 | By Ian “Gizmo” Richards
If you share a PC with someone at home or work, you have pretty good reasons for wanting to keep your Internet activities private.
Yes, it’s easy to cloak your surfing history from casual eavesdroppers, but hiding your browser tracks from determined, technically skilled users is actually quite challenging.
|
Simple solutions for maintaining your privacy
The fact is, if the FBI or some other powerful entity wants to see what you’ve been doing on the Internet, there are probably no precautions you can take to prevent them from tracking you. Privacy — like security in general — is
never absolute, only relative.
Fortunately, few of us need to worry about hiding our activities from the FBI or other law-enforcement agencies. To ensure the level of privacy protection Joe and Jane Citizen require, there’s is a lot that can be done.
The most common privacy requirement is to erase your Internet-usage history. In recognition of this need, most browsers let you clear your history with just a few clicks.
In Internet Explorer 7, click Tools, Delete Browsing History to bring up a panel for deleting temporary Internet files, cookies, history, form data, passwords, or the lot.
Figure 1. Internet Explorer 7′s Delete Browsing History settings provide only a handful of privacy options. To view the privacy options in Firefox 3, click Tools, Options, Privacy. Firefox’s privacy settings provide somewhat finer control than those in IE 7, including the option to delete your browsing history and other private data automatically each time you close your browser.
Figure 2. Firefox 3′s privacy settings let you clear your history and other sensitive data each time the browser closes. These seem like attractive options, but they’re not necessarily as convenient as you might wish. They’re also not as safe as you might hope. Here’s why:
I can’t ever imagine wanting to erase my entire browsing history or all my cookies. I regard these as assets that make my browsing more efficient. Sure, there are times I might want to erase all traces of a particular browsing session, but I certainly don’t want to remove all my sessions.
Selectively erasing Web history is not an option in the current versions of Internet Explorer and Firefox, though you can do so in Apple’s Safari browser. Future versions of IE and Firefox are likely to include this capability, but as of today, you need to look elsewhere for a solution.
Firefox users have at least two free extensions that allow you to selectively turn off browser history, cookies, and the collection of other private data during a particular surfing session.
The Distrust extension for Firefox disables the use of a disk cache and sets all cookies to expire at the end of the session. When Distrust is turned off, you’re given the option to delete the Internet history accumulated while the extension was enabled.
You can also use Distrust to erase any record of items downloaded during the session, as well as forms search data and Flash cookies. Distrust is available for download on this
page.
The second selective-erase extension for Firefox, Stealther, works a little differently. This add-on temporarily disables browsing history, address bar auto-complete, cookies, file download history, disk caching, and the list of recently closed tabs.
Stealther’s technique seems superior to Distrust’s strategy of deleting files at the end of the session. However, I have read reports of reliability problems with Stealther. You can download Stealther from this
page.
I’m not aware of any free add-ons for Internet Explorer 7 that provide session-based deletion of private data. However, the beta of Internet Explorer 8 includes some of this functionality via an option that “lets you keep cookies and temporary Internet files from Web sites saved in your Favorites list,” according to Microsoft.
While useful, that’s not quite so convenient as the level of privacy control you get with the Distrust and Stealther extensions for Firefox.
Erased browser histories may be recoverable
Along with the lack of selective session-based privacy, my other main concern about using your browser to clear your private data is the possibility the erased data may be recoverable.
As most Windows users are aware, it’s often quite possible to restore a file that’s been “erased.” Indeed, there are many utilities available just for this task, one of which is the excellent freeware program Recuva (
more info).
This means that, even if you delete your browsing history and other personal data, any reasonably skilled PC user may be able to recover it.
That’s bad enough, but the situation actually gets worse: it’s quite possible Windows has secretly stored a copy of your Web history before it was erased.
This can happen in many different ways. For example, the Web pages you visited may have been indexed by your desktop-search program. Also, your surfing history could have been saved by an automatic Windows System Restore. Additionally, a record of your Web activities may have been saved by a background-backup or drive-imaging program. The list goes on and on.
