It’s always nice to get something for free. Or is it? There are really some free lunches on the net. But what appears to be free can have a hidden price, which often is paid by other means than money.
Internet did for a long time lack payment models and everything on the net was truly free. This was fine on a net that was an academic tool and playground for enthusiasts. Our Internet of today is totally different, and to a large extent business driven. But the culture of getting stuff for free on the net is deeply rooted. People are used to free stuff, or are hesitant to use payment on the net in fear of fraud. This has created a lot of new business models based on free products and services. Either genuinely free or with a hidden compensation. One of the important skills for today’s cybercitizens is to recognize these business models and understand the hidden risks and compensations. Read on to learn how.
Before you take the bait you should always ask yourself: Why is this thing offered for free? That’s the key questions as the vendor’s motives dictate if the product or service is safe to use. First look for info about who made the product and why. Then try to place it in one of the categories below. Now it will be a lot easier to make an educated guess about how safe it is.
A very common way to provide free products or services. Ads are showed to you and the vendor gets money from the advertisers. Be careful with ad-ware your children are using. You have no control over the ads and some content may be unsuitable. Otherwise these are mostly legit if you don’t find the ads too annoying.
“If you don’t pay for the product, then you ARE the product.” This is taking ad-ware to the next level. Big data companies like Facebook and Google offer their services for free, but create extensive profiles over their users and utilize them for marketing purposes. This is a privacy problem as you have no control over what data they collect and how it is (mis)used. Intelligence agencies are on top of that also eager to tap into your data. If Facebook knows something about you, then NSA knows too. The problem here is that it is very hard to know what price you really pay for the “free” service. You should consider if the privacy risk is worth taking for the value you get in return.
Many create programs and web services for fun. Giving it away and seeing that people really use it is part of the joy. Some may also have ideological motives, like fighting corporate dominance, guarding peoples’ privacy or defeating net espionage. Products in this category are genuinely free and there’s no hidden compensation. The Firefox browser is an excellent example. The Linux operating system is another.
This “business model” is safe for the customer, but the products and services may not always be the safest choice technically. Providing safe software is a tough task and requires constant maintenance. Hobbyists are not always professional enough for this. In this category you will find a wide range of products with technical security ranging from excellent to very poor. It’s also futile to expect good support services in this category, unless the product has a well-working user forum that provides peer-support.
This is a variant of the previous class. Some providers of free software ask for donations openly. This is like a product with a voluntary payment. A lot of people will use the product for free, but some will contribute a couple of bucks to cover the vendor’s expenses. Wikipedia is a good example. BTW, have you ever donated to them? I have and I think it’s very well spent money. The value I get in return is far greater.
Some free services are provided with tax-payers’ money. These are typically OK to use. Quality might vary tough, as the public sector often lacks the culture of customer service and competitiveness.
Many vendors provide a basic product or service for free, and more functionality or capacity for a price. This is a nice way to let customers try it out and decide later if they need the paid version. Sometimes the product is entirely free and the business model is based on selling support services for it. There’s nothing wrong with this business model and the products are usually OK if the vendor is trustworthy.
Getting something for “free” when buying something else is a common marketing trick. It’s not really a free product, the pricing scheme is just set up to hide its true cost. A common example is receiving a “free” mobile phone or 4G-dongle when signing up for a 2-year subscription. Hardware prices are declining and many people have a misconception that these bundled items are worth more than they really are.
Some content is offered to you free of charge and with no strings attached, but the distributor lacks the right to distribute it. Distributing stuff without permission is illegal practically everywhere, but your status as receiver is not as clear. Whether it is a crime to download the stuff depends on your country’s legislation. Also remember that the common peer-to-peer sharing networks, like BitTorrent, both download and share at once. It’s also common to distribute malware masqueraded as pirated software. The safest way is to look for the content’s original vendor or distribution point, and download it from there. Then you will learn if it really is free, and lose the malware as an extra bonus.
Malware and scams are often masqueraded as free offerings. Be extremely careful if you are tempted to sign up for anything that sends you “free” information as text messages. Your mobile phone number is a payment method and scammers can charge you for bogus messages sent to your mobile. It can be next to impossible to get them cleaned off the bill. What you think is a handy utility program may also turn out to be malicious software. If you can’t figure out why the tool is free, the real reason may be to plant malware in your computer or mobile device.
