1. Simply Secure: launching a new brand in just four weeks

    Simply Secure Simply Secure is a new organisation, dedicated to finding ways to improve online security – in ways so accessible and useful that there will be no barrier to their use.

    It will bring together developers, UX experts, researchers, designers and, crucially, end users. The plan is to ensure the availability of security and privacy tools that aren’t just robust – they’ll be actively pleasing to use.

    Fascinating stuff

    Now, you may be thinking that online privacy and security aren’t the most fascinating subject – but this month, the chances are that you’ve actually been discussing it down the pub or with your Facebook friends.

    Remember the iCloud story, where celebrities’ personal photographs were taken from supposedly secure cloud storage and put online? Yes, that. If you uttered an opinion about how those celebrities could have kept their images more safely, you’ve been nattering about online security.

    Simply Secure  is founded on the belief that we’d all like privacy and security online, but that up until now, solutions have been too cumbersome and not user-centred enough. When implementing them becomes a hassle, even technically-literate people will choose usability over security.

    How we helped

    Simply Secure knew what their proposition was: now we needed to package this up into a brand for them. Crucially, it needed to transmit a playful yet serious message to launch the organisation to the world – within just four weeks.

    Our designer Martin developed all the necessary branding and illustration. He created a look and feel that would be carried across not just Simply Secure’s website, but into the real world, on stickers and decoration for the launch event.

    Meanwhile, mySociety Senior Consultant Mike helped with content, page layout and structure, all optimised to speak directly to key audience groups.

    Down at the coding end of things, our developer Liz ensured that we handed over a project that could be maintained with little to no cost or effort, and extended as the organisation’s purpose evolves.

    “mySociety are brilliant to work with. They did in a month what I’ve seen others do in six, and they did it better” – Sara “Scout” Sinclair Brody, Simply Secure

    What did the client think? In their own words: “We approached [mySociety] with a rush job to build a site for a complex and new effort.

    “They were able to distill meaning from our shaky and stippled examples, and create something that demonstrated skill not only as designers and web architects, but as people able to grasp nuanced and complicated concepts and turn those into workable, representative interfaces”.

    Always good to hear!

    Something different

    People who know mySociety’s work might have noticed that we don’t typically work on purely content-driven sites. Generally we opt to focus on making interactions simple, and data engaging, so why did we go ahead with the Simply Secure project?

    Well, there were a couple of factors. Firstly, we genuinely think that this will become an invaluable service for every user of the internet, and as an organisation which puts usability above all else, we wanted to be involved.

    Second, we believe in the people behind the project. Some of them are friends of mySociety’s, going back some time, and we feel pretty confident that any project they’re involved in will do good things, resulting in a more secure internet for everyone.

    Take a look

    Simply Secure launches today. We’ll be checking back in a couple of months to report on how it’s going.

    For now, do yourself a favour and visit Simply Secure now. If you have expertise or opinions in any area of online privacy and security, why not get involved?

  2. mySociety response to the Heartbleed security incident

    You may have heard that a widespread security problem – ‘Heartbleed’ – has been found that affects a large proportion of all websites on the Internet.

    Here is one of the many explanations about the nature of the problem.

    Members of the mySociety team have reviewed our potential exposure to the vulnerability.

    We have no indication that our sites have been attacked, or that any information has been stolen, but the nature of the vulnerability would make an attack difficult to detect, and we prefer to be reasonably cautious.

    What does this mean for you? The advice from around the web has been for people to change passwords, especially on sites they use that contain a lot of very important information (e.g. your email account).

    We think the risk that passwords have been compromised is low, but as changing passwords occasionally is always a good idea anyway, now might be a good time.

    For those of you interested in the technical detail of our response, we have:


    • Upgraded the SSL software
    • Installed new SSL certificates based on a new private key
    • Revoked the old SSL certificates
    • Replaced the secrets used for security purposes in the affected sites
    • Removed active sessions on affected sites, so that users will need to log in again
    • Required that users with administrative access to affected sites reset their passwords
    • Required that staff users reset their passwords
    • Notified affected commercial clients so that they can take appropriate action