One Mans Blog
Specialization is for Insects.
Posted on Feb 02, 2007 - 12:26am by John P. in Dear The Man, Security
Here’s a question I received from a reader:
Can you recommend a good hard drive sweeper? I need to clean up my PC at work… been surfing the net a little too much.
Well yes. Yes I can…
There are lots of good reasons to clean up your computer’s hard drive and usage tracks:
If someone was going to do a forensic analysis of your machine to determine what you’ve been up to, you can bet they are going to start with the following areas:
And that’s not all… So you can see how it would be difficult to keep all of your private information protected, given that it’s scattered all over your machine in places you’ve never even heard of.
Here’s what you can do about it. First, use one (or more) of the following tools to automatically erase all of the things on the list above. And by the way, all three of these offer Secure File Deletion, which makes the deletions unrecoverable:
After you delete all of that stuff, you’re going to notice that Web sites which you used to go that recognized you don’t anymore. This is because the cookies have been deleted. Also, any of your saved passwords are gone, and that might make things a little less convenient. Don’t worry… you didn’t think The Man would leave you inconvenienced did you?
Now what you need in order to have a safe, secure and pleasant browsing experience is RoboForm. This is a little program which builds it’s self into Internet Explorer, Avant Browser or Firefox and which saves all of your login data to your favorite sites, but does so in an encrypted format so it can’t be snooped!
You can read more about RoboForm on my previous post about protecting your digital secrets. If you have a Pocket PC or Palm Pilot RoboForm will even sync all of your data to it so you can take it all with you everywhere you go. If you’d like to download it without having to navigate their web site here is the direct download link.
You should also review my article entitled How I’d Hack Your Weak Passwords.
Be safe.
 |
Get OMB via e-mail:
|
I use the "No Adverts for Friends" plugin by Donncha O Caoimh
I must say that I like your critique of the above products. You have covered them extensively. I must say though, I would not want to delete all of my files and internet data. I would much rather have it all be encrypted and untraceable. I use a product that does not delete anything because, as I said I put a lot of time and effort into the internet just to have it all swept away. There are other alternatives to deleting everything, such as the program I mentioned earlier, Privacyview.
[...] I encourage you to read the entire post, but he makes on very important point: If you use the same username and/or password for several different sites you’re at greater risk [...]
[...] But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.) [...]
Like your first poster, I would not want to erase all my files either. I think it is much better to encrypt and erase the tracks, rather than just delete all the files.
John
[...] But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.) [...]
Hi John,
I slowly read my self through many of your posts, and of the comments, you created such an amazing site with plenty of fun AND information. Thank you for that…
cheers
Rhoody
Thanks Rhoody. I’m glad that you are enjoying the journey. You know, my mission statement for this blog is “…to educate, enlighten, and entertain”, so it sounds like I’m getting the job done for at least some people!
Take care,
John
thank you John,
actually The Dane refers me to your site, and since them I am addicted to the site, actually I do a kind of same thing, but not online based. I am a diving instructor in the philippines and me and some friends started a project (sponsered by the EU) to teach the poor fishermen how to conserve and to protect the reefs here and how to make their work more profitable, and I can tell you it is big time fun to sit with 5 locals at sunrise on a smaal fishing-boat and try to invent new tchniques… also very entertaining for all of them and for me even the classroom hours with them…
BTW, did you choose your next holiday-destination already? If you dont spend all money on Playboy-Benefits… hehe
cheers and thanks again
Rhoody
didi
[...] Aber Moment. Woher weiß ich denn z.B. bei welcher Hausbank Sie sind und welchen Benutzernamen Sie bei den verschiedenen Webseiten verwenden? Auch kein größeres Hinderniss, denn diese Informationen werden freundlicherweise unverschlüsselt und hübsch beschriftet in den Cookies abgelegt, die sich im Zwischenspeicher (Cache) Ihres Browsers befinden. (Lesen sie diesen Beitrag um zu Erfahren, wie Sie dem entgegenwirken können) [...]
[...] I read a great post about “Protect Your Privacy, Delete Internet Usage Tracks” on One Man’s Blog [...]
Pretty hypocritical blog post for somebody offering Gravatar on his blog. Ever thought about how Gravatar can be used to track where you’ve commented? Gravatar seems like a web bug to me. Reflecting about “Internet usage tracks” and using Gravatar at the same time is pretty lame. Well, that’s my 2 cents worth of wisdom:
Matt’s web bug or “Hey, where did my privacy go?”
