Computer Security and Privacy – Additional Steps

The steps outlined in Basic Computer Security and Privacy are a good place to start but may not be enough for some users.  I know I prefer on some occasions to take additional steps to better protect my privacy and anonymity.  To me anonymity is a right, but one that is almost impossible to obtain. Governments fear anonymity for obvious reasons.  In my opinion the benefits of privacy and anonymity outweigh the costs.

When you surf the web you are leaving your IP address on the servers of the web sites you visit.  It makes it easy for them to identify you.   They also load cookies into your browser so they can monitor your visits and in some cases track you around the web.  I’m not the most technically proficient person out there so I like to keep things simple.  If you don’t believe how serious the threat to your privacy is try reading Bruce Schneier’s book Data and Goliath.  If this doesn’t open your eyes nothing will.  You may also be interested in how certain government agencies hack computer systems to get evidence of criminal wrong doing.

First off, if you run Windows don’t expect much privacy or anonymity.  But since most people do run Windows there are a few things you can do to make things better from a privacy standpoint.  The nice thing about Windows is that there is a lot of software that will run on it.  That gives you choices.  Here are some recommendations that can help keep others from easily discovering your online travels.  First, follow the steps in the basic security guidelines elsewhere on this site and then:

  1.  In Windows try installing Sandboxie.  I like this tool because it allows you to run programs sandboxed.  You can run Firefox, Chrome or Tor browser in Sandboxie.  A sandbox is a great way to protect your computer from malware, ransom-ware and zero day threats.  Threats are isolated in the sandbox and prevented from making changes to your operating system.  It takes a pretty sophisticated attack to break out of a sandbox.
  2. Run your browser (I prefer Firefox) in private browser mode and be sure to run CCleaner or Bleachbit when you’re done browsing.  Be sure to configure your cleaning utilities to wipe data with 5 or 7 passes and include Sandboxie and  your browser in the list of applications to clean.
  3.  Use a VPN for moderate privacy.  A VPN is a virtual private network that gives your traffic an encrypted tunnel to the internet.  It replaces your IP address with the IP address of the VPN’s servers.  It also encrypts your traffic so that your ISP can’t monitor your web browsing and see what you’re looking at.  All it can see is that you have connected to a VPN.  VPNs are by no means perfect.  Your VPN provider can see what IP address you are connecting from and if they are dishonest they can track your movements.  They also have records of your payments.  Stay away from the free VPNs (they can’t be trusted) and subscribe to one that takes privacy seriously.  When evaluating a VPN provider I would want to be sure that they at least claim not to keep logs, they are headquartered in a country with good privacy laws (NOT the US or UK), and that they take bitcoin and/or cash payments.  Some good VPN reviews can be found here.   Remember, VPNs are a business and no company is going to go to jail for you or go out of business to protect you.  Consider yourself warned.
  4.  Very that your IP address has been changed and that no DNS leaks are occurring.  I like DNS Leak Test for this purpose.  Run it to make sure your IP address is not your own and that your DNS server is not the one you normally use.
  5.  Use the Tor  browser for sensitive browsing.  Tor obfuscates your IP address so that you can’t be tracked online.  Read a brief description of how it works here.  It also encrypts your traffic so that your ISP can’t see what your looking at online.  All they can tell is that you are connected to Tor.  It bounces your encrypted connection through several hops and utilizes perfect forward secrecy such that you can’t be tracked.  It isn’t perfect (read the warnings at their website) but it is a lot better than nothing and far more anonymous than a VPN.  Remember though, that data leaves the Tor exit nodes unencrypted and can be monitored at that point so be mindful not to expose sensitive data.  It can also be exploited through browser hacks and malware so be careful and run it in a sandbox!
  6. Consider Whonix for very sensitive browsing.  I have written about Whonix here.  Whonix utilizes a Virtual Machine (like Virtualbox) to route all your traffic through the Tor network.  It is a two part systems consisting of a gateway machine and a workstation.  The system is designed to make leaking your true IP address virtually impossible.  It is definitely worth a look.
  7. Finally, if your are James Bond and have some very very sensitive browsing to do or data to work with then Tails is the system for you.  Tails is a “live system” that runs from a CD, USB, or SD Card.  It forces all your traffic through the Tor network.  If an application tries to connect to the Internet outside of Tor it is shut down.  It is designed from the ground up with privacy and anonymity in mind.  It supports encryption of data, encrypted chat, and more.  You can use it to encrypt data on a hard drive or USB stick.  It is a full blow OS with office tools and other amenities.  Visit their site for a full description as it would take too long to list everything here.  To my knowledge it is the best privacy system out there.  It runs in RAM so it does not utilize the computer’s hard disk at all.  When it shuts down the RAM is erased and no trace of your activity on the computer is left.  Nice.  Of course, your ISP can tell you are connecting to Tor when you use it so be mindful of that.

8.  When you are working with sensitive data always store it on an encrypted drive – like an external hard drive or USB stick.  You can use Veracrypt or some other encryption software to create an encrypted drive and I highly suggest you do.  It would defeat all the privacy enhancing steps above if you left your sensitive data on an unencrypted drive for anyone to see.  Veracrypt is a good choice.  It recently passed an audit and has a good reputation.  It allows you to create a hidden container on a drive or device.  This hidden container would contain the sensitive data while the outer container would contain decoy data.  If you’re forced to decrypt the data just decrypt the outer container. Sneaky and pretty smart, huh?   Visit their website to learn more and don’t forget to use a strong passphrase.   It would be foolish to have great AES encryption protecting your data but a password like “pencil” that can be brute forced in a second.

9.  Check out what the EFF has to say about surveillance self defense.  They have complied even more great tips that anyone can and should use to protect themselves.  These folks do great work so check them out!

Well, that’s all I have on this topic for now.  Happy computing and stay safe!