Posts in Social media

Facebook archive

If you like sailing and tall ships, I can recommend this podcast about Pam Bitterman’s book Sailing to the far horizon. It’s a great story about the last years of the community-operated ship Sofia, covering both a lot of happy sailing and the ship’s sad end in the early eighties. But this is not about hippies on a ship, it’s about how we record and remember our lives. In the podcast Pam tells us how the book was made possible by her parents saving her letters home. Perhaps they had a hunch that this story will be written down one day. Going on to state that e-mails and phone calls wouldn’t have been saved that way. That’s a very interesting point that should make us think. At least it made me think about what we will remember about our lives in, say, twenty years? We collect more info about what we are doing than ever before. We shoot digital pictures all the time and post status updates on Facebook. We are telling the world where we are, what we are doing and what we feel. Maybe in a way that is shallower than letters home, but we sample our lives at a very granular rate. The real question is however how persistent this data is? If we later realize we have experienced something unique enough to write a book about, have our digital life left enough traces to support us? Pam wrote the book about Sofia some twenty years later. A twenty year old paper is still young, but that’s an eternity in the digital world. Will you still be on the same social media service? Do you still have the same account or have you lost it. Does the service even exist? And what about your e-mails, have you saved them? How are your digital photos archived? You may even have cleaned up yourself to fit everything into a cheaper cloud account. Here’s something to keep in mind about retaining your digital life. Realize the value of your personal records. You may fail to see the value in single Facebook posts, but they may still form a valuable wholeness. If you save it you can choose to use it or not in the future. If you lose it you have no choice. Make sure you don’t lose access to your mail, social media and cloud storage accounts. That would force you to start fresh, which usually means data loss. Always register a secondary mail address in the services. That will help you recover if you forget the password. Use a password manager to avoid losing the password in the first place. Redundancy is your friend. Do not store important data in a single location. The ideal strategy is to store your files both on a local computer and in a cloud account. It provides redundancy and also stores data in several geographically separated locations. Mail accounts have limited capacity and you can’t keep stuff forever. Don’t delete your correspondence. Check your mail client instead for a function that archives your mail to local storage. Check your social media service for a way to download a copy of your stuff. In Facebook you can currently find this function under Settings / General. It’s good to do this regularly, and you should at least do it if you plan to close your account and go elsewhere. Migrate your data when switching to a new computer or another cloud service. It might be tricky and take some time, but it is worth it. Do not see it as a great opportunity to start fresh and get rid of "old junk". If you are somewhat serious about digital photography, you should get familiar with DAM. That means Digital Asset Management. This book is a good start. Pam did not have a book in mind when she crossed the Pacific. But she was lucky and her parents helped her retain the memories. You will not be that lucky. Don’t expect your friends on Facebook to archive posts for you, you have to do it yourself. You may not think you’ll ever need the stuff, just like Pam couldn’t see the book coming when onboard Sofia. But you never know what plans the future has for you. When you least expect it, you might find yourself in a developing adventure. Make yourself a favor and don’t lose any digital memories. Safe surfing, Micke  

October 13, 2014
Ello not a product but feature

Most of us have some kind of relationship with Facebook. We either love it, hate it or ignore it. Some of us are hooked. Some have found new opportunities, and many have got themselves into a mess on Facebook. Some are worry-free and totally open while others are deeply concerned about privacy. But we probably all agree that Facebook has changed our lives or at least impacted our ways to communicate. Facebook has showed that social media is an important tool for both business and private affairs. Facebook was in the right place at the right time to become the de-facto standard for social media. But the success of Facebook is also what makes it scary. Imagine the power you have if you know everything about everyone in the civilized world. And on top of that with quite loose legislation about what you can do with that data. Ok, everything and everyone are exaggerations, but not too far from the truth. Others have tried to challenge Facebook, but no one has succeeded so far. One reason is that social media automatically is monopolizing. The most important selection criteria is where your friends are, and that drives everyone into one common service. The fact that even Google failed with Google+, despite their huge resources and a ready user base from services like Gmail, just underlines how solid Facebook’s position is. Ello is the latest challenger and they certainly have an interesting approach. Ello tries to hit Facebook straight in its weakest point and provide a service that respect user integrity. They may lack the resources of Google, but they can be credible in this area. The choice between Facebook and Google is like a rock and a hard place for the privacy minded, but Ello is different. Their manifesto says it all. Will Ello survive and will they be the David that finally defeats Goliath? Ello is in a very early phase and they certainly have a very long way to go. But remember that their success depends on you too. You may not be a product on Ello, but you are certainly a feature. The main feature, actually. The team can only provide a framework for our social interactions. But people to be social with is absolutely crucial for any social network. So Ello’s raise or fall is mostly in our hands now. They need enough pioneers to make it a vibrant society. The development team can make the service fail, but they can only create potential for success. Ello needs you to materialize that potential. So what’s my honest opinion about Ello? The fact that the service is based on privacy and integrity is good. We need a social media service like this. But there are also many open questions and dark clouds on Ello’s sky. People have complained about its usability. And yes, usability is quite weird in many ways. It’s also very obvious that Ello is too premature to be a tool for non-technical users. Now in October 2014, I would personally only invite people who are used to beta software. But both usability and the technical quality can be fixed, it just takes more work from the team. A bigger question mark is however the future business model of Ello. On Facebook you’re a product and that’s what pays for the “free” service. But how is Ello going to strike a balance between privacy and funding the operation? This is one of the big challenges. Another is if the privacy-promise really is enough? Many of us are already privacy-aware, but the vast majority is still quite clueless. What Ello needs is either a big increase in privacy awareness or something clever that Facebook doesn’t provide and can’t copy quickly. It may seem futile for a small startup to challenge Facebook. But keep in mind that Facebook was small too once in the beginning. Facebook showed us that we need social media. Perhaps Ello can show us that we need social media with integrity. But anyway, you are among those who decide Ello’s future by either signing up or ignoring it.   Safe surfing, @Micke-fi on Ello   Picture: ello.co screen capture

