Privacy tips for computer data and storage
Computer's are akin to personal black boxes. It records things without you consenting or knowing. A common folk would think they deleted a file, when it's merely be cleared from sight. Files aren't gone until they're overwritten. What's more, applications leave databases, caches, and other logfiles which are impossible to keep track of.
You can help protect and maintain privacy of your data using various methods:
- Avoid creation of extraneous logs - Use privacy mode in your browsers, avoid making logs in the first place. Watch out, vendors are always finding new ways to sneak spyware into your PC.
- Erase files securely - Overwrite data with scrambled junk, then delete.
- Overwrite empty space - Inflate a file with zeroes or random junk to swallow up any remaining data.
- Use light encryption for your Hard Disk or User folder - Using crypto will offer piece of mind if a laptop is lost or stolen.
Adobe Flash (cross-platform)
(Formerly known as Macromedia Flash.)
Delete flash cookies (Locally stored objects)
Flash settings manager will allow you to delete flash cookies.
Mozilla Firefox (cross-platform)
Grab, Flashblock and BetterPrivacy.
Locally Stored Objects
Get BetterPrivacy.
Flash junk
Grab Flashblock.
Javascript
Grab NoScript.
Advertisements
Grab Adblock Plus.
Launch Firefox by Privacy Mode by default
Launch Firefox.
In the location bar, type about:config.
It will "void your warranty", click OK.
In "Filter", type "private" and hit enter. This will help filter all those config variables.
Change browser.privatebrowsing.autostart to true.
Change browser.privatebrowsing.dont_prompt_on_enter to true.
Microsoft Windows
Internet Explorer 8 in Privacy Mode
Right-click an Internet Explorer Icon. Properties. Shortcut. After target, add " -private". Apply, OK. Click the icon, IE should launch in InPrivate mode.
By right clicking the IE icon on your taskbar, you'll also have the "task" of starting IE in inprivate mode. See this also.
Use Chrome in Incognito mode.
Go into your start menu, search "Chrome". Google Chrome will appear, right click. Go to properties, append (add to the end) -incognito.
Click the wrench icon, Go to Options. Click the "Privacy tab", Uncheck everything under privacy.
Your shortcut will look something like: C:\Users\<Your username>\AppData\Local\Google\Chrome\Application\chrome.exe -incognito
Pin this new shortcut to your taskbar.
Also consider using a privacy-friendly version of Chromium, SRWare Iron has been getting a lot of attention lately.
Shred documents
Download Eraser. Install it. You will now be able to right-click your trash bin to secure delete those files.
Download Ccleaner, go to "Options", Go to "Settings". Change Secure Deletion to "Secure file deletion (Slower)" and choose DOD 5220.22-M (3 passes). Check everything except "Wipe free space", even your form histories, close your browsers, Analyze. Run cleaner.
Wipe your free space
In CCleaner, Every week or so, check "Wipe free space" then Run Cleaner.
Encrypt your Hard Drive
In 10+ useful applications for Windows 7 I recommended Truecrypt as a free solution for HD encryption. This How-to can help. With truecrypt you can create containers for your documents and even your whole OS. If you keep a laptop with anything personal or professional on your computer make this a common practice.
Mac OS X
Chrome and Firefox
Use the tips above the Windows section. Firefox will let you go into about:config and change those variables. CoolGeex.com has a helpful post about making an incognito shortcut for Google Chrome.
Delete Locally Stored Objects
Download, install (Drag to Applications) and run Flush.app.
Encrypt your HD
Clear at least half of your hard drive space.
Go into System Preferences. Click Security. Enable Filevault.
Wait like 10 hours.
Secure delete files
Click a Finder Window.
Click File, click Secure Empty Trash.
Grab Cocktail. Drag it to your Applications folder (install) and open.
In Cocktail Preferences, choose to secure delete those files. Schedule it to run nightly and rotate/erase logs, clear browser caches, etc. If you're not open to shelling over a few cents to protect yourself, you can try Onyx.
Wipe your freespace
Open Disk Utility.
Choose your partition on the left. It may be named Macintosh Hard Drive.
Click the Erase tab.
Use Erase free space and run over it at least once. If you have more time, do more passes.
Linux
Chrome and Firefox
Use the tips above the Windows section. Firefox will let you go into about:config and change those variables.
If you use Google Chrome, open ~/.bashrc and append alias chrome='google-chrome -incognito &'. Run source ~/.profile or source ~/.bashrc. Now chrome will run google-chrome in incognito mode.
Encrypt hard drive
Fedora and Ubuntu all offer options on installation to encrypt your /home/ folder. Be sure to pay attention to your install wizard and encrypt them. Remember your password, the encryption is based upon it.
