Here’s a question I received from a reader:
Can you recommend a good hard drive sweeper? I need to clean up my PC at work… been surfing the net a little too much.
Well yes. Yes I can…
There are lots of good reasons to clean up your computer’s hard drive and usage tracks:
- If a hacker ever gained access to your machine, some of your juiciest information is stored in your Web browsers cache. There is enough in almost every browser on earth to engineer a social breach. In other words a hacker could gain access to your personal data and then use it to pose as you.
- You may be working in an environment where your boss frowns on Internet use, even though it actually helps you do your job. In these cases you need to clean up after yourself because any third grader can see what you’ve been doing the moment you log off the machine.
- Finally, you might be doing something morally or ethically “challenged”. Need I say more?
If someone was going to do a forensic analysis of your machine to determine what you’ve been up to, you can bet they are going to start with the following areas:
- Temporary Internet files, Web site cookies, browser history, and index.dat
- Typed URL history
- Saved passwords and form auto-complete information stored in your browser
- Recent Documents
- Usage history of: Start/Run, Search
- Temporary directories on the hard drive
- Items contained within the Windows Registry
- Deleted items contents
- Media player history
And that’s not all… So you can see how it would be difficult to keep all of your private information protected, given that it’s scattered all over your machine in places you’ve never even heard of.
Here’s what you can do about it. First, use one (or more) of the following tools to automatically erase all of the things on the list above. And by the way, all three of these offer Secure File Deletion, which makes the deletions unrecoverable:
Clean Cache– Looks like this domain is gone. Thanks to John Williams for catching this for me!- CCleaner
- Privacy Eraser
After you delete all of that stuff, you’re going to notice that Web sites which you used to go that recognized you don’t anymore. This is because the cookies have been deleted. Also, any of your saved passwords are gone, and that might make things a little less convenient. Don’t worry… you didn’t think I would leave you inconvenienced did you?
Now what you need in order to have a safe, secure and pleasant browsing experience is RoboForm. This is a little program which builds itself into Internet Explorer, Avant Browser or Firefox and which saves all of your login data to your favorite sites, but does so in an encrypted format so it can’t be snooped!
You can read more about RoboForm on my previous post about protecting your digital secrets. If you have an iPhone or Android device it will even sync all of your data to it so you can take it all with you everywhere you go. If you’d like to download it without having to navigate their web site here is the direct download link for Windows.
You should also review my article entitled How I’d Hack Your Weak Passwords.
Be safe.
Did you notice that the truth was revealed in the last post from John re Gravatar? He personally knows the exec at the company that owns Gravatar. Clearly he is promoting it as a favor to his bud and not giving Gravatar the scrutiny that it clearly should have. Many thanks to Tobias and Al for exposing the unseemly nature of Gravatar. Shame on John for selling out his credibility for his bud.
You are a complete and utter idiot.
a.) I haven’t “promoted” Gravatar. Ever. But yes, I use it like about a million other people.
b.) See a.
John
Hey John,
I guess you couldn’t answer Tobias Weisserth last post about the gravatar issue huh? Yha gotta admit he’s right.
Privacy Eraser?
That’s seriosuly the name?
The information provided about deleting everything would actually be great for those getting rid of their computer, which I am currently doing.
Thanks for that info, because I definitely do not want the buyer to have my info!
all sounds well and good, but nothing is ever truly gone. encrypted or not deleted or not, forensic software can still read the drive
Great post, I conceive blog owners should learn a lot from this web site its real user genial .
Personally I use Sandboxie for protecting such things. Basically what it does is creates an area where it saves everything you do and say you open firefox, it copies everything firefox needs to run in that area and opens it(Surprisingly even though I get like 4000 files in my Sandbox a week I don’t notice a speed drop ever). This also means that when you get a virus it throws copies of your windows files at it long enough for you to delete it so you computer is safe. But it also saves all your cookies and things(Even favorites/bookmarks) into this little box until you tell it to actually save them to your computer. You delete everything in the sandbox and your computer remembers nothing of what you did(You just have all the things you told it to recover such as images and video files). The only downside is I find myself rebookmarking everything I bookmarked in the real firefox since it doesn’t remember I even did it. But I have yet to have a virus run all over the place and now even when friends come over they don’t have to see my history. This doesn’t mean though that I don’t have several passwords though plus a virus scanner and a spyware remover, since I have all of the above. Actually ever since I started using Sandboxie my computer has been alot safer and been running alot better than it did without it. So maybe it might help other people who want to give it a shot? I found it very easy to use so hopefully other people will as well.
