Dear old and new friends of F-Secure Lokki!
Hei F-Secure Lokin ystävät!
In Finnish / suomeksi: Tämän tekstin lopussa on suomenkielinen yhteenveto uudesta F-Secure Lokki –sovelluksesta! Voit lukea tekstin alkuosan englanniksi tai hypätä suoraan loppuosaan.
F-Secure Lokki is the most accurate and battery friendly personal location sharing app to connect you with your friends and family members. Across the world thousands of people have been taking Lokki into use since mid August when we launched the first version for iPhone and Android devices. We have this week launched a major update to Lokki for iPhone and Android. You can download the new 3.0 version from iTunes and Google Play. For more information on Lokki please visit the F-Secure product page.
We have received a tremendous amount of feedback from all over the world towards Lokki 1.0 and 2.0. This has been really fantastic as it has helped us to improve Lokki. Some of the feedback has been somewhat contradictory so we have decided which way to go. We have read all emails and we have met with a large number of Lokki users during the last couple of months. BIG THANKS to everyone who have spoken with us or sent us messages! Keep them coming! We are making this product for YOU!
Let me tell a few words about this new version 3.0, especially for the old Lokki users out there.
The new Lokki 3.0 in a nutshell
A short summary of the changes in Lokki 3.0 goes as follows: The location accuracy has gone up and the battery consumption has gone down. This has been accomplished by re-writing the software that connects your phone with the Lokki servers. The old Lokki app in your phone was reporting your location every 5…15 minutes to the server, all the time, and especially when there was no WiFi coverage this was consuming quite a lot of battery. The new Lokki reports your location to the Lokki servers only when you or someone in your Lokki group is requesting your location. As you can imagine, most of the time during the day and night there is nobody requesting this information, so your phone does not need to check its location that frequently from the GPS satellites and WiFi networks. A side effect of this change is that we no longer can show the ”has arrived” and ”has left” notifications — they are likely to come back partially in a future version of Lokki, though.
We removed the chat functionality we had built into Lokki after most Lokki users told us that our chat is not on par with the messaging apps they prefer to use. Lokki is primarily about private location sharing so we decided to put our focus on that area and not start competing against the existing chat apps out there. We will be smoothening the interplay of the Lokki app and the messaging app in your phones in the future releases of Lokki.
The most visible change in Lokki 3.0 is that we have replaced the places with a map view. This was a really difficult decision for us because we had feedback from many people that they were really in love with the cool-looking places. However, we also heard feedback that the places were a bit complicated to use, there were false reports of people arriving and leaving places, some people preferred the map view in general, and some people said that the places look a bit childish. The main reason for our design decision was the drive to simplify the new Lokki version and to get it launched as soon as possible, since we had a continuous flow of feedback indicating that quite a many people were not satisfied with the location accuracy or the power consumption in Lokki 2.0. We have an initial plan of bringing the places back, perhaps a bit simplified, in an upcoming release of Lokki.
As a bonus we are happy to tell that the new version of Lokki on Android has now been built so that it also works in the older Android devices (version 2.3.3), and those are very common among children.
Finally a replacement for Google Latitude!
We have heard from some Lokki users that Lokki has become a Google Latitude replacement for them. Google discontinued their highly popular Latitude service earlier this year and we are happy to see Lokki taking that role now. The new Lokki 3.0 is actually a very compelling Google Latitude replacement, coming from a reputable European security software house, and working on both Android and iOS devices.
That was the SHORT summary!😉 Below you will get a more detailed description of the new things in the new Lokki 3.0. Parts of that description are somewhat technical because we know that some of the very early users of Lokki 1.0 and 2.0 are somewhat technically-minded, some might even call them nerds, in a positive way. Others may leave this text now, and we say thank you!🙂
From phone numbers to emails
The old Lokki used your phone number as your username or identity and in the new Lokki we have changed to use the email address for this purpose. You need to use a unique email address per device i.e. if you have an Android phone and an iPad, you need to use different email addresses in those to sign up to Lokki. We debated this change internally a lot and eventually chose the email because it is more commonly used in online services as the user ID and it will allow us to e.g. send Lokki users informative updates more easily than over text messaging. In the old Lokki we did not have the email address of users at all, and there are countries in the world that do not allow service providers to send mass postings via text messages, even if there is no direct marketing content in the messages.
When you allow other people to see you in Lokki, Lokki will show you the people names with email addresses it retrieves from the contacts list in your phone. If a person does not have an email address defined, she or he won’t be visible in the Lokki invitation list, and you need to add the email address first via the Contacts app in your device. We plan to simplify this further in the upcoming Lokki releases.