October 3, 2014
How to deal with defamation

Everybody probably agree that the net has developed a discussion culture very different from what we are used to in real life. The used adjectives vary form inspiring, free and unrestricted to crazy, sick and shocking. The (apparent) anonymity when discussing on-line leads to more open and frank opinions, which is both good and bad. It becomes especially bad when it turns into libel and hate speech. What do you think about this? Read on and let us know in the poll below. We do have laws to protect us against defamation. But the police still has a very varying ability to deal with crimes on the net. And the global nature of Internet makes investigations harder. Most cases are international, at least here in Europe where we to a large extent rely on US-based services. This is in the headlines right now here in Finland because of a recent case. The original coverage is in Finnish so I will give you a short summary in English. A journalist named Sari Helin blogged about equal rights for sexual minorities, and how children are very natural and doesn’t react anyway if a friend has two mothers, for example. This is a sensitive topic and, hardly surprising, she got a lot of negative feedback. Part of the feedback was clear defamation. Calling her a whore, among other nasty things. She considered it for a while and finally decided to report the case to the police, mainly because of Facebook comments. This is where the really interesting part begins. Recently the prosecutor released the decision about the case. They simply decided to drop it and not even try to investigate. The reason? Facebook is in US and it would be too much work contacting the authorities over there for this rather small crime. A separately interviewed police officer also stated that many of the requests that are sent abroad remain unanswered, probably for the same reason. This reflects the situation in Finland, but I guess there are a lot of other countries where the same could have happened. Is this OK? The resourcing argument is understandable. The authorities have plenty of more severe crimes to deal with. But accepting this means that law and reality drift even further apart. Something is illegal but everybody knows you will get away with the crime. That’s not good. Should we increase resourcing and work hard to make international investigations smoother? That’s really the only way to make the current laws enforceable. The other possible path is to alter our mindset about Internet discussions. If I write something pro-gay on the net, I know there’s a lot of people who dislike it and think bad things about me. Does it really change anything if some of these people write down their thoughts and comment on my writings? No, not really. But most people still feel insulted in cases like this. I think we slowly are getting used to the different discussion climate on the net. We realize that some kinds of writing will get negative feedback. We are prepared for that and can ignore libel without factual content. We value feedback from reputable persons, and anonymous submissions naturally have less significance. Pure emotional venting without factual content can just be ignored and is more shameful for the writer than for the object. Well, we are still far from that mindset, even if we are moving towards it. But which way should we go? Should we work hard to enforce the current law and prosecute anonymous defamers? Or should we adopt our mindset to the new discussion culture? The world is never black & white and there will naturally be development on both these fronts. But in which direction would you steer the development if you could decide? Now you have to pick the one you think is more important.   [polldaddy poll=8293148]   Looking forward to see what you think. The poll will be open for a while and is closed when we have enough data.   Safe surfing, Micke  

