How can I use a computer securely and privately
June 8, 2009 3:33 AM Subscribe
How can a competent but not technical geek person browse internet as securely and privately as possible, keep files private on a pc etc? Linux distro? specifics -
Hi. I'd like to be able to use my computer as securely and privately as possible and am prepared to do more than average to get there, but don't want to become highly skilled at security. Is it possible to develop a straightforward plan to follow? I'd like to keep things as clean and simple as possible, without exessive time spent troubleshooting/tweaking. That said, I am as good as the next person at using computers understanding concepts etc.
I hope you get a sense that I'm not immoral or illegal...however I do browse a wide range of things, and don't trust the gov etc not to put 1+1=3.
The issues I thought of were:
Browsing securely and privately - how can I set up a computer to do this? I'm prepared to put a linux partition on my (pc) laptop - I've used Ubuntu before..can this be set up well or maybe theres a distro specifically designed for this. It would be handy if it had all internet mod cons like audio, flash pdf etc. It would also be handy if say it could save files to a data drive shared with windows partition.
Can it be set up to leave no traces on the pc? Similarly, could I store files in a hidden encrypted format?
Can I make my computer as secure as possible against being cracked over the net or by someone present? Yeh, I do think it's possible someone could try!
ISP - I can't hide from my ISP presumably...are there ones that specialise in privacy, that won't share your information at the drop of a hat? In the UK?
My practises - how can I make them tight, so there are no obvious holes in security from how I'm using the machine.
Using public wifi - is this a good alternative if you don't want an ISP storing your history? How to use it to best advantage.
And also anything I haven't thought of.
Cheers!
Hi. I'd like to be able to use my computer as securely and privately as possible and am prepared to do more than average to get there, but don't want to become highly skilled at security. Is it possible to develop a straightforward plan to follow? I'd like to keep things as clean and simple as possible, without exessive time spent troubleshooting/tweaking. That said, I am as good as the next person at using computers understanding concepts etc.
I hope you get a sense that I'm not immoral or illegal...however I do browse a wide range of things, and don't trust the gov etc not to put 1+1=3.
The issues I thought of were:
Browsing securely and privately - how can I set up a computer to do this? I'm prepared to put a linux partition on my (pc) laptop - I've used Ubuntu before..can this be set up well or maybe theres a distro specifically designed for this. It would be handy if it had all internet mod cons like audio, flash pdf etc. It would also be handy if say it could save files to a data drive shared with windows partition.
Can it be set up to leave no traces on the pc? Similarly, could I store files in a hidden encrypted format?
Can I make my computer as secure as possible against being cracked over the net or by someone present? Yeh, I do think it's possible someone could try!
ISP - I can't hide from my ISP presumably...are there ones that specialise in privacy, that won't share your information at the drop of a hat? In the UK?
My practises - how can I make them tight, so there are no obvious holes in security from how I'm using the machine.
Using public wifi - is this a good alternative if you don't want an ISP storing your history? How to use it to best advantage.
And also anything I haven't thought of.
Cheers!
Privacy at the PC end:
Rather than leaving no trace, make no trace: Boot and run from a live CD that uses only RAM-disk. When you're done, power down the PC and let the RAM contents die.
In the middle:
Make all connections through a proxy or a (publicly available) VPN so your traffic, as seen by the ISP, goes only to the proxy. Realize that the ISP and the VPN/proxy (unless it's free and anonymous) will have a record of your having been active at a particular time. The proxy will know where you go, so go only to TOR.
Wherever you visit:
Use TOR to get from the proxy to everywhere else. Don't do anything by which you may be recognized nor offer any personal data, e.g., by logging in anywhere, purchasing anything, etc.
Use Firefox and begin your session by installing one of several extensions that block sending of referrer information when you follow a link (wouldn't identify you, but could assist an interested party tying together your visits to several sites).
posted by TruncatedTiller at 5:32 AM on June 8, 2009
Rather than leaving no trace, make no trace: Boot and run from a live CD that uses only RAM-disk. When you're done, power down the PC and let the RAM contents die.
