Now there are a few things you can do now to protect your Facebook.  They’re listed in order of importance.

Use a strong password NO ONE can guess and don’t let your browser remember it
Creating and remembering strong passwords isn’t easy. That’s why we recommend this simple system. And don’t let Firefox, or any browser you use, remember your passwords. To clear your passwords in Firefox, go to “Tools” then “Clear Private Data” the close and reopen Firefox.)

Use unique passwords for all of your important accounts (and update them every few months)
For any account that really matters—your email, your bank and credit card accounts, Facebook—you need to use a unique, strong password that you do not use for any other account. You should update the passwords of your most important accounts every few months, at least. If you recognize any suspicious account activity in your account, change your password immediately.

Make sure your system software and Internet security are updated
Updated system and Internet Security can’t stop you from making security mistakes or being the victim of social engineering. But it can prevent most of the common attacks out there. Our free Health Check will tell you if your PC is protected. Once you are updated, be sure to update your most important software including your OS, browser, media players and PDF reader on a regular basis either through our Health Check or the software developers’ sites.

Watch where you click and watch where you land
Always check the URL in your browser to make sure you’re on Facebook when you enter your private information. And if you ever have any doubt about something that has been posted in your newsfeed, follow the Golden Rule of Social Media Security and don’t click. More on the art of clicking in #6 of this guide.

Always log out
You’re not keeping hackers out by staying logged in. They still can get in and you’re leaving your account open for a snarky co-worker or invasive family member to pry. And once someone is inside your account, they can change your password to keep you out.

If you use Facebook’s mobile app, always lock your smartphone
Your phone can give an intruder access to your and your friends’ private information. An intruder could also post status updates and photos as you. This could simply embarrass your or cause actual harm to your career or private life. I also recommend using a remote lock software like our Free Anti-Theft for Mobile on your smartphone if you lose it.

How To Make Sure You Can Get Your Account Back If It Is Hacked

If you start using a new email account, update Facebook settings
If your account is hacked, you need access to the email account you have in your settings. If you can’t get into that email because it’s closed, you’ve just greatly limited your chance of recovering your account.

Consider doing what Facebook recommends

Facebook now rates how secure your account is. It’s a powerful feature, as long as you take it seriously. If your account “Overall Protection” is rated “low”, Facebook will prompt you to add some information. I suggest you do this though it will require adjusting your notifications so you won’t get messages from Facebook that you do not want to see.

Add a secondary email
Facebook asks for a secondary email. This helps Facebook because now it will be able to connect you with more friends. And it helps you if you ever lose access to your primary email, or if your primary email gets hacked. So only add  a secure email account with a unique password.

You can add your secondary email by going to “Account” > “Account Settings”> Find “Email” and click on “change”.

Add your mobile number
Adding your cell phone number gives you a secondary way to claim your hacked account. It also gives you the ability to get one-time passwords, which I’ll explain later. To change or add your mobile number, go here. On that same page, be sure to edit your notifications or Facebook will be texting you nonstop. Only activate your phone for this purpose if you keep it locked when it is not in use.

Add a strong security question
Make sure you choose a question that only you can answer. The last five digits of your driver’s license are probably better answer than the name of your first pet—since your friends and family may know that. The worst answer, of course, would be one that a stranger could figure out by looking at your profile.

For Extra Protection

Activate Account Protection
Want to be notified when a new computer logs into your account? Activate Account Protection. If someone gets into your account on a device you don’t recognize, you can login to Facebook and “end activity” on that login. Then you can, hopefully, change your password before the intruder does. Once you activate this feature, you’ll have to name every device you login from. It’s slightly annoying, but it gives you the kind of control of your account that will keep your account safe.

To activate Account Protection and “end activity” on any Facebook sessions you didn’t initiate, go to “Account” > “Account Settings”> Find “Account Protection” and click on “Save”.

Use Login Approval
You can prevent someone from logging into your account with Facebook’s new Login Approvals, as long as the attempted hacker doesn’t have access access to the mobile you have connected to your Facebook account. Login approval requires a new security code sent via SMS when you attempt to use your Facebook account from a new device. This requires a one-to-two minute setup on each device you use.

To activate Login Approvals, go to “Account” > “Account Settings”> Under “Login Approvals”, click the box for “Require me to enter a security code sent to my phone” then click  “Save”.

Use One-Time Passwords on public computers
If you use Facebook on public computers, such as at school or the library, you should use Facebook’s One-Time password feature. On a public computer, you have no idea what kinds of programs are running that could be used to log your account information. By using a unique password each time, you remove the risk that your credentials will be stolen.

To do this you need to set up and verify your SMS number. Go here and add in your mobile number. You’ll then need to verify the number by entering a code that will be sent to you. Once this is done, you can send a text message to 32665 with the message “otp” when you’re about to login on a public computer. Your One-Time Password will work for 20 minutes after you receive it.

Follow us on Facebook for ongoing tips on securing your account.

The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook

1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
2. Turn on Secure Browsing.
3. Secure your account.
4. Take a look at what others see when they see you and decide if you want search engines to find your profile.
5. Turn off Instant Personalization and audit your apps.
6. Watch where you click.
7. Decide if you want your name and image to appear in Facebook ads.
8. Start using Facebook lists.

Share this

Facebook’s Secure Browsing encrypts your Facebook activity, protecting your account from being accessed without your permission. Facebook compares NOT using Secure Browsing to leaving your car in a parking lot with the doors unlocked. You’ve probably gotten used to seeing the “s” in “https” in your browser bar when you log your bank or any important account online, and this feature gives you that level of protection for your Facebook activity.

There are several benefits to turning on Facebook’s Secure Browsing and the only reported downside is that it may slow your Facebook session slightly.

To turn Secure Browsing on, Go to Account.

Account Settings.

Next to Account Security, click “change”.

Below, Secure Browsing (https), check the box for “Browse Facebook on a secure connection whenever possible”.

While you’re there, you may to turn on Login Notifications and Login Approvals. With Notifications, you’ll be informed by email any time anyone logs into your account on a new device. If any logs into your account from a device you do not recognize, you’ll have a chance to get into your account and change the password before the intruder does. With Approvals, you have to approve an unauthorized user on a new device with a security code that gets sent to your smartphone. If you turn on Approvals, you should have a remote lock program such as Free Anti-Theft for Mobile on your phone.

Click save.

Now you should bookmark https://facebook.com and login to Facebook from that page exclusively.

2 things you need to know about secure browsing:

1. Most apps—including games—do not support https. When you use an app you’ll leave Secure Browsing and Facebook should then switch you back to https (or at least prompt you to do so) when you are done with app.
2. Mobile browsing is not secure. This means if you are login to your Facebook account on a free open Wi-Fi network, you could be vulnerable to a possible account intrusion.

The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook

1. Unless you have a good reason not to, use the “Friends Only” privacy setting
2. Turn on Secure Browsing
3. Secure your account
4. Take a look at what others see when they see you and decide if you want search engines to find your profile.
5. Turn off Instant Personalization and audit your apps
6. Watch where you click
7. Decide if you want your name and image to appear in Facebook ads.
8. Start using Facebook lists.

Share this

For the second year in a row, an F-Secure survey has found that nearly 3 out of 4 Facebook members are not “friends” with their boss on the site. A steady feed of news about people losing jobs over comments or images they’ve posted on Facebook has made many of us worried about who we friend and what we post.

An US court recently ruled that you should expect anything you post on a social could go viral—no matter what your privacy settings are. Even if the courts where you live aren’t as skeptical of social networking privacy, the fact remains: if you post something on Facebook, you never know who might see it. So even if you never post about your job or ever worry about having to find a new job, you know there are risks of sharing your private life on Facebook.

Social networking has only become a mainstream phenomenon in the past decade. Most of us are still learning the etiquette and risks of social media. That doesn’t mean social networking is any more dangerous than any online communication. For most people, the dangers of social networking are roughly as perilous as those of email. You could send the wrong thing to the wrong person, open a bad file and infect your PC or give criminals access to your account or private information.

For this guide, I’m assuming you know the basics of PC security. You have a strong password and your PC is patched and protected. I figure you lock your computer or smartphone, and you would never leave yourself logged in to Facebook on a computer you aren’t using. If you’re doing all that, you’re avoiding most of the serious threats you’ll find online. Now you’re ready to get into advanced strategies for staying safe on Facebook.

1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
Have you noticed that people you don’t know appear in your Facebook feed?  Those are friends of your friends. They’re showing up because they either commented on something a friend of yours posted or vice versa. And you may be appearing in strangers’ feeds in the same exact way—if your privacy settings are at “Friends of Friends.”

One reason Facebook is so popular is because it replicates the social context of our lives. We feel as if we are in the presence of friends and family—some of whom we haven’t seen in person since before there was a Facebook. That makes us comfortable. Maybe even a little too comfortable.

By going to Account> Privacy Settings> and selecting “Friends Only”, you are only sharing with the people you’ve approved as friends. You can still change specific settings to make them more or less public. But you’ve created a boundary you can imagine in your head.

(If you’re on Facebook to market yourself or a product, you should definitely start a Facebook page or switch your profile to a page.)

On Facebook, the one thing you can always control is what you post. You can’t control your friends’ comments on what you post, and you can’t—in any immediate way—stop other people from taking your information or media and resharing them. This is why some people prefer Twitter where your information is either private or public. If someone comments on or repeats your posts, they do it on their own profile. On Facebook, strangers can comment on everything you do—unless you change your privacy settings to limit access to “Friends Only.”

Some people are so comfortable on Facebook they may not even realize they are sharing private details that can be used to crack passwords or security questions. The average Facebook user has 130 friends. If you’re simply opening your life to all of your friends, you’re opening your life to 16,900 people. That’s great if you’re actively seeking new friends. But it is a lot or one brain to process. And you can always visit your friends’ walls and click on their friends if you’re looking for new people

“Friends only” not only is a good move to protect your privacy and identity, you may find that it also helps your Facebook experience by freeing you up to give more attention to the people you care about most.

The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook

1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
2. Turn on Secure Browsing
3. Secure your account
4. Take a look at what others see when they see you and decide if you want search engines to find your profile.
5. Turn off Instant Personalization and audit your apps
6. Watch where you click
7. Decide if you want your name and image to appear in Facebook ads.
8. Start using Facebook lists.

This guide is in progress, so let us know what you think. What are the best ways to protect your identity and privacy on Facebook?

Cheers,
Jason

Share this

Twitter users complained that you actually had to type “s” in your browser bar (like this: https://twitter.com) to secure your session. While Facebook offered no secured browsing setting at all. So Facebook rushed out an https solution in early 2011.

Then  Ashton Kutcher—who has replaced Tom from MySpace as everyone’s friend on the Internet—had his Twitter hacked at a TED conference, allegedly. I say allegedly because the tweets—one of which said “Dude, where’s my SSL?” –are still online and Kutcher clearly has control of the account. A little over a month later, Twitter added the default https option.

Sidejacking—while likely illegal and definitely unethical—offers hackers more potential for mischief than financial gain.

If you use unsecured wireless without a VPN, which isn’t a great idea, using URLs that begin with https is the only way to protect your account from a trouble maker. You’ll notice your bank and most login pages automatically send you to a secured page.

If you are a Facebook or Twitter user who ever uses unsecured networks, you should activate secured browsing now. Once you use secured browsing in Facebook and Twitter, not only will your session activity be secured but you’ll also automatically get a secured page when you log in via any browser you’ve used since you secured your account.

(Default secure browsing is only reliable when using Facebook and Twitter through a web browser. From what I see, Facebook mobile apps do not use  SSL. Official Twitter apps will use SSL by default if you select the option, but you have to check if your third-party apps offers this feature.)

How to turn on secure browsing in Facebook

(Warning: This feature may slow your Facebook browsing experience. So you may not want to use it if you are in a secured network or use a VPN. )

Go to Account.

Account Settings.

By Account Security click “Change”.

Under “Secure Browsing (https)”, click the box that says “Browse Facebook on a secure connection (https) whenever possible”.

Now, if you ever use an app, you’ll see this message.

WARNING: If you click continue, you are no longer in secured browsing. Whoops.

As soon as you finish with the app, go back and repeat this process. You need to reactivate the page before you log out to a secured login page the next time you want to use your Facebook account.

How to turn on secure browsing in Twitter

While logged in to Twitter via a web browser, go to settings.

Next to “HTTPS Only ” click the box that says “Always use HTTPS. ”

Click “Save”.

Dude, there’s your SSL.

Cheers,

Jason

Share this

To ensure you’re seeing everything in your feed, just login to Facebook. At the top of your news feed, click “Most Recent”. Then click the arrow next to most recent.

Then under “Show Posts From:” select “All friends and pages.”

Done.

Notice the difference? As our friend on Facebook Amber who alerted us to this issue last week said, “I just can’t believe how much feed I’ve been missing for the last couple of months!”

Why did Facebook do this?

We know the average Facebook user follows more than two hundred friends, pages, groups and events. That makes a Facebook feed flow fast and furiously.

Facebook knows that the more likely you are to engage with your feed, the longer you’ll stay on the site. And who are you most likely to interact with? Someone you’ve interacted with before.

About five years ago, before Facebook became Facebook. I was working at a big digital media company trying to build a social network to compete with MySpace. Industry research was saying that most people didn’t know what to do once they logged into a social network and the solution to this problem was the news feed. For industry research, this was a pretty good prediction. In some way it predicted the appeal of Twitter.

But it wasn’t until Facebook opened its API to third-party developers that the news feed became the lifeblood of the hugest social network phenomenon of the digital age. Facebook will do anything it can to keep your feed vital and addictive—even if it means dropping some of your friends out of your news feed.

Why should I change it back?

We admit it. We’re prejudiced. We want you to follow us on Facebook and see the Internet security tips and news we share. But we also want to keep in contact with the people and things you care about most, even if it isn’t F-Secure.

By taking people out of your feed, Facebook is enabling over-friending and following. This can become a security or spam problem if you’re following the wrong people. But you shouldn’t be following the wrong people. By keeping a realistic view of who you’re actually following, you’ll know when you need to audit your account.

Isn’t this good? It’ll prevent spam.

Maybe it will suppress spam. But the best thing we all can do to stop spam is to warn our friends that they’re sharing questionable or spammy apps. And if the spam continues, unfriend them.

Cheers,

Jason

Share this

Mashable offered “Facebook Privacy: 10 Settings Every User Needs to Know”. All Facebook answered with “The 10 Facebook Privacy Settings You Need To Know”. Then NetworkWorld  focused on “Facebook Privacy: 4 Valuable Yet Hard to Find Settings”.

All of these posts are quite useful. They all focus on Facebook Places, Instant Personalization and the secure browsing setting Facebook recently enabled. Some of these features are only available to people in the US and the UK. Yet of these features are far less important if you become a master of Facebook’s most crucial privacy feature.

What is this one feature that you can use properly and make all the other privacy settings irrelevant?

You guessed it: the “Share” button.

That’s right, if you don’t share things you that might embarrass or harm you if the wrong people see them, you won’t have to worry about your privacy on Facebook.

No matter what your settings are, you cannot stop someone from sharing something you’ve posted. A judge in the US recently ruled that once a photo gets posted, it’s free to be shared no matter what your privacy settings are.

Of course, you can master the privacy settings. You can limit your friends list to those you truly trust. You can even decide on a case by case basis who you want to see your posts.

But you still have to recognize the public nature of sharing on Facebook. That’s why I stick to emailing the information and media I don’t want to share with the world.

Facebook’s privacy features are complex and—when it comes to apps,Instant Personalization and photo tagging in particular—questionable. But Mark Zuckerberg and his 650 million friends can’t force you publish anything you don’t want to publish.

So if you truly want to protect your privacy, use that “Share” button very carefully.

Cheers,

Jason

Share this

This sweepstakes is closed. Please follow us on Facebook for more giveaways in the future.

I recently laid out my Digital Resolutions for 2011. But I didn’t mention our resolution for this blog and our Twitter and Facebook pages.

