Layer One: Good Privacy Protection Habits
Part I of this article covered the people who want your data, the technologies available to them, and the Constitutional underpinnings of your right to privacy. Here in Part II we cover the six layers of privacy protection, with dozens of links to products and services that will maximize your privacy.
The most effective thing you can do to protect the private information on your computer is to establish a layered approach to security. You need to build first-line, second-line, third-line (etc.) defenses, and consider the consequences at each level if those defenses should fail.
Not to indulge in an overused, and rather passé phrase, but when it comes to computer security, you are the weakest link. The most sophisticated security system in the world cannot protect the privacy of information if you don't develop and adhere to good privacy protection habits.
First and foremost, develop the habit of non-disclosure. Simply because forms or applications request private information does not mean that you should automatically divulge the information. Generous use of "Not Applicable" or "N/A" is a prudent habit to develop. You can be more proactive, if you like, handling excessive demands for personal information with a campaign of disinformation. Simply altering a few characters of a name, zip code, or social security number when inputting data on Internet forms causes information to be associated with the fictitious identity, thus defeating data mining and profiling techniques. Of course, you should be especially stingy with information that uniquely identifies you, such as your driver's license number or social security number. Such entries should be limited to online banking, passport renewal, or other dealings with trusted firms and agencies.
Another important privacy protection habit is educating yourself to the specific weaknesses of your hardware, operating system, and applications.
One example of a hardware weakness would be the TEMPEST emanations discussed in Part I, but you would, first and foremost, have to be a pretty bad dude to be the subject of TEMPEST monitoring. Researchers and security experts differ on how effective TEMPEST monitoring is, how directional the antennas are, and how well one machine's emanations can be differentiated from another's. Researchers Markus Kuhn and Ross Anderson say that TEMPEST monitoring can be prevented with techniques such as using gray scales to mask characters on the screen. Alternatively, you can supposedly jam the emanations by placing a second computer within the same room and having its monitor generate an electrical smokescreen of characters by using a screensaver similar to the one used in the movie "The Matrix." We would theorize that an older monitor with higher emissions than a new one, running at the same resolution and refresh rate, would be most effective, but you're not that paranoid, are you?
Most browsers have an autocomplete feature that remembers what you've typed when you fill in online forms. After you've typed a few characters, the autocomplete feature creates a drop-down box that contains the remainder of a zip code or other data. How did your computer know what information was needed to fill in the desired blank? You might be shocked to find that your Social Security number, bank account number, passwords, birthday, address, mother's maiden name, and credit card numbers are all stored on your computer if you've entered them into forms. You can clear out this information and disable this feature with only nine clicks of the mouse:
From the Internet Explorer Tools menu, click: Internet Options|Content tab|autocomplete button, then uncheck all three boxes and click the two buttons to "clear forms" and "clear passwords", then click "OK" to close the two open dialog boxes.
Do you play games at work? Use unauthorized software? Windows can give you away. It maintains Applog files in the System folder and keeps a record of which programs are used most frequently. Windows uses this information if you select the defragmentation option to rearrange your program files so that your programs start faster. Deleting the Applog folder's contents prevents that record from being examined to determine your usage habits.
Temporary Files and Hidden Text
Windows temporary files can create a privacy concern if they contain personal information and are not securely deleted. If, for example, you create or edit a document in Microsoft Word and then save it, Windows immediately creates a temporary file containing information from the old (pre-saved) version of the text document. Windows may store this temporary file in any available space on the computer's hard drive. When you turn off the computer, the temporary file is "deleted," meaning that its storage space is marked as available for future data to be recorded. However, the file's contents are not actually erased from the hard drive. The information from the old document can be recovered using simple file recovery or disk inspection software if no new data has been written to the old document's storage location on the hard drive.
A simple, but tedious, protection measure that avoids the problem of old document contents being invisibly stored, is to use the "save as" command on Microsoft Word's File Menu instead of the "save" icon. The "save as" command allows a user to change the file name each time the file is saved, thus preserving the old (pre-saved) versions of the document in a visible form and making them easier to securely delete.
