I have a Big Problem. I share my home computer with someone. He has a
Hotmail account, as do I, and I also have a Yahoo account. Today I discovered
that in my browser’s temporary files I could pull up some of his emails! I did
not see any Yahoo email, but quite a few from Hotmail. How do I correct this?
Such a possible invasion of privacy!
Yes, you may have a big problem, depending on how much you and the other
person trust each other.
But it points out an aspect of security that most people miss completely. We
can take some steps to make things better, but actually solving the root
problem is a much bigger deal
Become a Patron of Ask Leo! and go ad-free!
Please, read the next sentence carefully:
If it’s not physically secure, it’s not
It sounds trite and condescending, and I don’t mean it to be so, but it is
perhaps the single most overlooked part of computer security. From the home or
dorm room to the office, people forget that if someone can actually get to your
computer, they can almost certainly get to what’s inside.
Let’s look at your situation.
I’m betting you’re sharing more than just the computer; you’re sharing
a single login account on that computer. If you want privacy, that’s simply the
wrong way to start. You must, at a minimum, have two separate login
accounts, and neither of them can have administrative privileges.
User accounts can be set up such that the files that belong to them,
including your internet temporary files, can be seen only by the account that
owns them, or administrative accounts.
By having two different user accounts, neither of which has administrative
rights, one cannot view the files belonging to the other.
But remember – any administrative account can see it all.
And, by the way, if you’re running Windows 95, 98 or Me, you’re quite out of
luck here. Windows 9x does not support this level of security and protection.
You must be running Windows NT, 2000, XP or Vista to enable this level of
So now that we’ve prevented casual examination of each other’s files, what
if someone is more determined?
If they have access to the physical machine, it’s excruciatingly simple for
them still to find and read all of your files.
My favorite approach is to boot the machine from one of the many Linux Live
CD distributions, such as Knoppix. Booting from such a CD bypasses almost all
of Windows built-in security, and allows them to browse your hard disk and view
files with ease.
All because they could get to your machine and reboot it.
If you care, there are a couple of solutions:
Keep the machine physically secure. That could be as simple as locking your
home or office when you leave, or it could be as drastic as putting some type
of physical interlock directly on the machine.
Windows XP Pro (and, I believe, Windows 2003 and most likely some versions of
Vista) support an encrypting file system. You can then simply mark the folders
you care about to be encrypted. Once encrypted, you must be logged in
as the exact same account that encrypted them to be able to read them.
Good news: Live Linux CDs can’t read them. Bad news: anyone logged in as
administrator can, in turn, login as you and see your files. Worse news: if
you’re unable to login as the original account, the encrypted files are
An alternative is to use something like TrueCrypt to create a virtual
encrypted drive, and then move all your sensitive information (including your
internet temporary files, if so inclined) to that drive. Good news: your
account and any other can read it if they know your passphrase. If
they don’t, they can’t. It’s that simple. Bad news: if you forget the
passphrase, the encrypted files are lost.
Neither of those solutions is particularly appealing or always
The best compromise, in my mind, is to a) never share computers with someone
you don’t trust completely, and b) keep your computer(s) relatively physically