Windows 7 and privacy issues

Soon I'll buy a new computer and it seems only natural to install Windows 7 64 bit as the OS.

I'm not worried about backdoors, although I suspect there are vulnerabilities that could be exploited to work as a backdoor.

Windows has the unpleasant 'feature' to store information/data at all sorts of places, and to retain that even if a document has been erased.

Currently I use Windows XP.

What's new ? I know about the windows volume shadow copy. There is more.

I have the old-fashioned idea that whatever I write should be private, and not be 'archived' and possibly sent out when the computer is connected to a network, the network being the internet or something else.

The new computer is not primarily intended for internet access, but it should be able to connect to the internet when I feel the need.

For regular browsing I can use my old computer, for as long as it remains functional.

So, what are the privacy issues, and how can one deal with those ? Or is it a lost cause ?

 

It's a lost cause. I'd use Full Disk Encryption. I use DiskCryptor 0.9 (http://diskcryptor.net/wiki/Downloads/en).

What you want is layers of privacy protection.

Disable thumbnail caching, indexing, and System Restore as a starter. Disable Hibernation. Don't use Microsoft products whenever possible. Run portable versions of tested software so as to avoid the Registry. Turn off the system pagefile, assuming you have more than 2GB of RAM. Delete files to the Recycling Bin and then use Eraser to pseudorandom one-pass wipe them.

Then regularly run system cleaners (CCleaner, BleachBit, R-Wipe&Clean, NirSoft CleanAfterMe, etc.)

I'd also recommend using a privacy service like XeroBank. It is worth it. Don't use the web without being anonymized some way.

Check out this site: http://www.irongeek.com/i.php?page=videos/anti-forensics-occult-computing

Have fun. The more you learn, the more you will realize you cannot get "it" all cleaned. ;-)

 

Also see:

http://blackopsecurity.net

 

If you use Returnil, what can be saved?

 

Thanks, it's a lot ! Indeed, it seems to be a lost cause.

What about a different OS, or dual booting ? I'm thinking Linux or something else. How is that for privacy ?

 

I've never used it. Returnil returns the system to a previous state ?
How do you keep and protect a document with Returnil ?

 

Yes. It creates a virtual copy of your OS. When you restart your computer, nothing ever happened. It was all just a dream....LOL! Evidently there is a dat file but Returnil has included a wipe option in "Preferences" under the "System Safe" tab.

A guy from China posted at the Returnil forum and asked if it left any traces that the Chinese government could find with forensic tools. The Returnil Rep (Mike) stated first that Returnil was not created as a privacy tool, but he did say that if you have the wipe option checked that there would be nothing there for a forensic examination to recover.

As for saving files? The paid version of Returnil has some extra features which include a way to save a file. But I use the free version. When I download movies or music or whatever, I just transfer them over to my externil hard drive. Or sometimes I save documents to a USB stick. There are other options too. You could zip it, encrypt it, and upload it to a free Mediafire account or store it in an email etc... But as far as I can tell, if you use returnil on a clean system, you would not even need to wipe it before selling it because there will be nothing there to wipe..

 

Caspian, thanks !

 

FULL DISK ENCRYPTION

You can play around with eraser programs all like, you will never be able to find and delete all the hidden reg entries and hidden files. I guess there's the option of something like returnil/Deepfreeze.

 

Yes you should definitely be using Linux and not Windows. Give Ubuntu a try first and see how you like it. It provides an option for full disk encryption during installation if you use the "alternate install CD." Also, Linux has no registry at all, so there is no need to fear "remnant" registry entries.

 

To add to caspian's post, with Returnil you can also save documents on a different partition other than the partition with Windows on it.

 

I have Deep Freeze on a desktop and Returnil on my laptop. Wouldn't be without these programs. Great for security purposes obviously (reboot and malware is gone); but also the best privacy tools I can think of (reboot and, as caspian put it, activity never happened ). Between the two programs I use, I give the nod to Returnil for use as privacy tool.

 

No-one's mentioned Bitlocker here.

Any reason why? Any issues with it?

Just curious

 

If ERUNT works on Win-7, you could make a full registry backup before you put any personal data or web browsing records on the PC, then restore to that registry after each session. There'd be no usage records in the registry. The downside is that the system would be static unless the user set up a procedure specific for updating and installing.