How to Keep a Secret

This page is all about keeping private information private. How far you are willing to go to do this will depend on how important it is to you and your level of paranoia – how badly you think others want your information.  Remember – “others” is no longer just bored teenagers, it is organized crime.

“Just Because You’re Paranoid, Doesn’t Mean There Isn’t Somebody Following You”

Step 1. Secure your own computer.

Depending on your level of paranoia, here is a ranked list of things to do to make your computer/computing more secure.

Stop using Internet Explorer

Internet Explorer is a primary vector for malware infection of your PC. Some of this malware is specifically designed to capture and return your confidential information.

Use something else, such as FireFox instead. Whatever you use, be sure to apply all the security updates soon as they become available.

Stop using Outlook

After IE, the next most popular vector for malware is Outlook.

Outlook is often used by malware for propagation from your PC to everyone in your address book. One virus sends random files (possibly your confidential information) from your hard drive to people in your Outlook address book.

One good alternative is Thunderbird. It is more secure and has the Enigmail pluggin available.

Stop using Windows

Lets face it. Security and MS Windows are mutually exclusive. More than 99% of all malware is dependent on Microsoft operating systems or applications.

Pick any other OS. Apple, Linux, any other Unix are all safer than Windows. If you choose Apple, you still need to avoid MS Office applications. There are malware programs that are embedded in Word files and sent as attachments.

If you really “have to” use Windows, read Tim Richardson’s article on Healthy computing to learn how to make your computer more secure.

Sanitize your computer

All operating systems have some vulnerabilities. Patches are made available as these are discovered. Keep your OS and applications up to date with the latest security patches.

Keyloggers are your worst nightmare. They monitor your every keystroke and report back to someone. They are a popular way of getting people’s credit card and on-line banking information.

If you have moved off Windows, you have escaped all the non-targeted malware including keyloggers. However, if someone is specificly after your information, they may still find a way to install a keylogger or other spyware.

Check the products page for intrusion detection software that can help you determine if spyware has already been installed on your computer.

Short of disconnecting from the internet, something to seriously consider when you are not actively using it, you can configure your computer to respond to a minimal set of port numbers. This is standard security practice. More information can be found on our links page.

Don’t Share Secrets with a Blabber Mouth

Or even someone who talks in his sleep.

Step 2. Choose your confidants very carefully.

Even assuming absolute loyalty, people who do not practice computer security at least as well as you are a risk. Do not share secrets with them.

Without Physical Security the Rest May Not Matter

Although you may have perfectly secured your computer from an internet based intrusion (unlikely), if you are targeted, your adversaries may try to gain physical access to your information.

Step 3. Lock the windows and bolt the doors.

Laptop computers are easy to steal. Any data kept on one must be well encrypted. In fact, confidential data on any computer should always be encrypted.

Don’t forget your backups. Backed up data should also be encrypted and stored in a safe location. Stealing a backup is easier than stealing a computer and it is likely to take longer to be discovered. I once witnessed a defence contractor who was very security conscious leave backup tapes on a table under a first floor window. Someone armed with only a brick could have stolen them and been gone in 15 seconds.

How do you backup your data? How do you keep it safe?