Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I keep people from seeing possibly private things on my shared computer?

I have a Big Problem. I share my home computer with someone. He has a
Hotmail account, as do I, and I also have a Yahoo account. Today I discovered
that in my browser’s temporary files I could pull up some of his emails! I did
not see any Yahoo email, but quite a few from Hotmail. How do I correct this?
Such a possible invasion of privacy!

Yes, you may have a big problem, depending on how much you and the other
person trust each other.

But it points out an aspect of security that most people miss completely. We
can take some steps to make things better, but actually solving the root
problem is a much bigger deal

Become a Patron of Ask Leo! and go ad-free!

Please, read the next sentence carefully:

If it’s not physically secure, it’s not
secure.

It sounds trite and condescending, and I don’t mean it to be so, but it is
perhaps the single most overlooked part of computer security. From the home or
dorm room to the office, people forget that if someone can actually get to your
computer, they can almost certainly get to what’s inside.

Let’s look at your situation.

I’m betting you’re sharing more than just the computer; you’re sharing
a single login account on that computer. If you want privacy, that’s simply the
wrong way to start. You must, at a minimum, have two separate login
accounts, and neither of them can have administrative privileges.

User accounts can be set up such that the files that belong to them,
including your internet temporary files, can be seen only by the account that
owns them, or administrative accounts.

By having two different user accounts, neither of which has administrative
rights, one cannot view the files belonging to the other.

But remember – any administrative account can see it all.

And, by the way, if you’re running Windows 95, 98 or Me, you’re quite out of
luck here. Windows 9x does not support this level of security and protection.
You must be running Windows NT, 2000, XP or Vista to enable this level of
control.

So now that we’ve prevented casual examination of each other’s files, what
if someone is more determined?

If it’s not physically secure, it’s not
secure.

If they have access to the physical machine, it’s excruciatingly simple for
them still to find and read all of your files.

My favorite approach is to boot the machine from one of the many Linux Live
CD distributions, such as Knoppix. Booting from such a CD bypasses almost all
of Windows built-in security, and allows them to browse your hard disk and view
files with ease.

All because they could get to your machine and reboot it.

If you care, there are a couple of solutions:

  • Keep the machine physically secure. That could be as simple as locking your
    home or office when you leave, or it could be as drastic as putting some type
    of physical interlock directly on the machine.

  • Encrypt.

    Windows XP Pro (and, I believe, Windows 2003 and most likely some versions of
    Vista) support an encrypting file system. You can then simply mark the folders
    you care about to be encrypted. Once encrypted, you must be logged in
    as the exact same account that encrypted them to be able to read them.
    Good news: Live Linux CDs can’t read them. Bad news: anyone logged in as
    administrator can, in turn, login as you and see your files. Worse news: if
    you’re unable to login as the original account, the encrypted files are
    lost.

    An alternative is to use something like TrueCrypt to create a virtual
    encrypted drive, and then move all your sensitive information (including your
    internet temporary files, if so inclined) to that drive. Good news: your
    account and any other can read it if they know your passphrase. If
    they don’t, they can’t. It’s that simple. Bad news: if you forget the
    passphrase, the encrypted files are lost.

Neither of those solutions is particularly appealing or always
practical.

The best compromise, in my mind, is to a) never share computers with someone
you don’t trust completely, and b) keep your computer(s) relatively physically
secure.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

5 comments on “How do I keep people from seeing possibly private things on my shared computer?”

  1. [quote]

    Worse news: if you’re unable to login as the original account, the encrypted files are lost.
    [/quote]

    Worst news yet: If you change your password anyway but by logging in as yourself and doing the alt-crtl-delete you will also loss access to your encrypted.

    Reply
  2. try CCleaner. It clears your browser caches and temp files and your recycle bin so that the average computer user couldn’t get into them. If you want to be really safe, run the CCleaner file shredder to permanently clean up your free space

    Reply
  3. What about using a portable version of a browser (Firefox, Chrome, Iron, Opera) on an USB key? That way nothing will be saved on the pc itself.

    Actually not neccessarily true. Swap file data, and perhaps temporary files may be placed on the hard drive.

    Leo
    14-Jan-2010

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.