How do I keep people from seeing possibly private things on my shared computer?

Yes, you may have a big problem, depending on how much you and the other
person trust each other.

But it points out an aspect of security that most people miss completely. We
can take some steps to make things better, but actually solving the root
problem is a much bigger deal

Please, read the next sentence carefully:

If it’s not physically secure, it’s not
secure.

It sounds trite and condescending, and I don’t mean it to be so, but it is
perhaps the single most overlooked part of computer security. From the home or
dorm room to the office, people forget that if someone can actually get to your
computer, they can almost certainly get to what’s inside.

Let’s look at your situation.

I’m betting you’re sharing more than just the computer; you’re sharing
a single login account on that computer. If you want privacy, that’s simply the
wrong way to start. You must, at a minimum, have two separate login
accounts, and neither of them can have administrative privileges.

User accounts can be set up such that the files that belong to them,
including your internet temporary files, can be seen only by the account that
owns them, or administrative accounts.

By having two different user accounts, neither of which has administrative
rights, one cannot view the files belonging to the other.

But remember – any administrative account can see it all.

And, by the way, if you’re running Windows 95, 98 or Me, you’re quite out of
luck here. Windows 9x does not support this level of security and protection.
You must be running Windows NT, 2000, XP or Vista to enable this level of
control.

So now that we’ve prevented casual examination of each other’s files, what
if someone is more determined?

If they have access to the physical machine, it’s excruciatingly simple for
them still to find and read all of your files.

My favorite approach is to boot the machine from one of the many Linux Live
CD distributions, such as Knoppix. Booting from such a CD bypasses almost all
of Windows built-in security, and allows them to browse your hard disk and view
files with ease.

All because they could get to your machine and reboot it.

If you care, there are a couple of solutions:

• Keep the machine physically secure. That could be as simple as locking your
  home or office when you leave, or it could be as drastic as putting some type
  of physical interlock directly on the machine.

• Encrypt.

  Windows XP Pro (and, I believe, Windows 2003 and most likely some versions of
  Vista) support an encrypting file system. You can then simply mark the folders
  you care about to be encrypted. Once encrypted, you must be logged in
  as the exact same account that encrypted them to be able to read them.
  Good news: Live Linux CDs can’t read them. Bad news: anyone logged in as
  administrator can, in turn, login as you and see your files. Worse news: if
  you’re unable to login as the original account, the encrypted files are
  lost.

  An alternative is to use something like TrueCrypt to create a virtual
  encrypted drive, and then move all your sensitive information (including your
  internet temporary files, if so inclined) to that drive. Good news: your
  account and any other can read it if they know your passphrase. If
  they don’t, they can’t. It’s that simple. Bad news: if you forget the
  passphrase, the encrypted files are lost.

Neither of those solutions is particularly appealing or always
practical.

The best compromise, in my mind, is to a) never share computers with someone
you don’t trust completely, and b) keep your computer(s) relatively physically
secure.