How to Keep Information on a Shared Computer Private

//
I share a computer and I want to know how to keep my information private.

 

Ultimately, you can’t.

At least you can’t do it easily, and even then, it depends on the data you’re attempting to keep private and the technical savvy of the individuals who might try to access it.

There’s nothing like your own computer. But if you have to share, there are a couple of things that might help.

A little.

Read moreHow to Keep Information on a Shared Computer Private

Can Everything I Do Online Be Monitored at My Router?

//
A few days ago around the dinner table, my family was talking about how police can monitor everything you do on the web and track you. Because he is registered as the owner of the router, my father says that he can view everything I do as it passes through the router. Is this true? And if so, how can I bypass this?

Yes, it’s true.

But before you focus on it too much, there are two things to keep in mind:

  • First, it’s not really easy for the average consumer.
  • Second, there are easier alternatives to monitoring than your router.

Let me explain what I mean and what you can do to protect yourself — if, indeed, you can protect yourself at all.

Read moreCan Everything I Do Online Be Monitored at My Router?

How Can an Employer Recover Information I’ve Erased?

//
I just saw this article where a company did a forensic investigation of one of their employee’s computers. How do they find searches and network activity if one clears their cookies and uses CCleaner?

There’s so much more to your computer, as well as your activity history, than just cookies and whatever tools like CCleaner can clean.

So much more.

I’ll review a few of the more obvious ways employers can recover or collect information about your activity. Realize, though, it’s not with the intent that you be able to hide what you’re doing, but to illustrate the futility of even trying.

Read moreHow Can an Employer Recover Information I’ve Erased?

BoxCryptor: Secure Your Data in the Cloud

One of the hidden issues in online storage is privacy. Almost all online storage providers have the ability to examine your data or hand it over to law enforcement even if the provider has encrypted your data.

Hopefully, most of us will never have to deal with the law-enforcement scenario, but even the realization that a rogue employee at an online data storage provider could peek into what we keep online can cause concern. For some, it’s enough concern to avoid using cloud storage at all.

The solution is simple: encrypt the data yourself.

Unfortunately, implementing that “simple” solution isn’t always that simple or transparent, and can add a layer of complexity to online storage some find intimidating.

BoxCryptor is a nicely unobtrusive encryption solution that is free for personal use.

Read moreBoxCryptor: Secure Your Data in the Cloud

How Can I Send a Document to Someone Securely?

//
I recently had to send some very private identification papers over email. Now normally I wouldn’t do this and I would use snail mail instead but this was very urgent and I thought I would take a chance. As far as I know, no ill has come of it but I was wondering what ways are there to send emails securely across all platforms and also be sure that the right person on the other end gets it?

I’m occasionally faced with this same dilemma. Either for expediency or convenience, I want to email something I wouldn’t want to fall into the hands of anyone else.

While there are many approaches, there’s really only one pragmatic approach.

Read moreHow Can I Send a Document to Someone Securely?

What Can a Website I Visit Tell About Me?

//
When I visit a web site that collects visitor statistics, I understand they can see my IP which will tell them my ISP, that I have a  Mac, the area where I may live, what browser I use, if I’m new to the site, or if I click information on the site. But can the site collect the following information:

  • My computer name (the name I assigned to my computer)?
  • Profile information???
  • My browsing history (any/all sites I’ve visited and when) or can they just tell the number of items in my history?
  • Email addresses associated with my computer?

I’ve reviewed similar questions but I’m not sure I truly understand what information a web server can collect from my connection/browser.

This turns into a fairly complex answer pretty quickly. It’s both more and less than you might think.

I’ll start by covering what every website sees.

Read moreWhat Can a Website I Visit Tell About Me?

Can My ISP See What I’m Doing If I Use a Virtual Machine (VM)?

//
In your article Can Everything I Do Online Be Monitored at My Router? you state that “your ISP can see everything you do”. Is that still true if I run a virtual machine to hide what I’m doing?

Yes, it’s still true: a VM doesn’t get you any additional privacy from your ISP.

I do need to clarify exactly what “everything you do” means. I’ll also revisit what you need to do to avoid ISP monitoring. Hint: a VM isn’t the solution, but might be a convenient part.

Read moreCan My ISP See What I’m Doing If I Use a Virtual Machine (VM)?

Download Your Facebook and Google Data

There’s been a tremendous amount of discussion relating to the amount of data kept, shared, sold — and occasionally leaked — by large service providers like Facebook and Google.

