Summer has finally arrived with full force and brings us sunshine galore. Before you use now the luxuriant sun hours carefree, you should not forget the protection of your skin. The editors of the consumer portal Vergleich.org have compiled what you should look for when choosing a sunscreen:

• Do not use old sunscreen: Expired sunscreen may contain harmful ingredients. Throw away sunscreen at the latest if it smells strange, has become discolored or has developed a strange consistency.
• Avoid UV filters that contain the syllable "benzo-"! In particular, you should be careful with the substances benzophenone-3 (oxybenzone), benzophenone-4 or benzophenone-5, because these are suspected of being carcinogenic, are also hormonally active and often trigger allergies.
• Avoid the substance octocrylene! This forms the carcinogenic substance benzophenone when it decomposes due to aging.
• Zinc and titanium filters without nanoparticles (i.e. without the addition of "nano" in the designation) are harmless! These mineral filters do not disintegrate on the skin and effectively protect against UVA and UVB radiation - but unfortunately usually leave a white layer on the skin.
• Avoid sun creams with nanoparticles! These penetrate the skin and the organism - recognizable by the designation "(nano)". The mineral filters zinc oxide and titanium dioxide are also not recommended with the name addition "nano".

Good filters are anti-allergenic, photostable and non-hormonal;

If you see these filters on the ingredients list of a sunscreen, you can breathe a sigh of relief: these filters are anti-allergenic, so they do not cause allergies. Moreover, they are photostable, so they do not decompose in the sun.

• Bis-ethylhexyloxyphenol methoxyphenyl triazines (Tinosorb S)
• Drometrizole Trisiloxane (Mexoryl XL)
• Terephthalylidene Dicamphor Sulfonic Acid (Mexoryl SX / Ecamsul)
• Ethylhexyl triazones (Uvinul T 150)
• Diethylamino Hydroxybenzoyl Hexyl Benzoate (Uvinul A Plus)
• Diethylhexyl Butamido Triazone (Iscotrizinol)
• Phenylbenzimidazole Sulfonic Acid (Enzulisol)
• Butyl Methoxydibenzoylmethanes (Avobenzone)

You should avoid these ingredients in sunscreens

It is essential to avoid products containing the substance benzophenone (usually benzophenone-3, benzophenone-4 or benzophenone-5 in the INCI list), as this has been classified as "possibly carcinogenic" by the International Agency for Research on Cancer (IARC).

Although this question has not yet been finally clarified scientifically, laboratory experiments with mice suggest this conclusion, so that the use of the substance should be discouraged for the time being. In addition, this substance also has a metabolism-disrupting and allergenic effect.

Furthermore, octocrylene should be warned against in this context, because this substance decomposes after some time, so that benzophenone is produced as a waste substance. This UV filter should therefore also be avoided.

You can also find all info on the evaluation at https://www.vergleich.org/sonnencreme/#Inhaltsstoffe_in_Sonnencremes_Diese_sollten_Sie_meiden

Source: Comparison.org

A cyberattack has been perpetrated on the Vaud-based company Matisa. How "Watson" reports, the same group is said to be behind the attack that recently took over the comparison portal Comparis under fire. The Swiss company, which manufactures machines for track construction, reports on their website, to have become a victim of a ransomware attack.

The procedure corresponds to the same pattern as recently at the comparison service Comparis. The group behind it, "Grief," is said to have attacked all of Europe recently. The hacker collective is considered to be particularly aggressive. It usually does not engage in protracted negotiations and, if unsuccessful, does not miss the opportunity to publish internal company documents on the darknet. In the case of Comparis, no ransom was paid to the blackmailers. However, Comparis has advised its users to change their passwords immediately.

According to "Inside Parade Ground", the same cybercriminals are said to have recently carried out a cyberattack on V-Zug - but without success, as a company spokesperson is quoted in the report. An attack also recently took place at the medical manufacturer Sieggried.

Source: Watson, Inside Paradeplatz

According to a study in the scientific journal "Applied Ergonomics", the assistive forces of an exoskeleton can diminish as soon as mental work is performed at the same time. In one experiment, six women and six men were required to lift a medicine ball repeatedly during two 30-minute sessions at Ohio State University. Exoskeletons were worn during one of the sessions, and the apparatus was not used during the other session.

