Oura Ring Gen3 Upgrade Offer FAQ (and Launch PR Fail)

Oura Ring Gen3 Upgrade Offer FAQ (and Launch PR Fail)

TL;DR
Current Gen2 ring customers will get “early access” (no idea what this means), 50€ discount, and a free lifetime Oura membership. To get these benefits, you must order the new ring within next 14 days through the link in the in-app pop-up message or related email you should’ve got from Oura. I didn’t receive that email, but apparently it should’ve been sent to all existing customers.

EDIT 1: There seems to be more than one type of offer for existing customers. A friend who bought Gen2 ring recently, got 100€ discount instead of 50€ discount offer. Rest of the offer is the same as the one I got.

Also, instead of receiving the “personalized offer” email, some have received an email saying that their personalized offer email is coming within the next 48 hours. So, an email about an upcoming email…  And I haven’t received either one those.

EDIT 2: Here’s my referral link that will give first three buyers 50€ / $50 discount and 6 months of Oura Membership for free. This discount works for new customers as well! Link removed, all three discounts used. Fingers crossed there might be more coming soon.

FAQ

There’s still A LOT of questions up in the air for which Oura hasn’t provided official FAQ yet. EDIT 3: There’s now an official Oura Membership FAQ. Here’s the original FAQ I had put together from their social media comments:

Continue reading “Oura Ring Gen3 Upgrade Offer FAQ (and Launch PR Fail)”

What is Ransomware 3.0?

What is Ransomware 3.0?

I believe there’s a pretty clear consensus within the industry that ransomware should not be mistaken anymore to limit itself to just encrypting files and demanding payment for a decryption key. Dubbed by F-Secure “Ransomware 2.0”, now the standard practice for ransomware groups includes also stealing files from the target company in order to increase the leverage for ransom. Proper backups are an antidote to encrypted files but won’t help against the threat of stolen data being leaked.

Although this double extortion scheme has been the new modus operandi only since late 2019, cyber criminals are already looking for additional ways to apply pressure to their victims. This is where Ransomware 3.0 comes in.

Continue reading “What is Ransomware 3.0?”

The Curious Case of Automated Instagram Influencer Sponsorship Emails

The Curious Case of Automated Instagram Influencer Sponsorship Emails

If an email sounds too good to be true, we’ve learned to dismiss it as phishing or otherwise fraudulent, even if it managed to evade the email client’s junk filters. However, I’ve seen a rise of new type of automated emails that deserve a closer look, as they behave quite differently from your average spam. These emails are from seemingly legitimate businesses, targeting specific email addresses associated with Instagram Creator accounts, and offering some type of an influencer marketing deal.

Global influencer marketing spend is growing rapidly, and Instagram grabbed a lion share – 8 billion dollars – of it during 2020. So, it’s not out of the question for even smaller Creator accounts to get approached by (smaller) brands, but there’s definitely something fishy about the following emails. Let’s look at some examples.

Continue reading “The Curious Case of Automated Instagram Influencer Sponsorship Emails”

Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure

Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure

Recently I was invited to KOVA Esports podcast to talk about cyber security, online privacy and identity management from the perspective of gamers and gaming industry in general. Hosted by KOVA’s General Manager Timo Tarvainen and joined by their streamer Teemu “Spamned” Rissanen, we had a great one-hour long discussion. This post covers my own notes about the things we mentioned, source links included, and further expands on some of the topics. Links to the podcast episode can be found on the bottom of the page. Enjoy!

Continue reading “Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure”

YouTube Channel Phishing, Part 2: The Enemy Evolves

YouTube Channel Phishing, Part 2: The Enemy Evolves

Last year I took a first look at a phishing campaign that was interestingly targeting YouTube channel owners’ email addresses. The aim of the campaign was to guide people to fake YouTube sign in page and phish their login credentials. Note, this did not target YouTube accounts in general, but actual channels. These were my main findings:

  • Despite being hilariously obvious, first four of these were not caught by ProtonMail’s spam filter
  • Out of several YouTube channels I manage, only one has been targeted
  • Same email was CC’d to others
  • Unclear where they have found my email address
  • Senders’ email service providers started as Russian. Little to no typosquatting involved.
  • After few iterations, phishing content seems to have reached its final form (for now)

The campaign came in a burst, stopping as suddenly as it had started. Now after a couple of months it has started again, and it’s time to re-examine what has changed.