Regardless of how you feel about it, it highlights something I believe is important to realize: these services collect a lot of data. We may never know just how much is being collected or with whom it is being shared.

However, both Facebook and Google allow you to download data they’ve collected relating to your account. It’s unlikely to be everything, but even so, it’s a heck of a lot. It’s worth understanding what they have.

Read moreDownload Your Facebook and Google Data

How Did I Get Advertising About the Contents of an Email?

//

A few minutes ago I scanned a page on generators from a Harbor Freight catalog and sent it to my son using Gmail. A few minutes later I got an email from Harbor Freight — in Yahoo, via Thunderbird  — with this subject line: “You Can Rely on These Predator Generators on Sale Now.”

How does this happen? How does Harbor Freight know that I’m thinking about generators? Seems like there’s something on my computer monitoring my outgoing emails and alerting sellers to send me an ad on the item.

Or is it my son’s computer that’s doing it?

Either way, it’s creepy and something I’d like to stop.

I understand it feels creepy, but many aspects of what you describe represent the “cost” of free services like Gmail and Yahoo! Mail: advertising.

There’s not enough information for me to say exactly what happened, but I’ll describe some possibilities. There’s also one aspect of it I can’t explain at all.

Read moreHow Did I Get Advertising About the Contents of an Email?

My Ex Set Up My Computer and Is Now Spying on Me. What Can I Do?

//
I was dating a guy who installed Linux on my computer and is also the administrator on my computer. He can completely monitor my computer from his home. We are no longer dating but he is still screwing around with my computer. What can I do? He also knows my passwords.

I normally avoid these types of relationship-related tech questions, because they’re more about relationships than about technology. And I’m certainly no therapist.

However, I get this type of question often enough that I’m going to use it as an example of the technological implications when good relationships go bad.

Short answer: you’re in trouble until you take some drastic action.

Read moreMy Ex Set Up My Computer and Is Now Spying on Me. What Can I Do?

Yes, You Should Give Google Your Mobile Number

In one of my more important articles — A One Step Way to Lose Your Account … Forever — I discuss the sad reality that accounts are frequently lost because people fail to set up recovery information (or keep that recovery information current).

In most cases, it’s a simple oversight with disastrous results. One day, your account gets compromised somehow, and you have no way to prove you are the legitimate owner. Without that proof (in the form of recovery information used to verify your identity), your account is no longer your account. Period. Forever.

Sometimes, however, there’s a much more frustrating reason people fail to provide recovery information — in particular, their phone number.

Read moreYes, You Should Give Google Your Mobile Number

Google Remembers More than You Realize

One of the least obvious and most ubiquitous collectors of information are the online services we choose to use.

None demonstrate this fact more clearly than Google.

As we go about our online activities, Google maintains a surprisingly detailed history of our activities. Most people don’t realize just how detailed it is, or how long it’s kept.

More interestingly, Google’s one of the good players, as it actually exposes this history to us, and even allows us to clear it if we want.

Read moreGoogle Remembers More than You Realize

Are There Hidden Files that Save Every Keystroke I’ve Ever Typed?

//
This is a multi-part question and pertains to computer forensics. Specifically, locating those mysterious, deeply hidden files that (supposedly) contain your computer’s entire history – every keystroke ever made. Accessing those files. Viewing the contents. Deleting the contents. Understanding how a utility like DBAN can “find” and nuke them, but I as the computer owner can’t. And finally, if every keystroke really has been recorded to some hidden file, how come it doesn’t wipe out available space on my hard drive.

This is a relatively persistent family of questions that comes around from time to time, particularly in times of concern about individual privacy.

There are several misconceptions in the question.

Further, those misconceptions are based on kernels of truth, which means I can’t just say “that’s wrong”; instead, it’s more a case of “it’s not like that — it’s like this”.

Let’s see if I can clear up the confusion. To do so, we’ll need to talk about keystrokes, loggers, hidden files, erasing files, and really erasing files.

Read moreAre There Hidden Files that Save Every Keystroke I’ve Ever Typed?

Sometimes the Threat Is in the Hardware

Our computer’s hardware – the circuits, chips, disks, memory, cables, and connectors – are all things we rarely think about when it comes to considering our privacy.

We would be wise to.

While not as easily compromised, since it requires some form of physical access, hackers know we take our hardware for granted, and when it comes to gaining intrusive access to our information, hardware represents a way in.