They measured the force applied to the lower back during each session. They then asked the same participants to perform the same task, while the subjects had to perform various arithmetic tasks in their heads, such as randomly subtracting larger numbers.

Thinking processes lead to other muscle formations

In the experiment, the execution of additional mental thought processes led in each case to a reduction of the load in the lower back region. The benefits of the exoskeleton forces when lifting and lowering the ball were virtually non-existent - the participants even had to fight against the movements. Accordingly, the exoskeleton generally attempted to track the participants' movements, but changes in the brain during mental activities affected muscle recruitments. As a result, the force impacts on the lower back became even higher, which can lead to pain.

The study apparently coincides with earlier research results from MIT. During a military training course last year, test subjects were given similar tasks - with and without exoskeletons. Although the results were widely scattered, researcher William Marras of Ohio State University confirmed that the use of exoskeletons is associated with many such compromises: In addition to the placement and selection of specific tasks when using an exoskeleton, it is therefore also important to include the cognitive tasks.

Source: Heise

According to the Swiss Council for Accident Prevention (BFU) and the Manufacturer Burley (PDF) the affected quick-release axles "Burley Ballz QR Skewer" can break while riding, which can lead to instability of the trailer and the towing bicycle, thus posing a risk of falling for the cyclist.

Products sold between August 2018 and June 2021 as individual parts or as part of the "Burley Coho XC" bike trailer are affected.

As the Federal Bureau of Consumer Affairs. writes in a press release, the affected quick release axles should no longer be used. The products affected by the recall can be used free of charge from September at the manufacturer be reordered.

Source: BFU, Swiss Federal Consumer Affairs Bureau

An unusual day as a business manager: on your way to your company, you want to check the business mails and receive an error message. At 8:15 a.m., arriving at the office, the hacker's extortion letter is on the screen. She wants to receive ten Bitcoins within the next 24 hours and promises you that you will get your business infrastructure back after receiving the Bitcoins.

No problem - you are prepared. Transferring Bitcoins to the hacker is out of the question for you. First, you pull out a kind of business card from your wallet. This lists all the contact details of the crisis team. There are also two ways to call a meeting. Since the business email is disrupted, you do not use the mail group, but the crisis team thread group. At 8:20 a.m., all members of the crisis team receive your message, "Infrastructure hacked - meeting at 8:30 a.m. in the meeting room or via conference number 058xxxxxx with code 529xxx. You now take your crisis doc out of the drawer and go to the crisis staff meeting room and establish the conference connection.

Until everyone has dialed in, take a look at your crisis doc. First you see the list of the I. responsible persons of the crisis team with the details of responsibility, mail address and telephone number and deputy. For the choice of the members in the crisis team you have made a risk evaluation and defined the business critical networks. In your case, an employee of an external IT company is defined as the IT security officer. In his role, he primarily takes care that no hacker gets through. If a hacker was able to get through anyway, he takes care of cleaning up the networks and restores the business infrastructure.
In your case, the Board of Directors only wanted to be informed and did not want to take part in the crisis team. That is why you are listed as the decision-maker. Whenever data is attacked, data security is affected and the data security officer is listed accordingly. She will take care of any reporting obligations and the expected criminal proceedings under data protection law. Given the size of your company, you also wear the hat of the communications officer.

On your Crisis Doc II. Meeting you will find the information on how you want to convene a meeting. Transferring this information to the size of a business card and keeping it in the wallet of all crisis team members has proven effective today. The call-in could just as easily have been launched by another crisis team member. It is 8:28 a.m. and only one member is missing until you can start the meeting.

In Crisis Doc III Stakeholders, you have listed those contacts that you do not want to learn from the newspaper that your company has been hacked. You have listed here all the contact details of your employees, board of directors, customers, business partners. Since you are a member of an association and are subject to supervision, you have also listed the contact details. For the contact of the responsible police you have made clarifications about the location of your servers and now also have complete contact details in your crisis doc. For the federal government, you make a report to the Melani/NCSC reporting office. Since your company could only survive seven working days without access to the infrastructure, you took out cyber insurance a month ago. Contact information and policy number are listed. 8:30 a.m.: The crisis team members are complete and the meeting can begin on time. The meeting opens with who convened the crisis team. After each member is given the floor and briefed on updates, decisions are made. Notifications to Melani/NCSC are taken care of by the IT officer, and the relevant data protection authorities are informed by the data protection officer. You take care of communication with stakeholders. The crisis team now meets every two hours to provide information about current events.