Many applications create temporary files to facilitate automatic recovery of your work in the event (or is that a certainty?) of an operating system crash. After a few months' use, these files, typically beginning with the tilde (~) character, litter your system. Using the Windows Disk Cleanup utility restores the space taken by the temporary files, but doesn't erase the data. An additional step, secure deletion of free space, is necessary, as we'll see in Layer Five, below.
Microsoft Word itself has a significant weakness in the way it handles revisions to a document and "deleted" text. You're probably aware of Word's undelete/undo features, but have you considered how this task is accomplished? Text that has been "deleted" in a Microsoft Word document is actually not erased at all. It is merely coded to not appear when viewed or printed; similar to the way other non-printing characters like paragraph indentations or page breaks do not appear. The "deleted" text can be viewed by using the Notepad program in Windows or Edit program in MS DOS. If you email a Word document or give it on a disk to someone, all your edits and revisions go with it. So that letter that you jokingly started, "Dear Meathead..." and then erased still bears your original sentiment. Older versions of Word even include passwords to supposedly-protected documents.
Preventing this type of leak is as simple as cutting and pasting the Word document's text into a new Word document before sending it to anyone. All of the revisions are left behind; the new document is built with only the visible text. Similar cautions apply to any application with an undo/redo feature.
Strengthen and Mask Passwords
If you're serious about maintaining your privacy, password discipline should also be habitual. If you're unfamiliar with password cracking methods, you're likely to make many common mistakes. A 1999 survey by Network Computing magazine revealed that two thirds of people use the same password for multiple accounts. So if you visit a fraudulent Web site and enter a password as part of creating an account or an identity, then the odds are great that the site owner will have access your email or other accounts with the password given.
Another common mistake is selecting insecure passwords. Passwords should be a minimum of 8 to 10 characters long and be composed of a combination of numerals, punctuation marks, and upper and lower case letters. Passwords should never be the name of a person, a birth date, sequential numbers, or any word from a dictionary of any language. Password cracking programs using a dictionary attack can easily guess a password by trying every word in an entire dictionary. This process takes only seconds to complete on computers using Pentium (or faster) processors.
One method of password selection would be to incorporate a strategy of obfuscation. For example, you could record a CD with dozens of full-length, classic e-book texts such as War and Peace, Les Miserables, the complete works of Shakespeare, etc., and chooses a few letters from a word at the end of one sentence and a few letters from the beginning of the next sentence as a password. This would result in a strong password with upper case, lower case, and punctuation characters. If you were to insert this CD and use a mouse to navigate to the correct e-book location, highlight the characters, and then copy and paste them wherever a password was required, you would prevent a key logger from detecting anything because the keyboard would never be used. The CD itself would be of little use to any one looking for your password, and if the CD were ever inadvertently lost or damaged, you could easily recreate it from the public-domain texts. Note that although the cut-and-pasted characters may not be visible to a keyboard logger, some spy programs also take periodic snapshots of the screen, and you might be unlucky enough to have your password snapped between the time you paste and hit the Enter key.
Layers Two and Three: Physical Barriers and Firewalls
Of all the various privacy protection methods, barriers are the easiest to implement. Barrier security is founded upon the simple premise that the fewer people who have access to a computer system, the less the likelihood that the system will be subjected to unauthorized access. The physical location of a computer storing personal information should be in a lockable room, just as you would lock a desk drawer or file cabinet. If you have more than one computer you should consider isolating one computer from the Internet and storing financial records or other private information on the isolated system. The most proficient hacker/cracker in the world cannot access a system with which they have absolutely no contact.
Firewalls, Web Filters, and Tracking Detection Firewalls
Any computer system that accesses the Internet should be equipped with a firewall to enable the user to detect and prevent unauthorized access to the computer through the Internet connection. This writer uses the Norton Internet Security Suite from www.symantec.com as his primary firewall. This application provides an integrated system for intrusion attempt detection, blocking advertisements on the Internet, anti-virus scanning, and privacy filtering to prevent private information like credit card numbers from being sent out to the Internet. An alternative free firewall application called "Zone Alarm" can be obtained from www.zonelabs.com.
Your browser keeps a record of which site was just visited, which empowers the "back" button. The Web sites that you visit can obtain and record this information. Therefore, if you visit site where anarchy, AIDS, or atheism are discussed and then proceed to online shopping sites where you complete order forms, or otherwise divulge your identity, this tracking could lead to an undesired disclosure of information about your interests. An online demonstration of this disclosure can be viewed at privacy.net.
