Pentultimate Privacy

neks · Joined: Jul 06, 2008 Posts: 4

The Pentultimate Privacy Question-assume the regular use of two file cleaners-Z-Delete and Clean Disk Security, cleaning the usual files + swap file+ file slack space+standard free space+ index.data files+plug-ins.
Assume the use of Privoxy, Tor, Vidalia, and Firefox3, + a sattelite ISP.
Assume no files are knowingly stored by me. Am I secure in terms of privacy? What about all the log files-are these internal hidden files in so many programs and add-ons, or just virtual local files? What about Norton Internet Security, which I already know everyone says to replace- it blocks Z-Delete and Spybot from its own internal files? What about Google or other searches? Any other Privacy issues I'm missing? I don't want them to know I searched and browsed for 10^500 ways to kill string theory.

goretsky · Posted: Sun Dec 14, 2008 3:30 am Post subject:

Hello,

You could try using a "portable" version of Mozilla Firefox run from a USB flash drive which stores all of its file on the USB flash drive to reduce the likelihood of information being written to the computer.

Keep in mind, though, that if you are accessing the Internet, all of the data is going to go through your ISP, and all it takes is a court order, subpoena or similar legal document to provide the authorities with a copy of all traffic going through your network connection.

Regards,

Aryeh Goretsky

louis-the-cat · Joined: May 13, 2006 Posts: 307

adding to what Goretsky says, you might want to consider running Tor from a USB.

Onion do a portable version of TOR in a portable package which also includes a portable version of Firefox ( and includes the whole privoxy, vidalia setup aswell). It was put together for journalists who needed a USB solution to internet security/privacy/censorship when reporting from China during the Olympics. Make sure you get the English Version......I think the default version is in German, unless of course your German is up to speed......since ich habe keine annung ...there is is a danger I hit the "send" button rather than the "delete" button

If you are going to use Firefox, or Firefox portable there are a couple of useful add-ons you might want to check out.........one allows you to selectively toggle "allow scripts" on and off....the other allows you to control "referers" ( which basically allow a site to know and record which site you came from previously)...you might want to consider being able to switch this on and off.

Having said all that about Firefox Portable.......you might want to consider using the SRWare browser that they call IRON......basically its an open source version of CHROME......check out their site and you can see the security advantages that they claim over other browsers. Iron also has a "incognito" mode....which I find useful this time of year buying on-line Christmas presents without the family finding out what I've been buying for them! Again make sure you get the English version unless your German is up to speed.

Do you use Google? Why not consider IXQUICK ?. The IXQUICK website will explain the reason better than I can, but basically Google can and does collect and leak information.

neks · Joined: Jul 06, 2008 Posts: 4

Goretsky and Louis-the-Cat, thanks for the advice. I thought the use of a proxy server prevented the ISP from getting identifiable info; isn't that the whole idea; anyway, it's the Principle of the whole computer/internet thing; do I have, can I get control of it; you know-privacy, freedom, big brother;anyway, please respond about the proxy server; also, any advice on how to learn about, identify, find, and clean the morass of log files? Finally, no one has said whether I have achieved privacy and a clean hard drive with the methods I listed in the question.

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

Privacy measure on YOUR computer:
Most of the so called scrubbers will do there jobs & most computer savvy people can do a pretty good job of it MANUALLY. But there will ALWAYS be SOMETHING left behind & if a computer forensics expert were to get at it I will guarantee that with a high rate of certainty they WILL find it. I've even found enough evidence on a computer using the NORMAL stuff a scrubber would get to hang a group at a place I once worked. (they weren't savvy enough to cover ALL there tracks)

Privacy on the internet:
There are certain things that just HAVE to be passed for ANY communication to work, even with proxies. And as for the proxy, it all depends on where that proxy is as to the extent of its so called protection. But if a court order were issued, it is only a matter of tracing that info I just mentioned to lead right back to YOU.

Bottom line, if you got something you don't want found on a computer, DON'T PUT IT THERE IN THE FIRST PLACE. - in other words don't even USE the computer.

You can take measure to keep certain things off & it is worth doing & it sounds like you are doing it but don't be fooled into a false sense of security here especially if you do something illegal. - The mentioned portable apps are good. A live CD is best but you most likely would have to know LINUX or some such OS. There ARE things to make M$ live CD's, though. Some places frown on this & may have the drive & ports turn off so this can't be done. (I'm thinking work, internet cafes, libraries, schools & such)

But don't let the paranoia set in either, under normal usage & circumstances, you don't have a thing to worry about. Just keep your nose clean & all will be OK. - Key here is, "don't give anyone a reason to be looking & they (most likely) won't" (I'd say that any that DO would be in trouble in this case)

Now the OTHER side of the coin. There ARE sloops out there & rough sites & info gatherers. It just takes educating yourself as to what they are & what to do about each. Most search engines (such as google) keep a track record of your activity & the more of there stuff you have installed on your computer the more likely it is for them to get that info. BTW: some of it is just plain junk that will wreck havoc with your computer in the first place. Try to maintain a clean "virus / trogan" free machine & stay away from bad sites & you will be OK.