F-Secure is all about the freedom to feel safe so that you can do what you need to do online. Most importantly, we want to help protect the irreplaceable time, effort and money you’ve invested in your digital content.  That’s why our New Year’s Resolution is to be more useful to you.

And to help you protect what matters to you most, we need your input. That’s the why we’re inviting you to enter our “How Long?” Sweepstakes.

For your chance to win a Canon PowerShot SX130 IS, all you need to do is to read the rules and post your answer to the following question in the comments of this post: How long have you been following F-Secure?

You could have found about us through F-Secure through the work of Mikko and the Labs. Or maybe you found us on Facebook or Twitter or through this blog. Or this could be your first interaction with us — if so, welcome! We’d just like to know how long you’ve been following F-Secure.

Thank you for following us and thank you for your time.

Cheers,

Sandra

CC image by sporst

F-Secure Internet Security 2011
HOW LONG? SWEEPSTAKES – COMPETITION RULES AND PRIZES

By entering the Get Real promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 8:15  AM PDT on January 18, 2011 and end at 12:00 PM PDT February 1, 2011.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 2 prizes — 1   Canon PowerShot SX130 IS with a retail value of $249.99 and 1 F-Secure Internet Security license with a retail value of $59.99 — will be given as prizes in this promotion at the close of the competition.
5. Only two one (2) entries per person per Sweepstakes will be accepted.  Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “How Long? Sweepstakes”. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 45 days of the making successful contact with the winner.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2011/01/18/how-long-sweepstakes/ and comment on the post once or twice. To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with i) the distribution of any prize, ii) entrants’ participation in and/or entry into the campaign, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14.  Employees of Sponsor and family members of such employees are not eligible to enter.

© 2011 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

Share this

No! Facebook isn’t going to charge. Ever.

NO! There’s no way to see who has visited your profile!

Some Facebook rumors take fire and spread. Often the rumors make no sense. Take the insane idea that Facebook would turn off the billion dollar cash hose it has connected to your lives. How about the delusion that Facebook would ever commit suicide by suddenly charging you for the right to turn your life into an ultra-compelling way to sell ad space?

At least the idea that Facebook would let you see who clicked on your profile makes some sense. And it appeals to our most profound voyeuristic/narcissistic instincts. Yet it has been debunked so many times that it has become a zombie lie that will not die.

It’s shocking when you see some of the lame crap that goes viral on the world’s largest social network.

You probably have the same thought I do every time I see a new Facebook spam run: Who is clicking on this crap? And the answer is: enough people to make it worthwhile for the spammers. With Facebook’s 550 million plus active users, spammers just need to glance a fraction of a percent to score big.

Facebook is all about connecting, all about other people’s business, all about finding the most sensational things fast. In some ways, Facebook is a machine built to spread rumors. The question then is: why isn’t also built to crush silly rumors.

Part of it may be brain science. Some scientists say that if we’re told not to think of an elephant, we immediately think of an elephant. So negating rumors sometimes has the opposite effect it seeks. However, we can all be antibodies used to fight the infections of nonsense that we come across daily.

Here are four reasons why I believe rumors spread so quickly on Facebook.

1. The MySpace mentality
MySpace taught most of Facebook’s first users how to use a social network. And at times, MySpace seemed like a game to gather as many “friends” as possible. Heck, people got famous on MySpace for having a lot of friends. (Many people believe this despite the fact that almost all the MySpace break out stars—Dane Cook, My Chemical Romance, Tilla Tequilla—made fantastic use of TV and radio to supplement their Internet fame.) Not everyone was trying to get famous, yet MySpace taught users to make friends with anyone. And these loose binds still exist for many Facebook users. And when you’re trying to think of something to talk about with a stranger, rumors are perfect. However, MySpace may have taught us that communities with these kinds of loose binds do not last.

2. Facebook is a superstar
Facebook is the superstar everyone knows. It’s beyond a phenomenon. Its growth requires epidemiologists to understand and the way it’s ingratiated its way into our lives so quickly and drastically is unprecedented. It’s like Justin Bieber multiplied by Google squared by the iPhone. They even made a movie about it…him…whatever. And the way rumors spread about celebrities, they spread about Facebook on Facebook.

3. Facebook requires users to be spam filters
People are the best spam filters. By harnessing people power, we’re able to prevent lots of spam email from ever getting you. And Facebook is actively fighting spam with new functionalities and by pursuing the worst offenders. But when the numbers are huge as they are on Facebook, you have to trust a lot of people to filter out the nonsense. And if your friends pass on spam runs and you don’t alert them or unfollow them, the problem keeps getting worse.

4. The spammers are smart
They follow the news. One day you hear millions of people Facebook from bed, the next day there’s a run about insomnia cures. Who doesn’t want free gift cards or shocking videos of what that kid found her doing? Some spammers are tapped into our deepest desires and on Facebook they’ve found a new way to make that ability pay.

If you still use Facebook knowing all these things, you can definitely enjoy the incredible tools the site offers while filtering out the bad stuff. But if you’re going to close your account, please do it properly.

Cheers,

Jason

Share this

Of course, we all all want to do more healthy stuff, quit smoking, go to bed earlier, avoid stress, bike more and drive less. But what about your digital life? We spend so much time in front of our computers, that we have to be smart about it.

So here are my digital resolutions to make 2011 safer, savvier and a little more fun. Feel free to borrow any or all of them.

1. Use and remember strong passwords.
2. Wondering why the Manolo Blahniks are that so cheap on that website? It could be a scam. Look twice before buying something online. Is the shop trustworthy? Has the shop gotten good ratings? Is the site secure?
3. Clean up your online friends. Only be friends with people you know and unfriend anyone who constantly sends you Farmville requests.
4. Log out from any online accounts when not using them–and always lock your screen (and your phone). Don’t make it easy to accidentally send an email about your hangover to the whole company.
5. Don’t do any online banking on public Internet terminals—even if the landlord is waiting for your rent.
6. Let your credit card company know if you’re traveling abroad.
7. Don’t fall immediately in love with every new device Apple launches in 2011. It’s not necessary to have a complete collection of every iPod or iPhone generation…
8. Don’t write text messages or read emails while driving – not even at red lights.
9. Ski jumping on the Wii is for wimps. Do some real-world sports.
10. Watch some local news on TV – in real-time and not on the Internet or a DVR .
11. Start a social media diet: Limit the time you spend on social networks and meet up with friends in the real world more often – because it’s healthier

Cheers,

Sandra

CC image by Tsutomu Takasu

Share this

Now, what happens if your Facebook account is taken over by a spammer or a scammer? Or maybe a disgruntled ex gets control of your profile and starts posting shameful things on your friends’ walls. Could you brush it off and tell yourself, “It’s just the Internet. Who cares?” Probably not.

Hackers are out there—helping each other to take advantage of lax security. So here’s what you need to know to keep strangers out of your account. If you’re in a hurry, the most important information is on top.

The Basics

Use a strong password and don’t let your browser remember it
Your password is the key to your Facebook castle. If it isn’t strong, if it includes things that your friends and exes can guess, you’re leaving your drawbridge wide open. Creating and remembering strong passwords isn’t easy. That’s why we recommend this simple system.

And tell Firefox, or whatever browser you use, that you don’t want it remembering your passwords. Don’t make life easier for hackers. (To clear your passwords in Firefox, go to “Tools” then “Clear Private Data” the close and reopen Firefox.)

Use unique passwords for all of your important accounts (and update them whenever you go the dentist)
For any account that really matters—your email, your bank and credit card accounts, Facebook—you need to use a unique, strong password that you do not use for any other account. Whenever a site is hacked, you see that this creates a security crisis across the Web. Why? People reuse passwords. Don’t be one of those people.

And yes, you should update the passwords of your most important accounts. How often? Some say every month. Some say every few months.  How about whenever you’ve just gotten home from the dentist? You’ll be in the mood for a little pain. And if you’re the kind of a person who sees a dentist more than twice a year, you should be as careful with your passwords as you are with your teeth.

Of course, if you recognize any suspicious account activity in your account, change your password immediately.

Make sure your system software and Internet security are updated
All the security in the world won’t help you if your PC is infected with a keylogger that can track every letter you type. Updated system and Internet Security can’t stop you from making security mistakes. But it can prevent most of the common attacks out there. Our free Health Check will tell you if your PC is protected.

Watch where you click and watch where you land
Cybercriminals have mastered a devious method of stealing passwords: they ask you for them. This method is called Phishing and it works because it’s easy to make any webpage in the world look official and reputable. A page that looks just like a Facebook profile can be replicated in minutes. That’s why you always need to check the URL in your browser to make sure you’re on Facebook whenever you enter your private information. And if you ever have any doubt about something that has been posted in your newsfeed, follow the Golden Rule of Social Media Security and don’t click.

Always log out
You’re not keeping hackers out by staying logged in. They still can get in and you’re leaving your account open for a snarky co-worker or invasive family member to pry. And once someone is inside your account, they can change your password to keep you out.

How To Make Sure You Can Get Your Account Back If It Is Hacked

If you start using a new email account, update Facebook settings
If your account is hacked, you need access to the email account you have in your settings. If you can’t get into that email because it’s closed, you’ve just greatly limited your chance of recovering your account.

Do what Facebook recommends
Facebook now rates how secure your account is. It’s a powerful feature, as long as you take it seriously. If your account “Overall Protection” is rated “low”, Facebook will prompt you to add some information. Do this!

Add a secondary email
Facebook asks for a secondary email. This helps Facebook because now it will be able to connect you with more friends. And it helps you if you ever lose access to your primary email, or if your primary email gets hacked. So only add  a secure email account with a unique password.

You can add your secondary email by going to “Account” > “Account Settings”> Find “Email” and click on “change”.

Add your mobile number
Adding your cell phone number gives you a secondary way to claim your hacked account. It also gives you the ability to get one-time passwords, which I’ll explain later. To change or add your mobile number, go here. On that same page, be sure to edit your notifications or Facebook will be texting you nonstop.

Keep in mind that your Facebook account security now depends on your mobile security, so I recommend that you have some way to lock or wipe your phone if you lose it. Our Free Anti-Theft for Mobile does just that.

Add a strong security question
Make sure you choose a question that only you can answer. The last five digits of your driver’s license are probably better answer than the name of your first pet—since your friends and family may know that. The worst answer, of course, would be one that a stranger could figure out by looking at your profile.

For Extra Protection

Activate Account Protection
Want to be notified whenever a new computer logs into your account? Activate Account Protection.

Why would you want to do this? Because if someone gets into your account on a device you don’t recognize, you can login to Facebook and “end activity” on that login. Then you can, hopefully, change your password before the intruder does.

Once you activate this feature, you’ll have to identify ever device you login from. It’s slightly annoying, but it gives you the kind of control of your account that will keep your account safe.

To activate Account Protection and “end activity” on any Facebook sessions you didn’t initiate, go to “Account” > “Account Settings”> Find “Account Protection” and click on “change”.

Use One-Time Passwords on public computers
If you use Facebook on public computers, such as at school or the library, you should use Facebook’s One-Time password feature. On a public computer, you have no idea what kinds of programs are running that could be used to log your account information. By using a unique password each time, you remove the risk that your credentials will be stolen.

To do this you need to set up and verify your SMS number. Go here and add in your mobile number. You’ll then need to verify the number by entering a code that will be sent to you. Once this is done, you can send a text message to 32665 with the message “otp” whenever you’re about to login on a public computer. Your One-Time Password will work for 20 minutes after you receive it.

Follow us on Facebook for more tips on securing your account.

Are there any special methods you use to keep your account safe? Post them in the comments.

Best,

Jason

Share this

The new profile doesn’t create any NEW privacy problems. However, it does take one existing privacy problem and make it more annoying.

Here’s what you need to know now:

1. Your privacy settings haven’t changed. But you should check out how your new profile looks.
The same people can see the same things. However, certain information—your birthday, education and professional experience—and the pictures you’re tagged in will be much more prominent in your new profile.

You can quickly hide these photos and information, or, with a little effort, adjust your settings so only you can see them. But once you have the new profile, you should go to Account > Privacy Settings> Under  “Connecting on Facebook” click “View settings”> Click on “Preview My Profile” to see how most people see you.

2. Facebook’s photo and video tagging is annoying. And now that is more obvious.
The only way to stop a Facebook friend from tagging you in a photo is to unfriend that friend. With the old profile, you probably didn’t notice or care about this feature. You’d get an alert that you’ve been tagged in a photo and that a photo you were tagged-in had received a comment. Some users tag their friends in an image they are not in just to get them to look at and comment on said image. Some users tag friends in silly or gross images as a joke. Basically it’s an unsecured feature that is easily hacked for fun/mockery.

And the potential annoyance of this tagging tool wasn’t a big deal until Facebook put tagged photos at the top of your profile. Now, one funny or chemically imbalanced friend can decorate your profile with ridiculous images.

So now you have three choices:
a. BEST CHOICE: Only friend those whom you really trust.

b. Customize your privacy settings for “Photos and videos I’m tagged in” to “Only Me”.
To do this go to Account > Privacy Settings> Click on “Customize Settings”> Under “Things other share” and “Photos and videos I’m tagged in”, click “Edit Settings”> Under “Who can see photos and videos I’m tagged in” select “Customize” then “Only Me”. You can also exclude certain friends. But if you do that, you may end up having to find this stupid setting again.

c. Use Facebook Groups. But this is complex and not foolproof.

Allowing users to tag their friends is a unique feature that has helped Facebook become the world’s largest photo sharing site. This feature will probably never be eliminated. However, Facebook could make opting out of it much simpler. A good model would be what Facebook did with Facebook Places. The first time a friend tagged you in a Place, Facebook asked if you wanted to allow friends to tag you. (Another method would be to allow users to block certain friends from tagging them in photos or videos. But this is again complex and not foolproof.)

3. Your birthday is now more obvious, so please do not use it as a password ever for anything.
Facebook has taken one of our prime identifying pieces of personal information and made it a minor holiday. Even if you don’t allow anyone but friends to see your birthday on Facebook, your birthday messages may show up on your profile and in friends of friends’ Top News—especially if you and your friends broadcast your activity.

So, fine. People know when you’re born. That would be fine, if there weren’t potentially millions of people using their birthdays as PIN numbers for their ATM cards. Here’s a simple system for creating and remembering strong passwords.

4. You may want to hide your work and education experience.

Your “experience” is now at the top of your profile. If for any reason you would like to keep this professional  information from being so prominent in your online life, you need to change your sharing settings to “Friends Only” in general go to Account > Privacy Settings> Under  “Connecting on Facebook” click “View settings”>  Under “See your education and work” you select “Customize” then “Only Me”.

5. Facebook is taking on LinkedIn (and possibly another new Google social network.)
You don’t have to be THE social media guru to figure out Facebook’s master plan. Not only do they want to integrate Facebook into every aspect of the web, they want your Facebook profile to be your ONE profile on the web.

To make your profile central to your web identity, Facebook has stay ahead of potential competitors like Google (the search engine giant is rumored to be launching some sort of direct Facebook competitor and 2011) and to replace (or absorb) any existing sites that might offer an alternative to Facebook.

Now that MySpace lost, it seems Facebook’s next target is LinkedIn. LinkedIn is a virtual resume/business networking tool for about 50 million people around the globe. Facebook’s new profile seeks to make your profile into more of a business card—not quite a résumé, yet. But it’s clear that Mark Zuckerberg and his crew recognize the value of making Facebook valuable to your professional needs, and Facebook’s audience is getting a little older (and more professional) every day.

Facebook’s new profile emphasizes Facebook’s dominating strength— photos—while revealing its strategy for the future. If you’re going to keep using Facebook, as a half a billion “friends” do, it’s always worth spending a little time thinking about how Facebook sees you.

Look out for those tagged photos,

Jason

Share this

This time of year, people all over the world are getting together to celebrate the people they love. And we’d like to use the grand finale of the Get Real Sweepstakes to thank you for letting us help protect your irreplaceable content, relationships and time.