The brief IV. Communication from your crisis doc supports you to inform your stakeholders at 9.00 a.m. with this letter:
"We regret to inform you that our company has detected an unauthorized access to the infrastructure today at 8:15 am. The hacker was able to place a blackmail message. The crisis team designated for such a case met for the first time at 8:30 am. So far, all our systems have been disconnected from the Internet. In addition to researching how our infrastructure was accessed, we are working to chronologically scan our offline backups for infections. A clean backup will be uploaded to a backup infrastructure. More details will be provided at 5 p.m. today."

At 9:15 a.m., you take a quick breath. All your stakeholders have informed you and you can devote yourself completely to the situation. You are grateful that you have practiced such scenarios with the same regularity as fire drills. During the drills, you identified and addressed weaknesses. With the team you now have in place, you are confident that your infrastructure will be back up and running by 4:00 pm. You probably lost some data from the last few hours. I wonder if you will be able to announce at 5:00 p.m. that you were able to successfully fend off the attack. How high will a fine be for the data breach?

Ms. Zinkernagel, what is a typical working day like as a detective tracking down germs at the University Hospital Zurich?

If a patient is referred to us on a consultative basis, we establish a differential diagnosis and derive a diagnostic proposal from this, followed by a therapy proposal. If the results are positive, the therapy is adapted or adjusted if necessary. If an outbreak is detected in the hospital, we search for the origin of the outbreak and, if necessary, are responsible for isolating and screening the patients.

How is it usually detected at an early stage and ruled out that, for example, a flu virus spreads further if employees fall ill among themselves but do not show any symptoms?

In the USZ - even long before Covid-19 - the standard hygiene measures apply, such as observing hand hygiene, staying at home in case of cold and flu symptoms, etc. Symptomless employees and patients are not tested for the flu. Covid-19 is different: all patients are tested for the virus upon hospital admission.

In the case of resistance to antibiotics, what influences the use of so-called reserve antibiotics against multidrug-resistant germs? What are factors for absolute emergencies?

Fortunately, there are relatively few multi-resistant germs in Switzerland. Antibiotic reserves only have to be used very rarely in our latitudes - when we have to treat a bacterial infection caused by a multi-resistant bacterium.

What is currently the most important issue for the University Hospital Zurich in terms of infection prevention and the protection of patients who are particularly at risk?

At the moment, of course, much of the focus is on Covid-19. Time and again, we are concerned with resistant microorganisms that are difficult to eliminate.

What happens during the isolation phase?

Isolation is used to protect people from a microorganism spreading to other people. Since Covid-19, everyone in the USZ and many people in everyday life have been wearing a mask, keeping their distance and taking care of their hand hygiene. As a result, there are practically no flu infections this year. So the measures are working!

Covid certificates have been issued in Switzerland since June 7, 2021. In order to In order to thoroughly test the functionalities and handling of the entire system, as well as its security, various internal and public tests were previously carried out at the federal government.

Internal analyses were conducted before and during the launch of the Covid certificate, with guidance from the National Cyber Security Center (NCSC), by several agencies, including the Federal Office of Information Technology and Telecommunications (FOITT) and the National Cyber Security Testing Institute (NTC).

The number of findings at weak points was to be classified as "normal" in view of the extensive nature of the work. The entire Report of the authority comprises 16 pages. Mentioned are 136 vulnerabilities. Several critical flaws are still being analyzed and will not be published for the time being for security reasons. According to the NCSC, there is no need for action in some cases, since some of them were misjudged by the reporters.

The Public Security test however, continues to run. The QR code contains, among other things, the surname, first name and date of birth of the certified.

Source: NCSC

©Pixabay

Using only open source code and without "attacking" Telegram's running systems, a small team of international researchers analyzed Telegram's encryption services in detail. The researchers from ETH Zurich and Royal Holloway College (University of London) uncovered several cryptographic vulnerabilities in the protocol of the popular messaging platform.

While the immediate threat to the majority of its 570 million users is small, the vulnerabilities make it clear that Telegram's system is inferior to the security guarantees of other commonly used encryption protocols, such as Transport Layer Security (TLS). Professor Kenny Paterson of ETH Zurich points out that the analysis revealed four key problems that could be solved "... better, more securely, and in a more trustworthy way with a standard encryption method."

