Layer One: Good Privacy Protection Habits
Part I of this article covered the people who want your data, the technologies available to them, and the Constitutional underpinnings of your right to privacy. Here in Part II we cover the six layers of privacy protection, with dozens of links to products and services that will maximize your privacy.
The most effective thing you can do to protect the private information on your computer is to establish a layered approach to security. You need to build first-line, second-line, third-line (etc.) defenses, and consider the consequences at each level if those defenses should fail.
Not to indulge in an overused, and rather passé phrase, but when it comes to computer security, you are the weakest link. The most sophisticated security system in the world cannot protect the privacy of information if you don't develop and adhere to good privacy protection habits.
First and foremost, develop the habit of non-disclosure. Simply because forms or applications request private information does not mean that you should automatically divulge the information. Generous use of "Not Applicable" or "N/A" is a prudent habit to develop. You can be more proactive, if you like, handling excessive demands for personal information with a campaign of disinformation. Simply altering a few characters of a name, zip code, or social security number when inputting data on Internet forms causes information to be associated with the fictitious identity, thus defeating data mining and profiling techniques. Of course, you should be especially stingy with information that uniquely identifies you, such as your driver's license number or social security number. Such entries should be limited to online banking, passport renewal, or other dealings with trusted firms and agencies.
Another important privacy protection habit is educating yourself to the specific weaknesses of your hardware, operating system, and applications.
One example of a hardware weakness would be the TEMPEST emanations discussed in Part I, but you would, first and foremost, have to be a pretty bad dude to be the subject of TEMPEST monitoring. Researchers and security experts differ on how effective TEMPEST monitoring is, how directional the antennas are, and how well one machine's emanations can be differentiated from another's. Researchers Markus Kuhn and Ross Anderson say that TEMPEST monitoring can be prevented with techniques such as using gray scales to mask characters on the screen. Alternatively, you can supposedly jam the emanations by placing a second computer within the same room and having its monitor generate an electrical smokescreen of characters by using a screensaver similar to the one used in the movie "The Matrix." We would theorize that an older monitor with higher emissions than a new one, running at the same resolution and refresh rate, would be most effective, but you're not that paranoid, are you?
Most browsers have an autocomplete feature that remembers what you've typed when you fill in online forms. After you've typed a few characters, the autocomplete feature creates a drop-down box that contains the remainder of a zip code or other data. How did your computer know what information was needed to fill in the desired blank? You might be shocked to find that your Social Security number, bank account number, passwords, birthday, address, mother's maiden name, and credit card numbers are all stored on your computer if you've entered them into forms. You can clear out this information and disable this feature with only nine clicks of the mouse:
From the Internet Explorer Tools menu, click: Internet Options|Content tab|autocomplete button, then uncheck all three boxes and click the two buttons to "clear forms" and "clear passwords", then click "OK" to close the two open dialog boxes.
Do you play games at work? Use unauthorized software? Windows can give you away. It maintains Applog files in the System folder and keeps a record of which programs are used most frequently. Windows uses this information if you select the defragmentation option to rearrange your program files so that your programs start faster. Deleting the Applog folder's contents prevents that record from being examined to determine your usage habits.
Temporary Files and Hidden TextWindows temporary files can create a privacy concern if they contain personal information and are not securely deleted. If, for example, you create or edit a document in Microsoft Word and then save it, Windows immediately creates a temporary file containing information from the old (pre-saved) version of the text document. Windows may store this temporary file in any available space on the computer's hard drive. When you turn off the computer, the temporary file is "deleted," meaning that its storage space is marked as available for future data to be recorded. However, the file's contents are not actually erased from the hard drive. The information from the old document can be recovered using simple file recovery or disk inspection software if no new data has been written to the old document's storage location on the hard drive.
A simple, but tedious, protection measure that avoids the problem of old document contents being invisibly stored, is to use the "save as" command on Microsoft Word's File Menu instead of the "save" icon. The "save as" command allows a user to change the file name each time the file is saved, thus preserving the old (pre-saved) versions of the document in a visible form and making them easier to securely delete.
Many applications create temporary files to facilitate automatic recovery of your work in the event (or is that a certainty?) of an operating system crash. After a few months' use, these files, typically beginning with the tilde (~) character, litter your system. Using the Windows Disk Cleanup utility restores the space taken by the temporary files, but doesn't erase the data. An additional step, secure deletion of free space, is necessary, as we'll see in Layer Five, below.
Microsoft Word itself has a significant weakness in the way it handles revisions to a document and "deleted" text. You're probably aware of Word's undelete/undo features, but have you considered how this task is accomplished? Text that has been "deleted" in a Microsoft Word document is actually not erased at all. It is merely coded to not appear when viewed or printed; similar to the way other non-printing characters like paragraph indentations or page breaks do not appear. The "deleted" text can be viewed by using the Notepad program in Windows or Edit program in MS DOS. If you email a Word document or give it on a disk to someone, all your edits and revisions go with it. So that letter that you jokingly started, "Dear Meathead..." and then erased still bears your original sentiment. Older versions of Word even include passwords to supposedly-protected documents.