Throughout this year, we’ve shared a lot of the best tips we have for protecting yourself online:

• How to create and remember strong passwords
• 7 ways to shop safely online
• Low-tech tips for securing your webcam
• How to protect yourself from credit card fraud
• How to secure your location
• 6 tips for safer Facebooking
• 5 Things to Remember Whenever You Open a Web Browser

And this leads us to the last Get Real question: What is the best online security tip you’ve heard this year?

Choose from one of our tips or from another source you trust (which we can’t vouch for, of course). Read the rules and post your answer in the comments below for your chance to win a Nokia N8, and F-Secure Mobile Security and F-Secure Internet Security 2011.

Here’s a little peak out how our Mobile Security will protect the winner’s phone:

You have until January 1, 2011 to enter. So best of luck and here’s to a wonderful holiday season for you and yours and a very happy 2011.

Cheers,

Sandra

CC image created by bfick.

Share this

Has it gotten so that every day you see some strange application shooting random posting random updates in between updates from The Onion and your brother’s best friend?

Maybe you just haven’t turned off Farmville, yet?

Or perhaps you’re one of the three out of four Facebook users who are bothered by social networking spam. If that’s true, there’s a good chance you agree with the nearly 50% of Facebook users we surveyed who deal with spam frequently.

With the help of you and the readers of this blog, we’ve just completed a study about Facebook safety.

What we found is that spam is getting pretty pervasive on Facebook. However, users still generally still feel safe on the site, which is crucial to Facebook’s growth. Despite the spam, people continue to spend more and more time social networking. Even the major security concerns—account being hacked and identity theft—suggest that users closely identify with their Facebook profiles. And we feel safe because we trust our friends. Yet crooks and spammers and frauds are looking to take advantage of our trust.

Here are three quick ways to keep your and your friends worst Facebook security fears from coming true.

1. Audit your friends list
We found that around half of Facebook users say that they know most of their friends.15% know only a few or none of their so-called friends.

‘Know’ could be an old fashion way to look at it. Many people have Internet relationships that have lasted more than a decade without meeting in person. Trust is more important. Do you trust this person enough to share your life with him or her? Is there any reason not to? You can always choose what you share. But you can’t choose what ends up in your news feed for you to accidentally click.

To audit your friends, go your Profile, scroll to Friends and click See All.  Ask yourself, if you know and trust this person. If you aren’t sure,  go to his or her profile. If they post lots of updates that you’re not interested in or worry you, scroll down the left hand till you get to “Remove from friends”. Click.

As you audit your list,  if you see a single woman with a revealing profile photo who has no friends in common  with you, chances are you’re friends with a spam profile.

2. Audit your applications
Got a minute? Do yourself a favor and log into Facebook. Go to Account > Privacy Settings. Under Applications and Websites, click Edit your settings.  Take a deep breath. Now you can either Turn off all platform applications or Remove unwanted or spammy applications. Do one or the other.

If you turn the platform off, you’ll be free of most Facebook spam, but you won’t be able to use any applications at all. So if you choose to use applications, you need to go through and remove any app you do not use or trust. You can also block spamming apps as they come up. And once a spammy application is removed, you make your network a little safer. If you come across a spamming app, please report it.

(Bonus tip: The single best way I improved my Facebook experience was to hide the notifications from Facebook games. Here’s how to do it. I’m not a gamer, so it was an easy choice for me. And you can always block games as they appear in your feed.

3. Remember: Links are not your friends.
Your friends are your friends. They post links. Those links are probably safe. But your friend may have activated a spam application or accidentally posted something he or she hasn’t checked. Use your intuition. If your aunt suddenly uses OMG or LOL for the first time, she may have been click jacked. If something in your feed alerts you to something particular scandalous—like a girl caught on a webcam or the ability to see who has viewed your profile or any profile—it may end up leading to a scam or malware. And if you click on it, you’ll spread that nasty little deal to your network. You can check any link it with our free Browsing Protection. It’s another layer of protection, but the best protection will always be your intuition. So always check your gut before you click.

Conclusion

One of most interesting things to me about Facebook is how clearly it demonstrates the social nature of online threats. When anyone in our network gets infected, you’re more likely to get infected. By helping to keep your network safe, you keep yourself safe. So there are selfish reasons to be safe on Facebook.

But I don’t believe people on Facebook are especially selfish or narcissistic. Research says we actually tend to be more social than those who abstain from Facebook.

Sean Sullivan of the F-Secure Labs has compared the members of social networks to antibodies that can be used to prevent infections quickly. On Facebook, you create your network. There is no one and nothing in your news feed that doesn’t come from someone of something you ‘liked’.  If the entire Facebook experience is based on’ like’, we should like each enough protect each other.

Cheers,

Jason

Share this

We’ve seen evidence of John’s careless ways, doesn’t seem very smart does it?

However the truth of the matter is that you don’t have to be an imbecile to find you have been the victim of cyber theft.   John is not alone – people put themselves at risk everyday.

Over the next couple of weeks we’ll be sharing top tips on how to increase your internet security through our Twitter account using the hashtag ‘#NotSmartJohn’.

These will include methods to avoid getting your Facebook account hacked, your credit card details stolen or your email account accessed.  We’ll be testing your knowledge every Friday, and selecting winners at random.  All you need to do is answer the question on Facebook or Twitter with the hashtag ‘#NotSmartJohn’.

All you need to do to enter is submit your answers in the comments section of our Be Smarter than John Facebook tab or Tweet the answers when we announce the weekly quiz on Twitter every Friday.

In the meantime, to get an idea of how the F-Secure internet security 2011 package might benefit you, we’ve made a free 30 day trial available for download today

Tell us about your experience! If you do test it out we would love to hear your thoughts on the product and/or on cyber-security.  Share your opinions with us in the comments section below, or should you chose to review on your own site, let us know and we’ll share with the F-Secure community.

Hoping that your still smarter than John,

Sandra

Share this

UPDATE: This sweepstakes is now closed. The winner will be contacted and then announced. LIKE our Facebook page for more giveaways and online safety tips.

Have you ever searched for own name using Google Images?

You may be surprised what you find.

If you are on Facebook (and haven’t opted out of public search; see #6 here), Last.fm or other web communities, your profile pictures may appear in the Images search results.

And there will probably be other pictures you’ve forgotten, or would like to forget.  Maybe your name appeared in a newspaper once, or on the website of your sports club, or you used to play in a band that you’d very much like to forget… The photos might still be there just waiting to be seen by everyone who knows your name.

Some call searching your own name “egosurfing”. But in a world where employers often check your online presence before making hiring decisions (except in Finland where Googling job applicants or employees is illegal), knowing what Google thinks about you is important. You can’t do much to influence these search results, but there are a few things you can do to get Google out of your life—including un-Googling yourself.

That leads to this week’s question:
What’s the most horrible picture of yourself you ever found online? You don’t have to link it here, of course . But describe in which situation it was taken.

Read the rules and post your answer in the comments below for your chance to an iPod touch and  F-Secure Internet Security 2011.

BONUS ENTRY: You’re eligible for an extra entry. Complete this quick survey about online shopping Safety and then post “Survey completed” in an ADDITIONAL comment for another chance to win. If you completed the shopping survey last, you’re still eligible for an extra entry this week.

Cheers,
Sandra

CC image created by Jing.

F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #10- COMPETITION RULES AND PRIZES

By entering the Get Real promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 12:00 PM PDT on November 22, 2010 and end at 12:00 PM PDT November 29, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 2 prizes, iPod touch 8 GB with a retail value of $229.99 and 1 F-Secure Internet Security license with a retail value of $59.99 will be given as prizes in this promotion at the close of the competition.
5. Only two (2) entries, per person per Sweepstakes will be accepted.  Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes: Week #10“. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 45 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/11/22/get-real-sweepstakes-week-10/ and comment on the post once  To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with i) the distribution of any prize, ii) entrants’ participation in and/or entry into the campaign, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14.  Employees of Sponsor and family members of such employees are not eligible to enter.

© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

Share this

At the time I felt like I was acting on a whim, but in hindsight I can think of a number of reasons why I might have quit:

1. Micro-blogging was not fun any more
2. Managing my settings and content took too much time
3. I wanted to get to know people in person
4. I wanted people to get to know me in person, but only if I like them
5. I wanted to cut out people I don’t want to know more easily
6. There’s too much passive-aggressive behavior on Facebook
7. I had forgotten how to surf the internet for interesting content
8. I checked Facebook far too often
9. The novelty had completely worn off
10. I am sick of the way I overhear “Facebook” in every conversation

Nice things about having quit Facebook:

1. I began to phone my family rather than check their status
2. Friends who were quiet on Facebook turned out to be chatty via e-mail
3. It was a surprise to find out which friends made an effort to stay in touch
4. I felt like I had a lot more peace and time to myself
5. I visit a broader range of interesting web sites, as per my pre-Facebook days

Annoying things about having quit Facebook:

1. People forget to invite you to events then ask why you were not at them
2. You realize how many e-mail addresses and phone numbers you do not have
3. Some friends just do not know how to keep in touch, so you have to give them up
4. You’re the last to hear a lot of social news
5. So many conversations revolve around Facebook that you often find yourself excluded
6. You can’t spot bad photos posted online and ask your friends to remove them
7. It’s harder to share interesting links with your friends

That’s all I have so far. Let me know if I have missed anything.

I do realize that most of my Facebook concerns are not security concerns. Asides from managing my settings and photos, my reasons for quitting Facebook are of a more social nature.  I’d also like to point out that all of the good things about having quit Facebook have far more value than the petty annoyances, even though the list is a bit shorter. The fact that I don’t have to worry about one more aspect of my internet security is an added bonus.

If I were a celebrity, perhaps I would have to make myself a placeholder account like that of Mikko Hypponen, who probably has completely different reasons for not being on Facebook than I.

Best,
Melody-Jane

CC image by momo.

Share this

On Facebook, there have been many applications advertised to let you find this information and all of them are fakes. It’s a good thing, too. These applications may satisfy your curiosity, but they treat all of the friends that you added to your profile as potential stalkers. Even if it were possible to find a Facebook application that reveals your profile views, by using that application to find stalkers you would become the very thing that you were trying to avoid. You’d be stalking your friends’ online activities and snooping on actions that they believed were their own, private actions.

Recently, professional site LinkedIn have removed anonymity from profile views, based on a user setting. MySpace have a similar feature: if you want to see who views your profile, you must let them see your activity. If you consider how frequently Facebook is changed, it seems that there is every chance that Facebook will add the same feature in the future. Facebook also have a disturbing policy of enabling new settings by default. It hasn’t happened yet, but it is a reason to be vigilant. If you want to sacrifice your privacy in order to satisfy your curiosity it should be your choice and the choice of those who do not want to sacrifice their privacy should be respected as well.

So, do you have a stalker?

The first thing to get clear in a discussion about stalking is what stalking actually is. That way we can avoid persecuting and humiliating innocent people with the reputation-damaging label “stalker”.

A stalker is not someone who views your social profiles. It is not someone who views your page a lot. It is not someone who views your photos and it is not even someone who downloads them. None of these activities automatically make someone a stalker.

If you are really being stalked it is a serious matter. It is illegal in at least some countries, as a form of threat and harassment.

The US legal definition states that not only do you have to be followed, but it is “with the intent to place that person in reasonable fear of death or serious bodily harm” (I suggest you read the whole definition here).

Cyber stalking also involves high levels of harassment, distress and the intent to track down and meet a person in the physical world. To reduce the chance that someone can trace you in the physical world you can read our guides on using location-based Facebook and how to use Twitter safely.

I have to suggest that before you accuse someone of being a stalker you should think very carefully. Are you really under threat of death or injury just because someone views your photos online? Photos that you published yourself? Because when you put things online, your social profiles, your location, your pictures, your thoughts, your job description, you are publishing it.

If you are reading this and you do have a real stalker, if you are living in fear of physical harm, then contact local law enforcement.

Now that I have that warning out of the way, I can give you some practical tips in case you are curious about how much your profiles are getting viewed. I know that a lot of people have encountered this blog by searching for ways to discover so-called stalkers or to find out how to track people online better. I know because I can see how searchers came to this site. Yes, I can see that.

If you look around you can find there are several sites and services that give you viewing statistics. I already mentioned the features in MySpace and LinkedIn, which allow you to see the details of your viewers so long as you are willing to reveal your details to them. That’s a nice way to do it.

Blogging sites offer statistical views of how many views you have for each post and where the posts have been linked. This is still somewhat anonymous, but that should be fine. It is still a lot of information.

YouTube even have a little statistics area that can be opened up from underneath each video that tells you the age, gender and country of the video’s viewers and which link or search brought them to the video.

Facebook? The best advice I can give you is this: Why don’t you just ask?

Ask your friends and they might even tell you. You can also use common sense: Find out who comments most often and who ‘likes’ the most photos and status updates; the chances are that they view your profile the most often and that they are also very active Facebook users.

Of course, going through your Facebook Friends’ list and removing anyone you do not trust personally is always a good idea.

Here on Safe and Savvy we have a lot of posts related to online privacy. If you are still curious then take a look at our archives and subscribe to our RSS Feed.

Share this

The theme this year is “Our Shared Responsibility.”  And to illustrate how much we rely on each other to keep the Internet safe, we’re asking you to join us in a little experiment. The idea came Jan and Leonard, two fine F-Secure fellows inspired by the Facebook Celebrity Doppelganger phenomenon.

Here’s the plan

Turn your Facebook profile picture to an ASCII image by 10/10/10 to spread cybersecurity awareness.

What’s an ASCII image?

ASCII is the American Standard Code for Information Interchange, and ASCII Art was born out of the necessity in the pre-graphics era of computing.  Using the 95 printable characters on most computer keyboards, you can create a recognizable and unique image. Using ASCII is a tribute to the ingenuity that made the digital technological revolution possible. Here’s what an ASCII image as a profile pic looks like on our Facebook page.

How do I convert my profile image into ASCII art?

1. Copy the Image Location of your profile picture.
   PC: Right click on the picture and select “Copy Image Location”.
   Mac: Hold down “Command” and click on the image. Select “Copy Image Address”.
2. Go to an ASCII image generator. You can try the one at Glass Giant.com or TEXT-IMAGE.com.
3. Take a screen shot of your ASCII image.
   PC: Hold down “Alt” and press the “Print Scrn/SysRq” button.
   Mac: Hold down “Command”, “Shift” and “4” and then use the crosshairs to select your image. More info here.
   (You may want increase or decrease your browser view to get the image right.
   PC: Press “Ctrl” and the “-“ or “+” button to change image size.
   Mac: “Command” and the “-“ or “+” button to change image size.)
4. Paste the image into Photoshop, MS Paint or any image editing software.
5. Select the image you want and save it in a new file as a jpeg (.jpg).
6. Go to your Facebook profile. Click on your profile image. Click on “Change Picture” and then “Upload a Picture”. Select your ASCII image.

What then?

Post a message on your wall letting your friends know that you’ve gone ASCII for Cybersecurity Awareness Month. Link to http://www.staysafeonline.org/ or this page spread cybersecurity awareness.

Stay safe,

Sandra

Share this

Facebook’s Instant Personalization continues to concern people who worry about privacy on social networks. Here are the questions about it that I wish I’d been asked about it.

Q: What is Instant Personalization?
A: It’s Facebook’s pleasant way of saying that it automatically shares your account information with partner sites according to the privacy settings you’ve chosen.

Q: What’s “instant” about it?
A: Unless you’ve opted out, your data is now being shared. (This is true in many countries. Facebook hasn’t turned Instant Personalization on in Slovakia or Finland, for instance.)

Q: With whom exactly is Facebook sharing my data?
A: The original three were Pandora, Yelp and Microsoft Docs. In fall of 2010, Facebook added Rotten Tomatoes and Scribd. Then in winter of 2010, Clicker and TripAdvisor went live. More partners are coming.