I have a question that doesn’t appear anywhere when I search for it. My cat (true!!) accidentally hit the F12 key while I was on Facebook and a ‘Developer’s Tools’ page popped up on a ‘friend’s’ page whom I suspected had hacked into my emails … There were tons of tabs at the top (HTML, View, Photos, etc.) and there was a tab at the top that said “Script”. When I hit that – tons of activity for was on it – I skimmed the page and my emails were on there verbatim! I tested it out on another friend’s page and her password was on there! I wrote to her to affirm that this was her password – and she said yes! This is scary because the information is so easily accessed if you know what keys to use!
My questions are: 1. Does anyone know more about this? 2. Is the script on there for the OTHER user’s activity (it says their name at the top) or is it MY activity on THEIR page because I am logged in. Thanks for any help with this!
I am wondering if you can recommend any great sweepers for Mac OSX? I am concerned that I’m not keeping up with clearing out all the files that should be cleared.
Thanks so much,
Ellen
I would also like to know Automatic’s response to the Gravatar query. I feel that at the very least some kind of authentication should be used before people’s pictures are attached to what could be a malicious party’s words. Perhaps it wouldn’t happen very often, as another commenter has observed, but that doesn’t mean it’s ok.
I love C-cleaner! It’s so nice to run that and get like 2GiB of space back! LOL!
Hi John,
Followed links to this article from from your recent LifeHacker post and love your site. I’m a RoboForm “power user” and hardily with everything you said. Followed your advice and loaded and used CCleaner, SpyBot, SpyBlaster and loaded and updated my definitions on Windows Defender. Everything worked perfectly, except now Windows Age of Empires II and EPIMPro (a USB database app I use in conjunction with RoboForm for my “portable office”) will not load.
Wondering if you might have any thoughts/solutions for this.
Thanks for a great site,
don
Yikes Don! Sorry to hear that, but it sounds like the CCleaner might have gotten a little too agressive and removed a registry entry needed for those apps.
You should be able to reinstall right over them and safely use them again. Or, if you made a backup of the registry first you could restore it and then run CCleaner again with a little less aggressive cleaning.
Hope that helps a little,
John P.
What about macs? Do macs have the same issues?
A free program to scramble your passwords is available at cloakpass.com. It doesn’t leave any footprint on your computer.
Please, what is/was Automattic response to your query?
Personally I use Pivacy Keeper. Found here http://www.unhsolutions.net. Been using it for quite a few years now and it’s free. Can’t beat that. Windows Defender in Vista doesn’t like it tho. Blocks the program from running at start-up so you have to tell Windows it’s ok to run if you don’t go through your registery and what not to not get that message every time you boot up.
What about KeePass?
I;d recommend that to people lookign for a way to store their passwords.
It offers pretty flexible an simple management.
Thank you SIr John for these wonderful information. I found your blog very informative and with lot of social appeal on technical knowhow for self protecting personal data.
Regards,
Sinha
Ok guys. As you may be aware, Automattic acquired Gravatar a while back. And since I know Matt Mullenweg I’m going to share these comments with him and ask him for feedback. We’ll find out whether we have legitimate cause for concern, or not.
John P.
I’m a lawyer specialising in internet and privacy issues at a Fortune 100 company and I personally think that Gravatar is easily the worst service available in terms of your data security and privacy. I generally don’t comment on any blogs that are Gravatar-enabled (this being an exception), for the following reasons:
1. The entire reason Gravatar offers their service is to collect internet usage data across multiple sites. It is not offered free out of the goodness of their heart. The entire purpose of the service is to analyse the way YOU navigate the internet.