Preventing this type of leak is as simple as cutting and pasting the Word document's text into a new Word document before sending it to anyone. All of the revisions are left behind; the new document is built with only the visible text. Similar cautions apply to any application with an undo/redo feature.
Strengthen and Mask PasswordsIf you're serious about maintaining your privacy, password discipline should also be habitual. If you're unfamiliar with password cracking methods, you're likely to make many common mistakes. A 1999 survey by Network Computing magazine revealed that two thirds of people use the same password for multiple accounts. So if you visit a fraudulent Web site and enter a password as part of creating an account or an identity, then the odds are great that the site owner will have access your email or other accounts with the password given.
Another common mistake is selecting insecure passwords. Passwords should be a minimum of 8 to 10 characters long and be composed of a combination of numerals, punctuation marks, and upper and lower case letters. Passwords should never be the name of a person, a birth date, sequential numbers, or any word from a dictionary of any language. Password cracking programs using a dictionary attack can easily guess a password by trying every word in an entire dictionary. This process takes only seconds to complete on computers using Pentium (or faster) processors.
One method of password selection would be to incorporate a strategy of obfuscation. For example, you could record a CD with dozens of full-length, classic e-book texts such as War and Peace, Les Miserables, the complete works of Shakespeare, etc., and chooses a few letters from a word at the end of one sentence and a few letters from the beginning of the next sentence as a password. This would result in a strong password with upper case, lower case, and punctuation characters. If you were to insert this CD and use a mouse to navigate to the correct e-book location, highlight the characters, and then copy and paste them wherever a password was required, you would prevent a key logger from detecting anything because the keyboard would never be used. The CD itself would be of little use to any one looking for your password, and if the CD were ever inadvertently lost or damaged, you could easily recreate it from the public-domain texts. Note that although the cut-and-pasted characters may not be visible to a keyboard logger, some spy programs also take periodic snapshots of the screen, and you might be unlucky enough to have your password snapped between the time you paste and hit the Enter key.
Layers Two and Three: Physical Barriers and FirewallsPhysical Barriers
Of all the various privacy protection methods, barriers are the easiest to implement. Barrier security is founded upon the simple premise that the fewer people who have access to a computer system, the less the likelihood that the system will be subjected to unauthorized access. The physical location of a computer storing personal information should be in a lockable room, just as you would lock a desk drawer or file cabinet. If you have more than one computer you should consider isolating one computer from the Internet and storing financial records or other private information on the isolated system. The most proficient hacker/cracker in the world cannot access a system with which they have absolutely no contact.
Filters, and Tracking Detection Firewalls
You can block referrers several different ways, including with filtering software such as The Proxomitron, which is available from www.extremetech.com/proxomitron. Proxomitron is a proxy server that runs locally on your machine, filtering inbound and outbound traffic. If you'd prefer not to have web filtering software installed on you computer, you can use online web filtering tools such as Anonymizer at http://www.anonymizer.com/ or Rewebber at http://www.rewebber.de/. These sites redirect your Web traffic through their machines, filtering the outbound traffic and removing all identifiers, including your IP address, from your packets.
Layer Four: Trojan, Key Logger, and Spyware DetectionIf the first three layers of defense fail and unauthorized access to the computer does occur, it is important to be aware of the intrusion so that it can be dealt with as quickly as possible. Specialized detection software is needed for this purpose because Trojan, key logging, and spyware programs are designed to run invisibly and will appear neither in the Windows system tray, nor in the task manager window that appears when CTRL-ALT-DEL is pressed once. Two free programs that assist in the detection of intruders are Regmon which provides a real-time display of all changes to the Windows registry, and FileMonitor which displays all file opening and closing activity as it is occurring. These two programs are available from: http://www.sysinternals.com/.
Key Logger Detection
Layer Five: Minimizing Exposed InformationFifth Layer: Minimize Exposed Information
In the event that all of the foregoing methods fail and someone does break into your machine, you should take steps to limit the information to which the intruder can have access. This fallback position includes techniques to securely delete unneeded sensitive information and encrypt sensitive information that must be retained on the system.
BC Wipe is a multifunction secure deletion tool available from: http://www.jetico.com/. It clears and overwrites the Windows swap file (WIN386.SWP), file slack space, and the unused space on a hard drive. All of these areas can potentially contain private information. The BC-Wipe program offers various options for data deletion ranging from a fast single overwrite up to capabilities that meet U.S. Department of Defense data destruction requirements for classified information.
Clean System Directory from http://www.theabsolute.net/sware/ is a free application that allows users to remove dynamic linked library files (.dll) that were left behind when their corresponding applications were uninstalled. From a privacy standpoint, the removal of these files prevents someone from examining the Windows system folder and determining what programs were previously installed.
Clean Up! is a free program from The Strangely Green Chicken Company at: free.prohosting.com/~sgould/cleanup/README.html#Download. With only a single mouse click, it searches for and deletes files containing private information about Internet activity. This program's deleted files include the Index.dat files that contain a cumulative list of every website visited. A user attempting to simply delete the Index.dat files without such a program will discover that Windows blocks user access to these files.
