Privacy Principles ?

john_W

2 part question: 1) "First and foremost, we respect your privacy in everything we do." ok, fair enough. But then it continues: "Whenever we ask you for information, it is to better serve you" Isn't that the exact same line Google & Microsoft uses on their spywares ? (a.k.a "user experience programs") 2) Privacy 3. "To provide you even better services and relevant messages, we collect information about how our applications are found and used. However, if you are uncomfortable with tracking, we completely appreciate that and therefore F-Secure products offer opt-out possibilities from non-critical data collection" Again, Google (android) & Microsoft use that exact same style of messaging, but they've been caught collecting data regardless of opting out. How can we be sure you do thing differently ? Yes, I've seen M. Hyppönen giving talks and I do believe Him to be "on the level". But can we trust that the rest of the crew is on the same wavelength as He is ? I'm sorry that some companies abusing their market share dilute the credibility of all companies and spoil it for all

[Deleted User]

Hi John,

 

Part 1)

 

Google's policy includes things such as the following:

 

"Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection."

 

Source: https://www.google.com/policies/privacy/#infouse

 

Yes, we do have some similar language as Google and Microsoft -- but "to better your experience" is what's common. But the other guys list many more uses such as providing you personally relevant product features a.k.a. advertising. We don't. At all to my knowlege. So, some of the same language, but different in important ways. And I think that makes all the difference.

 

Do keep in mind that the way in which we collect information actually costs us money. We don't sell advertising like Google and Microsoft. If we aren't smart and limited in how we collect information, we're wasting resources. The same is true for them as well, but being much bigger companies, they don't seem to worry about the costs.

Part 2)

 

1. A link to sources would be helpful in order to know what data collection you're referring to.

 

Google collected info via its Street View cars -- but there was no opt-out in that case. Just a major mistake on its part.

 

2. Mikko is a part of F-Secure and also follows the company's lead -- it's not a one way street. If he's "on the level" but the engineers he works with aren't… how would that make any sense? Why would he work here in that case?

 

Take my word for it. Finns can be very stubborn. If somebody told an engineer around here to collect data even though the customer opted-out… that person would quit. And probably do it very publicly as well.

 

If we collect anything after a customers has opted-out -- that's a bug.

Here's a link to our Vulnerability Reward Program: https://www.f-secure.com/en/web/labs_global/vulnerability-reward-program

 

I confident we'd put potential data leakage issues right on par with security vulnerabilities.

 

Thanks for the questions.

 

Regards,

Sean (twitter@5ean5ullivan)

P.S. I can also provide some thoughts from one of our lawyers who was involved in the process of creating the principles. In a nutshell -- we're trying to promise we'll only collect what we need, and no more. We're not trying to leave open any cases of collect it in case we think of something new in the future. Again, a difference between our language and the other guys.

[Deleted User]

(Not sure why my account is "new" -- I must have reset it at some point.)