I don't want to go over encryption via pure command line because there is too much chance you can destroy your data if you make a mistake. If you google an article on this, just be sure to go into /home and copy cp -r /home/yourusername /home/yourusernamebackup so your data doesn't just die.
Secure delete commands
Note: These commands are for experienced Linux users. Don't use these unless you can understand what the commands inside mean, or else it's simply too much risk.
Open your terminal of choice. Open .bashrc vim or nano. vim ~/.bashrc.
Append this to the bottom of your .bashrc:
alias deleteeverything='find . -type f -execdir shred -u '{}' \;'
alias salttheearth='dd if=/dev/zero of=junkfile ; rm junkfile'
alias fogettaboutit='shred -u ~/.bash_history'
Run source ~/.profile or source ~/.bashrc. Here is an overview of these commands:
deleteeverything will shred files cursively then delete them. When you're done with this, type rm -rf because the -u flag in shred won't rm folders. This command works relative to the current directory your in. Thanks opentux from LinuxForums.
salttheearth will erase free space by inflating a gigantic file with /dev/zero to fill up all remaining free space, then delete the file. It takes a while. /dev/random can give you better security. Thanks ssd.eff.org.
fogettaboutit will securely delete your .bash_history. When you're done with this, you can exit your term session.
In combo moves, I like to use salttheearth & fogettaboutit.
Safely parting with your old hard drive
Don't sell people equipment with your hard drive data. Destroy it. Buy a cheap one. Find a computer geek friend to help with the hard drive. Go to best buy with your computer (which has your Windows license on a sticker) and ask them to install a windows from an on-hand OEM disc. You just gave someone a cleaner computer.
- Secure delete data - delete everything and fill the disk with 0's. Kill Disk is a solution that lets you put the software onto an ISO or floppy to run at boot. Do at least a single run of random data. The more passes and more randomness, the longer it will take. Theoretically, more randomness and passes is more secure.
- Physically destroy it - Get a Torx screw driver set. This will help you unscrew the screws that hold the drive together. Many drives now have multiple levels of wafers. Get a hammer to break them. Sand them. Shatter them into a million pieces. Put orange juice and pancake syrup on them. Get creative, make an art project out of it, put the digital flakes into colored sand-filled bottles and sell them at Sea World. Put them in a dumpster. You are secure my friend.
Overkill
Spybot Resident - Spybot resident prompts you everytime a registry alteration is made. This is annoying and unnecessary unless you know computers well enough to understand the warnings.
Norton and other chunky antiviruses - Norton is notorious with slowing and bogging down computers. In my Top 10 applications for Windows I tip my hat to Nod32 for a light, effective and fast AV solution.
Too much encryption - Unless you're really paranoid, is too painstaking. Many encryption appliances simply use your password as a key to encrypt your user folder. Typical people only need very light encryption. However if you have very important data know that using a portable medium is not a good idea, consider consulting professionals.
Updates
Monday May 17th, 2010 - Added Internet Explorer 8 InPrivate Mode.
Debugging and troubleshooting postfix
Error: Postfix isn't working with mail() on PHP automatically.
Common problem: You have exim or something else running.
Solution: try lsof -i :25. If you intend on using postfix, kill the pid of the app, remove the package of exim or sendmail if you have it installed. See This postfix thread on Ubuntu Forums.
Other issue: Postfix isn't working (miscellaneous)
Solution: tail /var/log/maillog or tail /var/log/mail.err (source)
Error: fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable
You may have another copy of postfix still open. Use lsof -i :25 to track down which process. kill the pid and postfix reload.
Error: postfix set-permissions returns
chown: cannot access `/usr/lib/postfix/dict_cdb.so': No such file or directory.
May be by design, #274108 in ubuntu launchpad says this command doesn't necessarily mean something's wrong.
Helpful resources
Ubuntu handbook page: https://help.ubuntu.com/community/Postfix
Remove services (mpd) from system startup in Linux
I'm using MPD on Ubuntu and Debian and get annoyed by mpd starting at boot time under root.
Your startup services lie in the /etc/rc.d folder. You will observe that ls -l /etc/rc4.d for instance, will show you these files are weighted to run in order and symlink to their corresponding startup scripts in /etc/init.d.
To disable mpd, for instance, update-rc.d can help:
sudo update-rc.d -f mpd remove
Now you will be able to add mpd to a local user script on startup without having to sudo mpd --kill or sudo killall mpd.
Troubleshooting locales in the cloud on debian and ubuntu
If you use Amazon EC2 or Rackspace Cloud Servers, you may end up running into this after your create your instance. I often get these on Debian and Ubuntu (since it's debian based also).
lennycloud:~# perl
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
You're missing locales.