First weak point: commit a crime or eat pizza?

The researchers found that the most significant vulnerabilities are related to the fact that attackers in the network can manipulate the sequence of messages sent from the client to one of the cloud servers operated by Telegram worldwide. For example, messages could be mixed up in a chat history. So if someone can change the order of the messages "I say 'yes' to", "Pizza!", "I say 'no, to", "Crime", the "yes" to eating pizza could suddenly become a "yes" to a crime.

Second weak point: every bit of information is too much

Via this vulnerability, which is rather theoretical in nature, a network attacker can find out which of two messages from a client or from a server is encrypted. However, encryption protocols are designed to exclude such attacks as well.

Third weak point: Set the clock

The researchers examined the implementation of Telegram clients and found that three of them - namely Android, iOS and Desktop - each contained code that, in principle, allows attackers to partially decrypt encrypted messages. While this sounds disturbing, it would require an attacker to send millions of carefully crafted messages to their target and detect minute differences in the delivery time of responses. However, if such an attack were successful, it would have devastating consequences for the confidentiality of Telegram messages and, of course, for its users. Fortunately, such an attack is almost impossible in practice. And yet, this vulnerability must be taken seriously. Such an attack is thwarted mainly by chance, since Telegram keeps some metadata secret and selects it randomly.

Fourth weak point: Someone is reading along

The researchers also show that during the initial key exchange between client and server, an attack can be carried out by the attacker interposing himself. In doing so, the attacker impersonates the server to the client, which allows him to violate both the confidentiality and integrity of the communication. Fortunately, this attack method is also relatively difficult to carry out, as it would require the attacker to send billions of messages to a Telegram server in minutes. However, this attack demonstrates that the security of Telegram servers and their implementation cannot be taken for granted, even though users must be able to rely on these servers, since no end-to-end encryption is provided by default.

Security basics

As is standard practice in this area of research, the team informed Telegram's developers 90 days before the results were published. This gave the company enough time to fix the identified flaws. In the meantime, Telegram has responded to the findings and fixed the security issues found by the researchers with software updates.

Encryption protocols rely on elements such as hash functions, block ciphers, and public-key encryption schemes. It is standard in the industry to combine these secure building blocks in such a way that the security of the protocol constructed from them can be formally guaranteed. Telegram has no such formal assurance. But the research team has good news for Telegram here: It showed how such safeguards can be achieved even by making minimal changes to Telegram's protocol. However, a protocol is only as secure as its building blocks, and the way Telegram's protocol works, its building blocks must meet extraordinarily high security requirements. The research team draws a comparison here to the roadworthiness of a vehicle but with untested brakes.

Why do academic researchers actually scrutinize open source code from the private sector? Kenny Paterson says, "The fundamental motive is that we want to build stronger, more secure systems that protect their users and users. Since the technology industry sometimes evolves faster than its academic counterpart, technology companies offer students an opportunity to work on real-world challenges, perhaps solve them, and make an important contribution to society."

Professor Martin Albrecht (Royal Holloway) adds, "The inspiration for our work in this case came from research elsewhere that examined technology use among participants in large protests, such as 2019/2020 in Hong Kong. We found that protesters coordinated their activities predominantly on Telegram, but that Telegram had not previously been put through its paces by cryptographers..."

Source: ETH News

The European Union (EU) wants to allow the planned surveillance of people by means of automated facial recognition According to a draft regulation from April and only allow exceptions if this is necessary to maintain public order and law enforcement. The EU Commission is convinced that the minimum requirements for such an application include the exclusive use of "neutral", i.e. non-discriminatory, e.g. racist, data for the development of AI, and that humans retain ultimate control over measures, i.e. legal interventions.

Such a restrictive regulation will considerably limit the usability of the biometric technology of the future. Already in 2007 had the German BKA achieved recognition rates of more than 70 percent with a false acceptance rate (FAR) of 0.4 percent as part of a research project at Mainz Central Station using frontal images in daylight. In a pilot project at Berlin Südkreuz station in 2019, a hit rate of over 91 percent was achieved with an FAR of 0.21-0.25 percent, depending on the size of the reference database.

Legal regulation in compliance with human rights

Although German Interior Minister Seehofer initially wanted to enshrine the possibility of facial recognition in the Federal Police Act and have such systems installed at 135 train stations and 14 airports, the draft of the new Federal Police Act no longer provides for this possibility, primarily because of the FAR established to wait until the technology is "mature."