You can block referrers several different ways, including with filtering software such as The Proxomitron, which is available from www.extremetech.com/proxomitron. Proxomitron is a proxy server that runs locally on your machine, filtering inbound and outbound traffic. If you'd prefer not to have web filtering software installed on you computer, you can use online web filtering tools such as Anonymizer at www.anonymizer.com or Rewebber at www.rewebber.de. These sites redirect your Web traffic through their machines, filtering the outbound traffic and removing all identifiers, including your IP address, from your packets.
Because website tracking occurs invisibly, and mostly on the server side, it is difficult to detect which websites may be keeping an ongoing record of a user's activities. One free product that makes this information available to a user is the Privacy Companion from www.idcide.com. Activity tracking programs, such as the previously mentioned Spector, can be detected and deactivated by performing a scan using a product called Who's Watching Me, available from www.trapware.com. Battles between the activity loggers and the logger detectors occasionally erupt, as was the case recently between Who's Watching Me and WinWhatWhere Investigator.
Layer Four: Trojan, Key Logger, and Spyware Detection
If the first three layers of defense fail and unauthorized access to the computer does occur, it is important to be aware of the intrusion so that it can be dealt with as quickly as possible. Specialized detection software is needed for this purpose because Trojan, key logging, and spyware programs are designed to run invisibly and will appear neither in the Windows system tray, nor in the task manager window that appears when CTRL-ALT-DEL is pressed once. Two free programs that assist in the detection of intruders are Regmon which provides a real-time display of all changes to the Windows registry, and FileMonitor which displays all file opening and closing activity as it is occurring. These two programs are available from: www.sysinternals.com.
One extremely useful program for Trojan detection is called Trojan Monitor and is a component of a program called "The Cleaner" from: www.moosoft.com. Trojan Monitor constantly watches all of the critical system files and registry settings and will immediately sound an audible alarm and generate a flashing warning signal if any program attempts to modify these settings. Trojan monitor will then identify the specific setting that is causing the alarm and give a user the option of whether or not to allow the change to proceed. A high-quality freeware alternative for Trojan scanning and removal is a product called Trojan First Aid Kit (TFAK), available from www.wilders.org.
The leader in spyware detection is a program called Ad -Aware. It is freely available from www.lavasoftUSA.com, and the program offers a live update feature to keep its list of spyware programs current. In a matter of minutes, Ad-Aware can scan the contents of an entire computer, identify any spyware programs, and offer to delete them. As a secondary means of confirming a suspected file's status, an online spyware database is available for searching at: www.spychecker.com.
Key Logger Detection
An old, but free, program called Hook Protect from www.softsecurity.com scans a computer for any signs of monitoring software. A similar, but more recent, key logging detection program is called Anti -Key Logger from www.anti-keyloggers.com.
Layer Five: Minimizing Exposed Information
Fifth Layer: Minimize Exposed Information
In the event that all of the foregoing methods fail and someone does break into your machine, you should take steps to limit the information to which the intruder can have access. This fallback position includes techniques to securely delete unneeded sensitive information and encrypt sensitive information that must be retained on the system.
The Windows operating system does not delete files. Even the action of "emptying" the recycle bin does not cause the files to be destroyed. Emptying the recycle bin merely marks the disk space storing a document as available for recording future data. And even if the data is overwritten, it can still be recovered. Remnants of the old magnetic patterns remain at the edges of each track, and the disk controller can often be commanded to mis-track sufficiently to read it. (The appropriate equipment to do this is generally in the hands of law enforcement and intelligence agencies. Some of the equipment requires disassembly of the drive.) The data does not become unrecoverable until it is overwritten many times. Several programs exist to allow users to accomplish actual deletion of files containing sensitive information. A few of these are listed below:
BC Wipe is a multifunction secure deletion tool available from: www.jetico.com. It clears and overwrites the Windows swap file (WIN386.SWP), file slack space, and the unused space on a hard drive. All of these areas can potentially contain private information. The BC-Wipe program offers various options for data deletion ranging from a fast single overwrite up to capabilities that meet U.S. Department of Defense data destruction requirements for classified information.