Tobias,
There is a significant difference between an opt-in service like Gravatar and a “privacy issue”. So significant, in fact, that I find your assertion preposterous.
If I, or you, or anyone else, decides to register for a Gravatar service which I know will follow me everywhere I personally self identify using my registered e-mail address, that is NOT a privacy issue.
John
Hi John,
I totally disagree with your assessment of the issue. If you’ve read my blog post, then you’ll have to agree that it’s not as easy as just “opting in” Gravatar. Let’s face it, most users sign up for stuff and don’t know what they get into or what implications this has.
Gravatar is not transparent. Their privacy policy sucks, they don’t have terms of use, they don’t tell you what kind of misuse potential their service has, they do nothing to calm down any worries about the web bug issue. Hell, they don’t even answer to mails to privacy@gravatar.com! Take a look at their site. Can you tell me as an average user who is running this site? There’s no name, no address, nothing. Would you trust your browsing behaviour to any stranger just like that? And best of all: you can’t even delete your account and data they have about you!
I don’t mean to attack anybody who’s using Gravatar, but has anybody EVER thought about how STUPID it is to opt-in into something like that without prior investigation what this service is about? And you’ve gotta admit that Gravatar doesn’t look too good after investigating it. In case you haven’t done so already, you really should read what I blogged about this. It doesn’t seem like you have. My last question in my blog post was “Are you really sure you want to use this service?”. So in the end, I leave everybody the choice to sign up. But you should at least recognize there’s a privacy issue.
Tobias,
I did in fact read your article, and I do indeed understand the points you are making, but I still respectfully disagree with your premise. While I have no doubt that there are many naive, and even some stupid, people who have no idea what is going on online, I believe that choosing to make an issue out of Gravatar is simply the wrong target.
My disagreement is based on the premise that Gravatar’s underlying principle is indeed that they will “follow” you all around the Web and display your avatar whereever you want them to. To me, it just can’t get any simpler. And if people don’t understand the privacy implications, the owness is on them, not Gravatar.
John P.
Hi John,
The problem with Gravater ain’t that it serves as a central download host for image thumbnails, primarily. Users signing up will understand that. We don’t have to argue about that.
But what they won’t understand is that they leave more than just their email address. Most users signing up don’t realize that Gravatar can be misused like a web bug. There is no clue on the Gravatar web page that the thing stores more than just the email address and an image or is capable of doing so. And that’s simply not OK. In fact, Gravatar is in violation with laws in several European countries, I am sure they violate German law. They don’t tell users what kind of data they collect or could collect about them and they don’t allow users to delete an account including the data. That’s simply not OK as well. In fact, I’m pretty sure that’s illegal in several countries as well. And if that’s not enough, they don’t react on inquiries at their set-up email address for privacy issues. In my opinion, it’s more than a good idea to be cautious if you care about Internet usage tracks.
Take my friend who introduced me to Gravatar and wanted an opinion. She’s an IT student and runs her own blog, codes PHP and so on. She isn’t a computer illiterate. Yet, she failed to see that Gravatar could theoretically create a database of usage profiles of its users and be able to tell where and when they commented. I explained to her, she agreed yet she still uses the service as she trusts it. I don’t because the people running the service don’t give me any reason to. It’s a question of personality. I am a cautious guy. My trust is not for free.
It’s a fact that the people running Gravatar can collect an awful lot of private data about its users and they don’t tell or explain. It’s a fact that you can’t get rid of this data once signed up for the service. It’s a fact they haven’t replied my inquiry. It’s a fact they don’t disclose who is actually running that service and everybody is willfully using it like lemmings. That’s stupid.
So, when I saw that you wrote a blog post advising on removing “Internet usage tracks” I found it very funny that you yourself are leaving Internet usage tracks of the most private nature in the hands of people you don’t know, at terms they don’t disclose. Every time you comment on ANY blog using your Gravatar that can be tracked and registered on servers serving your Gravatar file. They could be able to tell you when and where you commented. They could know how often you comment. Anybody in their right mind about Internet usage tracks wouldn’t want that. And then I read your blog post about removing Internet usage tracks locally (Ah, the irony!) from your computer while you willingly leave them with a service on the Internet where you can’t delete them and you don’t know anything about. That’s why I couldn’t resist and had to comment. I’m disappointed you can’t see that point.
I stumbled across your blog post while googling for “Gravatar privacy”. Ironic, isn’t that?