Lokki and kids
Children can still use Lokki legally (with the exception being the 13 year age limit in the USA due to the Children Online Privacy Protection Act a.k.a. COPPA) so also they will need to have an email address when signing up for Lokki. Or to be exact, the device they are using to sign up needs to have a unique email address. In any case, it is good to be aware of what kind of apps your kids are installing and using in their mobile devices. Have you checked the age limits of some of the wildly popular social media sites or chat apps your kids may be using, by the way?
Read the small print — a.k.a. the Frequently Asked Questions
Many of the detailed issues around the new Lokki 3.0 are covered in the Frequently Asked Questions and you can find that in the F-Secure community knowledge base.
Lokki for Nokia Lumia and other Windows Phones
A word about Lokki on Windows Phone 8. We have an early test version of the Lokki app that runs in a beautiful yellow Nokia Lumia 520 phone. We hope to be able to release the Windows Phone 8 version in the near future when it is fully tested and free of glitches. The Windows Phone operating system is a bit different from Android or iOS and this has introduced some extra hurdles during the development process.
Beta, lean startup and pivot
We fully realize that the changes introduced with this new 3.0 version of Lokki may look awkward for many of you. You need to sign up again to Lokki and your friends and family members need to do the same. All Lokki users will need to have an email. Plus if you liked your places, you no longer can see them. However, after you are done with the initial setup, we believe you will love the new Lokki! We began to develop Lokki as a free app last spring with the goal to build the world’s best people location sharing app that is secure and fun. In the summer we had F-Secure fellows testing the beta version and in August we launched the app to the world. In “lean startup” style we have been continuously listening to Lokki users and improving the app. By early November we realized that we will not be able to satisfy Lokki users with our GPS location tracking solution; the continous location reporting simply ate too much battery and the battery consumption optimizations had an impact on the location reporting accuracy. In lean startup terms we decided to “pivot” Lokki into a new direction. Many Lokki users liked the product concept but expected it to work like Sports Tracker or RunKeeper i.e. continuously tracking the location of everyone on your display but at the same time they expected there to be negligible impact on the phone battery life. This unfortunately cannot be done on modern smartphones, especially when the service needs to run reliably on Android, iOS, and Windows Phone devices. We really like the new Lokki and feel it is superior in many ways to the earlier version, and we will be incorporating elements from the old design to the app in the future releases.
To trace or not to trace — what is your opinion?
Our short-term priorities now include a ’family pack’ functionality for Lokki, in addition to the Windows Phone 8 support. One feature that we are debating is people tracking history. As a security software company we are cautious about any ’big brother’ functionalities — yet we get requests that people would like to be able to see where their children have been. How do you feel about this? And is there some other family feature you would like to see in Lokki?
One more thing
Old users of Lokki probably noticed that Lokki 3.0 now has a new app icon. We felt that since the places are gone from this version, at least for a while, we should evolve also the icon a bit to reflect the changing functionality in the app. We hope you like the new icon!
Thanks for your support and please let us know how you feel about the new Lokki! You can reach us at email@example.com as before.
Harri and the Lokki team at F-Secure in Helsinki, Finland
In Finnish / suomeksi lyhyt yhteenveto uudesta Lokki 3.0-versiosta:
Lokin paikannustarkkuus on parantunut ja puhelimen virrankulutus laskenut. Tämän saimme aikaiseksi toteuttamalla puhelimen ja palvelimen välisen paikkatietojen välityksen uudella tavalla. Vanha Lokki lähetti puhelimen paikkatiedon palvelimelle joka 5…15 minuutin välein kellon ympäri ja uusi Lokki lähettää paikkatiedon vain silloin kun joku oman piirini Lokki-käyttäjä sitä kysyy. Kolikon kääntöpuoli on tässä se, että aiemmat ”on lähtenyt” ja ”on saapunut” –viestit on jouduttu jättämään pois — saatamme tosin tuoda niistä jatkossa Lokkiin yksinkertaisemman version.
Jätimme uudesta Lokista myös pikaviestimen pois. Suuri osa käyttäjistä kertoi meille, että Lokin chat ei ole tarpeeksi hyvä, joten me päätimme keskittyä turvalliseen ja tehokkaaseen paikkatiedon jakamiseen ja jättää pikaviestimen kehittämisen muille. Jatkossa Lokista pääsee helposti hyppäämään puhelimessa oleviin pikaviestinsovelluksiin.