Read moreSometimes the Threat Is in the Hardware

What VPN Should I Use?

For a variety of reasons, VPNs, or Virtual Private Networks, have suddenly become quite popular. It seems like you can’t open a tech web site or news source without hearing that VPNs are the solution to all your security and privacy issues.

Sadly, that’s not the case.

VPNs can be useful to solve a handful of specific problems:

  • Sniffing: protecting your communications from being intercepted when using open WiFi hotspots.
  • Relocation: making it appear as if you are located somewhere other than your actual location.
  • Surveillance: protecting your communications from being monitored by certain third parties, such as your ISP.

Exactly what to look for in a VPN provider varies depending on exactly which of these problems you’re attempting to solve.

Read moreWhat VPN Should I Use?

The Internet Is Forever, Except When It’s Not

//
I was taught that it is impossible to delete, I mean totally delete, anything on the internet. The protocol of the computer or network simply buries it deeper in the systems and scrambles a random password to recall it. Find that scramble code and Presto! You can recall the deleted item(s).

Um…. no. There’s no magical “scramble code” to recover anything.

But that does raise a very interesting conundrum. We often say “the internet is forever”, while at the same time saying, “be sure to back up, because once you delete it, it’s gone”.

The ways of both the internet and deletion are more complex than most people realize. While these two statements appear to be diametrically opposed, they’re both very, very true, often at exactly the wrong time.

Read moreThe Internet Is Forever, Except When It’s Not

The Biggest Risk to Your Privacy

I’ve written several privacy-related articles discussing the various aspects of risk we assume when we use technology. From the computers we use to the systems that run them, as well as the applications and tools we rely on, each adds risk of some kind of exposure.

And yet, in my experience, the greatest risk we’re exposed to has little do with technology.

It’s a risk we don’t think of – and yet I see privacy directly invaded more often due to this than any other reason.

Read moreThe Biggest Risk to Your Privacy

How Do I Protect Myself from My ISP?

//
I know you’ll think I’m nuts, but I’m absolutely convinced my ISP is snooping on what I do and reporting it to the government. I know you said my ISP can see everything, but … how do I stop them?

This is a composite question crafted from the many variations on the theme that, over the years, keep coming from time to time.

While I don’t actually think people are nuts, I do think that 99% of the time, they are mistaken, misled, or misinformed.

The 1%, however, can be all too real for some people.

Read moreHow Do I Protect Myself from My ISP?

Walking Away From Your Computer

If it’s not physically secure, it’s not secure.

That’s a phrase I’ve used in several articles on security, but with the recent emphasis on privacy as well, I’ve decided it deserves its own dedicated discussion.

You can have the best security software. You can be the greatest at identifying and avoiding phishing and other attempts to trick you into downloading malware. You can have the greatest, strongest passwords, doubly secured with two-factor authentication….

… and it’s all for naught the moment someone else gets their hands on your machine.

Read moreWalking Away From Your Computer

Every Application Adds Risk

In a previous article, I discussed the fundamental nature of our computer’s operating system: its absolute power to see, and potentially expose, anything we do. We frequently assume, often without actually thinking about it, that the OS is trustworthy.

That may or may not be true.

When it comes to the operating system, our options are limited. There’s really no choice: in order to use our device, we must use an operating system of some sort.

When it comes to the applications we install on our computers, we have both more choice and more risk.

Read moreEvery Application Adds Risk

Privacy Begins with the Operating System

With the release of Windows 10, Microsoft took a lot of heat for particularly permissive default privacy settings, as well as being unclear about exactly what information is sent back to Microsoft, and under what conditions.

While they’ve addressed some of those issues in the months since, it all serves to highlight an important concept that many people all too readily overlook: the operating system on your machine has a tremendous capability to protect – or violate – your privacy.

Do you trust it?

Read morePrivacy Begins with the Operating System

Privacy? What Privacy?

Privacy is a huge topic. So huge I can’t really tell you exactly what steps to take, what settings to change, what apps to avoid, or what services to choose.

Not only are there infinite options, but the options keep changing.

On top of that, there are about as many opinions on the topic as there are internet users. That makes anything I say just one more voice in the crowd …

… not that that’s going to stop me. 🙂

Read morePrivacy? What Privacy?

Can Hotel Internet Traffic Be Sniffed?