Update your apt database. sudo apt-get update
Download locales. sudo apt-get install locales
Now configure it, and download what locales you need. dpkg-reconfigure locales on Debian. sudo locale-gen en_US.UTF-8 on Ubuntu Hardy Heron 8.04 (Note: on server, you may be logged in as root).
I pick en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15 and en_US.UTF-8 UTF-8.
And that solves it.
Updated April 03, 2010 to include locale-gen.
Use s3sync.rb + screen to move your files to the cloud
Move to your s3sync dir.
screen ./s3sync.rb -r /home/tony/backups/ backup:backups -v
screen means you will be able to run the command as a screen process. ctrl-d to detach screen, screen -r to resume.
-r means recursive copy.
/home/tony/backups is where cron stores you backupps. You can replace this with whatever dir you want to sync.
backups is the name of the bucket. Do ./s3cmd createbucket
: is a seperator
backups is a prefix for the bucket.
-v means verbose, so you can see the progress in your screen.
If screen quits too fast, the command may not have worked.
If you detached and screen doesn't resume, your job may done, check your s3 to see if files transferred.
Also, make sure you have your s3config.yml file ready, you need to copy your key from your Amazon AWS account.
10-plus essential applications for Windows 7
As a full-time Linux user, I'm not a very big Windows fan. However, I'd like to present some apps I zealously adhered to over my old days as a poweruser.
When a friend or colleague has a bogged-down system (be it by viruses, badware or general oldness), I often ask if they're willing to Backup their Documents/Music and reformat. This means installing applications over again, but the improvements are always substantial.
Updates
- March 20, 2010 - Dress up article with some screenshots / images.
- March 17, 2010 - Added Sumatra PDF, a free, open source PDF viewer.
A note
The install wizards on these programs may bait you into downloading Yahoo! or Ask.com software. If the Terms of Service/Privacy policy in the install wizard says "I agree to xxx and to Installing Yahoo!/Ask.com", Don't check it. Just click next/Install. If you accidentally do, go to Add/Remove apps and uninstall, you don't want them.
Here are some of the apps I download after a fresh OEM install:
Grab all your essentials in one sitting: Ninite
Type (License): Freeware (Proprietary)
Website: http://ninite.com/
This program is a deliverance from the almighty himself. Check the boxes for the programs you want to install and it will create a batch installer. You need internet access to do this. It includes everything from Java and Flash to Dropbox, to VLC, to steam, Open Office, Abiword, Skype, etc.
I could end this post right here, but I'll go on.
Tweaking: TuneUp Utilities 2006-2010
Type (License): $49.00 / Demo (proprietary)
Website: http://www.tune-up.com/products/tuneup-utilities/
The king of all system control apps. Has full features for performance tweaking, removing junk files, optimizing network settings and even theming. The 2010 version even has a turbo mode that removes system services to make your computer zip. It has so many features I can't fit them.
Privacy / Performance: CCleaner
Alternative to: TuneUp Utilities
Type (License): Freeware (proprietary)
Website: http://www.ccleaner.com
This is a free registry/cache/junk file cleaner.
Tip: Make sure you go into settings and choose to "Secure delete". Choose the DoD 3-pass clean.
Tip 2: Consider checking the box to erase "Free space" too. Not all the time because it's time-consuming.
Privacy: Eraser
Type (License): Freeware (Open Source)
Site: http://eraser.heidi.ie/
Description: Delete means delete. Microsoft considers hard drive encryption to be a feature you pay for and its filesystems are extremely insecure (FAT32 has no security, anyone can view anything, NTFS has little). Microsoft is very deceptive that Windows doesn't notify you that you're not really permanently deleting your files until you overwrite them.
Read more about eraser at Stanford's SLAC: http://www.stanford.edu/services/encryption/desktop/windows/securedelete.html
Tip: Make sure to erase any free space on your hard drive as well.
Tip 2: You can also right click your Recycle bin and securely erase your bin.
Privacy: Truecrypt
Alternative to: Microsoft Bitlocker
Type (License): Freeware (Open Source)
Site: http://truecrypt.org
Even though you'll never need it. You never know when you'll get blindsided. You could lose your laptop, have it stolen, etc. Even having one layer of weak encryption will throw off thieves and give you great peace of mind.
Lite, Effective Antivirus: NOD32
Type (License): $40/yr Subscription (Proprietary)
Website: https://www.eset.de
ASM-based virus scanner. Very low memory footprint. Fast.