Näkyvin muutos uudessa Lokissa on paikkasymbolien korvaaminen karttanäkymällä. Todella moni on kertonut meille pitävänsä näistä paikoista paljon, mutta vielä useampi on kritisoinut paikannustarkkuuden ja virrankulutuksen tasoa. Halusimme tuoda nämä parannukset Lokin käyttäjille mahdollisimman nopeasti, joten jouduimme jättämään paikat pois tästä Lokki-versiosta. Jatkossa saatamme tuoda paikat takaisin, ehkä vähän yksinkertaisemmassa muodossa.
Uusi Lokki toimii nyt myös vanhemmissa Android-puhelimissa (käyttöjärjestelmäversio 2.3.3) ja myös Windows Phone 8 –versio on meillä työn alla.
Lähitulevaisuudessa keskitymme lisäämään Lokkiin toiminnallisuutta perheitä varten. Haluaisimmekin kuulla teiltä, mitä toivoisitte! Olisiko Lokissa vaikkapa hyvä nähdä, missä lapset ovat olleet menossa vaikka viimeisen parin tunnin aikana, vai olisiko tämä tarpeeton tai jopa ei-toivottu ominaisuus?
Kiitos teille kaikille, jotka jaksoitte lukea tänne asti. Kertokaapa meille, mitä mieltä olette uudesta Lokki 3.0 –sovelluksesta! Saatte meidät kiinni osoitteesta firstname.lastname@example.org kuten ennenkin.
Harri ja F-Securen Lokki-tiimi Ruoholahdessa Helsingissä
[Image by Metropolitan Transportation Authority of the State of New York via Flickr]
A little iPhone history was made this month -- a iOS device was infected by just clicking on a link. This sort of attack had previously only worked on devices where the owner had purposely installed a "jailbreak" hack. So before you do anything -- even read the rest of this post -- you should update your iOS software to the latest version of iOS 9, or iOS 10 beta, which has some nice new privacy features. Here's how this historic attack happened, according to The Verge: Earlier this month, an Emirati human rights activist named Ahmed Mansoor got a suspicious text. It promised new details of torture in the country’s state prisons, along with a link to follow if he was interested. If Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted it with malware, capable of logging encrypted messages, activating the microphone and secretly tracking its movements. To our cyber security advisor Erka Koivunen, this is a glaring example of a threat that is not "advanced" -- as in APT, advanced persistent threat. Think about what goes into a real APT. "They do reconnaissance properly and understand what the victim is susceptible to. They have good timing and only create visible noise when it suits their interest," he told us. "And they have a plan B ready in case someone starts snooping their activities." Here, the the most exploitable iPhone vulnerability ever known has now been exposed and patched -- for what? It's a bit baffling to Erka who compares it to throwing "expensive exploits at this guy like kids throwing rocks." You just don't see zero-day vulnerabilities like this -- especially on what had been one of the more secure platforms available -- that often. This has some security researchers thinking: Perverse incentives: Should I take up political activism so I get more interesting 0day sent my way? /me wonders — halvarflake (@halvarflake) August 26, 2016 //platform.twitter.com/widgets.js So, if you haven't already, update now. And if you're involved in politics in *any way* whatsoever, realize that someone will try to hack you -- sooner or later. So beware of those links in strange texts and email attachments in general. [Image by Sean MacEntee via Flickr]
This is really an old problem, but it’s in the headlines again. Pokémon Go is yet another example of a “free” game with a business model based on in-app purchases. These games are also known as F2P, standing for free-to-play. You can start playing, and get hooked, for free. But soon you run into a situation where you can’t proceed without buying virtual stuff in the game. The stuff you buy is virtual but the payment is very real money. This is no doubt a profitable model. Pokémon Go went straight to the top and for example Finland-based Supercell, maker of Clash of Clans, has constantly reported nice profits. This can naturally cause trouble for addicted adults, but the real problems arise when kids get hooked. There are numerous public stories about kids making purchases for hundreds or even thousands of Euros, often without even understanding how much they have spent. And the sinister part is that this can go on for a while until you get the credit card bill, and it’s too late. Your chances to get a refund are somewhere between slim and none. But how can this happen? Let’s take a look at the most common scenarios. Your kid has set up the new device and created the needed account with Apple or Google. Everything is fine until he or she needs an app that isn’t free. You enter your credit card on the kid’s device and make the purchase, but you don’t pay any attention to the security settings. This may give your kid carte blanche to buy anything he or she likes, and you pay the bill. You have entered your credit card but set up the kid’s store account so that a password only you know is required for every purchase. But there are some convenient settings that allow purchases without a password within a limited time window after the password has been entered. Kids learn very quickly to utilize this opportunity. Let’s assume the same setup as in the previous point, but with the correct security settings. Now the password is needed for every purchase. But the store account is still owned by the kid and the password can be reset. The password reset link will be sent to the kid’s mail or phone number. It’s carte blanche again with the new password. Ok, you create an account you own for the kids phone. It’s tied to your mail and phone number, so the password