Without A Trace: Turn Your Flash Drive Into A Portable Privacy Toolkit

2
Without A Trace: Turn Your Flash Drive Into A Portable Privacy Toolkit

Whether you’re trying to increase your security at an internet cafe, tunnel your way to your home computer from your cubicle, or leave no trace on your friend’s borrowed computer, a flash drive turned portable privacy toolkit is invaluable.

Photo by Dave Boyer.

Flash drives are enormously handy for carting around files, taking portable applications with you, and serving as a mobile computing base when you’re away from home. They’re also excellent tools for increasing your privacy when you’re away from your home computer. Below, I’ll point you towards methods of setting up secure connections with SSH and round up a few of your best options for SSH-friendly applications; then we’ll look into encrypting data, permanently erasing data and otherwise covering your tracks on any machine you’re using.

Before we begin, a big fat disclaimer is in order. Working from a flash drive privacy toolkit, in most situations, is rife with compromises. There is no way to, for example, set up a totally bulletproof system for browsing privately and anonymously from work. You can dodge IT, you can encrypt and tunnel, you can worm your way around security measures, and you might even be able to do it without getting caught. Doing so is grounds for termination at many companies, however, and the IT admins frown heavily on users who punch holes in the firewall. If you absolutely must alleviate the boredom of your workday by streaming music from your home PC or browsing “off record” from your office, your best bet is to bring a netbook and tether it to your mobile phone so all your activity occurs completely off the company networks and remains undetectable by your corporate overlords.

All of that said, the following tricks and applications push the limits of what the humble flash drive and non-administrative rights can do. We know you’ll find more than a few tricks that will make life from your flash drive toolkit more secure and your computer activities more private.

Down the Rabbit Hole We Go: Everything via SSH

Whether you’re trying to get around a pesky firewall, or you’re trying to secure your laptop’s wireless connection against sniffing at the local coffee shop, Secure Shell (SSH) tunnelling is your friend. If you’re unfamiliar with SSH tunnelling, it’s largely what it sounds like: a secure “tunnel” is formed from the client machine (the remote terminal you’re working at) to the host machine (your server) and everything that passes through that tunnel is hush-hush to observers on the surrounding network. Observers with proper access to the network can see the tunnel, they can see that data is being transferred, but they can’t get at the contents. Whether you’re streaming high quality audio, high quality video or just performing a remote disk backup, the specifics of your activity remains unknown to anyone watching the transfer. Photo by vkramer.

We’re not going to rehash setting up a personal SSH server and how to encrypt your web-browsing session with an SSH SOCKS proxy in this guide, because we have two excellent prior guides on the topic. Check out how to set up a personal, home SSH server to get started, then take a stab at encrypting your web browsing session with an SSH SOCKS proxy. Those two guides will get your home server set up and show you the basics of setting up Firefox to use a SOCKS proxy server. That knowledge will come in handy for configuring the proxy servers in some of the later apps we’ll be looking at.

Once you have a server setup, you’ll need some way to connect into it remotely. Our prior guide discusses clients, but we’re going to highlight some flash-drive-friendly examples here.

KiTTY:PortaPuTTY

Web Browsers: Once you have your SSH tunnel set up, picking your portable browser is largely a matter of preference. Always, always, configure your portable browser ahead of time so that things are running smoothly by the time you need to securely browse from your remote location. As we noted in our guide to setting up encrypted web-browsing sessions, you must configure your web browser to send DNS requests to your proxy server to bypass the local DNS server. Not only does sending DNS requests to the DNS server used by the local machine often lead to errors that render your proxy-driven-browsing impossible to use, but it defeats the whole purpose of setting up a SSH tunnel if you’re broadcasting all your DNS requests to the local host and network. You can find portable versions of your favourite web browsers here: Firefox, Chrome and Opera.

Thunderbird: If you conduct all your email and contact management through a web-based email service like Gmail, then your browser+SOCKS proxy setup takes care of your email needs. If you require a desktop client to access your email, however, you’ll need a proxy-friendly client on your flash drive. Mozilla Thunderbird is an open-source and feature-rich email client you can take with you, set to use your proxy server, and enjoy robust and secure email management away from home. You can read more about Thunderbird in our previous guides to making Thunderbird your ultimate messaging hub and upgrading it with extensions.

Pidgin:encrypted chat

Selecting Additional Communication Apps: Regardless of what kind of applications you’re adding to your flash drive tool kit, if they need to communicate with the outside world, they need to be proxy-friendly. If you can’t configure the application you need to use your proxy, then you’ll have to accept that its transmissions will be occurring outside your secure tunnel. Thankfully SOCKS proxies are an old — but dependable! — and incorporated in many applications.

Encrypt, Erase and Cover Your Tracks

Encyption on portable media is tricky. The most comprehensive encryption tools require administrative access, which is rare when you’re using a computer at work or away from home. This rules out powerful tools like Truecrypt for inclusion in a portable toolkit — yes, Truecrypt has a traveller-mode, but it’s a poor compromise given what Truecrypt can do with full administrative powers. With the restrictions of portable drives and non-administrator privileges in mind, we’ve put together a grouping of applications that are still functional, even if you’re sitting on a guest account. (If you’re still interested, here’s how to encrypt your thumb drive with Truecrypt — you’ll just require admin access to get to the data, which most of the time isn’t an option.)

FreeOTFE Explorer:

LockNote:

KeePass:eight great KeePass plugins hereLastPassone of our other favourite password-management solutions

Neo’s SafeKeys:extensive FAQ file here

Eraser: Encryption is great, secure browsing is awesome, but sometimes you just need to nuke a file or two to ensure anyone that comes after you won’t be snooping around in them. Eraser Portable is the portable version of the popular Eraser tool. Eraser is extremely simple to use, but don’t let the simple interface fool you; its ease of use conceals a comprehensive overwrite tool that ensures nary a trace nor write-cached version of your file remains when the erasure is completed.

At this point you’ve got a solid privacy toolkit that will help you encrypt files, tunnel your traffic securely from the remote machine and securely erase files. Have a favourite tool you think should be included in this kit? Let’s hear about it in the comments. Don’t forget to highlight the benefits and compromises that come with using your favourite privacy tool.

Comments

  • If you’re doing all of this over ssh proxy anyway, then you can skip a few of these programs and just have a console app installed on your home computer (With some added security benefits). The only requirement is you’re vaguely comfortable with the terminal.

    I never, ever take sensitive documents with me – they stay encrypted on my come computer, and I just use putty portable/nano. Same goes for IM – if you have pidgin installed at home, you can set up finch (the console-based version) to run off the same configuration directory. It’ll save you the trouble of adding/removing accounts twice and supports mouse input to make it a bit easier on you.

    Really, I find less and less reason to actually carry around potentially valuable information and files when most computers seem to be permanently connected to the internet.

Log in to comment on this story!