There’s so much more to your computer, as well as your activity history, than just cookies and whatever tools like CCleaner can clean.
So much more.
I’ll review a few of the more obvious ways employers can recover or collect information about your activity. Realize, though, it’s not with the intent that you be able to hide what you’re doing, but to illustrate the futility of even trying.
Become a Patron of Ask Leo! and go ad-free!
Cookies and CCleaner
Cookies are, effectively, small data files left on your computer by some of the websites you visit. As you might imagine, while the contents of the files might not be useful (they’re specific to each site), the fact that there exists a cookie from a specific site means your web browser has at some point fetched a page from that site. In other words, it’s one way to see where you’ve been.
Tools like CCleaner can easily and quickly clear cookies.
In addition, such tools also clear other traces of activity, like your explicit browser history, temporary files, the contents of your browser’s cache, and much more. I’ll refer to them as an interesting first step to removing some traces of your activity.
But they’re in no way complete or foolproof.
The easiest thing to overlook is the fact that deleting a file doesn’t delete its contents. Unless the data is actually overwritten by subsequent writes to the disk, there’s a possibility it can be recovered and restored. This is what “undelete” is all about — the attempt to recover files that have been deleted.
Simply clearing your cookies or history or whatever else data-cleaning tools might remove does nothing more than delete the file(s) containing the information. There’s a chance the files could still be recovered with an undelete tool.
The only way to avoid this is to ensure that the data is overwritten after it’s been deleted. CCleaner and similar tools have something called a “free space wipe” which does exactly that: it overwrites all the free space on your hard drive with random data, rendering what was there practically1 unrecoverable.
That may still not be enough to erase all of your tracks, however.
Data you’re unaware of
Windows is an incredibly complex operating system, as are many of the applications that run on it, including web browsers. It stores information in places you might not know about, or in places you know about — like the registry — but have no way to remove. Even so-called registry cleaners only remove or correct certain types of information, and are more about the health of your system than removing evidence of your activities.
Even the paging or hibernation files could be analyzed by someone knowledgeable to collect or infer information about what the computer was used for, where you visited, or what you did.
There’s simply no way to know that there isn’t some amount of evidence of your activities left somewhere.
So, honestly, the only way to truly remove all evidence of your activity from your computer is to erase it completely. There are two approaches: using tools like DBan to literally erase the hard disk, or to reinstall Windows from scratch, ensuring you do a reformat of the hard disk as part of the process, and a free space wipe when the install is complete.
Both of those things are likely to trigger warning signs from an employer.
Besides, they may still not be enough.
Your computer isn’t needed to keep tabs on you
When we think about tracking and evidence of our activities, we immediately think of all the data that’s stored on our device.
While I’m sure your company would love it if you left all your tracks on the machine, it’s very possible that they don’t need ’em.
Remember, they provide you with your internet connectivity and local networking. That means they can monitor where you go, what you do, and what you access from another computer, such as their internet gateway.
They don’t need access to your machine; all they need do is monitor your online activity through the devices they control.
And it’s not your computer, to boot
Finally, it’s important to realize that when you use a computer provided to you by your workplace, it’s not your computer. In most jurisdictions2, you don’t have a right to privacy on workplace-provided equipment.
The most obvious implication is that your employer has a right to snoop on what you’re doing by examining your computer or monitoring your internet traffic.
More concerningly, though, your employer could install spyware on your machine, or interfere with the “privacy” implied by https secure web sites. That means that even if you completely erase what’s on your computer, they may have already collected information about your activity and sent it to their own servers for storage and analysis.
Trust. It’s complicated.
Honestly, it really all boils down to trust.
You may or may not trust your employer not to spy on you, but it’s important to realize that they can. Much of how you use their equipment could be recovered forensically.
Similarly, they may or may not trust you to use their equipment according to their rules and guidelines. Once again, it’s important to realize that they have ways of verifying their trust in you.
I can’t say how much invasive spying or forensic analysis is common, and I certainly can’t say how much is ethical or justified. What I can say, though, is that it’s possible, and that if you have any concerns at all, you should act as if your employer can monitor every little thing you do with their equipment. It’s by far the safest thing to do.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,