September 8, 2014
Connecting people

You have all seen the pictures circulating on the net. A bunch of people all tapping at their smartphones and paying no attention to the world around them. With the title: ANTISOCIAL. And you have probably also seen this is real life. Sometimes a friend just seems to be more interested in the phone than in you. And maybe it has been the other way around sometime? ;) Most of these people are probably using social media. I do agree that it is rude to ignore persons who are physically present and pay more attention to the phone. Especially if you are alone with someone. And yes, that behavior seems antisocial from other’s point of view. But the funny thing is really that social media and our mobile devices form the most social system invented so far. Think about it. You can be in contact with people everywhere in the world. You can send and receive messages instantly and follow what others do right now. You can share your own feelings spontaneously. You can have a pure peer-to-peer exchange of thoughts not curated by any outsiders. You can select to communicate with a single person or a larger group. You are not limited to written text, you can use pictures and video as well. The real point here is that those “antisocial” types aren’t just tapping their phones, they are communicating with real people. Our traditional definition for the word social was formed before we had Internet. People associate it with personal face-to-face contact and are slow to update their mindsets. Or to be precise, we already have a younger generation who have grown up with the net and social media services. Their definition is up to date, but many of us older persons still see the net as less social or not social at all. Let’s all agree to never call someone who is concentrating on the phone antisocial. But the word rude may be justified. Let’s also agree to not be rude against others by ignoring them in favor of the phone. It’s of course OK to check the phone now and then at the party, but always prioritize people who are present and want to talk to you. And why not take it one step further? Turn off the phone and try to be without it for a couple of hours. Can you do it? Next time you go out for dinner with someone is a good time for that experiment. You may be less social on the net for a while, but your company will see you as much more social.   Safe surfing, Micke   PS. If you must be able to take urgent calls and can’t turn off the phone, at least turn off the data connection. That will mute the social media apps.  

August 21, 2014
1.2 billion stolen password

You have heard the news. Russian hackers have managed to collect a pile of no less than 1,2 billion stolen user IDs and passwords from approximately 420 000 different sites. That’s a lot of passwords and your own could very well be among them. But what’s really going on here? Why is this a risk for me and what should I do? Read on, let’s try to open this up a bit. First of all. There are intrusions in web systems every day and passwords get stolen. Stolen passwords are traded on the underground market and misused for many different purposes. This is nothing new. The real news here is just the size of the issue. The Russian hacker gang has used powerful scripts to harvest the Internet for vulnerable systems and automatically hacked them, ending up with this exceptionally large number of stolen passwords. But it is still good that people write and talk about this, it’s an excellent reminder of why your personal passwords habits are important. Let’s first walk you through how it can go wrong for an ordinary Internet user. Let’s call her Alice. Alice signs up for a mail account at Google. She’s lucky, alice@gmail.com is free. She’s aware of the basic requirements for good passwords and selects one with upper- and lowercase letters, digits and some special characters. Alice is quite active on the net and uses Facebook as well as many smaller sites and discussion forums. Many of them accepts alice@gmail.com as the user ID. And it’s very logical to also use the same password, it sort of belongs together with that mail address and who wants to remember many passwords? Now the evil hackers enter the scene and starts scanning the net for weak systems. Gmail is protected properly and withstands the attacks. But many smaller organizations have sites maintained on a hobby basis, and lack the skills and resources to really harden the site. One of these sites belongs to a football club where Alice is active. The hackers get access to this site’s user database and downloads it all. Now they know the password for alice@gmail.com on that site. Big deal, you might think. The hackers know what games Alice will play in, no real harm done. But wait, that’s not all. It’s obvious that alice@gmail.com is a Gmail user, so the hackers try her password on gmail.com. Bingo. They have her email, as well as all other data she keeps on the Google sites. They also scan through a large number of other popular internet sites, including Facebook. Bingo again. Now the hackers have Alice’s Facebook account and probably a couple of other sites too. Now the hackers starts to use their catch. They can harvest Alice’s accounts for information, mail conversations, other’s contact info and e-mails, documents, credit card numbers, you name it. They can also use her accounts and identity to send spam or do imposter scams, just to list some examples. So what’s the moral of the story? Alice used a good password but it didn’t protect her in this case. Her error was to reuse the password on many sites. The big sites usually have at least a decent level of security. But if you use the same password on many sites, its level of protection is the same as the weakest site where it has been used. That’s why reusing your main mail password, especially on small shady sites, is a huge no-no. But it is really inconvenient to use multiple strong passwords, you might be thinking right now. Well, that’s not really the case. You can have multiple passwords if you are systematic and use the right tools. Make up a system where there is a constant part in every password. This part should be strong and contain upper- and lowercase characters, digits and special characters. Then add a shorter variable part for every site. This will keep the passwords different and still be fairly easy to remember. Still worried about your memory? Don’t worry, we have a handy tool for you. The password manager F-Secure Key. But what about the initial question? Does this attack by the Russian hackers affect me? What should I do? We don’t know who’s affected as we don’t know (at the time of writing) which sites have been affected. But the number of stolen passwords is big so there is a real risk that you are among them. Anyway, if you recognize yourself in the story about Alice, then it is a good idea to start changing your passwords right away. You might not be among the victims of these Russian hackers, but you will for sure be a victim sooner or later. Secure your digital identities before it happens! If you on the other hand already have a good system with different passwords on all your sites, then there’s no reason to panic. It’s probably not worth the effort to start changing them all before we know which systems were affected. But if the list of these 420 000 sites becomes public, and you are a user of any of these sites, then it’s important to change your password on that site.   Safe surfing, Micke  