In contrast, Green Party MEP Alexandra Geese sees the EU regulation's failure to outright ban automatic facial recognition in public spaces as a "slap in the face to civil society." According to a Report of the magazine "Spiegel San Francisco became the first city in the U.S. to ban the use of facial recognition by authorities. According to a report in the "Süddeutsche Zeitung" in June 2020, the companies Microsoft and Amazon have also announced that they will suspend cooperation with the police until facial recognition is legally regulated in compliance with human rights.

Neither the Swiss Federal Constitution nor the German Basic Law (GG) explicitly provides for a right to anonymity. To understand a right to anonymity as an essential feature of human dignity, which is unrestricted under both constitutions, would extend this "superfundamental right" disproportionately. Rather, the right to anonymity is a component of the general right of personality enshrined in Article 10 (2) of the Swiss Constitution and Article 2 (1) of the Basic Law, which can be restricted under the conditions of Article 36 of the Swiss Constitution and Article 19 in the Basic Law. A
legal regulation for the purpose of danger prevention and criminal prosecution is therefore permissible.

AI of facial recognition systems is becoming more accurate through learning algorithms. And image databases are growing. Polish startup Pimeyes has built a database of 900 million stored faces, and Chinese company Megvii is creating a new face recognition system after a Report in the newspaper "Das Parlament a facial recognition product platform that more than 300,000 companies in 150 countries are using to develop their own applications, according to Forbes. More and more companies are using facial recognition in the home rights sector.

For example, the airline alliance Star Alliance wants to replace boarding passes with facial recognition on a voluntary basis. Chinese company Taigusys has even specialized in the development of emotion recognition software and believes according to a recent report in the FAZThe idea is to be able to foresee dangerous behavior and track down criminals. But there is no scientific evidence that a person's emotional state can be reliably read from his or her facial expression.

Covid certificates have been issued in Switzerland since June 7, 2021. In order to In order to thoroughly test the functionalities and handling of the entire system, as well as its security, various internal and public tests were previously carried out at the federal government.

Internal analyses were conducted before and during the launch of the Covid certificate, with guidance from the National Cyber Security Center (NCSC), by several agencies, including the Federal Office of Information Technology and Telecommunications (FOITT) and the National Cyber Security Testing Institute (NTC).

The number of findings at weak points was to be classified as "normal" in view of the extensive nature of the work. The entire Report of the authority comprises 16 pages. Mentioned are 136 vulnerabilities. Several critical flaws are still being analyzed and will not be published for the time being for security reasons. According to the NCSC, there is no need for action in some cases, since some of them were misjudged by the reporters.

The Public Security test however, continues to run. The QR code contains, among other things, the surname, first name and date of birth of the certified.

Source: NCSC

Cyclists endanger themselves According to an analysis of the Swiss Federal Accident Prevention Bureau (BFU). Every year, there are around 200 serious collisions on Swiss roads caused by cyclists. The cyclists themselves are usually seriously injured or pay for the accident with their lives. Around 10 percent of these serious collisions occur on Swiss roads each year.

More police control and more prevention

However, the analysis of the BFU indicates that many of the accidents are caused by failure to yield the right of way. In an average year, there are four fatalities and more than 60 serious injuries. An often criticized misbehavior of cyclists is also ignoring red lights, riding on one-way streets or cyclists who do not ride at night without lights. However, due to these circumstances, relatively fewer accidents occur than in the case of disregarding the right of way rules. Nevertheless, according to the BFU, even such petty offenses should be checked more often by the police, since they have no less serious consequences for pedestrians as well as for those who cause them.

However, cyclists are also disadvantaged in many traffic situations. The BFU also complains that there is a need for action in terms of infrastructure and insists on a safe, coherent network of cycle paths with few detours and waiting times, so that cyclists can increasingly use the paths intended for them and behave in accordance with the rules. Serious collisions between cars and bicycles can be prevented by modern assistance systems such as emergency brake assistants and turn assistants. It is also important to continuously adapt the technical equipment of the vehicles during driver training.

Source: AAIB

Whether on a beach vacation, after a mountain tour or on the balcony: Almost everyone has experienced that too much sun on unprotected skin burns later. The sunburn passes, but with each time the risk of skin cancer increases. In addition to the particularly dangerous melanoma, light skin cancer is diagnosed around 25,000 times a year, according to the Swiss Cancer League.