Continue reading “YouTube Channel Phishing, Part 2: The Enemy Evolves”

Wearables & Privacy – What You Need To Know

Wearables & Privacy – What You Need To Know

Continuing my seemingly never-ending quest of digging through privacy policies, this time I analyzed how the most popular wearables companies handle their customers’ data. Fitbit, Biostrap, Motiv, Oura and Whoop all are on the cutting edge of health technology, but are their privacy practices on par with that or not?

A fellow biohacker Alex Fergus provided me with the opportunity to publish my little research article on his website. Over the years he has published tons of information on fitness, sleep and – of course – health gadgets. Few days ago he published the most comprehensive red light panel comparison I’ve ever seen, analyzing everything from EMF levels to irradiance and LED flicker. Let’s just say he knows his stuff, so I’m excited to try to match his professionalism on that space with mine about privacy.

I believe it’s time for the biohacker community to start valuing their data more. In my guest blog post you’ll learn:

  • What data do these wearables collect?
  • Are they selling or exchanging data with third parties?
  • Data retention – how long are they storing your data?
  • What can you do?
  • And more…

So head over to alexfergus.com and learn everything you need to know about wearables and privacy!

“YouTube channel will be disabled within 24 hours!” Phishing Campaign First Look

“YouTube channel will be disabled within 24 hours!” Phishing Campaign First Look

During past few months I’ve witnessed and been targeted by rather simple, but still interesting phishing campaign. Well, not me personally, but instead a YouTube channel that I run. This campaign has noticeably sped up in November, so I decided to take a closer look at these phishing emails and share with you my findings.

Continue reading ““YouTube channel will be disabled within 24 hours!” Phishing Campaign First Look”

Freedom of Speech in the Age of Privacy Policies

Freedom of Speech in the Age of Privacy Policies

(I got access to thinkspot beta and this was my first post on that platform. I decided to crosspost it here to increase awareness of thinkspot, and also because the issues I raise here are relevant on other social media platforms as well.)

 

Hi, I’m Joel, and I eat Privacy Policies for breakfast.

I’m thrilled to be among the first users a social platform that encourages free speech and exchange of ideas, driven by the idea of diversity of minds – the true diversity – not the superficial diversity of how we look or where we come from. However, there can be no free speech without privacy. In a similar vein, Snowden famously wrote few years ago that “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” Well I care about both. It makes a lot of sense then for my first contribution on this platform to be an analysis of thinkspot’s Privacy Policy.

All comments are made about Privacy Policy that’s dated to be effective starting August 8, 2019. It seems that they don’t keep an archive of old policies, so I took the liberty to archive this one myself. They do however notify users “in advance of any material updates to this Privacy Policy by providing a notice on the Website or via email”, so that’s a good thing. Here’s some of the most notable parts of the policy.

Continue reading “Freedom of Speech in the Age of Privacy Policies”

Yksityisyyden ikuinen arvo

Yksityisyyden ikuinen arvo

(Tämä on suomennos Bruce Schneierin vuonna 2006 julkaisemasta artikkelista “The Eternal Value of Privacy”. Käännetty ja julkaistu hänen luvallaan.)

Yleisin vasta-argumentti, mitä yksityisyyden puolestapuhujat kuulevat – ja tämä argumentti tulee yleensä niiltä, jotka kannattavat henkilötietojen tarkastuksia, valvontakameroita, tietokantoja, tiedon louhintaa ja muita valvontamenetelmiä – on tämä: “Jos et tee mitään väärää, niin eihän sinulla ole mitään salattavaa?”

Tässä on joitakin käteviä vastauksia: “Jos en tee mitään väärää, niin sitten sinulla ei ole syytä tarkkailla minua.” “Koska valtiovalta päättää mikä on väärää, ja he voivat vaihtaa väärän määritelmää.” “Koska sinä voit tehdä jotain väärää minun informaatiollani.” Ongelma näissä vastauksissa – vaikka ne toisaalta oikeita ovatkin – on se, että ne hyväksyvät yksityisyyden olevan lähtökohtaisesti jonkin väärän piilottelua. Se ei kuitenkaan pidä paikkaansa. Yksityisyys on ihmisoikeus, ja edellytys arvokkaan ja kunnioitettavan ihmisarvon ylläpitämiselle.

Continue reading “Yksityisyyden ikuinen arvo”