 Re: Question about downloading personal information
"Trevor" <no-mail@msn.com> wrote in message news:f8cif8$lhj$1@aioe.org...
>I have a question about security and personal information. I access a
>server on a regular basis, I download files that contain personal
>information about other people from the server directly onto a memory
>stick, this is then transferred to another computer.
>
> The computer I use to download the personal information onto a memory
> stick is the computer I do not wish any trace of this personal information
> to exist on due to it being a shared computer. Does the act of downloading
> this information to the memory disk directly via the shared computer leave
> any trace of the personal information in the temporary memory of the
> shared computer that someone else could get access to, in effect leave
> another copy of what downloaded onto it?
>
Any information taken from a web page goes first into working memory, so may
be written to the swap file. Then it is stored in the cache until it can be
displayed or otherwise dealt with. Some people then save the information on
the desktop (or somewhere similar) before moving it to the final
destination, but we will skip that step in your case.
So, there will be a copy in the swap file, and there will be a copy in the
cache. With the screwy way IE stores temporary internet files, it is very
difficult to tell where that will be. When you delete the cache, the file
still exists in the recycle bin, and the information is still intact on the
hard drive.
The question now is, how much effort is someone willing to go to in order to
locate this information? Finding a 4k file in a 100 gig hard drive will
take considerable time. Chances are it would be easier and faster to steal
it from the web site.
> If information is left on the shared computer how can I eliminate it
> without affecting the integrity of other information on the computer?
There have been many discussions in this group about recovering data. The
consensus is that there is no convenient 100% safe way to delete data and
make it unrecoverable.
The only solution I can find would be to set up a minimal operating system
that boots from a usb drive and never accesses the hard drive. There are a
number of variations of linux which will do this, and a 4 gig usb drive is
way more space than you need.. Then make sure you have all security in place
on the server - encryption, SSL, etc.
This avoids the need for file encryption, (but that is still a good idea)
and also avoids any complications that would arise if the computer you are
using is compromised. Given that it is a shared computer (and likely running
WinXP) you can almost guarantee that it is compromised to some extent. If I
were really interested in what you were downloading, I would put in a key
logger, and a 'service' that duplicates all usb drive writes into a hidden
directory, for me to inspect later.
Stuart
 | 
Linear Mode