2. Gravatar has clear plans to monetise this data. Whether they are successful or not is another story.
3. It is unlikely that Gravatar would ever disclose individual user’s personal information, but it is not impossible. The Chinese government has often requested to these kind of information aggregators to disclose data for the prosecution of political dissidents – and very often these requests are met resulting in bloggers being jailed (see Yahoo!’s experiences in China). For example, if I leave a number of comments promoting democracy criticising the PRC government on various blogs, it is entirely possible that the Chinese government could use legal authority to request the holder of information to disclose that to them. By retaining this information and preventing you from stoppping it’s collection, Gravatar is putting both bloggers and commenters at risk. This is not just in China. The Patriot Act and many other new pieces of post-9/11 legislation in Western countries convey similar powers to government.
4. The most egregious part of Gravatar’s service is the inability to stop them from collecting your data. I have in the past tried to cancel a Gravatar registration. Gravatar does not allow this and will continue to track your e-mail address for the rest of time.
5. Gravatar does not provide any details about how they use your personal information and does not respond to any queries relating to privacy issues.
6. I do not believe Gravatar is an opt-in service. Obviously they will not display an avator unless you register, but if a blog is Gravatar-enabled, every time you comment on it, your e-mail address is sent to Gravatar. Even if they do not retain this address (and it is quite possible that they do – their Privacy Policy is silent on this point and they have not responded to any of my enquiries on this point), it is VERY likely that your internet usage is still tracked in an anonymous fashion. That is, if I use the same e-mail address to comment on 5 different blogs, even if I am not a registered Gravatar user the fact that a user has accessed those 5 blogs is very likely retained by Gravatar.
Much is made of facebook and Google Chrome’s use of personal information, but Gravatar is far and away the worst popular internet service I have encountered in terms of user (and non-user) personal information.
As a lawyer, I strongly urge all blog authors and users who are concerned about their privacy to avoid Gravatar.
I’m confused, would you care to clarify what’s going on?: You urge people to avoid Gravatar, and yet YOU use an avatar from Gravatar.
http://0.gravatar.com/avatar/0b433b5d0e351ae6f52d3979fc257c71?s=44&d=http%3A%2F%2Fonemansblog.com%2Fwp-includes%2Fimages%2Fblank.gif&r=X
I need to clean up my disk, wow
Hi John,
The problem with Gravater ain’t that it serves as a central download host for image thumbnails, primarily. Users signing up will understand that. We don’t have to argue about that.
But what they won’t understand is that they leave more than just their email address. Most users signing up don’t realize that Gravatar can be misused like a web bug. There is no clue on the Gravatar web page that the thing stores more than just the email address and an image or is capable of doing so. And that’s simply not OK. In fact, Gravatar is in violation with laws in several European countries, I am sure they violate German law. They don’t tell users what kind of data they collect or could collect about them and they don’t allow users to delete an account including the data. That’s simply not OK as well. In fact, I’m pretty sure that’s illegal in several countries as well. And if that’s not enough, they don’t react on inquiries at their set-up email address for privacy issues. In my opinion, it’s more than a good idea to be cautious if you care about Internet usage tracks.
Take my friend who introduced me to Gravatar and wanted an opinion. She’s an IT student and runs her own blog, codes PHP and so on. She isn’t a computer illiterate. Yet, she failed to see that Gravatar could theoretically create a database of usage profiles of its users and be able to tell where and when they commented. I explained to her, she agreed yet she still uses the service as she trusts it. I don’t because the people running the service don’t give me any reason to. It’s a question of personality. I am a cautious guy. My trust is not for free.
It’s a fact that the people running Gravatar can collect an awful lot of private data about its users and they don’t tell or explain. It’s a fact that you can’t get rid of this data once signed up for the service. It’s a fact they haven’t replied my inquiry. It’s a fact they don’t disclose who is actually running that service and everybody is willfully using it like lemmings. That’s stupid.
So, when I saw that you wrote a blog post advising on removing “Internet usage tracks” I found it very funny that you yourself are leaving Internet usage tracks of the most private nature in the hands of people you don’t know, at terms they don’t disclose. Every time you comment on ANY blog using your Gravatar that can be tracked and registered on servers serving your Gravatar file. They could be able to tell you when and where you commented. They could know how often you comment. Anybody in their right mind about Internet usage tracks wouldn’t want that. And then I read your blog post about removing Internet usage tracks locally (Ah, the irony!) from your computer while you willingly leave them with a service on the Internet where you can’t delete them and you don’t know anything about. That’s why I couldn’t resist and had to comment. I’m disappointed you can’t see that point.