Also note; any company computer you use at work is THERE'S & is subject to whatever THEY want to do with it. So if they have reason to "inspect" they can & will. After all, it IS there's. (& it's there "back side" if it is used wrongfully) The same holds true for any OTHER computer you are "borrowing" such as schools.(remember, schools can be colleges as well)

If you do a search on this forum, you should find info on the programs you list. Just to much to repeat here, sorry.

Crymeny, I'm writing a book! But I hope this helps...

zlim · Joined: Mar 11, 2005 Posts: 2747

magister-ludi · Joined: Dec 14, 2008 Posts: 12 Location: node 378/15tyc-fg

you can run....but you can't hide Cool

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

goretsky

Hello,

As Baby_Tux alluded to, you really do not have privacy or anonymity on the Internet. What it really comes down to is if you are doing enough accessing of information (searches, downloads of files, visiting of web sites, et cetera) that are of enough interest to to someone (usually the national government) to warrant an investigation of your activities.

What exactly the "information of interest" is tends to vary from government to government. Accessing child pornography tends to be something all governments take an interest in, but specific governments might have additional interests. For example, Russia might be interested in people who access sites sympathetic to Chechnya and Georgia, while China might be interested in people accessing information about democracy and Falun Gong. In Muslim countries, it might be access to pornographic web sites and so forth.

Using a Linux Live CD which only writes stores information in RAM (which disappears when you shut the computer off) is one way to avoid having any "incriminating" information such as log files on your computer. The other thing I can think of to do would be to use the computer as "normal" with whatever privacy or anonymity you normally use, then boot it afterwards from Linux Live CD and examine all files created during the last computing session. Delete any files which contain data you do not wish to be viewed. Keep in mind there area likely to be hundreds if not thousands of files created or updated during a computing session, so it might be better to stick with the Live CD approach all the time.

Of course, the lack of any temporary files or other session-based data is in itself evidence that you are attempting to hide something from someone, so you might want to be careful about how much anonymity or privacy you make use of, and for how long.

Regards,

Aryeh Goretsky

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

Please let me emphasize that the Linux liveCD still can write to other media if so set up to do so. Given that, there still may be something lurking. And as Goretsky pointed out, the LACK of something that should be normally there is enough for someone to go the next step.

Like I said, the only way to know for sure that you don't leave anything behind is not to use the computer in the first place.

To me this is like driving through the busiest part of town & trying not to be seen. Yes, there are things one can do to prevent it but is it really worth the bother? Same holds true with computers, some measure SHOULD be done such as firewalling your ports to make them "stealth" but some stuff is just plain overkill, like deleting every log file there is. --- some are needed for IT type stuff & I'll guarantee that if that happens at a work site the IT guy will be on it like flies on garbage.

magister-ludi · Joined: Dec 14, 2008 Posts: 12 Location: node 378/15tyc-fg

Neks,

you asked the question about whether a proxy server prevents an isp getting identifiable info.
the answer is no.
even if you are using a chained series of proxies ( like TOR) it is still possible for the web site you visit to get your IP address.
even if you have set up TOR properly, and you have switched of referers, java and cookies it is still possible, and generally quite easy, for a web site you have visited to identify your real IP address. Note here that I am not talking about computer forensics experts......I'm talking about a web site administrator....any web site. There may be those who don't belive this, but there are applications on most PCs that can and do leak information....and i'm not talking about the usual suspects like the media players, quicktime, real player etc....and this information leaks right through....even through a series of chained proxies.

On the matter of using proxies, remember, as has been alluded to by others, using them attracts attention. Who do you think uses them? It's criminals, perverts and spooks and so that's where the law enforcement agencies quite sensibly devote their time. You may be aware of the incident not that long ago when a security agency ( foreign) used TOR to send emails.....not only were they readily intercepted, but because they thought they were secure, they weren't encrypted and were read quite easily...a simple translation was all that was required. Who do you think runs these proxy sites......the same criminals, perverts and spooks.....and so they quite easily get access to anything passing through their sites, including incidently any passwords and usernames you might type...think about it.

as to the matter of what files are stored on your system itself......where to start? I was quite recently surprised to find a file that not only logged which usb ports i had used and when, but what pieces of hardware i had attached to them at various times and for how long, and in the case of usb flash drives the unique identification number of each. I can't think what use you can put this information to, but be aware that if you have a "secret" memory stick with your data on it, not only is there a record of it, and when you used it on your pc, there is a record of it ( and its unique ID No.) on every PC you've attached it to.

goretsky

Hello,

That actually sounds quite useful for keeping track of when a PC is used (ask employees, students, et cetera) to insert their USB "key" when using the system, or clocking in or out of a job and so forth.

Regards,

Aryeh Goretsky