Clean System Directory from www.theabsolute.net is a free application that allows users to remove dynamic linked library files (.dll) that were left behind when their corresponding applications were uninstalled. From a privacy standpoint, the removal of these files prevents someone from examining the Windows system folder and determining what programs were previously installed.
Clean Up! is a free program from The Strangely Green Chicken Company at: free.prohosting.com/~sgould/cleanup/README.html#Download. With only a single mouse click, it searches for and deletes files containing private information about Internet activity. This program's deleted files include the Index.dat files that contain a cumulative list of every website visited. A user attempting to simply delete the Index.dat files without such a program will discover that Windows blocks user access to these files.
Empty Temp Folders from: danish-shareware.dk is a free multifunction application which allows users to selectively delete cookies, Internet history items, and temporary files, in addition to clearing the Windows clipboard, and finding broken links to files that have been deleted. Finding and deleting broken links to deleted files, is one of the loose ends that can disclose a user's activities on a computer.
Properties Plus from www.ne.jp is a free program that allows a user to alter the time/date stamp that Windows places on every file. This time/date information can be used not only to see when a user created, modified, or last accessed a particular file, but by analyzing the time/date stamps of files in conjunction, a detailed usage pattern can be deduced. A manual method to achieve time/date stamp modifications is to copy a file from one hard drive to another, and then copy the file back again. However, the manual method only resets the dates and times to when the file was re-copied.
RegCleaner (not to be confused with Microsoft's unsupported product RegClean) is a free program available from www.jv16.org. Many programs leave behind telltale registry entries when they are uninstalled. Although not specifically designed as a privacy tool per se, this product enables a user to search out and eliminate all references to previously installed programs, thus, denying this information to anyone later examining the computer. An unintended consequence of this cleaning is that it allows many shareware programs to be repeatedly reinstalled after their expiration dates, since these programs use these hidden registry leftovers to identify which computers have previously installed the shareware.
Encryption and Steganography
The leading encryption product for home use is Pretty Good Privacy (PGP) from www.pgpi.org. However, use of this product is somewhat complicated and can cause it to go unused, resulting in no privacy protection whatsoever. After examining various encryption products, I believe that Silver Key from www.bestcrypto.com is vastly easier to use and is sufficiently secure. It costs only $19.95 and allows drag and drop encryption of complete folders using the state-of-the-art AES encryption algorithm. A freeware version called Iron Key is also available. It is similarly quick and easy to use, but can only encrypt one file at a time and uses the DES encryption algorithm that was cracked in 22 hours and 15 minutes at a 1999 contest sponsored by RSA Security.
One disadvantage of encryption is that an encrypted file, folder, or hard drive can be tantamount to a red flag identifying information as sensitive. An alternative to encryption that does not have this problem is steganography. Steganography is concealment of private information within an image or sound file. A program using this technology called EyeMage is free from: www.proporta.com. EyeMage's graphical interface makes the encoding/decoding process so very simple that a small child could easily use it.
Layer Six: Scorched Earth Policy
In certain rare circumstances, the cost of disclosure for private information might outweigh the cost of the computer on which the data is stored. Diagrams of not-yet-patented inventions, soon-to-be-published research results, and confidential client files of doctors or attorneys are just a few types of materials for which unauthorized disclosure could be catastrophic. In these situations, you might want to adopt extreme failsafe protection.
Methods for this could range from the use of harmless tricks that put the computer's software in limbo, to more extreme methods that prevent data disclosure by permanent destruction of the computer's hardware. In any instance where data is critical enough to warrant this degree of protection, it is assumed that you will have properly backed up the data in an alternate secure location.
By a simple modification of the Autoexec.bat file, a user can place a computer into an endless loop that prevents Windows from loading. An instructional CD by "Canadian Tom" lists the following as a method to accomplish this. In the autoexec.bat file insert each the following on a separate line:
Restarting the computer (which is the well-known bypass method for Windows screensaver passwords) will not bypass this loop. The specific key combination that breaks the loop will be well known to the technically inclined, but the average user would not be likely to guess it. The keystrokes cannot be ascertained by keystroke logging programs, which start only after Windows is loaded. But this technique can be bypassed easily by booting the machine from a floppy disk. Of course, even a technically astute person may not realize at first that access is being denied by something as old and primitive as a batch file.
echo "Unauthorized Access Attempt Detected ! System Halted."
