Security expert Mikko Hypponen talks online safety: “The war is not lost”

Security expert Mikko Hypponen talks online safety: “The war is not lost”

Mikko Hypponen is Chief Research Officer and virus specialist at F-Secure, an Antivirus company in Finland. Along with being a leading internet security expert, Hypponen has also been a speaker in TED talks.

We had the opportunity to meet Hypponen at the Next14-Conference in Berlin this week,  where we talked to him about Google as a data collector, privacy, and the internet after the NSA scandal.

Softonic: Mr. Hypponen, a very simple question – are you using Google Services?

Yes. I am. So are you. It’s very hard to avoid them. I would prefer not to use them, but how the hell do you avoid Google? Even if you find alternatives for Maps and Gmail, how are you going to replace the search engine? You can’t get rid of YouTube, because all the videos are in YouTube anyway. Even if you avoid all of that, you’re still not going to escape Google Analytics and Google AdBanner, which will track you across the Web.

If you do the math, how much money did you make Google last year? If you take the profit and divide it by users, that’s $17 billion profits in 2013 from 1 billion users, meaning you made them $17. You didn’t pay them any money, yet you made them $17 in profit. Although I would prefer to pay for it, they don’t give me the option. I am more valuable by giving my data than by giving them money.

By the way, that wasn’t a very easy question.

You say Google, Yahoo or similar services know more about us than our families. As a user, can I do something differently?

You could delete your Google cookies. You can use their service without logging in, which is its main method for linking your profile between your computer, your tablet, and your phone. But they will convert your data. Not logging in won’t really solve the problem, so we have no real solution.

When it comes to social media, you’re only actively using Twitter. What’s the reason for that?

Twitter is completely open; there is nothing private on Twitter, and nothing to hide. I’m not really against any social media. People ask me why I’m not on Linkedin, why I’m not on Facebook: I try to maintain my own privacy. If you go on Facebook and use it as normal people use it, there’s no ways to hide your life.

The easiest way is to stay away from Facebook, although it hurts me. If you’re not on Facebook today, like me, it’s hard: I have no idea which one of my friend’s got divorced, or who had a baby, or who got married, or where the party is. I’m the last guy to know. Everyone else knows. I don’t know because I’m not on Facebook.

NSA, the Heartbleed Bug– another security disaster seems bound to happen, and people are scared. They don’t really know what’s happening on the web. How can I, as a normal user, protect myself better online?

There are easy things you can do, like changing the whole password culture. Bad passwords or recycling passwords doesn’t only invite surveillance, but all kinds of problems. Use password managers. Take care of backups. Accidents happen to everybody. Your house could burn down– take backups to restore you children’s pictures.

When going online, I’d recommend using the Tor network for browsing. And not just when you’re doing something you want to hide; do it at all times. I’d also recommend using VPNs. Tor will hide who you are, while VPN will encrypt your data. And I must stress: encryption works. That’s a quote from Snowden. Use encryption. Encrypt your email. If you store your data in the cloud, encrypt it first. Encryption works.

Mikko Hyponnen

You and your company have been fighting for years against the virus industry, which seems to become more powerful everyday. Is this fight lost?

No, it’s not lost. It’s not easy being an online criminal. Many people become one because it’s the best option out of many bad options they have. It’s people who have the skills, but don’t have the same opportunities that you and I have. There are many cyber criminals coming from poor countries, and there’s a reason for that.

But it’s not easy being an online criminal. You have to stay incognito, which is hard. They only have to make one mistake, and they’ll get caught. The war is not lost. It’s hard to make big visible changes, but we are catching more online criminals than ever before. We are definitely not giving up.

Malware is getting more and more popular, especially on Android phones. What possibilities do I have as an Android user to protect myself?

Android users right now will not be hit by online attacks unless they install the malware themselves.

The risk is when you take your Android phone to Google Play or third-party app stores, and you install Angry Birds or Boom Beach or whatever. And it looks like the real game or real app, but it’s not the original. There’s no way for you to tell until you get your next phone bill and you realize that the app has been making expensive phone calls while you were using it. That’s the problem on Android. Be careful what you install.

Edward Snowden said that his greatest fear was that nothing would change after the NSA leak. Do you thing anything’s changed in the past few months?

Yes, I see change. I am hopeful. It’s not a drastic change, it’s not a landslide as you’d hope for. But I see people waking up. I see people thinking about this and asking questions. Initially, people have this powerless feelings, like there’s nothing you can do.

When I talk about these things, I try to point out that it’s not like that; there are things you can do. Just sitting in apathy isn’t going to change anything. You don’t have to be worried. You can be angry about it and do something. I am hopeful.

Mr. Hypponen, thank you very much for this interview.

Photo: Mikko Hypponen


Loading comments