Q: Why?
A: Facebook is a business. We don’t know the financial arrangements behind these partnerships but they are all a part of Facebook’s broader strategy to spread its functionality or ‘like’ buttons anywhere on the Internet it can.

Q: Can they do this?
A: Yep. It’s in the site’s Statement of Rights and Responsibilities AKA its terms and conditions. Grab a magnifying glass and a quadruple mocha, you’ll find it in there.

Q: Is this bad? Why am I shivering?!
A: Wired.com’s Threat Level blog called the recent implementation of Instant Personalization with Scribd a “privacy nightmare” because, among other reasons, it was difficult to opt out at first. Scribd has improved its opt out. But it’s still annoying.

Q: Why is it annoying?
A: Several reasons. 1. Facebook can partner with any site it chooses. Unless you opt of the function entirely, your information is automatically shared. 2. You may be friends with people—your boss, your mom, your employees—with whom you don’t want to share your movie or music tastes. Unless you’re paying close attention, you may be just doing just that. 3. The principle of it. Facebook says that its users can control their own information. This doesn’t meet that standard. 4. It’s too difficult to opt out. You have to drill down into the privacy settings to opt out of the feature entirely. Not being able to opt out of individual sites via Facebook’s privacy settings is especially annoying.

Q: How can I opt out?
A: I thought you’d never ask. To opt out completely: Go to “Account” > “Privacy Settings”. Under “Applications and Websites” click “Edit your settings”.  Find “Instant Personalization” and click “Edit Settings”.  Uncheck the box that says “Enable instant personalization on partner websites.” Once you do this, your information will not be shared with any partner site. You can also keep the feature on and block individual partners.

To opt out sharing with Microsoft Docs: Go to the Docs Facebook application page and click “Block Application”. Then click “Block Docs” on the pop-up.

To opt out of sharing with Pandora: Go to the Pandora Facebook application page and click “Block Application”. Then click “Block Pandora” on the pop-up.

To opt out of sharing with Yelp: Go to the Yelp Facebook application page and click “Block Application”. Then click “Block Yelp” on the pop-up.

To opt out of sharing with RottenTomatoes: Go to RottenTomatoes.com. Find the “Welcome” box with your Facebook profile picture in the upper left corner. Click “Learn More”. At the bottom of the pop-up just above the close button, click “disconnect”.

To opt out of sharing with Scribd: Go to Scribd.com. Find the “Welcome to Scribd – Where the world comes to read, discover, and share…” box on the top of the page. Click “No thanks” in the bottom right corner of that box.

To opt out of sharing with Clicker: Go to Clicker. Find the “Welcome to Clicker” box on the top right of the page. Click the “Disable” link.

To opt out of sharing with TripAdvisor: Go to TripAdvisor. Find the box at the top right of the page that says “TripAdvisor is using Facebook to show you friends’ trips and reviews.” Click “Disable” in that box.

Q: Is there any reason NOT to opt of Instant Personalization?
A: Sure. If you’re a responsible Facebook users who knows and trusts all your Facebook friends, connecting with them on various social sites could be fun and useful. But as Facebook adds more features like Places and shares your information with more sites, you’re taking a risk of sharing information you may not want to share. It’s not a driving while distracted by your cell phone risk. But it is a risk.

Note: The EFF monitors Facebook’s privacy policies closely and was a resource for this post.

Share this

UPDATE: This sweepstakes is now closed. The winner will be contacted and then announced via our Facebook page.

The average Facebook user has 130 “friends”.

If you are an average Facebook user and sharing your information with “friends of friends”, you’re theoretically sharing the intimate details of your life with nearly 17,000 people.  But the fact is that even if your privacy settings are locked down to the most restrictive levels and you only have one friend, your information is only as secure as that one friend.

And now a judge in New York has ruled that no matter what your privacy settings are, anything you publish on a social network could be subpoenaed. That’s right—anything you publish on Facebook, Twitter or Facebook could be used against you in a court of law.

People do things online that they would never do in the real world. In the real world, we don’t expect privacy in public. That’s why we suggest that you think before you publish any private information on any social network.

This leads us to this week’s giveaway question: How many online “friends” do you have?

Read the rules and post your answer in the comments of this post for you chance to win an iPod touch 8GB plus F-Secure Internet Security for you and a friend.

Cheers,

Sandra

CC image by Dan Taylor.

F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #3- COMPETITION RULES AND PRIZES

By entering the Get Real promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 6:00 PM PDT on October 3, 2010 and end at 6:00 PM PDT October 10, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 3 prizes a iPod touch 8GB with a retail value of $229.99 and 2 F-Secure Internet Security licenses with a retail value of $119.98 will be given as prizes in this promotion at the close of the competition.
5. Only two (2) entries, per person per Sweepstakes will be accepted.  Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes Week #2 “. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 30 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/10/01/get-real-sweepstakes-week-3/ and comment on the post once or twice. To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
11. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
12. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with accidents, terrorism, theft, natural disaster, the promotion of the Get Real Sweepstakes, the distribution of any prize, entrants’ participation in and/or entry into the Get Real Sweepstakes, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
13. Employees of Sponsor and family members of such employees are not eligible to enter.

© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

Share this

UPDATE: This sweepstakes is now closed. The winner will be contacted and then announced via our Facebook page.

You may have heard about the recent “Facebook burglaries.” Using the world”s most popular social network, a group of thieves allegedly went on spree that raked in over $100,000 in stolen goods.

A little reporting on the crimes revealed that two of the cases in the spree involved Facebook. In those cases, the perpetrators had “friended” their targets, gaining access to the homeowners’ wall posts.

A PR rep from Facebook offered this advice: If you wouldn’t tell someone in person that you are leaving town, you probably shouldn’t use Facebook to tell him or her.

In real life, you don’t make friends with anyone who comes along, and you don’t share your travel plans with strangers. People do things online that they would NEVER do in the real world.

That’s why over the next 6 weeks we’re going to be reminding you of some smart online safety practices and celebrating the launch of F-Secure Internet Security 2011.

Just answer the question below on the comments of this post and you’ll be entered to win an incredible HD HERO Naked wearable camera for you PLUS F-Secure Internet Security 2011 for you and a friend. You can see the complete rules for this giveaway here.

Here’s the question for week #1: Where in the real world are you?

We don’t want to know your exact location right now because you’re too smart to reveal your exact location to complete strangers. Just give us an idea. You can tell us which planet, hemisphere, continent, country, state, province, city or neighborhood you spend most of your time. To make it easy, you can post a link to a picture that answers the question.

Again, once you’ve read the rules, all you have to do to for your chance to win is to comment on this post. Good luck!

Cheers,

Sandra

F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #1 – COMPETITION RULES AND PRIZES

By entering the Get Real promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 6:00 PM PDT on September 19, 2010 and end at 6:00 PM PDT September 26, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 3 prizes a HD Hero Naked camera with a retail value of $259.99 and 2 F-Secure Internet Security licenses with a retail value of $119.98 will be given as prizes in this promotion at the close of the competition.
5. Only one (1) entry, per person per Sweepstakes will be accepted.  Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes Week #1 “. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 30 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/09/19/get-real-sweepstakes-1/ and comment on the post. To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
11. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
12. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with accidents, terrorism, theft, natural disaster, the promotion of the Get Real Sweepstakes, the distribution of any prize, entrants’ participation in and/or entry into the Get Real Sweepstakes, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
13. Employees of Sponsor and family members of such employees are not eligible to enter.

© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

CC image by woodley wonderworks.

Share this

To protect your irreplaceable content, relationships and financial information, remember the following while you’re tweeting, re-tweeting and hashtagging away:

1. Be a little skeptical of everything, especially Direct Messages
In about two minutes, you could create a Twitter account that impersonates almost anyone, living or dead. Twitter has “Verified Accounts” for celebrities, but no one is really verifying if an account was really opened by your co-worker Stu. That said: hackers probably aren’t going out of their way to impersonate your co-worker Stu. But they might take over Stu’s account to trick you into clicking on a bad link.

So carefully scan any profile page you’re thinking of following. Check to see if there’s a respectable image. Make sure all tweets aren’t entirely repetitive self-serving spam. See if there’s a reasonable “follower-to-following” ratio. Then, if they look interesting, follow away.

But always be on guard.

You can never really know if any Twitter account has been taken over by someone with criminal intent. Hackers use hijacked accounts to spread spam and scams. Links may also lead to malware sites where the end goal is stealing online banking credentials or other personal information.

Worms, botnets, phishing scams and malware have already found their way into Twitter. Crooks work night and day, so you know eventually a variation on every nasty trick that found its way into your email inbox or a web-page will show up in a tweet. However, the people at Twitter are working hard to make the site a safer place.

The site now filters malicious links and has launched its own URL shortening service that will both track and protect users. And a recent study found that Twitter links are as safe as or safer than Google search results.

You still should be especially wary of any link sent to you in a Direct Message. Just because you follow a person does not mean that everything that comes from her or him is safe or true. If you must click on a link in a Direct Message, please check it out first using F-Secure’s free Browsing Protection.

Nothing on the Internet is 100% secure. But with a little common sense and few security precautions, Twitter can be as safe as any social network on the Web—even if Twitter doesn’t think it’s actually social network.

2. Only enter your Twitter login and password at Twitter.com
One of the things that made Twitter so popular has been its openness to outside developers. Until the summer of 2010, you could even log into your Twitter account via a third-party site. This was a risky security practice that led to users becoming comfortable entering their credentials everywhere, and possibly having their accounts phished.

While Twitter is still open to thousands of fun applications, it no longer allows third-party logins. This means that only place on Web that can only login to Twitter is Twitter.com. To connect an app to your account you must use a process called Oauth that connects you to the application directly. Now only Twitter is the only developer responsible for protecting your account information.

But of course, you have to do your part, too.

3. Use a strong password
Once a hacker has your password, your account and social identity is completely vulnerable. So guard those little jewels jealously.

Most importantly, you should use different passwords for every account you have. Your passwords should be complex and not based on any public information like your kids’ or pets’ names. Keeping track of multiple passwords from multiple sites can be overwhelming. But here’s a system that makes creating and remembering strong passwords easy.

You should also prevent your browser from remembering your passwords, and practice good password hygiene by changing your passwords on your every few months.

Most importantly, once you stop using any email or social networking account, be like John Mayer and Miley Cyrus. Delete it.

4. Fight bad software with good software
A necessary precaution before using Twitter, or any social network, is an Internet security suite along with updated system software. To make certain that all of your applications — including Adobe Acrobat Reader, Flash, iTunes, Quicktime and RealPlayer– are fully patched and protected, use the free F-Secure Health Check. It’s easy.

Twitter is like any boomtown; all types are floating through. So remember the same security lessons you learned while using email. Be selective about what you sign up for or follow or forward.

You may want to consider using a third-party Twitter client like TweetDeck or Hootsuite. These clients will protect you from being affected by XSS attacks like the one that hit Twitter.com in September. That exploit resulted in a lot of gibberish, but didn’t become malicious. But we may not be so lucky next time.

When opening links, never trust site that tries to install any software you haven’t authorized or pretends to scan  for malware. If you are seeing persistent pop-ups, or you notice that a new program has installed itself on your PC without your permission, immediately run F-Secure’s free Online Scanner.

5. Keep your account clean
Most Twitter users don’t realize that once you allow an application access to you Twitter account, that access is open until you shut it off.  This can lead to potential security holes, especially if you’ve authorized applications you shouldn’t trust. The owners of the applications connected to your accounts may even be able to read your private Direct Messages.

This is why you need to occasionally audit your accounts. To do this, go to ‘Settings’ then ’Connections’. Then go through and ‘Revoke Access’ to every application you aren’t using. (If it turns out that you are actually using it, don’t worry. You can always reestablish access.)

Avoid connecting to bad applications by doing a Twitter search of the name of any app and checking its reputation before you give it access to your account.

Here are some other ways to clean up your account and bring back that “new-Twitter smell”.

6. Assume it’s a scam
Your bank probably isn’t going to contact you through Twitter—but someone pretending to be your bank or PayPal or a credit card company may. Verify any financial question directly with your institution. Don’t trust anyone that’s asking for financial help or giving you the secret of getting more followers fast.

Scams usually seem pretty obvious in retrospect, but the reason they exist is that they work! Smart people slip up all the time. Don’t be one of those people.

7. Protect Your Privacy
Twitter, unlike Facebook, is almost entirely a public space. A small percentage of Twitter users “protect” their tweets. But most users make their tweets public to the world.

Twitter’s search only goes back a few days. But Topsy has a record of all Tweets since May of 2008. And Google and Bing are now in the tweet tracking business. So assume that anything you Tweet will last forever, possibly even if you delete it immediately.

A good question to ask yourself before you tweet anything is: Would I say this out loud in a room full of strangers?

Never share sensitive or confidential information—including your email address. Specifically, don’t announce vacations or details about your schedule. Only add location to  your Tweets if you are comfortable with the world being able to find you.  If you want to tweet about a place you’re visiting, the best time to do this is as you are leaving. Otherwise, you may be informing a thief of exactly when you’ll be away from your home.

Tweets about layoffs, drunken behavior and how someone looks in a certain dress may be fun at the moment, but how would you feel about them being public when you’re applying for your dream job?

Be careful when using Twitter or any social network while you’re mad, or inebriated. Before you tweet anything in anger, take a deep breath. Remember that while Twitter may feel at times like it’s your own private cocktail party, it isn’t.

You can track current risks by following Twitter’s @Safety account. F-Secure’s @MikkoHypponen, @FSLabsAdvisor and @FSecure all tweet about ongoing Twitter and social media security issues.

Share this

This means that if you start using Facebook Places and your friends comment on a location you check into, it could end up in your friend’s friends’ “Top News” feed.

Theoretically, your trip to Hooters three weeks could appear in a friend of a friend’s feed. And it could ruin any chance you might with an attractive friend of friend who saw your visit—and her friend’s comments cheering you on—come up in her Facebook Top News. Or your mom could comment on a picture from your birthday party and unintentionally share it with everyone in her feed—including all the cousins who weren’t invited.

And the worst part is that every time Facebook adds a new feature—like Facebook Places—it automatically opts you into broadcasting your activity through your friends.

This is not a huge privacy issue because Facebook is only sharing your info with the people you intended them to, “friends of friends”. But it is annoying. Sharing should be intentional.

The introduction of Facebook Places means that it isn’t just your words and media that are being broadcast. Now your physical location could be “newsworthy” to the friends of your friends.

How to stop your friends from broadcasting your information

Go to “Privacy Settings”. Find “Applications and Websites” and click on “Edit Your Settings”. Click on “Info accessible through your friends” and unclick “Places I check into” or anything else you’d rather only be shared intentionally.

How to stop Facebook from automatically opting you into sharing new features through friends

On the “Application, Games and Websites page” click “Turn off all platform applications.” This will also opt-you out of any application on Facebook. It also makes it unnecessary for you to determine what kind of information you want to share through your friends.

If you turn platform applications or add an application to your page, Facebook will opt you back into sharing everything except “Interested in and looking for” and “Religious and political views”. At least Facebook realizes that there are some things about you that you don’t want your friends broadcasting.

That’s how you prevent your shared information from being broadcast. For more information about Facebook safety, check out How to Save Face: 6 Tips for Safer Facebooking and the F-Secure Facebook page.

Cheers,

Sandra

Share this

Location-based services are sites available through mobile devices that use your exact geographical location to connect you to friends and businesses.

So now you have to decide: Do I need everyone to know where I am?

Okay. Maybe you aren’t letting “everyone” know where you are. Many services limit your information to your friends. But when you share your information with a network, you’re trusting everyone on that network to protect your privacy. So there’s always the potential when using location-based social media that someone you don’t want to see could find your exact location.

Background on Location Services

Google Latitude, which allows you to broadcast your location twenty-four hours a day using GPS  (global positioning system) technology, has been around for more than a year. And once it got over some initial privacy concerns, it basically became another one of Google’s innovative yet obscure services that not too many people use.