//
My friend’s husband has been getting into her email even though she’s not given him her password. He has confronted his sister about an email and when asked how he got into the email he says that where he works (a large hotel chain), they have a program that searches emails for keywords and brings info up. Could that be true? Can they snoop on hotel internet traffic?

Yes.

Hotel internet security is one of the most overlooked risks travelers face. I’m not just talking wireless – I’m talking any internet connection provided by your hotel.

In fact, I’m actually writing this in a hotel room, and yes, I have taken a few precautions.

Read moreCan Hotel Internet Traffic Be Sniffed?

Is there Any Reason to Use a VPN at Home?

//
Hi, Leo. I’m wondering if a VPN service might be useful at home on my personal Wi-Fi? I use a desktop and my Android smartphone there. I know it’s useful elsewhere.

A VPN or a Virtual Private Network is typically offered by a service that then encrypts all of your internet activity between your computer and their service.

Normally, a VPN isn’t particularly useful at home, but there are a few scenarios where it might make sense.

Read moreIs there Any Reason to Use a VPN at Home?

Can spyware see what you did before the spyware was installed?

//
If spyware is installed by malicious websites, or maybe even the government, is that spyware able to track internet information which had existed before the spyware was installed?

Ultimately, it really depends on exactly what you mean by “internet information”.

It’s important to realize that malware can do anything it wants to on your computer and can access anything that is stored on it.

That, in and of itself, exposes some historical information; but it might also be a foot in the door for more.

Read moreCan spyware see what you did before the spyware was installed?

If we login to a site securely will our other activities be secure?

//

Hi, Leo, when I logged on to eBay it’s using https. But when I then move off the sign-in page, it’s evidently no longer https; it’s plain old http. If we’re traveling and we use Wi-Fi, will our eBay activities be secure?

Your instincts are right. An http page does not provide a secured connection. This is a very important thing to realize about the difference between http and https. The fact that eBay uses https for the login means that yes; your login at least is protected. That means someone in an open Wi-Fi hotspot, or with some other kind of network access, can’t easily sniff the traffic and determine your eBay login credentials. That’s a good thing.

However the fact that after you log in it switches back to http means that the rest of your activity is not protected by encryption.

Read moreIf we login to a site securely will our other activities be secure?

Is It Safe to Let Websites Remember Me?

//

Leo, you’ve made a big deal about how insecure it is for an internet browser to remember your login information because it can be viewed by anyone using that browser. However, what about websites that offer to remember your login information for you? An example of this is Google. When you are logging in you can simply check a box that says, “Stay signed in” and unless you actually physically log off, you’ll remain logged in. If you don’t check that box, simply closing the browser will log you off.

Let’s say I’m taking my neighbors laptop on a business trip for several days. If I stay logged into Google with the “stay logged in” button for the duration of the trip and I physically log off before I return the laptop, will my neighbor have access to my account information like he would if I had Chrome remember any of my passwords? This is assuming that I don’t delete any sort of browser information. All I do is log off.

The good news is that as long as you remember to log out, you’re relatively safe. The bad news (besides my having to use the word “relatively”) is of course what happens when you forget to explicitly log out.

Read moreIs It Safe to Let Websites Remember Me?

How do I remove myself from a machine?

//
How do I remove myself from a machine?

The scenario looks like this: you’re ending a long and successful relationship with your employer (or maybe a not so long or successful one). But while you were there, you were allowed to make use of your assigned computer to do things like check your personal email, use an instant messaging client, check in on Facebook, and maybe even surf the web occasionally for non-work related things.

Now on your way out the door, you’d like to make sure that your personal account information isn’t left behind. And perhaps clean up a few other traces of your activities as well.

Read moreHow do I remove myself from a machine?

Why does this ad imply I have a criminal record?

//

I recently put my name into the Norton search engine and came across the following:

Ad related to (the person asking the question’s name appears). (His name)  “was arrested?” and then the name of a website that promises to check your records with the phrase “free public record search application.”

Not only was I shocked (to see his name in the ad) but felt that anybody repeating a search on my name would infer I had a criminal record, I have written to the company demanding that the offensive link of my name with a criminal history be removed – although I’m not sure that they would be responsible for the context of my name in their advertisement for checking on an individual’s criminal history. The sad thing is that if you put anybody’s name into this company’s search engine, until a fee is actually paid, it conveys the impression that a specific inquiry would lead to a criminal background. Your words of advice would be appreciated.

