Cybersecurity for service members: how to choose secure software
In the context of russia’s armed aggression, service members are primary targets for the enemy, both on the battlefield and in the digital environment. The enemy actively uses software to gather intelligence, track troop movements, and steal personal data.
The security of software is of critical importance for protecting sensitive information. Even standard, widely used applications can pose serious risks if developed by companies associated with the aggressor state or if they have security vulnerabilities.
The Ministry of Defence of Ukraine analyzed the most commonly used software and identified those that pose elevated risks. Below is an overview of malicious software, outlining specific threats and recommending safer alternatives.
Browsers
Opera Browser: despite Norwegian origin, it maintains close ties with russia. A portion of the company’s shares is owned by Chinese investors linked to russian capital, and its saint petersburg office is engaged in browser development. This raises concerns about potential russian influence on user security.
Yandex Browser is developed by a russian company and is widely used in russia. In 2021, it was added to the list of software mandated for pre-installation on computers in russia, underscoring its strategic role in russia’s information space.
Recommended alternatives: Google Chrome, Microsoft Edge, Mozilla Firefox.
Messaging Apps and Social Networks
Telegram is owned by russian national Pavel Durov, the founder of VK (VKontakte), and still maintains ties with russia. VK.com and Odnoklassniki are russian social networks owned by Mail.ru Group that actively collect user data for russian intelligence agencies.
TikTok, developed by the Chinese company ByteDance, uses powerful AI algorithms not only to deliver personalized content but also to collect large volumes of user data. There are well-founded concerns that this data could be transferred to the Chinese government.
Recommended alternatives: WhatsApp, Signal, and Facebook Messenger for communication; Facebook, Instagram, and X (formerly Twitter) for social networking.
Email Services
Yandex Mail and Mail.ru are russian email services that likely give russian intelligence agencies full access to users’ correspondence. These services regularly provide user data to russian law enforcement agencies upon request.
Recommended alternatives: Gmail (Google), Outlook (Microsoft), ukr.net.
Navigation Software
Yandex Maps gathers detailed data on users’ movements and transmits it to servers located in russia. 2GIS is owned by Sberbank of russia, and MapsMe is controlled by Mail.ru Group. All of these applications can be used to track military sites and routes.
Recommended alternatives: Google Maps, Apple Maps, Waze.
Screenshot Tools
LightShot, a popular screenshot tool, was developed by the russian company SkillBrains, Joxi was founded in moscow, and Screenshoter is a russian-made product. All these apps may transmit captured screenshots to developer servers, posing a risk of confidential data leaks.
Recommended alternatives: Windows, macOS, and mobile OSes already provide powerful built-in screenshot tools (Win+Shift+S, Cmd+Shift+4).
File Managers and File Archivers
Far Manager was developed by a russian programmer. This popular file management tool may contain hidden data collection features. WinRAR and 7-Zip, two widely used file archivers developed by Russian programmers, raise concerns about potential backdoors.
Recommended alternatives: The built-in archiving features of modern operating systems provide sufficient functionality to meet most everyday needs.
Antivirus Software
Dr.Web and Kaspersky are russian antivirus programs with full access to a device’s file system, posing a risk of confidential data being transferred to russian intelligence services. 360 Total Security, although developed by a Chinese company, carries similar risks.
Recommended alternatives: Microsoft Defender (integrated into Windows), Avast, ESET.
Cloud-Based Storage and Services
Yandex Disk stores all user files on russia-based servers, potentially allowing russian intelligence services full access. Yandex Music and Yandex Taxi also collect personal data for russian agencies.
Recommended alternatives: Google Drive, Microsoft OneDrive, and Dropbox for cloud storage; Spotify, YouTube Music, and Apple Music for music; Uklon, Bolt, and Uber for taxi services.
Specialized Software
Getcontact positions itself as a phone number verification service, but in reality, it collects and sells data from users’ contact lists. Such applications require full access to users’ contact lists and transmit this data to third parties.
LinguaLeo is a russian language-learning platform that could be used to collect information about users’ educational needs and preferences.
Recommended alternatives: Duolingo for language learning. As for phone number-verification services, it is advisable to avoid using them altogether.
General Recommendations
Always use licensed software from trusted developers. Avoid KMS activators and other pirated software, as they often contain malware. Regularly update applications through official channels, and use the built-in tools of your operating systems whenever possible.
Remember: Digital security is never excessive; it is a necessity that can save personnel's lives and ensure mission success.