To date, only 4% of Americans have tried one a location-based service, and only 1% use one on a weekly basis, according to Gartner. People are not showing much interest in leaving digital breadcrumbs wherever they go.

So why do you have to decide now if you’re ready to start sharing your location?

First of all, more and more people are getting GPS -enabled smartphones. This makes cool apps like our free Anti-Theft for Mobile possible, and it makes it easy to broadcast your location. And more importantly, Facebook is getting into the location game.

How Will Facebook Places Change Your Life?

Facebook Places is now live in the United States, Canada, United Kingdom, Japan, France, Italy and Australia and has already sparked so much interest in location-based social networking that its competitor Foursquare just passed the 4,000,000 registration mark, which means it’s only 546,000,000 users behind Facebook.

With a user base of more than half a billion active users around the globe, Facebook intends to push location networking into the mainstream. It also has added another level to these types of services by allowing users to check their friends into locations. And of course, this could allow for some mischief.

The Potential for Mischief

Using Places, your Facebook friends could check you into places you shouldn’t be like a bar during your lunch hour. That could be a problem with your boss.

But this potential for mischief is inherent in Facebook. Your friends can already lie about you in status updates. Even worse, any of your friends could also easily tag your name in an embarrassing photo you may or may not be in.

(To prevent anyone on Facebook seeing you tagged in friends’ photos and videos you may not approve of, go to “Privacy Settings”>  “Customize Settings”> “Photos and videos I’m tagged in”> “Customize”> “Only Me”)

The best way to minimize risk whenever you’re on Facebook for any reason is to keep your friends list limited to the people you really trust. (If you need a fan club I’d suggest a Facebook fan page. That way you can broadcast Twitter-style without having to worry about sharing personal information and media with strangers.)

Get Your Settings Right

Facebook Places is perfect for two types of Facebook users: Those who have no fear about sharing the most intimate details of their lives and those who have mastered the privacy settings.

No matter who you are, Places should force you to take a good look at who is on your Facebook friends list. Facebook Places is at its safest when you share your location with the people you really trust. And if you don’t know and trust everyone you’re connected with, you need to control exactly who has access to your information every time you post.

Here’s some good advice from a Facebook representative about how to use Places:

“I would recommend creating friend lists to separate people you really trust from others. Then, use the publisher privacy control to send status updates to appropriate groups (and only them). I actually think it may make sense to tell people you really trust that you are gone through Facebook just as you would in person. Then, they can watch your place for you, feed your cat, etc… As for everyone else, if you wouldn’t tell them in person you were leaving town, you probably shouldn’t use Facebook to tell them. As always, we also recommend people only accept friend requests from others they actually know.”

You may want to start by limiting your Places to friends only. Go to “Privacy Settings”.  You can either set all of your “Sharing on Facebook” settings to “Friends Only” . Or click on “Customize Settings” and set “Places I check into” as “Friends Only”.

On this page (“Account”> “Privacy Setting”> “Customize Settings”), you can also decide if you want your friends to see you in a location’s “People Here Now” after you check in that location.

If you click the box to enable “Include me in “People Here Now” after I check in” you’re making it easy for your friends (and strangers, depending on your settings) to find you. Being found is kind of the whole point of places.  And it can be fun if you are open to being contacted by everyone on your friends list. The average person on Facebook has 130 friends and growing. That’s a long list to consider every time you check into a place.

That’s why Facebook and I recommend organizing your friends into lists and only sharing with the people you trust most. You can create lists of people you share with when you’re in town, and those very trusted people you share with when you’re on vacation. But you have to remember to limit your publishing settings every time you check into a place.

To publish your location only to specific people or a specific list, click on the button with a lock next to the “Share” button.

Select “Customize”.

Then select the list friends you want to share your location with. Again, you’ll have to repeat this every time, until Facebook comes up with a “Make this my default setting for Places” check box.

Are You Broadcasting Your Location Now Without Even Knowing It?

The website ICanStalkU.com is trying to make people aware that many smartphones are automatically tagging photos with location data.

You can turn off location tagging on your phone, using ICanStalkU’s handy guide.

The Potential for Physical Danger

Most of us were brought up to be deathly afraid of strangers being able to find us. So you are probably wondering: could using location-based services be dangerous?

It’s possible to imagine a scenario where a stranger could stalk you using the data you’re sharing on Foursquare or Facebook Places. But if you’re using Facebook at all, especially without practicing safer Facebooking, you’re making a stalker’s life easier.

USA Today’s Kim Komando describes a scary real-life scenario. Using Foursquare, a stranger found and contacted a woman as she was eating dinner in a restaurant . That’s the kind of scenario most of us would like to avoid.

If you have any concerns about being profiled or stalked, be very careful about any sort of geolocation services, and social media in general. A recent case suggests that, at least in the U.S., restraining orders are valid in cyberspace. But “better safe than sorry” is a good mantra to repeat while using the mobile Internet.

If you’re living in Mexico City where kidnapping occurs at “alarming rates“, using a service that broadcasts your exact physical situation would be insane. However, if you’re living somewhere where you feel safe in general, geolocating probably won’t add any more danger into your life than any social network would.

If that’s worth the risk of running into someone you didn’t want to see, give it a try. But don’t expect Foursquare to protect your privacy. Here’s a good source of information on how to secure your “check-ins” for Foursquare. You can these basic privacy concepts—like checking in to a destination as you leave—to most any location service.

If you’re an adult who is smart about what you share online, there aren’t many new security risks inherent in using location services. It comes down to this: if in the pit of your stomach you feel any concern about making your location known, don’t do it.

Property Theft

You may have heard about a crime ring in New Hampshire that allegedly targeted more than 50 victims based on their Facebook postings.  It’s a scary revelation that’s easy to sensationalize. The truth about this case is that the victims in this case were friends with the alleged perpetrators. And the victims were not using Facebook Places.

However, F-Secure Security Advisor Sean Sullivan points out that a thief is going to learn a lot more staring at your driveway than at your Facebook page. By using a location service you are making your schedule public, but you’re hopefully not publishing an exact record of who is at your home at any given time. The bad guys may know you’re out, but they don’t know who else is home.

It’s true.  Facebook has been used to facilitate crimes. But the same could be said for the white pages.

Again, Facebook becomes most dangerous when you “friend” people or make information available to people who you may not trust. Social networks make it easy to connect with people from your past or people who you’d never meet. Your information is only as safe as the most questionable member of your network.

Privacy

What you probably think most when you think about privacy is: How will this affect my ability to get a job I want?

Do you need your next boss to know that you at Taco Bell 5 times in March? Will being the “mayor” of a local pub help you during salary negotiations?

Will employers ever check applicants Foursquare accounts. Maybe not. But if they may well check your Facebook page, unless you’re in Finland or possibly Germany. And there they could find your Facebook Places data, unless you’ve carefully set your privacy settings.

This is something you need to think about before you start publishing your whereabouts. While most services intend to limit your data to your chosen friends, there is always a possibility that your social media data can go public.

The privacy of young people is a much more serious concern. Children with cell phones need to be instructed on how to use location-based services safely, if at all.

Experts have said that said teenage girls are most likely to be the victims of cyberextortion. Not too surprising. “Jailbait” websites specialize in gathering provocative pictures of young girls, which may or may not have been posted by the girl herself.

What if your child’s pictures ended up in a lurid site like that with the location information tagged to the image? That’s a privacy problem that could escalate into something much more dangerous. So let know your children know how to disable the geotagging settings on your their phones now.

Conclusion

We are at the dawn of a new era in social networking. Perhaps in a few short years we’ll all know where everyone is all the time. And as that happens, you know that the bad guys will come up with ways to use this technology against us. But for now, it’s a new frontier that might be worth exploring. Perhaps location-based fun will add  layers to your life you never imagined, the way Facebook and Twitter have.

Or you just may want to check out. Disable Facebook Places now and forget that you ever were invited to join a location-based service.

CC image by: David Fisher

Share this

Is that so wrong?

Well, like Facebook and nearly every other major site on the Internet—with the exception of Wikipedia—Google is a business. And it’s an incredible business. The Google search engine is perhaps the most important knowledge tool ever created. AdWords, Google’s contextual advertising service, revolutionized the Internet, created new markets and laid the groundwork for web 2.0.

And as the tech behemoth from Mountain View, California grows and grows, it continues to accumulate a vast array of data about its users’ web activity. Google knows more about most of us than we’d like to admit. Basically it knows what you searched last summer… and last night… and few minutes ago.

Millions of people allow Google to monitor their web activity in exchange for the free use of its incredible resources—from Maps to Voice to Earth. Sometimes it’s easy to forget that by getting into the minds of Internet users, Google generates billions in revenue.  Recently, however, we’ve been reminded in several ways that Google is definitely a business—a business with the power and scope to do nearly anything it likes.

First, Google Buzz opted Google users into a social network that very few people actually wanted to be a part of. Then, came reports that Google Street View teams we’re sucking up Wi-Fi data as they roved the world taking pictures of almost everything. And now, Google is engaged in negotiations that could alter the future of the wireless web.

The real damage of these questionable activities is hard to gauge. F-Secure Security Advisor Sean Sullivan points out that Google itself discloses very little personal information about users. It just makes your data a lot easier to find.

Still you have to decide: do you trust Google? Or rather, do you want Google—or any business—to use intimate details about your online behavior to market to you more effectively? And would you be okay with your online activity somehow becoming public in the future?

If you’ve decided you’ve want a little less Google in your life, here’s how to do it.

1. Sign out
You’re probably signed into Google now. You may not remember when you did it or why, but when you’re signed in, every action you take is associated with your Google account. You don’t have to be signed in to use Google Search, News or Maps.

But when you sign up for a Google account for a service like Gmail or blogger, you’re in. Your search history is now being tracked and being used to market to you more effectively.

Is there any harm to that? That’s for you to decide. Google’s mantra is “Do No Evil”, but you’re relying on its definition of “evil”. So it’s your choice. If you can live without Gmail, Google Reader, Google Alerts, etc., go ahead and sign out. It’s that easy. You can also avoid Google completely and use Bing, but you may already be signed in there, too. And of course, you’re then deciding to trust Microsoft more than Google.

2. Opt out of Google Ad preferences
We’ll assume that if you’re still reading you’ve decided that you’re not giving up your Gmail and you don’t mind been logged into your Google account as you click around. You still can keep Google from using your history to induce you to buy more things.

Just go to www.google.com/ads/preferences now. Then press the “Opt Out” button. Depending on which browser you’re using, you may have to download a “plug-in”.

Of course, now the ads you see may be less “interesting”, but that may be a good thing.

3. Clear your search history
Could your search history ever be used to harm you? It probably won’t ever be used against you in a court of law. But it could be used by a nosy house-guest who wants to prove that you’re a chronic self-Googler (self-Googler – n. a person who Google’s his or her own name). Or maybe your significant other could “accidentally” find out what you were really researching when you couldn’t sleep?

If that’s the case, you have much bigger privacy problems than Google.

There are definite advantages to retaining your Google history. You could replicate research you’ve already done, or find a site that seems to have slipped into oblivion. Before you decide one way or another, it’s a good idea to look at your History.

Go to https://www.google.com/history/ now. You may be amazed at how often you’ve used Google’s Search, Image Search, Blog Search, etc.

If you’re a little dazed and can’t decide whether this is a good thing or not, you can “Pause” your Web History now and come back when you’re not seeing stars. If you’re certain that there’s no good use to all this information existing on any database anywhere, you can take action now. Click on “Remove”. Then select “Clear entire Web History »”.

If you’re sure, your history will be gone. In addition, your all tracking will be paused. Now you if you’re really serious, you can go ahead and erase your browser’s history.

4. Un-Google yourself
You probably know that almost every country in the industrialized world—except Finland—permits employers to Google search applicants as a part of the hiring process. This makes almost every mention of you on the Internet a little part of your résumé.

When Google began organizing the web, you were a more than a decade younger. Your youthful indiscretions may have faded into your memory but, Google doesn’t forget.

Wired has put together a very useful guide on “How to Un-Google” yourself because Google wont’ do it for you.

Having control of the search results for your name is not only crucial when you’re looking for a new job. Think about the Green Revolution in Iran when it was reported that the government was using the web to track the activity of dissidents and their families abroad. In this rare instance, Google search results could have been a matter of life and death.

Share this

How limited? You could sit down for a while and read Facebook’s Privacy Policy. But you’ll probably need a few hours and some black coffee.

So here’s a short version: basically everything you post, every person you friend, every group you join will be made public to your “friends”, “friends of your friends” or “everyone”—depending on your privacy settings.

To you this may be simple. You assume that everything you’ve posted could be available to the whole world. Others are still learning. People have lost their jobs as a result of things they’ve posted on Facebook. And when this happens, the newly unemployed person will usually claim that s/he thought that the post was private.

So joining a social network is a leap of faith. On a social network, not only do you have to trust the site to follow its privacy policy, but you also have to trust your friends. Will they reveal your secrets? Will they pass on bad information and scams to you?

And, more importantly, you have to trust yourself to share the right things.

On Facebook, you are exposing your private life in ways you may not even realize. 79% of companies review an applicant’s online information (which is completely illegal in Finland but acceptable in most of the world). Your financial future could depend on how well your profile and your photos and friends list represent you. So think before you post—always.

2. Secure your PC
What does 500,000,000 people on one website look like? To cybercriminals, it looks like a gigantic, unsecured goldmine.

Online gangs and scammers are working twenty-four hours a day to exploit the trust we have for our online friends. Updated Internet security is a must before you use Facebook or any social site. In addition, you have to make certain that your PC is updated with the most recent application system software, which can be time-consuming. F-Secure’s free Health Check makes that easy.

3. Use a unique, strong password
‘Password’ is not a good password. Neither is ‘123456’ or your pet’s name or your name any information that is available publicly on your Facebook profile.

Creating a strong, complex password that you can remember is the key to keeping strangers out of your account. Here’s a simple password system we recommend. You should also use different passwords for your all of your various accounts, especially your email accounts, to keep one hack from becoming a total nightmare.

For extra protection, never let browser remember your password, and lock your PC when you step away from it—especially if you’re living with young children and/or parents and/or anyone, really.

4. Filter your friends
Facebook works overtime to connect you with as many people possible. When you first join, the site combs through your email account to suggest as many people as possible. Then as you use the site it will suggest more email contacts. Email someone new and Facebook will suggest that you become friends.

Run out of contacts, you’ll see friends of friends, brands you might like, your ex.

It’s a strange social dynamic. When see the person’s picture, it feels like this person wants to be your friend. But who knows? All you can be sure of is that Facebook wants you to be friends.

So ask yourself this: Does everyone you email need to be your Facebook friend?

Some people have found that their best friends in the real world make lousy Facebook friends. There are a lot of people who can find you who may not like reconnecting with. According to a recent survey, 70% of Facebook users avoided becoming friends with their bosses.

Maybe you want to limit Facebook to your friends and family and leave professional connections to Twitter and LinkedIn. There’s no perfect formula, but it’s important to have some filter, some limit on what you share with whom. How do you say no when someone you don’t want to offend makes a friend request? Facebook makes this easy. You can just ‘ignore’ the request. That’s a nice way to frame it!

Want to stop Facebook from combing through your email contacts? You can remove your contacts by clicking here. But if you’re using a Facebook app on your phone, first you’ll have to disable the Facebook synchronization feature on your phone.

Want to stop Facebook from suggesting you as a friend to others? Go to “Privacy Settings” click on “Settings” for “Basic Directory Information”.  When you get there, set “Search for me on Facebook” to “Friends Only”.

Always remember this: If anyone solicits you directly about money, assume it’s a scam. Ignore and defriend that profile immediately. An easy way to defriend someone is to go to their profile and scroll down the left column until you find “Remove from Friends”.

5. Click carefully
The biggest dangers on Facebook are the links that appear on your wall. With one bad click, you could end up on a site that attempts to serve you malware or scam you using phishing tactics. One, bad ‘like’ and you could end up spamming all of your friends. That’s why you have to remember that links are not your friends.