August 7, 2014
red roses

Dating is an interesting on-line service. It touches on a very private aspect of our lives, but is conducted over the Internet, which has many anonymity and privacy challenges. It also brings a radical change to the ways we find a spouse. Previously we used to meet people in person, get a crush and then later find out if we are compatible. On-line dating turns this upside down, you can first screen the “market” for candidates which seem to be suitable. Then you see them and get the crush, or not. Taste varies, some prefer on-line dating, some the traditional way. An unavoidable aspect of on-line dating is that you have to publicly state the fact that you are seeking company. Some people are fine with that, some are hesitant. Can you even do on-line dating without revealing who you really are? Yes, you can. But there are several things you should know and think about before setting up your profile. I recently got an excellent opportunity to do some research in this area without cheating on anyone, but let’s not go into details about that. ;) Here comes my findings and advice for singles who want to hide their true identities. Do care about your privacy. Or at least think about it thoroughly before going on-line. You may have an extrovert personality and be OK with publishing private things. But you will sooner or later run into someone who didn’t take the medicine and deals badly with a no. It’s so much easier to deal with those if they don’t know your real name and contact info. Your alias. Dating services assume you want some level of privacy and let users appear under aliases. Do not selects the same alias as you use on other services. It is easy to Google for it, and your real identity may be visible on another service where you use the same alias. The profile picture. Dating services vary but the picture of you is almost always very important. And some services require a picture where you are recognizable. This means that you can’t be anonymous for people who know you. The best strategy is to just accept this, but there are alternatives. You can use a profile picture that deliver some kind of feeling or tells something about your life, but you are not recognizable in the picture. Or you can omit it completely. Use a unique picture. Modern search engines can easily find where a certain picture has been published. The picture may link your profile to other services where you reveal more personal info than you want revealed in this context. Make sure your profile picture isn’t on-line anywhere else. Your picture can contain unwanted meta-data. Many modern cameras automatically add the owner’s name, and even contact info, into hidden fields in digital photos. Professionals and serious amateurs may also use workflows that add this data later. It’s also very common with geotagged photos, photos with embedded GPS-coordinates. Those coordinates may point to your home. The dating service may strip out this data automatically, but it’s better to be on the safe side and do it before uploading. Your e-mail. Sometimes you chat inside the dating service, sometimes it’s more convenient to continue by e-mail. It’s a no-brainer that an e-mail address like firstname.lastname@something .com is a privacy problem. But even a more anonymous address is yet another thing that people can google for, and perhaps find you in another context. Set up a separate free mail account dedicated for the dating project. That’s convenient and safe. Chat handles and phone number. The same is actually true for all kinds of communication. Set up dedicated chat accounts. Get a cheap pre-paid phone if you want to talk to, or text with, untrusted persons. Communication and contents. It’s a no-brainer that you can give away your identity when communicating with someone. Mail footers and thoughtlessly revealed information comes to mind immediately. But what may be less obvious is that the issues with pictures not only affect your profile picture. Any picture file you share with the other part may be a privacy risk in the same way. Also check the URL if you share links to uploaded photos or videos. Is your cloud account identifiable from the link? Yes, you can google other people. Some people thinks it’s a bad manners to dig for info about others by googling. That’s a really outdated attitude. You can google for others and you can’t expect others to not google you. Be prepared that people will use any tiny piece of information you share to learn more about you. That’s just how the world works today, trying to fight it is futile. And last but not least. When you find someone, you have to come out of your shell sooner or later. There’s always a point when you have to trust the other and reveal your true identity. People like to know who they are dealing with and you can score some extra points by being brave and open about who you are. Holding on to your anonymity too long sends a message of distrust. But you should naturally first communicate with the other for a while to make sure he or she is sane. And remember that most people are OK. The stalkers and trouble-makes are a minority, but keep in mind that they do exist. Several things to think about, but dating anonymously is not really hard. There’s a lot of talk about Internet privacy now after the Snowden-revelations. It is next to impossible to be truly anonymous on-line if an intelligence agency is after you. But this is totally different. Here we are talking about peer-privacy, not provider-privacy or authority-privacy. These instructions are enough to maintain your anonymity against your peers, but not to run a criminal business. This level of privacy is probably enough for most on-line daters. Good luck. Just go for it. Think about your privacy but don’t let it put you off. Prepare for some disappointments but remember that sooner or later luck will shine on you. :)   Happy dating, Micke    