In the middle:
Make all connections through a proxy or a (publicly available) VPN so your traffic, as seen by the ISP, goes only to the proxy. Realize that the ISP and the VPN/proxy (unless it's free and anonymous) will have a record of your having been active at a particular time. The proxy will know where you go, so go only to TOR.
Wherever you visit:
Use TOR to get from the proxy to everywhere else. Don't do anything by which you may be recognized nor offer any personal data, e.g., by logging in anywhere, purchasing anything, etc.
Use Firefox and begin your session by installing one of several extensions that block sending of referrer information when you follow a link (wouldn't identify you, but could assist an interested party tying together your visits to several sites).
posted by TruncatedTiller at 5:32 AM on June 8, 2009
The thread that burnmp3 links to mentions TrueCrypt, which I've been using for some time to protect work-related documents on my laptop. It's really, really good stuff and the price is right. This article talks about securing your Firefox profile via TC (the article comments have an important note about temp file, so take a look there too).
posted by jquinby at 6:03 AM on June 8, 2009
posted by jquinby at 6:03 AM on June 8, 2009
You can use TrueCrypt to encrypt a VMWare virtual machine. This means that anything that happens inside your VM -- downloading files, browser history, documents, etc -- are only available while TrueCrypt is running and you've chosen to unlock the volume. Once you close it, everything is encrypted and can't be touched.
You would essentially have two operating systems: Your regular OS, which has a copy of VMWare installed, and your VM-OS, which is stored inside of a TrueCrypt volume that is only ever decrypted when you want it to be.
posted by Jairus at 7:12 AM on June 8, 2009
You would essentially have two operating systems: Your regular OS, which has a copy of VMWare installed, and your VM-OS, which is stored inside of a TrueCrypt volume that is only ever decrypted when you want it to be.
posted by Jairus at 7:12 AM on June 8, 2009
HowTo: Setup and Benchmark Encrypted Partitions in Ubuntu
posted by chrisamiller at 9:29 AM on June 8, 2009
posted by chrisamiller at 9:29 AM on June 8, 2009
Best answer: Why bother doing it yourself when those linux people do it for you?
Incognito OS Live CD + full disk encryption on a decently sized USB key for your file storage needs, and you're good to go.
posted by Mach5 at 11:40 AM on June 8, 2009 [1 favorite]
Incognito OS Live CD + full disk encryption on a decently sized USB key for your file storage needs, and you're good to go.
posted by Mach5 at 11:40 AM on June 8, 2009 [1 favorite]
Mach5: "Why bother doing it yourself when those linux people do it for you?
Incognito OS Live CD + full disk encryption on a decently sized USB key for your file storage needs, and you're good to go."
This is your best bet. Incognito as an OS. Truecrypt with hidden volume if desired. Public wifi/wardriving/cantenna-stolen connection for all interntet access. GPG for all email. All fairly striaghtforward and should provide more than enough security if you're not doing anything illegal.
posted by turkeyphant at 6:10 AM on June 9, 2009 [1 favorite]
Incognito OS Live CD + full disk encryption on a decently sized USB key for your file storage needs, and you're good to go."
This is your best bet. Incognito as an OS. Truecrypt with hidden volume if desired. Public wifi/wardriving/cantenna-stolen connection for all interntet access. GPG for all email. All fairly striaghtforward and should provide more than enough security if you're not doing anything illegal.
posted by turkeyphant at 6:10 AM on June 9, 2009 [1 favorite]
Response by poster: That looks perfect for me. Thanks. Bested FWIW.
posted by Not Supplied at 8:31 AM on June 9, 2009
posted by Not Supplied at 8:31 AM on June 9, 2009
Response by poster: That looks perfect for me. Thanks all. Bested FWIW.
posted by Not Supplied at 8:31 AM on June 9, 2009
posted by Not Supplied at 8:31 AM on June 9, 2009
I think that you should use a LiveCD like Ubuntu Privacy Remix 9.04
posted by wgl1 at 4:04 AM on July 13, 2009
posted by wgl1 at 4:04 AM on July 13, 2009
« Older Increasing the number of items in the "Move to... | Help me plan some amazing Baltic summer travel. Newer »
This thread is closed to new comments.
This recent thread has some answers for this question.
posted by burnmp3s at 3:45 AM on June 8, 2009