The skin forgets nothing

Several aspects come together in the causes for an increase in skin cancer numbers. On the one hand, the damaged ozone layer allows more and more UV radiation to pass through, and on the other, melanomas are detected earlier. The fatal thing is that radiation exposure adds up over the course of a lifetime.

Anyone who spends a lot of time outdoors for work-related reasons is particularly at risk. This applies not only to the construction industry, farmers or gardeners. Employees in many other industries such as green care, road maintenance, water management or surveying are also affected. Occupationally caused cases of skin cancer can be recognized as an occupational disease.

Prevention when working under the sun

Removing the source of danger is not an option; the sun cannot be turned off. Substitution is not always possible either, because many outdoor activities cannot be moved indoors or to a home office. Therefore, occupational safety and health managers in a company must use other options to protect employees at risk, such as:

• Use shade providers wherever technically feasible, such as sunshades, awnings, mobile pavilions, etc.
• Consider weather forecasts and UV index when organizing tasks
• Arrange working hours flexibly so that time spent in the blazing sun is minimized, e.g. use the early morning hours for tasks in the open air
• Educate employees and raise awareness of skin hazards
• Issue suitable protective clothing, ideally long-sleeved and air-permeable

The following applies to protective clothing: the higher the quality, lighter and more breathable, the greater the acceptance of wearing it. The head with face, neck and ears should also be protected, e.g. by a hat with brim or helmet with forehead shield and neck protection. The protection of the eyes by high-quality sunglasses should also not be forgotten, because the UV radiation also damages the cornea and retina.

Sunscreen as an option

UV protection creams should have a high sun protection factor (SPF) and be as fragrance-free and waterproof as possible. The SPF (or SPF for Sun Protection Factor) indicates the maximum factor by which the skin's own protection is extended - between 5 and 40 minutes, depending on skin type. Appropriate sunscreens are often essential, but should be the last option. Simply placing a box of creams on the construction site is not a solution to save yourself technical or organizational protective measures.

Important to know: The sun protection factor of the sunscreen requires thorough application and exposure. In case of movement, rubbing and sweating, a new application may be necessary. However, this in no way prolongs the protective effect! This would require a product with a higher SPF.

Sunscreen to put on

Originally developed for sports, special UV protective clothing is now also offered as workwear. But is that necessary? Doesn't every piece of clothing protect against the sun? Here it is necessary to look closely. Because the protective effect of different materials and fabrics differs greatly and can also diminish due to wetness or stretching when moving. A sweaty white cotton shirt hardly offers any protection in extreme cases, but can - on the contrary - act like a burning glass.

Therefore, the textile industry has developed sun protective clothing made of very tightly woven fine fibers. The fabrics are light and yet keep out a large part of the radiation. The decisive criterion is the UPF value (Ultraviolet Protection Factor). Its scale ranges from 0 to 80 and - analogous to the SPF of suntan lotion - provides an orientation by which factor one can extend the time in the sun without having to fear sunburn.

Whether and for which workplaces and activities such special UV protective clothing is absolutely necessary is a matter of debate. However, it is to be welcomed if - similar to climate-active and "breathing" fabrics - developments from sports and fitness clothing are also used for protection and to make work easier at work.

Enjoy the sun, but en masse

All the justified caution about skin damage should not lead us to perceive natural sunlight as a constant threat. Even the UV portion of the radiation should not be viewed only negatively, because we need it to form the body's own vitamin D. It's no coincidence that nice weather with sunshine puts us in a good mood, and especially in the darker months of the year, it can be beneficial to soak up a little sun. As is so often the case, however, it's the dose that counts. Anyone in an outdoor job who gets a lot of sun should protect themselves consistently.

Misconceptions about the UV hazard clarified:

No one should underestimate the effect of UV radiation; it damages the skin

• not only in high summer. Skin damage is already imminent in April and May;
  the highest UV radiation occurs on June 21.
• not only in heat, the air temperature says nothing about the UV intensity.
• not only at midday. The rule of thumb is: If you are taller than your shadow,
  UV protection is required.
• even in the shade, because clouds or trees keep out only part of the radiation.
• not only on the beach, UV intensity also increases at altitude.
• not only with a sunburn. Invisible skin damage already begins earlier
  and even if you are already pre-tanned.