blog_photo_Jan2013

There’s no such thing as a private message

blog_photo_Jan2013

You may have heard about Storify. A new tool that you can use to publish private conversations in Facebook. Scary, isn’t it? Or that’s at least the angle many headlines take. But the full picture is a lot less dramatic. In fact, Storify does not enable you to do anything that you couldn’t do before, it just makes it easier. And it is an excellent reminder about the risks with so called private messages.

Most legislations provide a fairly high level of protection for messages in transit. The goal is to prevent 3rd parties from eavesdropping and tampering with the messages. But what many forget is that the parties involved in the communication have rights to use the message. It means that the recipient has fairly free hands to use what you write as soon as the message hits the inbox. Your only protection is really your trust in the other part. You may write things that both parties understand should remain private, and it may be sufficient protection today. But what about the future? We all know that trust can change. Many who have gone through a divorce know that the person you trust the most of all may become your worst enemy.

So what about Facebook and Storify? It’s just a good reminder about what can happen to “private” messages. The same threat exists in any kind of messaging service. Not only on the Internet, phone calls can be recorded and misused as well. Letters on paper can be copied, scanned and published. Facebook didn’t provide tools for publishing private messages, but that never prevented users from using copy-paste or taking screenshots of the messages. And our good old e-mail is no better. It has a button called Forward for this purpose.

The only thing that can protect you from this kind of leaks is to not write things that would be embarrassing if published. Be polite and adopt a no-nonsense attitude even in private communications. Think twice before reveling secrets over electronic communication systems. Even if you use encryption it only protects you against 3rd parties, not against the recipient. And last but not least. Do not turn your friends into enemies. That’s probably the biggest reason for leaked private messages.

Micke

Photo by Sam Catanzaro @ Flickr

More posts from this topic

Facebook Phone Number

Why Does Facebook Want My Phone Number?

Facebook has become the most popular social network in the history of known universe for a pretty simple reason: It appeals to our egos. Our egos love to be connected, recognized and comforted. But those needs are generally tiny compared to our desire to be flattered. And one way Facebook continually flatters us is by asking for our phone number -- continually. Like all the time. But like any stranger seeking your digits, the site may have ulterior motives. Ask Facebook, "Why am I being asked to add my phone number to my account?" and its help page will tell you this: Adding your phone number to your account will help keep your account secure, make it easier for you to connect with friends and family on Facebook and make it easier to regain access to your account if you have trouble logging in. That's true. But are there other reason that it might want this piece of information -- reasons that appeal directly to Facebook's bottom line? Almost certainly. In fact, the business case for getting your phone number may be so strong that it's likely at least part of the reason for the change in terms and conditions for WhatsApp, which is owned by the technology giant. So what does Facebook get when it gets your phone number? Potentially lots and lots of information about you -- possibly even your favorite breakfast cereal. Watch our chief research office Mikko Hypponen break down what the data scientists that help social networks sell ads learn about you from your number. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] Even if you don't mind being marketed at with ruthless efficiency, there may be other ways Facebook could use your number that you might want to consider. You might have heard about the therapist who began seeing her patients pop in Facebook's "People You May Know" module. How did this happen? Fusion's Kashmir Hill suggests that "an algorithm analyzing this network of phone contacts might reasonably assume all these people are connected." And in this case the therapist didn't even remember giving her number to the site, but she had. If you're logged in, you can check if Facebook has your number here. This still could be some value to you in handing over your number. Two-factor authentication is generally a smart strategy for any account you want to protect -- and you need to offer your smartphone number to access the SMS messages you'll need to use. But remember: If you make your number available on Facebook, people can find you by searching it. So if you do use Facebook's two-factor authentication, you should consider hiding your phone number for anyone but yourself. To do this, go to your profile page, click "About" under your cover image and then in the left column click on "Contact and Basic Info". Next to your mobile number, click "Edit" and select "Only Me". This will make sure strangers won't find your number through your profile or vice versa. But it won't stop Facebook from knowing what your favorite breakfast cereal is. {Image by HighwaysEngland | Flickr]