I stumbled across your blog post while googling for “Gravatar privacy”. Ironic, isn’t that?
Tobias,
I did in fact read your article, and I do indeed understand the points you are making, but I still respectfully disagree with your premise. While I have no doubt that there are many naive, and even some stupid, people who have no idea what is going on online, I believe that choosing to make an issue out of Gravatar is simply the wrong target.
My disagreement is based on the premise that Gravatar’s underlying principle is indeed that they will “follow” you all around the Web and display your avatar whereever you want them to. To me, it just can’t get any simpler. And if people don’t understand the privacy implications, the owness is on them, not Gravatar.
John P.
Hi John,
I totally disagree with your assessment of the issue. If you’ve read my blog post, then you’ll have to agree that it’s not as easy as just “opting in” Gravatar. Let’s face it, most users sign up for stuff and don’t know what they get into or what implications this has.
Gravatar is not transparent. Their privacy policy sucks, they don’t have terms of use, they don’t tell you what kind of misuse potential their service has, they do nothing to calm down any worries about the web bug issue. Hell, they don’t even answer to mails to privacy@gravatar.com! Take a look at their site. Can you tell me as an average user who is running this site? There’s no name, no address, nothing. Would you trust your browsing behaviour to any stranger just like that? And best of all: you can’t even delete your account and data they have about you!
I don’t mean to attack anybody who’s using Gravatar, but has anybody EVER thought about how STUPID it is to opt-in into something like that without prior investigation what this service is about? And you’ve gotta admit that Gravatar doesn’t look too good after investigating it. In case you haven’t done so already, you really should read what I blogged about this. It doesn’t seem like you have. My last question in my blog post was “Are you really sure you want to use this service?”. So in the end, I leave everybody the choice to sign up. But you should at least recognize there’s a privacy issue.
Tobias,
There is a significant difference between an opt-in service like Gravatar and a “privacy issue”. So significant, in fact, that I find your assertion preposterous.
If I, or you, or anyone else, decides to register for a Gravatar service which I know will follow me everywhere I personally self identify using my registered e-mail address, that is NOT a privacy issue.
John
Pretty hypocritical blog post for somebody offering Gravatar on his blog. Ever thought about how Gravatar can be used to track where you’ve commented? Gravatar seems like a web bug to me. Reflecting about “Internet usage tracks” and using Gravatar at the same time is pretty lame. Well, that’s my 2 cents worth of wisdom:
Matt’s web bug or “Hey, where did my privacy go?”
thank you John,
actually The Dane refers me to your site, and since them I am addicted to the site, actually I do a kind of same thing, but not online based. I am a diving instructor in the philippines and me and some friends started a project (sponsered by the EU) to teach the poor fishermen how to conserve and to protect the reefs here and how to make their work more profitable, and I can tell you it is big time fun to sit with 5 locals at sunrise on a smaal fishing-boat and try to invent new tchniques… also very entertaining for all of them and for me even the classroom hours with them…
BTW, did you choose your next holiday-destination already? If you dont spend all money on Playboy-Benefits… hehe
cheers and thanks again
Rhoody
didi
Thanks Rhoody. I’m glad that you are enjoying the journey. You know, my mission statement for this blog is “…to educate, enlighten, and entertain”, so it sounds like I’m getting the job done for at least some people! :-)
Take care,
John
Hi John,
I slowly read my self through many of your posts, and of the comments, you created such an amazing site with plenty of fun AND information. Thank you for that…
cheers
Rhoody
Like your first poster, I would not want to erase all my files either. I think it is much better to encrypt and erase the tracks, rather than just delete all the files.
John
I must say that I like your critique of the above products. You have covered them extensively. I must say though, I would not want to delete all of my files and internet data. I would much rather have it all be encrypted and untraceable. I use a product that does not delete anything because, as I said I put a lot of time and effort into the internet just to have it all swept away. There are other alternatives to deleting everything, such as the program I mentioned earlier, Privacyview.