First, I’ll explain what you can do about ads like this. Then, I’ll try to explain why this misleading ad is popping up in the first place.

Read moreWhy does this ad imply I have a criminal record?

What Information Does a Laptop Leak on a Wireless Network?

//

What identifying signatures are given off by my laptop when I’m connected to a wireless network? I’m sure that my WiFi card, hard drive, Windows ID, and other identifying information is broadcast, but what is it? Would I guess that a traffic sniffer would show the make and model of my computer? Or does it go deeper than that?

Actually, it doesn’t go that deep at all. In general, it’s not as much information as you list… as long as you’re doing things right.

Read moreWhat Information Does a Laptop Leak on a Wireless Network?

Is it safe to let my daughter purchase online using my email address?

//

My daughter is using my email address to purchase goods instead of using her own email address. Is this a dangerous procedure?

It depends on two things: what you think of your daughter and what she thinks of you. 🙂

Now, I’m assuming that we are only talking about your email address and not your credit card. When you are handing over financial information to someone else, even your daughter, that’s a whole other game and a different set of issues.

When we come down to just the email address, things are actually relatively safe, but there are a few risks that you (and she) should keep in mind.

Read moreIs it safe to let my daughter purchase online using my email address?

If an IP address doesn’t do it, then how does Google know my location?

//
In your articles, you often mention that an IP address cannot find out my actual location. OK. Then how does Google know my location … my actual location?

That’s an interesting conundrum. I’m actually somewhat surprised at how accurate Google can be at times, but you also have to realize that you give Google a lot more information than just your IP address.

Let’s talk about some of those.

Read moreIf an IP address doesn’t do it, then how does Google know my location?

Is Geotagging My Photos a Bad Thing?

//
At the start of a public gathering event for my child’s school today, the principal surprised me by requesting that parents who took photos of the event with their mobile phones should switch off the geotagging function because it can expose the children to risks associated with privacy. I later took her aside and she explained to me about having recently learned that hackers are able to steal an image uploaded to one of the many image sharing sites or the iCloud as she described it, merely by using the geodetic coordinates of the location where the picture was taken. Is this true or yet another contemporary urban myth?

Urban myth or true fact? Well, it’s somewhere in-between.

Let’s begin by talking about what the principal said. Then, I’ll explain where she might be getting confused about geotagging.

Read moreIs Geotagging My Photos a Bad Thing?

Is it safe to use a mobile banking app over an open Wi-Fi connection?

//
Hi Leo. I read your bank app article from last August of 2012 but what I’m still wondering is if I’m ok or safe to use my Bank of the West iPad, iPhone app at a McDonald’s or motel’s Wi-Fi and how do I know if my app is using https or not? I should note that our devices are Wi-Fi only – no data and the Bank of the West, my example, has always seemed very security conscience. Thanks.

Well, to answer the question in the middle of this, “How do you know whether your app is using https or not?”

The bad news is you don’t.

And there’s no way to tell which technique a mobile app on an iPad or an iPhone, or on an Android device may use to confirm that it’s using secure connections.

Read moreIs it safe to use a mobile banking app over an open Wi-Fi connection?

How should I erase my hard drive before I give it away?

//

I would like to clear off/erase all of the programs on my hard drive and clean it up before I donate my computer to a worthy cause. What’s the best/simplest way to do this?

To begin with, good on you not only for your donation, but for thinking to do this. All too frequently we hear of computers being donated by banks, hospitals, or other institutions and then turning up with all sorts of private information that should have been erased first. The best way? Well … how paranoid are you?

Read moreHow should I erase my hard drive before I give it away?

How can my ISP tell that I’m downloading copyrighted files?

//

I recently changed from Verizon DSL to Charter Cable internet services. About a week later, I started receiving warnings via email from Charter telling me to stop downloading music from limewire (copyright infringement?). After that they sent notices to stop downloading movies from UTorrent. What’s funny is that both were files that never finished downloading. What I want to know is how do they know who I am, where I go on the internet and when I choose to save something to my computer? How does someone else know when your on a website downloading anything?

Well to start with, Charter isn’t just any “someone else” … they’re your ISP.

And as your ISP they know a lot about you, and have the ability to do a lot with that information.

Verizon could have but for whatever reason chose not to.

Let’s look at that in a little more detail.

Read moreHow can my ISP tell that I’m downloading copyrighted files?