September 9, 2016
BY 
Christine Bejerasco

Meet the Online Guardian Working to Keep You Safe

Every time you go online, your personal privacy is at risk – it’s as simple as that. Whether you’re creating an account on a website, shopping, or just browsing, information like your email, IP address and browsing history are potential targets for interested parties.   All too often, that information is sold on or sometimes even stolen without you even knowing it. And the threats to our online privacy and security are evolving. Fast.   As F-Secure’s Online Protection Service Lead, Christine Bejerasco’s job is to make life online safer and more secure.   “We’re basically online defenders. And when your job is to create solutions that help protect people, the criminals and attackers you’re protecting them against always step up their game. So it’s like an arms race. They come up with new ways of attacking users and our job is to outsmart them and defend our users,” Christine says.   Sounds pretty dramatic, right? Well that’s because it is. While it used to be that the biggest threat to your online privacy was spam and viruses, the risks of today and tomorrow are potentially way more serious.   “Right now we’re in the middle of different waves of ransomware. That’s basically malware that turns people’s files into formats they can’t use. We’ve already seen cases of companies and individual people having their systems and files hijacked for ransom. It’s serious stuff and in many cases very sad. If your online assets aren’t protected right now you should kind of feel like you’re going to bed at night with your front door not only unlocked but wide open.”   Christine and her team of 11 online security superheroes (eight full-time members and three super-talented interns) are on the case in Helsinki.   Here’s more on Christine and her work in her own words:   Where are you from? The Philippines   Where do you live and work? I live in Espoo and work at F-Secure in Ruoholahti, Helsinki.   Describe your job in 160 characters or less? Online guardian who strives to give F-Secure users a worry-free online experience.   One word that best describes your work? Engaging   How long is a typical work day for you? There is no typical workday. It ranges from 6 – 13 hours, depending on what’s happening.   What sparked your interest in online security? At the start it was just a job. As a computer science graduate, I was just looking for a job where I could do something related to my field. And then when I joined a software security company in the Philippines, I was introduced to this world of online threats and it’s really hard to leave all the excitement behind. So I’ve stayed in the industry ever since.   Craziest story you’ve ever heard about online protection breach? Ashley Madison. Some people thought it was just a funny story, but it had pretty serious consequences for some of the people on that list.   Does it frustrate you that so many people don’t care about protecting their online privacy? Yeah, it definitely does. But you grow to understand that people don’t value things until they lose it. It’s like insurance. You don’t think about it until something bad happens and then you care.   What’s your greatest work achievement? Shaping the online protection service in the Labs from its starting stages to where we are today.   What’s your idea of happiness? Road trips and a bottle of really good beer.   Which (non-work-related) talent would you most like to have? Hmmm… tough. Maybe, stock-market prediction skills?   What are your favorite apps? Things Stumbleupon   What blogs do you like? Security blogs (F-Secure Security blog of course and others – too many to list.) Self-Help Blogs (Zen Habits, Marc and Angel, etc.)   Who do you admire most? I admire quite a few people for different reasons. Warren Buffett for his intensity, simplicity and generosity. Mikko Hyppönen for his idealism and undying dedication to the online security fight. And Mother Theresa for embodying the true meaning of how being alive is like being in school for your soul.   Do you ever, ever go online without protection? Not with systems associated to me personally, or with someone else. But of course, when we are analyzing online threats, then yes.   See how to take control of your online privacy – watch the film and hear more from Christine.  See how Freedome VPN will keep you protected and get it now.

July 14, 2016
BY 
groupmeeting

Why You May Want to Disable Location Services for Facebook

When news broke that Facebook was at least temporarily using users physical location to suggest real world connections, a strategy that has been employed by the NSA, the backlash was sharp.  It wasn't difficult to imagine scenarios when identities could be inadvertently and uncomfortably revealed through group therapy, 12-step meetings or secretive political movements. The world's most popular social network quickly said it would not continue what it called a small-scale test nor roll the feature on a wider scale in the future. But Facebook is still using your location data for other purposes, Fusion's Kashmir Hill reports: We do know that Facebook is using smartphone location for other things, such as tracking which stores you go to and geotargeting you with ads, but the social network now says it’s not using smartphone location to identify people you’ve been physically proximate to. Hill notes that using location to match users up, thus acting as a tool to reveal the identity of nearby strangers, might violate Facebook's agreement with the Federal Trade Commission . So you should expect that your location -- like everything you do on Facebook -- is being used to turn you into a better product for its advertisers. That's the cost of using a "free" site but you can limit your exposure a bit by turning off location services for Facebook on your phone. Here's very simple instructions for turning off location services on your Facebook and Facebook Messenger apps on your Android of iOS device. Do you mind if Facebook uses your location to suggest new friends? Let us know in the comments. [Image by Lwp Kommunikáció | Flickr]

June 30, 2016