Let’s finish with a checklist for people considering using a free service or product:
Reports that half a billion Yahoo accounts were hacked in 2014 "by a state-sponsored actor" were confirmed today by the tech giant. This hack of "names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions" is the largest in the company's history and one of the most consequential breaches of all time. Our security advisor Sean Sullivan told CNN what Yahoo users need to know right now: [youtube https://www.youtube.com/watch?v=kO-70yKF4bE] He also gave a longer interview to Data Breach Today about the wider implications of the hack. The most important takeaway from this attack is you should always use an extra layer of protection -- in this case Yahoo's two-factor authentication on all your accounts -- and never reuse any important password. Even though Yahoo's passwords stored your passwords with encryption, it's still possible for criminals to get access to them, especially if they are weak. A former Yahoo employee told Reuters that the answers to security questions were deliberately left unencrypted to help catch fake accounts more easily because fake accounts that used the same answers over and over. Sean always uses nonsense answers for so-called security questions so they aren't guessable by anyone who knows him or follows him on social media. He recommends you do the same. So what should you do now? Sean recommends you "walk, not run" to your Yahoo account to disable your security questions and change your password -- and change them on any other site where you've used them to something unique. Make sure you create non-human passwords -- not patterns like yahoo1985. Make them long and difficult to remember. If they're between 20 and 32 characters, they are nearly uncrackable, as our senior researcher Jarno Niemelä recommends. And to deal with all that complexity, use a password manager like our F-Secure KEY, which is free on one device. You can also store your nonsense answers to your security questions in there. Then turn on two-factor authentication, if you haven't already. If you're wondering who might have carried out such a massive attack, Sean does have a hypothesis. [Image by Christian Barmala | Flickr]
Many Android users (myself included) have long found it annoying that creating a working portable hotspot is not possible while using a VPN on the device that shares the connection. From the user interface to the lines of code that power the app behind it, a driving principle of designing Freedome has always been to make the kind of VPN that only makes your online experience better, without hindering it in any way. Tethering with VPN is now possible This is why we are extremely happy - both personally and for our users - to announce that our new Android release (out now on Google Play) makes it possible to have Freedome turned on while sharing your connection with other devices. We are also the first (as far as we know) major VPN provider to make this happen. Instructions on setting up a portable hotspot The new update automatically allows you to create a portable hotspot with Freedome VPN, so the instructions are fairly simple. Download Freedome VPN on your Android Turn on the portable hotspot feature from your Android settings Keeping it simple, as usual! A note on privacy It’s worth noting for the sake of your privacy that the tethered device’s traffic will NOT go through the VPN tunnel of the device sharing the connection. As Freedome lead Android developer Antti Eskola (who, by the way, you can thank for making this feature a reality) says: “Android does not allow tethered devices access to the VPN tunnel. This is a deliberate choice forced by Android for security reasons. For instance, when using VPN to access your employer’s network, they might not want your friends and family there. Also a VPN tunnel shared with others wouldn’t really be a private network anymore” In other words, remember to use Freedome on laptops and any other devices you connect to your own hotspots with. If you have any questions, drop us a line on Twitter. Enjoy!
If you don't want to read the manual for the new Wi-Fi-connected device you just installed in your home, do yourself a favor and at least check how to change the default password. A new report finds that more than 100,000 devices in the United Kingdom alone could be possibly be accessed by peeping strangers. How is this possible? "Two words," explains F-Secure security advisor Sean Sullivan. "Default settings." Most consumers don't seem to imagine that their baby monitor, web cam of Wi-Fi router might be targeted by a hacker. "That’s called security through obscurity and it just does not work," Sean explains. "There are 'deep-web' search engines --such as Shodan -- that routinely scan for devices on the Internet. And just about anybody can find interesting things there that shouldn’t be publicly accessible but are." Often all online intruders need to do is type in the password that the manufacture sent the device out with. "You need to change the webcam’s password to something complex and unique," he says. "Don’t worry about having to type it all the time, you’ll probably only need to configure the associated mobile app once. And then the app will remember the password for you." This one simple step will greatly reduce your risk of having your devices hacked. Still many of us won't do it. The time to get rid of this terrible habit of leaving default passwords untouched is now, before our homes become so overrun by Wi-Fi-connected devices that hackers begin to devote serious resources to this sort of intrusion and possibly find some convenient way to monetize it. So don't let your fear of not being able to remember the passwords for all these devices become the weak link in your security. "Once you’ve set your secure password, store it someplace safe for future use," Sean says. He suggests a using a password safe like F-Secure KEY or a piece of paper in a secure location in your home. Just don't store it anywhere in sight of a webcam that still is using its default password. [Image by DAVID BURILLO | Flickr]