Empty Temp Folders from: danish-shareware.dk is a free multifunction application which allows users to selectively delete cookies, Internet history items, and temporary files, in addition to clearing the Windows clipboard, and finding broken links to files that have been deleted. Finding and deleting broken links to deleted files, is one of the loose ends that can disclose a user's activities on a computer.
Properties Plus from http://www.ne.jp/asahi/cool/kish/ is a free program that allows a user to alter the time/date stamp that Windows places on every file. This time/date information can be used not only to see when a user created, modified, or last accessed a particular file, but by analyzing the time/date stamps of files in conjunction, a detailed usage pattern can be deduced. A manual method to achieve time/date stamp modifications is to copy a file from one hard drive to another, and then copy the file back again. However, the manual method only resets the dates and times to when the file was re-copied.
RegCleaner (not to be confused with Microsoft's unsupported product RegClean) is a free program available from http://www.jv16.org/. Many programs leave behind telltale registry entries when they are uninstalled. Although not specifically designed as a privacy tool per se, this product enables a user to search out and eliminate all references to previously installed programs, thus, denying this information to anyone later examining the computer. An unintended consequence of this cleaning is that it allows many shareware programs to be repeatedly reinstalled after their expiration dates, since these programs use these hidden registry leftovers to identify which computers have previously installed the shareware.
One disadvantage of encryption is that an encrypted file, folder, or hard drive can be tantamount to a red flag identifying information as sensitive. An alternative to encryption that does not have this problem is steganography. Steganography is concealment of private information within an image or sound file. A program using this technology called EyeMage is free from: http://www.proporta.com/apps/Windows/eyemageiie_windows.zip. EyeMage's graphical interface makes the encoding/decoding process so very simple that a small child could easily use it.
Layer Six: Scorched Earth PolicyIn certain rare circumstances, the cost of disclosure for private information might outweigh the cost of the computer on which the data is stored. Diagrams of not-yet-patented inventions, soon-to-be-published research results, and confidential client files of doctors or attorneys are just a few types of materials for which unauthorized disclosure could be catastrophic. In these situations, you might want to adopt extreme failsafe protection.
Methods for this could range from the use of harmless tricks that put the computer's software in limbo, to more extreme methods that prevent data disclosure by permanent destruction of the computer's hardware. In any instance where data is critical enough to warrant this degree of protection, it is assumed that you will have properly backed up the data in an alternate secure location.
echo offRestarting the computer (which is the well-known bypass method for Windows screensaver passwords) will not bypass this loop. The specific key combination that breaks the loop will be well known to the technically inclined, but the average user would not be likely to guess it. The keystrokes cannot be ascertained by keystroke logging programs, which start only after Windows is loaded. But this technique can be bypassed easily by booting the machine from a floppy disk. Of course, even a technically astute person may not realize at first that access is being denied by something as old and primitive as a batch file.
Windows Self Shut-off
To create or remove the shortcut, right click on an unoccupied space of the Windows desktop. Select New|shortcut. Enter the command line data:
c:\windows\rundll.exe user.exe,exitwindowsThen drag and drop the new shortcut into the Start Menu's Programs|Startup folder. To deactivate this shutdown sequence, press F5 during the startup to initiate a "safe mode" startup, then delete the shortcut from its location in the startup folder.
In addition to viruses, programs can also be easily located on the Internet that will temporarily protect data by deleting a computer's hard drive partitions. file allocation table, or CMOS settings. Programs such as this can be exceedingly small. To illustrate; the following program consists of merely thirteen lines, yet will destroy a computer's file allocation table when executed from a file built with the Debug program in DOS:
f 200Although this technique renders the disk unreadable via the file system, all of the sectors of data are still there, and can be retrieved with absolute track reads. Reassembling the noncontiguous data might be akin to putting a smashed stained glass window back together, but it is possible. This program could be modified slightly to overwrite the entire disk, but in any event, don't try this at home--or at work.
Use of Hardware
Other self-destruction techniques are easily imagined, but since they likely involve flame, loud noises, or dangerous chemicals, they will not be discussed here.
…A Word of Caution
As always, we invite you to discuss your ideas about personal privacy and security in the ExtremeTech Forums.
ConclusionAs technology continues to advance, so do the methods in which an individual's private information may be procured and misused. The solution to avoiding the dystopian future portrayed in the novel "1984" (Orwell, 1949) lies not in a Unabomber-like attitude of seclusion from all technology, but rather in assuming the responsibility for educating ourselves about protection of privacy, and taking prudent privacy protection measures. This exemplifies the saying that "Freedom is not free." It may be that in an age where terrorism is so prevalent that some degree of surveillance is a necessary evil, but forsaking our freedoms cannot protect freedom. A watched people are not free; especially where they must pay the salaries of their watchers.
This article began as a term paper for a computer science course. In the course of researching and writing this paper, this writer has grown even more aware of how complicated privacy protection methods can prove to be. The task of attempting to write a cogent explanation of Windows processes that are normally hidden from view has provided this writer with an appreciation of how difficult this subject can be for new users. To keep abreast of new privacy threats spawned from advances in technology seems an almost insurmountable task, but it is one that is necessary if freedom is to survive the information age.
The some of the previous
disscussion about this topic is poted at Extreme