The most popular Facebook scams involve gift cards and hilarious videos and diet advice. So far most attacks on the site have been more annoying than harmful. But without vigilance, you can be sure that vicious scams and malware are heading your way.

The best antidote to bad links is Internet security with browsing protection. You can double-check any link before you click it by copying it (right-click on it in Windows) and pasting it into F-Secure’s free Browsing Protection.

Prevention is your best cure. Realize the more sensational or strange or generic a link is, the more likely it is to be malicious. Again, links are not your friends. Apply the same caution you’ve learned to use when you’re checking email to checking Facebook. And just because your friend or family linked something, doesn’t mean you have to click on it.

6. Don’t rely on Facebook to protect your privacy
The whole point of Facebook is to “connect and share with the people in your life.” But there’s a point, for nearly everyone, where all the connecting and sharing can be too much—especially as your information becomes increasingly available to people who aren’t necessarily “in your life.”

So whenever you use Facebook, you have to ask yourself two things: Who do I want to see what I’m doing? And how would I feel if the whole world saw this?

There’s no technical tool to stop your friends from sharing your information. But Facebook does offer you the tools to control who sees your activity. That’s why you need to get to know your privacy settings.

Start at “Account”> “Privacy Settings”. Then click on “Settings” for “Basic Directory Information” . This is where you decide who can find you and what they’ll see when they do.

You get to decide.  How easy do you want to make it to find you on Facebook? Which is more important to you: privacy or connection.

If you’re more interested in connection, select “Everyone” for the top three settings “Search for me on Facebook”, “Send me a friend request” and “Send me a message”. Then consider making all the other settings “Friends Only”. This will encourage people to become your friend, and it gives you more power over your information.

Next you can click back to “Privacy Settings” and set how you share on Facebook.

You can go with the preset options or customize each category individually.

Your safest bet is “Friends Only.” You may want to want to open your activity to “Friends of Friends”; however, there is certain information that you should not make available to “Everyone”. This includes your birthday, your email address and IM, your phone number and address, political and religious beliefs and your family and relationships.

Why? All of this information may be public somewhere else, like a phone book, but you’re simply making too much identifiable information public in one easily accessible place. There may not be enough there for true identity theft, but you are giving a stranger enough information to pose as you online convincingly, which could be a problem if some potential employer or date is checking out your online presence.

You may also want to uncheck the box that says “Let friends of people tagged in my photos and posts see them.” This way you won’t unintentionally draw attention to an image one of your friends may not want others to see.

If you’re very interested in your privacy, you should continue and edit your Application and Website Settings.

Here you should do two things. 1) Remove any applications you aren’t using.  2) Click on “Turn off all platform applications”. Then you can select which applications you don’t ever want to show up on your wall ever again. That’s right. You can say goodbye to FarmVille forever, if you want to.

You can also turn off all platform applications, which will keep your friends from automatically sharing your information with the applications they’re using. Not a bad idea.

Next you can click on “Game and application activity”. Click “Customize” and select “Only Me” to keep all of your Game and application activity to yourself, which is a good idea if you’re friends with people (read: co-workers) who may judge how you spend your time.

After that, take a look at “Info accessible through your friends”.  Here you’ll see all the information that is available to the applications your friends decide to use. That’s right, your friends share all this information automatically with the applications they use.

Once you see that screen, you may want to go back to “Turn off all platform applications”. Why not turn it off until you have a good reason to turn it on?

Now we’re at “Instant Personalization”, which is controversial because Facebook opted all of its users into it. Of course, it warned everyone through an update to its Privacy Policy, but you probably didn’t take the time or coffee needed to figure that out.

So what does Instant Personalization do? It shares your information with three Facebook partner sites: Docs, Yelp and Pandora. Could more partners be added? Yes. Could you just opt out of one or two? Yes. Just click on Docs, Yelp or Pandora and then click on “Block Application.”

Again, unless you know you want to share information with these sites, it’s a good idea to opt out for now.

If you made it this far, you will be rewarded. We are now at, perhaps, the most important Facebook privacy setting: “Public Search”.

You probably heard how recently the information of over 100 million Facebook users was made available for download. All of that information was public before a security researcher took it and turned it into one downloadable file. Those 100 million Facebook users probably had enabled public search.

This is where get to decide if the whole world can find your Facebook profile and information. With one click, your profile could become the top result of a Google search for your name. If you want to avoid disclosure of your information to the world, you may want to start by limiting who can search for you. I recommend that you do not click the box to “Enable public search”.

So those are the tools Facebook gives you to protect your information. They’re complex, and that’s probably on purpose. Facebook is not shy about encouraging it’s users to share and share and share. That’s why you have to remember that Facebook (and your friends) can’t share anything you don’t post to the site.

So be careful not to post anything that can be used against you. This includes travel plans and itineraries,  complaints about bosses, co-workers and customers, company secrets, threats… Has anyone actually had a home robbed after posting plans on Facebook? Yes, indeed.

There are a million things you shouldn’t post. And you are the only person who can decide what you SHOULD share with Facebook and the world. So choose wisely.

Bonus tip: Use Facebook’s one true security feature
Facebook’s one true security feature is simple but powerful. Facebook will inform you anytime any new device accesses your account. That means if some PC or smartphone you’ve never used before logs into your account, Facebook will email you.

To turn this feature on, go to “Account Settings”. Then select “Account Security”.

Just click “Yes ” and then “Submit”.

Now, what do you do if you find out that someone beside you accessed your account? Change your password immediately. On the “Account Settings” page find “Password” and click “change”.

OK. That’s all I know about making Facebook safer a place for you and your friends. For ongoing tips you can follow F-Secure on Facebook. Do you have any tips to add?

Share this

Privacy. Social media.

As we are busy announcing our presence to the world via Facebook, Twitter, Foursquare and numerous other services, let’s understand the value in disclosing our personal details.

The good

A little bit of appropriate disclosure could be advantageous. Done right, your online profile could attract the right kind of attention. Say that you are a fresh graduate or someone looking for a (new) job; why not use the online profile page as an informal extension to your resume?

In a study conducted by Microsoft in December 2009, 79% of hiring managers and recruiters revealed that they review applicants’ online information before making a hiring decision. So, pad up that profile page with details that would put you in a favorable position. Include a link to your online portfolio to showcase your work and achievement.

Show your personality. It’s okay to leave that picture of you having a drink with some friends (provided that it was not a wild night, and you are not underage). But also try to sneak some pictures of you volunteering at the homeless shelter, or spending the summer in Africa with Engineers without Borders. Present yourself as a well-rounded person, someone with multiple interests and can get along well with others.

The bad

Your information is a commodity that companies sought after. People are less inclined to fill out online survey and even more reluctant to be approached on the street. But in social media, people casually mention about a product on their or their friends’ page whether in the comment or simply clicking the “Fan” or “Like” button.

Whatever product preferences that you mentioned might be used for targeted marketing. You might receive e-mails containing product recommendations, trials, etc. In a worse situation, in some countries where customer’s privacy policy is not strictly enforced yet, your contact information might be passed from one company to another, resulting in more unrequested spam mails clogging your inbox or unwanted SMSes or unsolicited phone calls.

The ugly

This is where the worst happens—your online information is being harvested for malicious intentions. Your e-mail address is a favorite target for spammers and phishers. With spam, you could be on either receiving or sending end. Spammers often crawl the web, searching for e-mail addresses which would be the recipients of their spam mails. Some would go to a greater length, using your e-mail addresses to generate and distribute spam on their behalf.

Then, there are phishers who set their eyes on accounts that possess real cash value such as online banking, online gaming, iTunes, etc. Phishers often disguise themselves as someone you trust in order to trick you into revealing sensitive information. A common method is to spoof the “From” address in e-mail, pretending to be someone in authority and then ask the recipients to verify some information at a forwarded link.

In general, our information might be available anywhere on the Internet, but social media receive the huge blame because most details are concentrated there, ready to be harvested. Whether you like it or not, more and more social networking services are making their way to us; you might be tempted to sign up. The best practice is to protect your own online privacy. Set the right privacy setting for your account, and more importantly, be smart about what you post online.

Image credit to Rob Pongsajapan

Share this

After a few months, most users use too many applications, follow too many people and can’t keep up with the constant stream of information. Don’t fret. With a bit of effort, you’ll be back enjoying Twitter just as much as you used to.

Clean up your application connections

Twitter has been progressively tightening its login features to improve security. However, many users don’t realize that that once you allow an application access to you Twitter account, that access is open until you shut it off. This can lead to potential security holes, especially if you’ve authorized applications you shouldn’t trust.

What you should do now:
1. Log in to Twitter and go to ‘Settings’ then ’Connections’.
2. Go through and ‘Revoke Access’ to every application you aren’t using. (If it turns out that you are actually using it, don’t worry. You can always reestablish access.)
3. Remember to Google any application before you give it access to your account.

Clean up who you’re following

I know, you want to want to be like @TopTweets. You want to follow everyone. Unfortunately, that will make your Twitter stream more like a Twitter tsunami. The fact is some people aren’t worth following. Some  tweet too much, or too little. They may not Tweet at all–most users don’t, according to site statistics. Or you may just be following bots endlessly spitting out advice on how to get more followers. And since there’s no built-in tool to easily sort your followers, weeding out the users you’ve lost interest in can be time consuming.

What you should do now:
1. Log in to Twitter.
2. Try out ManageFlitter
3. Manage your followers.

You can unfollow those users who are too “talkative” or “quiet” or just plain inactive. You can see who’s following you back and see who hasn’t added a profile image, which is usually a sign of a neglected account, or limited creativity.

Clean up your Twitter stream

Even after you clean up your followers, you may still have hundreds of people in your stream. I understand. There are tons of interesting people on Twitter. And Twitter users in general tend to be active, interesting individuals who are engaged with life. So how can you make your Twitter stream digestible? Third-party dashboards like TweetDeck and HootSuite are powerful programs that offer real-time searches, groups and other filtering and collaboration tools. Twitter has also built a powerful tool right into the service—lists. It’s pretty self explanatory, but just case you’re interested here’s how it works.

What you should do now:
1. Log in Twitter.
2. On the sidebar, find ‘New List’
3. Create a list subject like ‘Newsbreakers’ or ‘Security Sources’.
4. As you see Tweets that fit the subject of the list, click on the user’s profile and add the account to your list.
5. Repeat as needed.
6. When you’re on Twitter via a web browser, click on your list you’re interested in and see what’s new.

Now you’ve got a Twitter account that’s even more useful. If you’re looking for tips on how to be safe and secure on Twitter, check out How To Tweet Safely.

Got any Twitter tips to add? Comment here or message us @FSecure.

Till next time,

Jason



Share this

On Facebook they are being active on their own page, talking about their regular activities, participating and getting a  discussion started. They are also present on a Finnish web service, IRC-galleria, a web service where especially youngsters upload pictures and comment on them. Three brave police officers have created profiles to help out those who might have been bullied and and in general to be available for those in need of advice. I think this is a great approach and example on how authorities can provide help and reach out to us in the places where we actually go.

However, there are things you can do to make sure you don’t even need to contact the police. Here are my tips for dos and don’ts for Facebook.

1. Never ever insult anybody in your status update, on your wall or any other posts. This is what could happen to you. In the worst case, you might end up in a lawsuit for offending someone.

2. When posting photos, always, ALWAYS, check it is ok for the persons in the picture. You wouldn’t want your friend, or even worse, you yourself ending up on a after a hilarious bar night out with friends.

3. Everything you publish on Facebook, every status update, every wall post, every like, every group you join, will be logged and remembered in the future. So think twice – what do you want people to know about you in 20 years. And think twice about which people you want to have as your friends.

4. Be sure to protect your privacy. Read more on how in Jason’s blogpost.

Cheers,
Gia

Image by César  Astudillo

Share this

A study we did earlier this year found that 73% of Facebook users have not friended their boss, which makes sense when there is more and more evidence that one bad status update can cost you your job.

So it it isn’t that surprising that even kids are selective about whom they associate with on the world’s most popular social network.

New research shows that the younger a child is, the more likely he or she is to hate the idea of being friends with his or her parents on Facebook. However, by the time they get to high school, being friends with mom or dad isn’t so lame. 56% of high school students, in one study, gave their parents full access to their profiles.

Personally, I think parents should become Facebook friends with their kids for two reasons:  1) your presence might give pause to the predators who could be following your kids, and 2) your presence might make your child think twice before posting something he or she shouldn’t.

Sean Sullivan, F-Secure Security Advisor and resident social media security expert, points out that bullying by peers on Facebook is a more common problem than stalking by sexual predators. Further, there aren’t too many teenagers alive who can’t figure out some way of avoiding parents on Facebook or any of the many other social networks teens flock to.

But Sean does see a value in parents joining Facebook. But instead of chasing your kid around the site, ask him or her to show you how to use it, specifically the privacy controls. “Based on that discussion, parents can make judgments about their children’s online behavior,” Sean says.

That’s a savvy idea.

Now, I want to get a little personal—if you don’t mind.  I’m wondering how many of you parents are Facebook friends with your kids. Also, how many of you are friends with your parents? Sorry, but the first poll is only for those of you who have kids.

Jason
CC image credit:  Victor Bezrukov



Share this

Make one stupid mistake, and you could spend your entire holiday in a police station in Paris listening to police officers mocking your best attempt at French.

But you’re smarter than that. You take precautions. You have free Anti-Theft for Mobile on your phone and you know exactly what NOT to do. And while we can’t control volcano dust or weather, there is a lot you can control.

So act now and don’t let silly mistakes ruin your summer vacation or summer holiday or summer getaway—whatever you call it.

1. Alert your credit card company that you will be making a trip cross-country or abroad
It’s a good thing that your credit card company carefully monitors your account activity for fraud. Unfortunately, this can also work against you. If you forget to alert your credit card company that you’ll be traveling far and wide, they can put a hold on your card. This can be a disaster if you’re trying to catch a train or a show. And it’s also avoidable. So make that call now.

2. Create a back-up list of your credit card companies’ contact information
Any PC user knows that backup is important, but it’s especially important for travelers to have access to their credit card providers wherever you are in the world. Just in case you get separated from your plastic, make a list of the contact numbers of your card issuers and pack it somewhere outside your wallet. You may also want to give that list to someone back home who you trust, or email it to yourself (including no identifying account information, of course).

3. Don’t rely completely on credit cards
Before you leave home, invest in some currency for the country you’ll be visiting. Being completely reliant on your credit cards could put you in a stressful, precarious position. You may end up saving money on service fees. And if you don’t use it, it makes a neat souvenir for any young person you missed.

4. Keep your itinerary to your friends and family
The new fad of informing people exactly where you are at all times presents some unique safety and privacy concerns. To make this point, PleaseRobMe.com briefly informed crooks exactly which social network users were not at home. It’s a bit paranoid to assume that you’re being stalked by someone via Facebook or Twitter, but it is possible. So why make it easy for the bad guys? Don’t post your itinerary on social networks and save your pictures for when you’re home. If you really need to share with your friends and family immediately, revert to old-fashioned technology—like email.

5. Be extra careful on public PCs
You know this, but let me remind you: please log out of every public computer when you’re done (for that matter, why not log out of every computer you use when you’re done). And NEVER let a site remember your information on a public PC. Avoid doing anything that involves sensitive data like credit card account numbers. But as this article points out, even encryption won’t help you if there is a keylogger on the PC. And you never can know what sorts off evil spyware is lurking on a foreign computer.  That’s why you should always think security whenever you use a public PC.

To your stress-free summer,
Jason

CC image: epSos.de

Share this

That’s why we suggest spending a few minutes explaining the risks of cybercrime and online predators to your family. Of course, your kids will probably brush you off  by repeating “I know, Mom (or Dad)” over and over, as if you’re trying to discuss the birds and the bees. So don’t go in unprepared. Check out these five quick tips to keep your kids and your PC safe until school resumes in fall.