reset trick shouldn’t work anymore. You put down your phone and head for the toilet. Your kid has been waiting for the opportunity and initiates the password reset request. Your phone is there on the table wide open, with the reset link in the mail. You can figure out the rest yourself. And of course the simple alternative. You think the store password on your kid’s device is secret. But in reality it is either too easy to guess or someone has been looking over your shoulder. So there’s many things that can go wrong, but what can we do to avoid it? There are many ways to fight this problem, but this is in my opinion the best approach: Let the kid set up the store account on the device and set own passwords. Just like an adult would use a phone, except that there’s no payment method registered. Never enter your credit card number on the kid’s device. On Android, get familiar with Google Play Family. This feature enables you to purchase stuff for your kid on your own device. On iPhone, send apps or money as gifts. There may be applications that bypass the store and handle credit card transactions directly. This can typically be handled with vouchers or other prepaid payment methods instead. The application usually guides the users and list all supported methods. Let’s also take a look at the hard way. Follow these instructions if you for some reasons must have your credit card registered as a payment method on the kid’s device. Make sure the store is protected with a good password that only you know. Make sure the kid isn’t watching too closely when you enter it. Make sure the store is set up to require the password every time a purchase is made. Make sure the store account is attached to an e-mail only you have access to. Make sure the e-mail password is decent and not known to your kid. Make sure your phone’s security settings are decent. Use a PIN or password your kid doesn’t know and make sure it locks automatically quickly enough. Even better, do not have the e-mail of your kids store account on your phone. Access it through web mail when needed. So this is after all a quite complex issue. There are many variations and other ways to deal with the problem. Did I miss some simple and clever way? Write a comment if you think I did. And finally. Yes, there’s also many ways to lock the kids out of the store completely. This does no doubt solve some problems, but I don’t think it’s a good idea. They will after all live their lives in a world where digital devices and services are as natural as breathing. They deserve the opportunity to start practicing for that right now. Let them browse the store and discover all the fun stuff. And be part of the group and use all the same apps as their friends. Let them have fun with the phone and learn, even if they will learn some things the hard way. Don’t ruin it for them. Safe surfing, Micke
You might know what a VPN (Virtual Private Network) is. But if you’re like many people out there, you probably don’t use one. You should though. And when you finish this blog post, you’ll know why. A VPN is a private network established over the internet. That might sound complicated, so simply put, a VPN provides security for your device’s internet connection. The layer of security VPNs provide is how you make sure that data you send and receive is encrypted and safe from trackers, hackers and anyone else trying to intercept your data while it’s in transit. Companies and schools use VPNs to let people connect to local networks from anywhere. And you can also use a VPN to stay anonymous whether you’re at home, at work or school, or using an untrusted public network. And as an added bonus, of course, a VPN also lets you change your virtual location, which can mean unrestricted access to a whole world of content. So why is online anonymity so important? Who better to answer that than two real Freedome VPN users. And while we can assure you these guys are both real, in keeping with the theme of anonymity, let’s just call them “John” and “Doe”. “Anonymity is important because I really see it as a human right. Like if I’m looking for things that are really personal, I have the right to stay private and keep that information private,” says John, a university student who’s been using Freedome VPN for three months and counting. Doe, who is 29 and in the IT industry, has used VPNs before, but recently switched to F-Secure’s Freedome. For him, using a VPN isn’t just about protecting himself today: it’s an investment in the future. “I’ve never had problems myself, but we know for a fact that there are organizations and people out there right now who are looking to get their hands on our information and identities for whatever reason. This is definitely going to be a bigger problem in the future, and I want to be prepared,” says Doe. Both John and Doe say that most of their friends in the tech industry are using VPNs right now. But unfortunately, there are lots of people out there who aren’t. “I really wish people were more aware of the fact that they’re potentially giving away parts of their identity and privacy every single time they go online without a VPN,” says Doe. John agrees. “If you think about how people are feeding more and more of their personal information into a wider and wider range of sites, services etc., it’s obvious that the potential risks to our privacy are also increasing,” he says. John and Doe definitely know what they’re talking about and we couldn’t agree more. There’s never been a better time to take control of your online anonymity. So check out the Freedome VPN site for videos and more info. And don’t forget to tap or click to get yours! [Image by Blue Coat Photos | Flickr]