It also works great when using Windows 7 as a guest (a la VirtualBox)
Free Antivirus Alternatives
AVG Free
Type (License): Free (Proprietary)
Website: http://free.avg.com/de-en/homepage
ClamAV
Type (License): Free (Open Source)
Website: http://clamwin.com
Micro$oft Security Essentials
Type (License): Free (Proprietary)
Website: http://www.microsoft.com/Security_Essentials/
Audiophiles: Foobar
Type (License): Freeware (License)
Website: http://www.foobar2000.org/
Simple, playlist-based music player with a low memory footprint.
Torrenting: µtorrent
Website: http://www.utorrent.com
Type (License): Freeware (Proprietary)
Torrent client with tons of features, oddly small size and low-memory footprint. Very stable.
Office Essentials: Open Office
Alternative to: Microsoft Office
Website: http://www.openoffice.org
Type (License): Freeware (License here)
Get all your essentials with OpenOffice. Microsoft Word, Excel and Powerpoint are too pricy.
PDF Viewer: Sumata
Alternative to: Adobe Reader
Website: http://blog.kowalczyk.info/software/sumatrapdf/index.html
Type (License): Freeware (Open source)
This is a very lite, stable PDF viewing solution.
Gaming: Steam
Alternative to: Greedy retailers like Best Buy and Gamestop
Type (License): Freeware (Proprietary)
DRM gaming. But steam takes the pain out of it. No limits on redownloading the software you purchase. Stable. Time-tested. (You can grab this with Ninite too.)
You have to pay for the games, of course. However the long-term benefits of using Steam make it worth it. It saves you from scratched CD's and managing all your cd-keys.
Steam store also offers generous software bundles of related games (Civilization, Valve, etc) and can save you tons of money.
Virtualization / Guest OS: Virtualbox
Alternative to: VMWare Workstation, VirtualPC
Type (License): Freeware (License details here)
Website: http://www.virtualbox.org
If you want to try out Linux or keep a sandbox'd operating system to do programming on, VirtualBox is will accept Windows, Linux and *BSD as guest OS's. It'll run on Linux too.
Notes: Repairing a broken G1 / HTC Dream
HTC Dream / T-Mobile G1
Recently had a situation where I borked my G1 / HTC Dream. It took me hours to fix. This isn't a tutorial on how to install third party roms or root your G1, it's more of a troubleshooting thing.
Screen would be stuck on the "T-mobile G1 Screen". If it's on there for longer than 5-10 minutes, you have have an issue.
Had to pull battery out many times.
SPL to use is HardSPL. Look here: http://code.google.com/p/android-roms/wiki/Install_Hard_SPL. To check your SPL boot holding Camera+Disconnect buttons. Hold camera to switch between Fastboot and serial.
HardSPL includes fastboot. Fastboot lets you flash recovery images when no other options are available. You can grab flashboot for Linux/OS X/Windows at http://developer.htc.com/adp.html.
Fastboot binary may require you type sudo before, for elevated use permissions.
Download the SDK for your operating system, move fastboot into the /tools folder. If on linux or OS X, chmod +x fastboot.
$ sudo ./fastboot flash recovery recovery_image.img
Recovery images. cm-recovery 1.4 is OK. However RA-Dream (amon recovery) is superior (supports adb, console and sd card mounting from it). Big time saver because you'll be transferring stuff to/from your SD card often.
Reinstalling Cyanogen sometimes means you may need to install the original HTC 1.6 image (MD5sum: b3e12b004c155761a10b1a848288e0c3) http://www.baroukh.com/adp1/signed-dream_devphone_userdebug-ota-14721.zip
For the fastboot image (no signature for updater to check against, fastboot only, MD5: a06a3d24ff4cbe5c81317e41891e6965): http://www.baroukh.com/adp1/signed-dream_devphone_userdebug-img-14721.zip
Then you can grab Cyanogenmod and upgrade via Recovery: http://forum.xda-developers.com/showthread.php?t=567610
Find Me On
Flickr photostream
Pages
Featured
- 10-plus essential applications for Windows 7
- Privacy tips for computer data and storage
- 10 reasons why ThinkPads are my favorite line of notebook
- 5 simple tips for KDE 4
Categories
- *nix
- Amazon web services
- Cloud computing
- Computer Forensics
- Config
- Debian
- Drupal
- Featured
- Freebies
- FreeBSD
- Hardware
- KDE
- Kubuntu
- Mac OS X
- Motivational
- Notes
- Open Source
- privacy
- Rackspace Cloud Servers
- Slicehost
- Software
- Sysadmin Lunchbreak
- Themes
- Ubuntu
- Uncategorized
- Windows
- Wordpress