1. Repeat the mantra “Links are not your friends”
Cybercriminals are aware that millions of people Facebook have plenty of time to kill. That’s why they’re spreading their scams with links described as “The Sexiest Video EVER” or “You’ll never believe this LOL.” When you’re bored and a link like that appears on a Facebook wall posted by a friend, it takes incredible will power not to click it. So repeat this mantra: If a link looks too good to be true, it is. Of course, this won’t always work. That’s why you should bookmark F-Secure’s free Browsing Protection. If your son or daughter feels they must click, have them check it out first. What else do they have to do? It’s summer.

2. Keep up with the updates
If you don’t keep your system software up to date, you risk inviting predators into your PC. Monthly updates for Windows, Adobe Reader, iTunes, and other applications are essential for your online safety.  F-Secure’s Health Check makes this time-consuming process easy. Run it once a month and save yourself some major headaches.

3. Tell your kids that you will handle installing software
Once you’ve run Health Check and made sure you’re protected, there’s no need for your kids to install any random software that pops up. So tell your child that it’s mom or dad’s job to install new software, no matter what pops up.  Once you’re home and had a nice summer beverage, check out the software. Google it to see if it’s a legitimate and then decide if it’s worth your hard drive space. Nothing ruins a nice summer afternoon like getting tricked into installing malware on your PC.

4. Make clear what information your kids should not share
Most kids know more about Facebook than you’d ever want to. They know how to add and erase apps or how to block this user and not that one. But they may not know what they should NOT share. Tell your kids that they should never private information—email addresses, phone numbers, home addresses—on any social network. They should also avoid posting information about their schedule, especially vacations or details about when their parents will be home or not. Your kids need to know that no matter how private their settings tell them they are, anything they post on a social network should be considered as public as the front page of a newspaper—if they know what that is.

5. Let them know that you are watching
You need to know which social networks your children are on. If you have the time and patience, it’s a good idea to start a profile on the site and become their friend or follower. It doesn’t take long, maybe five minutes per site. You can’t watch your child every minute. But if they get the sense that you could be watching, it can only help them think before they click or post.

Cheers,
Jason

CC image credit: James  Emery

Share this

Cybercriminals know that we love to click on links that have been posted by a friend or someone we follow via social media. That’s why they are flooding social networks with malicious links designed to exploit your trust.

Take the recent FBHOLE worm, for instance. A link appeared across Facebook that said “try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]“. If you clicked on the link, you inevitably posted the same link on your wall, spreading the attack to all of your friends and their friends and their friends… Millions of Facebook users were spared this nuisance when F-Secure’s own Mikko Hyyponen stopped the attack with a phone call. Nice.

Not every attack is so harmless. F-Secure Labs also recently reported on a Twitter attack that hit users with a keylogger malware, which is better known as banking trojan. There’s no link in the world worth the risk of some criminal getting access to your checking account.

So when in doubt, don’t click.

Of course, we all slip up. We’ve all clicked something that we shouldn’t have—sometimes repeatedly. That’s why it is essential to make sure your computer is protected, preferably with an Internet security software that includes browsing protection. It’s your first line of defense against those two-faced links that pretend to be your friend. You can always check any link with our free Browsing Protection.

If you’re still with me, here’s a slight addition to the Golden Rule: the more generic or sexy a link is, the more dangerous it may be.

If someone posts a link that sounds somewhat personal and thought out—like “10 Tips for Safer Browsing http://bit.ly/bk0igl / Very useful, especially #2” —it’s probably fine. However, if someone is trying to get you to look at the “sexiest girl ever” or offering a great way to get thousands of Twitter followers, watch out.

Some say that the use of shortened links makes Twitter more dangerous than other social sites—though research has shown that the links you’ll find on Twitter are no more harmful than those you’ll find on in Google’s search results. But the Golden Rule applies to any social networking site you find yourself on. Whether you’re Facebooking, Tweeting, LinkingIn, Digging, Redditing or Woofing, links are not your friends.

Your friend,

Jason

CC image by: chego101

Share this

I’ve seen some very sad things go on through social media – from fights to quick changes in relationship status from “in a relationship” to “single” just to hurt an ex to divorces announced to partners via Facebook wall posts.

All of these interactions are there for you or your partner’s friends to see (unless you’re very good at organizing your Facebook friends). Social networks have changed the very nature of relationships and break-ups. The easy access we have to each others personal lives may even promote cyberstalking.

Let me tell you a story.

Once upon a time, there was a girl and boy, lets call them Jane and Jack. They were young with hormones running wild. They met and fell in love. After some years, they realized that their relationship wasn’t the love story of the century after all. The happy ending of the story was that they still remained good friends after the break-up.

Unfortunately this book didn’t close there. Some chapters were later added.

Years went by and neither found a new partner until one day Jack met a new girl, let’s call her Mary. He believed this could be the love story of his life.  The new relationship bloomed and Jack wanted to spend more and more time with his new love.

His friend, the ex-girlfriend Jane, wasn’t happy about this. Suddenly she wasn’t the number one person in his life anymore, even though they had been “just friends” for years. All three of them had friends in common, in real life and even more through social media. Feeling lonely, the Jane started posting and making strange comments on both of the lovebirds’ walls.

Social media gave her an opportunity to take her private pain public.

Jane started posting old photos from her and Jack’s past publicly. She spread lies to their friends. These lies were believed by those who were loyal to the her. It all escalated to ugly texts, Facebook messages and emails.

The new couple was surprised when friends began ignoring them. But they continued their burgeoning relationship despite the harassment. They blocked Jane from all social media possible. They avoided her in real life.

However, this didn’t work. Jane wouldn’t give up.

At some point, the couple realized that the problem could not be solved over social media. They confronted friends who were ignoring them and found out what was being said. Then they decided to go straight to Jane. She refused to leave them alone. Only an open letter from them both finally helped her understand and let go.

The happy ending of this story is that the Jack and Mary are now a happy family of three. The unhappy part is that two people lost a friendship that could have lasted for a lifetime even if their love didn’t.

Cyberstalking is getting more and more common as more and more people embrace social media. Laws around the world are still being developed to deal with the threat. In Finland, at least, there is nothing you can do about it, unless the harassment escalates to clear threats.

As in most stalking situations, the victims usually know their stalkers so dealing with the situation is awkward and difficult. One good rule still is to react immediately to behavior that crosses your boundaries by blocking the person as soon as you notice things going in the wrong direction. This way you might be able minimize the harm and prevent things from flowing over to real life. When things start getting mad in real life, turn to your local police for help.

Best,
Gia

CC image credit: kelsey_lovefusionpho

Share this

The world’s most popular social network made the decision to opt its 400+ million users into “Instant Personalization”, which instantly shared users’ “general information” with Facebook’s partner sites—Yelp, Pandora and Microsoft Docs. In addition, Facebook’s new Community Pages automatically connect you to any topic, brand or personality that you’ve expressed any interest in.

You probably know that Facebook began as a service for students at Harvard University and prospered as a sort of exclusive club, only open to college students, then businesses and organizations. It was a slicker alternative to the free-flowing, everything-goes atmosphere of MySpace.

But when Facebook opened itself to the world and then opened its API to application developers, two things happened. It found a solution to the essential crisis of social networks—”What the heck do we do now that we’re here? I guess we pretend to farm.” And it also awakened Zuckerbeg’s passion for radical, unfettered openness—on Facebook’s terms, of course.

But it seems that now we’ve reached a crisis point. It’s been widely reported that Facebook’s founder Mark Zuckerberg thinks the era of privacy is over. Recently, he was reported as saying that he doesn’t believe in privacy. Clearly, if he started the site today, the default setting on everything would be public.

While Zuckerberg may not care about privacy, but most of us will have to apply for a new job one day. A recent F-Secure study suggests that Facebook members are especially concerned about how their online activity may affect their ability to make a living. And lawmakers in the US aren’t thrilled with Facebook’s view of user data. But that hasn’t prompted the California-based company to reverse course and pull back some of the opt-in features they’ve introduced, as Google Buzz did.

So YOU have to make a decision. This privacy debate can’t go on forever—many experts including Robert Scoble are already bored of it. As I see it there are 4 ways to deal with Facebook and its disregard for privacy. Choose 1 or forever hold your peace.

1. Quit Facebook and delete your account.
You and Facebook may have irreconcilable differences. Facebook has shown a pattern of moving toward disclosure of every aspect of your online life. It’s probably only going to get worse. (Here are 10 Reasons You Should Quit if you’re looking for them.) And as a matter of principle or out of necessity, you can say goodbye now.

2. Maybe consider using an alias.
(Note: I say “maybe” because this may be against Facebook’s terms and conditions.) By adjusting your name by a few letters or putting it into Pig Latin, you can make it very difficult if not impossible for anyone to find your profile. Get a nom de plume and connect with your friends or their aliases. Unless you’re a candidate for President, Prime Minister or Pop Idol, it’s likely that you’ll never be found out.

3. Become a Facebook privacy expert.
Immediately audit your privacy settings. Erase every application as soon as you’re done with it. Opt-out of everything that Facebook opts you into and study every proposed change to Facebook’s privacy policies as if your life depended upon it. But realize that whatever you do, you may not be able to stop your connections from sharing things you deem private.

4. Give up worrying about Facebook and learn to trust yourself.
Most of us are willing to trade privacy for utility. If you use Gmail, you see ads targeted to you based on even your most intimate messages. The good news about Facebook is that they are completely limited to sharing what you (or other people) post about you (or other people).

Facebook’s attitude toward privacy is never going to change (or charge), so if you enjoy the service it may be worth the cost of stopping yourself before you upload anything and asking yourself, “What if my (future) grand kids saw this?” or “What if this came up in a job interview?”  Assume that whatever you share will spread across the net faster than Lady Gaga’s new video. And if you decide to share, you know that it’s out there forever. Of course, you still may want to audit your privacy settings so you don’t end up as a fan of the Justin Bieber community page because you once made a joke about Justin Bieber.

But don’t worry, it’s just Facebook. We probably shouldn’t take it so seriously.

Best,
Jason

CC image credit: “i don’t make art anymore“

Share this

Hannu Ahola has an interesting story to tell.

His story takes place in a virtual world that many of us who are too busy in the real world never visit. Hannu is an active player of an online role-playing game called World of Warcraft. What is he doing then when he is “playing”? In the World of Warcraft, players from all over the world buy accounts and create characters. By accomplishing different missions, these characters gain skills and virtual wealth that other players envy.

So, when does the game end? Never – much to the relief of its 11 million active players.

Hannu’s story started about 4 years ago. His friends were urging him to play World of Warcraft. At first, he was not interested. But after a little convincing, he bought an account from an acquaintance, which turned out to be mistake.  But Hannu didn’t know that yet.

He found himself spending more and more time playing. He estimates that during those first two years he played 8-10 hours per day. Every day. The result was an impressive character that accumulated a substantial amount of wealth and talents. The character was so good that people might have been willing to pay real world money for it.

And this fact did not escape the acquaintance who originally owned the account. Using the original account information, this 18-year old boy was able to take control of Hannu’s character and the virtual wealth Hannu had been building for years. And it seemed that there was nothing Hannu could do about it.

Most of us have trouble understanding this kind of loss. Hannu explained it to me: “What if you had collected stamps passionately for 2 years. You had put all your spare time into it and then someone took it away. How would that make you feel?”

After he figured out that it was his acquaintance who stole his character, Hannu contacted the boy – who promptly ignored him. He then contacted the boy’s mother but got no help.

Stealing is punishable in the real world, but did not seem to matter in the virtual world. Except to Hannu. He hired a lawyer and took the issue to court.

After a 1,5 year battle, the young boy was sentenced to pay Hannu 4000 euros for the character Hannu finally never got back. But Hannu had won the moral battle: there are limits to what you can do in the virtual world. Hannu’s case represents the first time that a real world court in Finland dealt with a matter related to virtual worlds, and I have the feeling there’s more to come.

(For more about Hannu and the value of virtual world commodities, check out Sean from the F-Secure Labs on “What is a World of Warcraft Account Worth?“)

The boundaries between virtual worlds and the real world are blurring. World of Warcraft accounts get phished all the time. Children are bullied in virtual worlds. In China, even murders have been committed because of  virtual world events. But they also provide a lot of opportunities for enjoyment and self-expression – as long as we obey the law. And for that to happen, we’re going to need a lot more people like Hannu.

So good job, my friend!

Cheers,
Marja

Share this

In the United States, the answer to that question is: not much.

According Melissa Ngo, the publisher of Privacy Lives, “Employees have few privacy rights in the workplace.”

American employers can track employee’s web activity. They can place surveillance cameras in cubicles. They can examine work phone records and track movements via GPS. They can even stand right behind you and observe what’s on your monitor. Imagine how annoying that could be.

How do you know if your employer is using any of these tactics?

Well, first turn around and take a quick look. Next, do a little research. “Workers should read their employee handbooks carefully, searching for anything connected with surveillance of the workplace,” Ngo says.

The European Union, on the other hand, offers more thorough protection when it comes to workers’ privacy. Article 8 of the European Convention on Human Rights protects “the right to respect for private and family life.”

Courts in the United Kingdom have refused to make a distinction between private and professional communication. Because of this generous view of workers’ rights and EU’s Data Protection Directive, European employers must not only be completely transparent about any surveillance, they also have to prove that their surveillance is both legitimate and limited.

Compare that to the US where some experts have assumed that employers reserved the right to read private email generated on work computers, even if it was not stored on company servers.

However, the times may be changing.

A recent ruling by the New Jersey Supreme Court in Stengart v. Loving Care might hint at a new precedent.  According to Ngo, “The N.J. court ruled that employer Loving Care had violated employee Marina Stengart’s privacy by reviewing copies of e-mail sent to her attorney that were left on her work-issued computer because the e-mail had been sent from a personal, password-protected Webmail account.”

(Do employers really want to be monitoring private emails on work computers, especially when employees can easily pick up their smartphones to email away?)

The Loving Care decision may not hold much promise for privacy rights because the court may have been simply protecting attorney-client privilege.  The Workplace Privacy Data Management and Security Report suggested that the ruling may have been the result of sloppy communication policies that allowed for some “personal” use.

Regardless, new technologies like social networks present a new challenge for workers and employers. What rights do employers have to personal accounts that are associated with the company? The answer to that isn’t clear.

What is clear is that social media acceptable use policies are crucial for the modern workplace. Employees must be aware of what is permissible and what is being observed.

Employees also must be extremely careful when it comes to posting company information on social sites.

“Though you can manage your privacy settings on social-networking accounts,” Ngo says, “people should recognize that they are making public statements.”

And if you give up your right to privacy by going public, you have no one to blame but yourself.

Should you expect privacy at work? What are the privacy laws in your country? We love to know.

Cheers,

Jason

Share this

“We’re expecting to see 3,258,987 fake stories on the English-speaking worldwide web this April first,” Dr. Theodore Chiste. This will nearly than double the former record established on April 1, 1930, two months after the Whoopee Cushion was first released.

Dr. Chiste believes the most popular fake stories this year will involve Google, Facebook and/or Justin Bieber.

Who are we kidding?

As Paul Boutin wrote in the New York Times, “On the Internet, every day is April Fools’ Day.” The Onion has become one of the most popular sites in the world by turning fake stories into works of art.

To celebrate the Internet’s favorite holiday here three of our favorite  April Fools’ pranks:

1. The great Rickroll of 2008.
YouTube linked every video on its homepage to Rick Astley singing the most popular song of all time “Never Going to Give You Up.” The F-Secure Labs today announced our new product to protect against Rickroll, the F-Secure Rickroll Protector.

2. Sign o’ the times.
In 1980, the BBC reported that Big Ben was going digital. One in a fine tradition of BBC pranks.

3. But seriously, folks.
F-Secure introduces a new Internet security product featuring children’s story character Moomin. The best part? It was a real product released on April 1, 2005  but it was taken as a prank.

Other F-Secure Labs April Fools’ pranks include “Helsinki Lab Infected via Nintendo Wii” and “Unusual Banking Trojan Found.”