And that’s just the risk on the PC workstation itself. It’s almost certain that there are additional traces of your Internet activity residing on your ISP’s server or, worse still, on your company’s server. Then there are the records held by the Web sites you visited, many of which may have logged your Internet connection’s unique IP address.
So, how big are these risks? They’re not huge, but they’re large enough to be of real concern to anyone who places a high value on the confidentiality of their browsing activities. If that’s you, then read on.
A more-robust solution for browsing privacy
You’ll gather that it’s really difficult to surf without leaving some trace of your activities on the PC. It’s equally hard to browse without leaving some trace of your activities on your ISP’s servers or the sites you visit.
There’s a solution to this mess. It’s not perfect, but it comes close.
Rather than surf from a browser running on a PC, use a browser that launches from a USB flash drive that you connect to the PC. Virtually all record of your activities will then be held on the USB drive. When you remove the drive, you remove all record of your Web activities.
It’s a neat solution and one made easier by the fact there are free portable versions of Firefox, Opera, and other browsers available. Just download the portable version, copy it to your flash drive, and run the browser directly from the removable drive. When you finish surfing, unplug the drive and put your history in your pocket.
Portable USB drives let you stop worrying about leaving traces of your surfing from your PC, but the problem of ISP and Web-site records remains.
There is a solution for that as well: use a portable version of Firefox or Opera that comes preconfigured with the Tor anonymizing service.
Tor is a free service that channels your Internet connection through a chain of servers in such a way that your identity is cloaked. Furthermore, the link between you and the first Tor server is encrypted, so even if somebody eavesdrops on your Internet connection, they couldn’t decipher your activities.
The net effect of the Tor-portable browser combination is that your ISP no longer holds any decipherable records of your activities. Nor do any of the sites you visit. And because you’re surfing from a USB stick, there will be no record of your activities on the host PC into which you plugged your USB drive.
I can recommend two different free programs for this purpose, the first of which is Arche Twist’s OperaTor. As the name implies, the program is a portable version of the Opera browser preconfigured with the Tor anonymizing service. You’ll find more information about OperaTor and a download link for the program on this
page.
The second Tor-portable browser combo is the XeroBank browser. This is a special portable version of Firefox that — like OperaTor — is preconfigured with Tor (
download page).
Even though Firefox is my browser of choice, I prefer OperaTor because it’s faster and easier to use than XeroBank. Also, the strong up-sell from XeroBank’s developer to purchase the commercial version of the company’s product puts me off.
Note that XeroBank triggers a security warning from some antivirus programs. These are false alarms, as the product is 100% clean. Still, the alerts are truly an annoyance.
Limitations of browsing via an anonymizer
What are the downsides of using a portable Tor browser?
First, browsing using the Tor service can be slow — sometimes agonizingly slow.
Second, you need to worry about the physical security of your USB flash drive, which contains sensitive records of your browsing activities.
Finally, neither Tor nor the two portable browsers I mentioned support all Internet activities. For example, OperaTor supports only HTTP and HTTPS, so if you use OperaTor’s integrated e-mail or IRC client — or if you visit sites that use Java, JavaScript, or BitTorrent — your anonymity cannot be guaranteed. The record of your surfing history will be securely held on your USB drive, but you may lose your browsing anonymity.
There are other private-browsing solutions that offer fewer downsides in exchange for a little more complexity. These include using a sandbox for surfing, Linux Live CDs, virtualization solutions such as VMWare, and system-restore products such as Norton GoBack. I’ll look at these alternatives in detail in future columns, but in the interim, do try OperaTor; I think you’ll be impressed.
Ian “Gizmo” Richards is senior editor of the Windows Secrets Newsletter. He was formerly editor of the Support Alert Newsletter, which merged with Windows Secrets in July 2008. Gizmo alternates the Best Software column each week with contributing editor Scott Spanbauer.
Access more memory, even on a 32-bit system
By Brian Livingston 
By Susan Bradley