July 28, 2014
Safe online while travelling

If you bring your phone, tablet or laptop with you when you travel, there's one thing to keep in mind: public WiFi networks are public. "That open Wi-Fi connection opens the door for hackers," writes NPR's Steve Henn. "They can get in the middle of transactions between, say, you and your bank." Because you’re sharing the network with strangers, there’s the risk that someone is using readily available software that snoops on what you’re doing. “It may feel private because you’re using your personal device, but it’s not,” our Security Advisor Sean Sullivan told us last year. Sean advises against doing anything via public WiFi that you wouldn’t want an eavesdropper to know – including logging into accounts with passwords. Before you hit the road make sure all your devices are backed up, your applications and operating system are patched and you're running an updated security solution on any device you can. You can try F-Secure SAFE on up to 3 devices for free for the next month. Here are some more tips that will keep you secure wherever you may roam: • Don’t let your device connect to public WiFi spots automatically. • Delete out the WiFi access points you’ve used when you arrive home. • Log out of all your apps you don’t need while traveling. • Lock any device you're your using with a code that can't be guessed. • Be aware of your surroundings and anyone who could be trying to peek over your shoulder. • Use a unique, strong password for each account. • For laptops, disable file sharing and turn on the firewall, setting it to block incoming connections. • Use a VPN (virtual private network) like Freedome if possible, which secures your connection even on public WiFi. • Use a travel router with a prepaid SIM card for your own personal WiFi network. • At the very least, watch for the padlock and “https” in the address bar for any site with your personal information. If they’re not there, avoid the site. • A good general rule: Assume anything you do over public WiFi is part of a public conversation. Cheers, Sandra [Image by Mario Mancuso via Flickr]

June 24, 2014
Digital Freedom is worth fighting for

We are worried about our digital freedom and need your help. The world our children will inherit may lack some fundamental rights we take for granted, unless actions are taken now. Our Digital Freedom Manifesto is one such action. Read on to learn more. The United Nations’ Universal Declaration of Human Rights, Article 12: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. I think this is a very good and important article, and most people probably agree. We have all gotten used to concepts like secrecy of telephony and the postal service. In short, we have the right to privacy and the right to decide ourselves what private information we share with others. And we value these rights. We would not accept that our letters arrive opened or the police installing cameras in our homes. But on the Internet everything seems to be different. The information you think is private may actually be transferred and stored by systems far away from you, often in other countries. This gives a wide range of agencies and companies a technical possibility to access your data. Article 12 is often your only protection but you have no way to verify that all involved parties respect it. After the Snowden leaks we know for sure what we feared earlier, there are several countries that pay no respect at all to article 12. The ability to monitor most of the world’s Internet traffic, and that way gain political and economic benefits, is just too desirable no matter how unethical it is. USA, where most of our data is hosted, is sadly among the worst offenders. If warrantless wholesale data collection for political and economic purposes isn’t a violation of article 12, then what is? What’s really going on here? Are we ready to dump article 12 or should something be done? Why are we accepting erosion of our digital rights, while similar violations would cause an immediate outcry if some other area of our lives was affected? We at F-Secure are ready to fight for your digital freedom. We do that by providing products that guard your on-line life, like F-Secure SAFE and F-Secure Freedome. But that is not enough. Guarding privacy is an uphill battle if the network's foundations are unreliable or hostile. And the real foundations have nothing to do with technology, they are the laws regulating network use and the attitude of the authorities that enforce or break those laws. That’s why we need the F-Secure Digital Freedom Manifesto. We know that many people around the word share our concern. This manifesto is crowd sourced and will be made available to the public and selected decision makers when ready. We want you to participate, preferable with your own words, or just by reading it and thinking about how valuable digital freedom is for you. The manifesto will not change anything by itself, but it will help raise awareness. And when the people are aware, then we can demand change. We have democracy after all, right? You can participate until June 30th. Or just read the draft and think about how all this affects your digital life. Right now is a good moment to get familiar with it. Micke

June 19, 2014