Did you have any favorite April Fools’ this year?

Cheers,
Hetta and Jason

Share this

More than 50% the largest corporations in America are so worried that they do not allow their employees to visit any social networking sites at work. No Facebook. No Twitter. Not even any LinkedIn! That could get pretty depressing.

Some of their worry is justified – even military officials have been caught posting classified information online. But a complete social networking ban is probably unenforceable, as the US Army has discovered. And in a new survey, we’re finding that over 50% of employees are still using Facebook at work.

Even if employers forbid social networking on company PCs, are they going to monitor what you’re doing on your smart phone?

Banning social media may even lead to a DECREASE in employee productivity. Yes, a DECREASE. Limited social network use has been linked to an overall increase in employees’ concentration and productivity. And companies like Dell have proven than embracing social networking can improve the bottom line.

Now, if your employer bans social networking for security reasons, that makes more sense.

Joan Goodchild of CSO Online lays out some excellent arguments against using Facebook specifically in her article “10 Security Reasons to Quit Facebook (And One Reason to Stay On).” And F-Secure’s Chief Research Officer Mikko Hyppönen refuses to open a Facebook account for security reasons, though he’s a fan of Twitter.

Despite the risks, I believe that shutting employees out from social networks disconnects them from what Ralph Waldo Emerson called “the current of events.” Employers can’t afford to keep employees who aren’t connected to rapidly evolving business climate around them. And employees— in an economy where anything that can be automated will be— shouldn’t neglect the opportunity to develop a unique online identity.

But if you’re going to engage in online communities during work hours, it’s your obligation to be safe and savvy about it. Here are a few specific steps you should take to protect yourself, your employer and your job:

1. Know your company’s social media policy and follow it.
Are you allowed to use social networks on company PCs? How often? Which sites? Should you comment as employee or about company matters? What company information are you allowed to share? Who should you consult if you have a question about any of these issues? All of these questions and more should be answered in your company’s social media policy. If you have never read your company’s policy, do it now. If your company doesn’t have a policy, suggest that they create one. Here are some examples. If the policy isn’t realistic, make a case for a policy that works.

2. Use different passwords for your work and your social media accounts.
Smart passwords matter. Annika has written about the importance of creating and remembering strong passwords.  A vulnerable password on your Facebook account can jeopardize your personal reputation and friends. Don’t magnify the risk by using the same password for your corporate network.

3. Always log off when you leave your desk.
It’s smart security to log off your computer when you leave your desk. This is even more important when you have your social networking accounts open. If you leave your desk with your browser open to Facebook, you’re begging for a goofy co-worker to post a ridiculous status update in your name. In fact, it’s good policy to log off any site when you’re not using it. You probably don’t want the reputation of being the guy or gal who is always on Facebook, even when you’re sleeping.

4. Avoid unnecessary risks.
Don’t click on or forward links you are unsure about—check any URL with F-Secure’s free Browsing Protection. If someone is asking you for financial help or to spread the word about some controversy, check it out when you get home. Most importantly, leave installing software to the experts. If you need to install a plug-in to see something linked off a Twitter page, you probably don’t need to see that page.

5. Think about what you share with whom.
You know that you should never post anything on the web that you wouldn’t want to see in a newspaper. Consider anything that you post —including items you limit to only “friends” or “friends of friends”— to potentially be in the public domain. This list of 11 things you should never do online provides some great guidelines about what not to share.

Things that you’re fine with being public now may seem embarrassing or even painful later. You may wish for all those pictures of you and your ex or the videos of you and your former coworkers at karaoke would just disappear. But they won’t. So consider who you add to which accounts. Maybe you just want to use Facebook exclusively for non-work friends. Maybe you only want professional connections on LinkedIn. Whatever you do, think before you accept an invitation to connect. And on a site like Twitter, where your tweets are probably open to everyone, think before you share anything.

How do you use social networks at work? Do you have any rules to add? We’d love to know. Take this quick survey and comment below.

Share this

I was a little annoyed by what a family member asked me on the phone the other day. We were talking about how we were doing, what was up with friends and so on. When the talk turned to problems with computers, and to be more exact, to issues related to our security product, my relative asked if the man in the house could help him.

For a moment I was stunned, but decided not pay any attention to him trusting a man who does not work in a security company over a woman working in one. Maybe it is just more natural for the older generation to turn to a male for help with “cold” and “techy” things?

When the discussion spread to social media and its usage, the questions were directed at me again. Even though social media, or more precisely, the gateway to social media, is in the same computer as for the security products, it is seen a “softer” thing that even women can handle. And in some ways this is true: according to recent studies, women are more active in social media than men. It’s a trend that has become more visible in the last few years.

Whether you are a man or woman surfing around and socializing on the web, the choice of doing it safely and securely is yours. The other bloggers on Safe and Savvy have already given some great tips on what to look out for when socializing on the web. The features of our Internet Security 2010, such as Browsing Protection will tell you if a page or a site is safe to visit or not.

If you’re not using our solution, the feature can also be used for free at http://browsingprotection.f-secure.com/swp/. There you can write the URL and the application will tell you if the site is safe or not. Being safe online is not a gender issue. It’s about being a bit clever and ensuring your safety in the best possible way. It’s about you.

Cheers,
Gia

P.S. Today is Ada Lovelace Day which is an international day of blogging to celebrate the achievements of women in technology and science. Go make your pledge before the clock strikes 12!

Image by johnsto

Share this

Here in Finland we just had a case this morning where the user names and passwords of the users of a popular gaming site ended up being publicly distributed on the net.  Over 100 000 user accounts were exposed. Now anyone who may have been using the same user name and password for other online services may have all their accounts exposed.  This goes to show how important it is to have unique passwords for all the different services you use on the web.

On a related topic, The Register reported that one in four school kids in England admit to hacking. The way they do this is by, very simply, guessing at their friends’ passwords. So don’t use your pet’s name, street address, boyfriend’s birthday or anything that can be easily guessed.

With these latest events I would like to urge everyone again to take the time to use a system that creates strong and unique passwords.  This is especially critical for any online services where personal information about you is available.

Safe surfing everyone!
Annika

Share this

Twitter recently took a major step with a Twitter-branded URL shortening service that will filter links—Twt.tl. But your safety is still at stake.

We can expect more phishing attacks, more scams, more social engineering schemes that take advantage of the faith we have for each other. And now that Twitter results are integrated into Google, Bing and Yahoo, these attacks jeopardize the integrity of search results across the web.

But you, and everyone on Twitter, can make a difference. The same tools that criminals use to rapidly spread their frauds can be used to protect us.

By just committing to using Twitter safely, you’re joining the fight. Check out this article for some basic tips on using Twitter safely.

If you want to go a step further and be an active force for safety on Twitter, we invite you to join in on an experiment we’re starting—the Twitter Safety Movement.

It’s no huge commitment. But by joining up, you’re simply stating your commitment to help keep Twitter safe by following through on some basic suggestions.

1. Follow Twitter’s Spam and Safety accounts for updates. When you see warnings your followers should know about, RT them.
2. Check any links before you share them. Use our free Browsing Protection to make sure they’re safe.
3. Tweet  any suggestions you can find to promote strong passwords and other security basics.
4. Report any scams that you come across immediately.

If you’d like to be a part of this experiment, just put a link to your Twitter account in the comments of this post or contact the F-Secure Twitter. We’ll add you to the Twitter Safety Movement list where you can sync up with other safety-minded tweets.

Of course, we can’t vouch for everyone who’s on the list. But we do believe that the technology that makes Twitter so appealing for connecting and sharing can also be used to make Twitter a safer place.

Or, at least, we can give it a try. Either way, we’re all in this together.

Cheers,
Jason

Share this

I am one those people that have a very short attention span for technical instructions, so let me try to explain this as shortly and clearly as possible. Just in case you are like me. The idea is to use a system that allows you to do 2 things:

1. Remember your passwords through writing a part of it down. The only thing you need to remember is a part that is the same for all your passwords; a pin if you will.

2. Create passwords that are good and strong, unique and can’t be guessed

Here are the step-by-step instructions:

1. Think of a “pin” for your password, this is the part that is same for all of your passwords. The pin should be 3 characters or longer,  it could be something like “25!” and this part should be kept secret.

2. For each of the web sites that you need a password for, you create a code that helps you remember what site/service the password is for. For example aMa for Amazon and gMa for gmail.

3. Continue the password with a random set of 4 or more characters,  for example: 2299 or xy76. You should use different random characters for your different passwords.

4. Write down parts 1 & 2 on a note and keep is safe so you don’t forget it. In this example you would end up with a note in your wallet with this written down:

• aMa2299
• gMaxy76

5. When using the passwords, add your pin to them. Remember again that the pin should not be written down anywhere!  You can decide the location of your pin too. With the example pin “25!” created in the first step we would  end up with 2 passwords that could be:

• aMa229925! or 25!aMa2299
• gMaxy7625! or 25!gMaxy76

Tadaa, you now have passwords that are unique and can’t be guessed! And of course you only need to remember a part of it! By having unique passwords you can also make sure that even if someone finds out one of your passwords, the others are still safe.

As a final note, should you choose to use this system, you should come up with your own passwords and not use the ones used in this post or in our Lab’s post.

Hopefully I managed to make it sound relatively easy. If not drop me a question below.

Annika

Share this

If you got one of the annoying “This you???????” direct messages yourself, hopefully you didn’t click on it. If you did and ended up at URL that wasn’t in the twitter.com domain, hopefully you didn’t enter your twitter account name and password. But if you did enter your login details, all of you followers got a direct message that phished for their Twitter credentials.

Embarrassing—especially if your boss or someone cool like ‘Weird’ Al is following you. So now you have to change your password again and apologize to your friends for spamming them. It’s not terrible compared to getting your banking account phished. However, it’s probably part of a larger, darker plot.

So don’t make life easy for scammers.

Here’s a trick that will keep you from ever being phished on Twitter: Don’t click on any of the links.

There you go. Simple.

But you can’t do that? The links are fun? I understand. Where else can you find cool stuff like this?

OK. Keep your security software updated, and extend those shortened links so you know where you’re going (Longurl.org‘s Firefox extension is great). If you’re doing that, clicking on the links in your public feed or time-line should be fine.

But don’t click on the links in your direct messages. As you know by now, the bad guys can take over your friends accounts and exploit your trust. And you know that most of the direct messages you get on Twitter are auto-generated and pretty useless. So as a general rule, don’t click on any link in your direct messages. And if you MUST click on a link in your direct messages, check it out with F-Secure’s free Browsing Protection. In fact, if check any link you’re suspicious of with Browsing Protection. You’ll be glad you did.

The links on Twitter and any social networking site may lead to trouble . So enjoy those Tweets but watch those links.

Cheers,
Jason

Share this

On one hand, I use Twitter for business and Facebook for connecting with friends. Facebook, especially, has enabled me to keep connected and talking to friends who live on the other side of the globe. This is such a plus that I can’t help but loving social media.

On the minus side, I am constantly worried about my security and privacy while using these sites.  Being an employee of an Internet security company gives you a intimate view of  all the scams and dangers running wild on social networks.

So how do I balance the pluses and minuses? How do I keep connected to your friends without compromising security and privacy?

For me, the solution is to take a proactive approach to using social networks.

1. Know the settings of your accounts.
I take time to know the settings to my accounts and check what is visible to everyone and what is hidden. In Facebook the settings can be found under Account – Privacy settings. There are quite a bit of settings there, but it is worthwhile to take the time to go them over. I limit things to my friends only. It is even possible to create a limited profile and share some content only with some friends.

Here’s a great list of 10 privacy settings that every Facebook user should know.

2. Remember that things loaded to internet stay there.
This means  that photos and content that I would not be comfortable publishing in a newspaper stay out of the web.

3. If I get messages from friends with headings that do not sound like something they would be likely to send I don’t click on them.
A friend’s account may be used to infect people with viruses. So if it looks fishy I assume that is just that.

With these precautions in mind, the pluses of social media definitely outweigh the minuses. With a little effort and common sense, enjoying social media can be as safe as doing anything else in the web.

Happy networking,
Annika

Share this

Now, truthfully, we don’t have a lot of material on this topic. Our work focuses more on the tech side of the huge field that is online security. Still, as more children become Internet-connected at a younger age – whether on a computer at home, at school, or even via a smartphone – keeping them safe online is becoming more of a concern, especially for parents who struggle with  technology.

I won’t include a list of safety tips here, as there are already many great guidelines available from dedicated child protection organizations (some sites to check are Netsmartz.org, Childhelp.org and Cybersmart.org). Instead, I’d like to summarize all this useful, wide-ranging advice into five very general points about online security, as a kind of handy baseline for parents to start from.

Point 1: Don’t feel overwhelmed.
The many guidelines available give tons of helpful tips, suggestions, checklists and more, so it’s easy to feel flooded by too much advice. Most of these recommendations stress four major concerns:

• Open and honest communication between the child and the parents
  Open communication aides both parties in exploring thorny issues such as sexuality, potential dangers, proper behavior and so on.
• Trust between the child and the parents
  Typically, trust helps both parties feel confident that the child can interact appropriately with people online
• Constant, active supervision of the child’s interactions
  Proper supervision doesn’t interfere or undermine the child’s online social life, but rather it ensures that no possible threats are overlooked or misunderstood
• Offering immediate support and comfort is available when needed
  Being available as a parent empowers children to know that they will be listened to, believed and protected if they report anything that makes them uncomfortable

Within each of these subjects, there are a multitude of suggestions about what can be done. If you address each concern in a way that suits your family’s needs, then that’s a good start.

Point 2: Don’t underestimate how easily a mistake can happen – but don’t exaggerate either.
It can be incredibly easy to accidentally reveal too much about yourself online, especially as many web services today are designed for convenience and not security. Even tech-savvy adults struggle with the same safety measures children are asked to follow.

For example, one guideline meant for children includes straightforward tips like not posting personally identifiable details on a blog. This is advice plenty of adults have failed to observe!

Unfortunately, children can and will make the same mistakes adults do.

Understandably, this can be a cause for concern.  At the same time, with some precautions and alertness, the risk of making a dangerous mistake can be significantly reduced.

Point 3: Don’t underestimate the power of an online relationship.
My third point is often implied in the various guidelines, but rarely explicitly stated. Since online relationships are usually ‘virtual’ and intangible, it’s easy to assume that ‘that online friend’ is less influential than someone who is physically present.

Unfortunately,  this isn’t always true.

In many ways, online relationships are the modern take on the pen pals or telephone-buddies of yesteryear. How we communicate has changed, but the potential  for good or bad remains the same. Two parties may thousands of miles apart, but online relationships can be intense, meaningful and complex.

Point 4: Technology is irrelevant, it’s all about behavior.
You may have noticed by now I haven’t said anything on how to use online programs, which brings me to my (deliberately overstated) fourth point.

Each type of communication technology – letters, phone calls, SMSes, e-mails or video blogs, etc – has unique risks, as well as 1001 cautions for safe use. Still, the safest approach to using any and each technology is the same:  be aware of the risks involved and mitigate them as much as possible. Or to malign a military analogy – tactics may differ, but the strategy stays the same.

(Aside: if you’re interested, there are programs and other technology available to channel a child’s online activities and monitor their interactions; check out reputable child protection organization sites for programs they’d recommend or search for programs that may be more suited to your needs).

And finally, Point 5: Don’t panic.
Yes, there are dangers online, but they can be avoided.

The online world is much like the offline world: there are creeps and saints, helping hands and cons.  With some sensible preparation and precautions in place, there may be as much danger in surfing the Web as there is going out your front door.

One last (I promise!) analogy: Teaching a child to interact safely online is a lot like teaching them to drive. The two processes follow the same stages: teaching them how to safely handle the machinery involved (be it a video chat program or a stick-shift sedan), making sure they know the dangers (scams and predators, potholes and drunk drivers), and finally – letting them go, ready  to face the big, bad world out there.

Signing off,
Alia

Share this