As 2013 winds to a close, there’s no denying it’s been a fascinating year – and no one agrees more than Mikko Hypponen, malware adventurer, famed TED speaker, and F-Secure’s Chief Research Officer. But how will the extraordinary events of 2013 influence the Internet in 2014? I sat down with Mr. Hypponen to hear his thoughts about the Snowden revelations, crypto currencies and the hidden Web.
How will the Internet change as a result of Snowden’s revelations?
The Web came around 20 years ago. For the first 15 years of the Web, we lived in a sort of utopia where there really were no borders, no distances, no geographies, no countries. People couldn’t care less about where their data was stored. For once, we had something truly global.
What I’m seeing happening right now is we are losing this utopia, and the reason is that this wholesale espionage is being used against the citizens of the world. So people are starting to ask questions like where is my data stored, under which country’s laws, which country is this software coming from. These are questions nobody was asking 20 years ago, and this is a really sad development because this great global Internet is becoming shattered and broken down by country lines. So in 2014 and beyond this segregation of the Internet will continue.
What’s the worst case scenario?
The worst case is the Internet becoming a series of disconnected islands because people don’t trust foreign countries anymore, especially powerful countries like the USA. Basically complete breaking of the global trust.
And the best case?
Best case is that Snowden keeps leaking explosive stuff about wrongdoings of the US intelligence agencies. Eventually he leaks such bad stuff that the revelations outweigh whatever Snowden himself has done. He’s forgiven by the US people, he receives a hero’s welcome at home, the US intelligence agencies are brought back under control, and everybody wins.
How should people change how they use the Web in 2014 because of the revelations?
One thing that I said during my TEDxBrussels talk in October was that people shouldn’t be worried, they should be outraged. Fighting this sort of thing with technical measures is hard. If change is going to happen, it’s going to happen through political change and international pressure.
But as far as technical things, my advice is to use encryption everywhere, use strong passwords or a password manager (like F-Secure Key), use cloud services from countries that aren’t conducting wholesale blanket surveillance. Use the same good computing hygiene that you would use to protect yourself from computer crime and malware.
So on the whole, is it good that Snowden did what he did?
Absolutely it’s a good thing. Regardless of Snowden’s motives, he did us a favor by revealing the details of these intelligence agencies. Because they are out of control. The fact that they undermine encryption algorithms makes us all less secure.
What do you think about whistleblowing in general?
Protecting valid whistleblowers is very important because they alert us to wrongdoing that would otherwise never have been revealed.
All these companies like Google and Facebook say they have not been complying with and didn’t know anything about PRISM. What do you think?
I don’t believe these companies are voluntarily cooperating. When Google says “we are not giving data to the NSA” I believe them. I believe most of these companies are victims themselves. I believe they are getting breached by their own government.
What do you think is the US intelligence agencies’ ultimate goal? Do you think their goal is to protect America from terrorism, or is it something more sinister?
I don’t think it’s either. I don’t think the people working inside the NSA are evil people with some sinister plot. I believe they’re trying to fulfill their mission which is to provide signals intelligence. They are fulfilling their mission – but the problem is, they seem to be willing to go to any lengths to do it. They’ve lost their way. They’ve lost sight of their original goals, they’ve become too powerful and they’re out of control. It’s not just about terrorism either, or why would they be tapping Angela Merkel’s phone?
Any other predictions for 2014?
On a different subject entirely, I think 2014 will be the year when crypto currencies like Bitcoin switch from being something that only geeks are aware of to something that regular people know about. The age of virtual, crypto currencies is finally here and it’s long overdue. The one to go mainstream might not be Bitcoin, but maybe a clone or son of it. Of course, just like cash, Bitcoin can be used for good and for bad. And we’re seeing the use for bad in the online crime world.
In April I noted on Twitter when Bitcoin value had reached 100 US dollars, and I predicted it would break $1000 by the end of the year. Today it’s $980. Good call!
(Bitcoin broke $1000 a few days after this interview)
And what about the hidden Web, or deep Web we’ve been hearing about lately?
When the Web originated, the powers that be didn’t see the importance of the Internet. Now the powers that be are trying to control it as much as they can, which means the whole Internet is changing, and we’re fighting for its future.
We’re seeing people who still want to be free on the Web moving to the hidden Web, which will be brought under control as well, in time. And bad things are happening on the hidden Web for sure, but that doesn’t mean the whole thing is bad. People think it’s bad, but that’s what they used to think about the traditional Web as well.