Windows Self Shut-off
With this method, you create a desktop shortcut that forces Windows to shut off and place the shortcut within the Windows startup sequence. If an unauthorized user attempts to start the computer, Windows will shut the machine off during the startup sequence and access to the system will be delayed or denied completely depending upon the intruder's level of expertise with Windows.
To create or remove the shortcut, right click on an unoccupied space of the Windows desktop. Select New|shortcut. Enter the command line data:
Then drag and drop the new shortcut into the Start Menu's Programs|Startup folder. To deactivate this shutdown sequence, press F5 during the startup to initiate a "safe mode" startup, then delete the shortcut from its location in the startup folder.
One method of preventing an unauthorized person from having free rein to perform a methodical search of a computer system is to make use of "live" viruses to create a land-mine effect. As a quick search of the Internet demonstrates, viruses can be freely downloaded from Internet sources such as www.hackerscenter.com. These viruses can be interspersed among the files and folders containing critical information, and will present no danger to the computer system as long as they are not clicked or executed. However, an antivirus program with real-time file protection might detect the viruses and quarantine them, which would negate their purpose. For this reason, this method would require that anti-virus software be deactivated when the computer is unattended.
In addition to viruses, programs can also be easily located on the Internet that will temporarily protect data by deleting a computer's hard drive partitions. file allocation table, or CMOS settings. Programs such as this can be exceedingly small. To illustrate; the following program consists of merely thirteen lines, yet will destroy a computer's file allocation table when executed from a file built with the Debug program in DOS:
Although this technique renders the disk unreadable via the file system, all of the sectors of data are still there, and can be retrieved with absolute track reads. Reassembling the noncontiguous data might be akin to putting a smashed stained glass window back together, but it is possible. This program could be modified slightly to overwrite the entire disk, but in any event, don't try this at home--or at work.
L200 0 Information Technology Abuse 20
Use of Hardware Self-destruct Mechanisms
Computer storage media consist primarily of magnetically aligned particles located on disks within a hard drive. For this reason, any strong magnetic field can rapidly destroy large amounts of stored data. Devices known as degaussers are routinely used for this purpose. Although some degaussers cost less than $100, they're typically suited only for demagnetizing a CRT monitor or erasing video and audio tapes. The magnetic flux densities at the read-write head are extremely high, and are concentrated onto a very small area of the disk. A degausser capable of erasing a hard disk can be purchased from www.datadev.com, but the prices start at $1000 and go up from there. The devices that are small enough to be hidden inside a computer's casing adjacent to the hard drive are unlikely to be powerful enough to erase the hard disk. It's possible that a commercial degausser could be built into a tower case, but you would have to test the efficacy of this approach on an expendable drive.
Other self-destruction techniques are easily imagined, but since they likely involve flame, loud noises, or dangerous chemicals, they will not be discussed here.
A Word of Caution
These scorched-earth techniques may seem attractive because they contain a measure of retribution. But just as having a gun in the house is statistically far more likely to wound or kill a family member than protect you against a burglar, implementing these techniques increases the probability that you will become a victim of your own cleverness.
As always, we invite you to discuss your ideas about personal privacy and security in the ExtremeTech Forums.
As technology continues to advance, so do the methods in which an individual's private information may be procured and misused. The solution to avoiding the dystopian future portrayed in the novel "1984" (Orwell, 1949) lies not in a Unabomber-like attitude of seclusion from all technology, but rather in assuming the responsibility for educating ourselves about protection of privacy, and taking prudent privacy protection measures. This exemplifies the saying that "Freedom is not free." It may be that in an age where terrorism is so prevalent that some degree of surveillance is a necessary evil, but forsaking our freedoms cannot protect freedom. A watched people are not free; especially where they must pay the salaries of their watchers.
This article began as a term paper for a computer science course. In the course of researching and writing this paper, this writer has grown even more aware of how complicated privacy protection methods can prove to be. The task of attempting to write a cogent explanation of Windows processes that are normally hidden from view has provided this writer with an appreciation of how difficult this subject can be for new users. To keep abreast of new privacy threats spawned from advances in technology seems an almost insurmountable task, but it is one that is necessary if freedom is to survive the information age.