See more of Mikko’s recent comments:
TEDx Brussels talk: How the NSA Betrayed the World’s Trust – Time to Act
Reuters TV interview: In Cloud We Trust
Reuters TV interview: Bitcoin – the Latest Front in Cybercrime
We recently invited our active Twitter community to ask us anything that came into their minds about privacy, VPNs and all manner of related topics. The Twittersphere didn’t pull any punches, and among the great questions was one asking us to make our case for own existence: What are the reasons to pay for Freedome and not use some free privacy solution? Well, here’s a few we think you'll be interested in. 1. Connection speed / bandwidth Everyone wants security and privacy, but NOBODY wants it at the expense of a sluggish connection. Running a VPN takes a surprising amount of servers and bandwidth, and these resources have to come from somewhere. So if you don’t want your internet connection bottlenecked by a VPN server coughing out modem-speed traffic like an asthmatic robot, you might want to consider a paid option. Next to connection speed, bandwidth size is the biggest prequisite people tend to have. Maybe it's the fact that we're based in Finland where the concept of data caps is very uncommon, but putting any sort of bandwidth limit even into the free trial version of Freedome was never truly considered. Unlimited bandwidth for all! 2. Our business model is giving you privacy, not taking it away When any online service claims to be free to its users, there is often a catch. There are exceptions (like Troy Hunt’s awesome Haveibeenpwned to see if your passwords have leaked), but most will ultimately take payment…. in one form or another. This can come in the form of tracking you for advertising purposes, or even selling your bandwidth to hackers. Be careful of free services and make sure you understand what you're giving in return. For instance, our iOS developers created the free F-Secure AdBlocker, and we were quite open about the fact that we were using the app to raise awareness of Freedome. Sometimes the trade-off is worth it for the customer, sometimes it is not. 3. Publicly listed company One of the threats facing consumers looking for a VPN are shady companies that operate in the privacy market. Freedome was conceived by a startup team within F-Secure, a company with a 25+ year spotless reputation among consumers. Without even considering ethical implications, making sure we keep the trust of our stakeholders is vital to our continued existence as a company. When you use a service to encrypt your traffic and handle your data, there is no choice but to place trust in that service. We try to be as open about our ways of operating as possible, but ultimately, the choice of where you place your trust is yours and yours alone. 4. Based in a country where the law is on privacy’s side If suspect business practices present one threat to consumers looking for privacy, so do the over intrusive governments in countries where VPN providers are based in. The U.K is working on the Investigatory Powers Bill (more often referred to as the "Snoopers Charter"), the U.S has an extremely spotty history in keeping their hands off people's Internet traffic, and Russia is increasingly tightening their control over what people say online. Thankfully, Finland is considered a pioneer when it comes to consumer-friendly online privacy laws. It is a great benefit both for us as a company and our customers that we have the law on our side when it comes to putting digital rights of consumers first. 5. It's just a better and prettier app Being part of an established online security company like F-Secure gives us access to a lot of resources. When you pool this together with the startup mentality of the Freedome team, you get a new kind of security app that packs features unavailable in other similar products. Freedome uses F-Secure's own security cloud to access a constantly updated list of online tracking servers and malicious sites to block them from your protection. And finally, what Anni already touched upon in her video answer: It's light, intuitive and very easy on the eyes. Words like "VPN" and "encryption" might bring into mind a clunky & unfriendly interface, but we wanted to challenge that. Everything from setup to turning it on is done with a single button. [youtube https://www.youtube.com/watch?v=rX3FFNAl4hI?list=PLkMjG1Mo4pKL0JFjRTd4vCvK4An5QTp5D]
European Cyber Security Month (or National Cyber Security Awareness Month as it’s known in the US) is just around the corner. And considering the recent disclosure of Yahoo’s massive data breach, it seems like a good time for companies to give some consideration to their cyber security policies. One person glad to see it arrive is F-Secure Cyber Security Advisor Erka Koivunen. Erka, who’s advised people, companies, and even governments on how to protect themselves from online threats for years, wants to let people know that security is more than relying on the latest technologies or devices for protection. It’s just as much about processes and practices as it is about technology. That’s why Erka is participating in an “Ask me Anything” session on Reddit called “How to Create a Culture of Security.” Erka will answer your questions about what you, your colleagues, and your boss need to know about being hacked. Plus, Erka will be joined by Cosmin Ciobanu from the European Union Agency for Network and Information Security (better known as ENISA, the organized of European Cyber Security Month) to provide some additional insights on how to improve security in workplaces around Europe. This will be Erka’s second AMA, having previously fielded a range of questions about online privacy in an AMA conducted last Data Privacy Day. The AMA session will kick-off at 8 AM EST/3 PM EET on October 4th. We’ll update this blog post with the link as soon as it’s available, so check back here so you don’t miss out.
Protecting yourself on the internet used to be a lot simpler -- mostly because you weren't always on the internet. Now we can be online from when we wake up until when we go to sleep. We seamlessly shift from chatting to shopping to banking -- rarely sticking to one device or platform for too long. Most of us aren't just a Mac or PC or an Android anymore -- we're all of the above. “I, and I think most people, have a cross-platform household – I use several different devices with different operating systems on a daily basis," F-Secure security advisor Sean Sullivan explains. The old paradigm of just protecting your PC or your phone can leave your devices exposed to threats. And even the best security software in the world won't protect your public Wi-Fi connection from being snooped on, possibly exposing your most private details, including passwords. That's why we've launched F-Secure total security and privacy, which combines F-Secure SAFE and F-Secure Freedome. F-Secure SAFE is a multi-device internet security suite that protects all your devices. Freedome is a VPN offers a simple way to encrypt your communications over public Wi-Fi and change your virtual location to access geo-blocked sites and services while blocking malicious websites and online tracking. You can still purchase F-Secure SAFE and Freedome separately. And there have been recent improvements to both, including: Silent upgrades that ensure SAFE is automatically updated Parental controls now available on all supported SAFE platforms Ability to create Freedome Wi-Fi hotspots with Android devices while VPN is turned on "Buying separate products to protect iOS, Windows, Macs and whatever else isn’t just expensive, but it means you have to get used to different pieces of software designed to do the same thing," Sean explains. F-Secure total security and privacy is now available for a free trial here. If you're a current SAFE customer, you can't upgrade to total security and privacy but you should receive a discount offer for Freedome. "Bundling protective measures into packages to run on different devices is more economical and more user friendly, both of which are good for security.” Cheers, Sandra [Image by Hans Kylberg | Flickr]