When I interact with any electronic device I’m quite paranoid. When I sweep my credit card I fear that the shop could clone it. When I collect money from the ATM I check if someone is looking, I cover my hand when entering the PIN number and do fake movements with my fingers while typing it. When I browse the web, I want to make sure that nothing I want to keep secret could spill and go in the hands of someone I don’t want. When I see advertisements that are based on my search history I shiver and ask myself if there’s a way to prevent it. I never publish something that I don’t want my worst enemies to see.
I use Firefox, mainly because it is more secure than Internet Explorer, secondly because I grew addicted to some add-ons that would make me feel too vulnerable if absent.
Thinking about the risks related to browsing, my list of possible enemies (and their possible plans to steal my data) is:
- Other users of the computer (snoop personal files)
- Administrator of the computer (snoop personal files, key-logger, spyware, remote desktop…)
- Malware (key-logger, spyware)
- Thieves (retrieve passwords/secrets from stolen media)
- Detectives (retrieve browsing history and information/secrets from confiscated media)
- ISP (wiretapping)
Now I will explore more in details the scenarios and the possible defenses. Based on those scenarios, at the end I will describe my personal solution; you can skip this list if you are more interested in “how” and less interested in “why”.
- Users: This looks easy. In Firefox, most of the traces of your web browsing are in your Firefox profile folder (More information here: http://support.mozilla.com/en-US/kb/Profiles), and everything else is what you explicitly download from sites. If you can hide that folder from other users of the computer, it seems enough. Both in Windows and in Linux this is the default behavior. The problem is, if an user boots the PC with a live CD they can access everything on the hard disk. In extreme cases, they could remove the hard disk entirely, plug it and copy it on another machine and put it back in place. It’s better to encrypt your profile folder then. Windows offers EFS (http://technet.microsoft.com/en-us/library/bb457065.aspx) as an easy way to encrypt folders; it should be enough in most situations but it must be noted that is not completely secure (http://www.serverwatch.com/tutorials/article.php/2106831).
- Admin: This is hard. Dare I say impossible. An administrator has access to all the files and can install any kind of software, for example a key-logger or a spyware. You could encrypt your data, but the way you decrypt it could be monitored and your passwords could be easily retrieved. The best solution is to buy something like a netbook, connect it and browse from there.
- Malware: common sense and good software are the two main weapons against this threat. If a user does not execute programs from unknown sources the risks are very low. Add a good antivirus and a good anti spyware to the mix and everything will be fine.
- Thieves: Laptops are great, but when you lose them you realize with horror that what’s inside could be used against you. Messages from your secret lover, your boss’ dirty work proof, your passwords, your browsing habits. Everything could be stored or cached in your profile folders. One of the greatest expert of computer security explains (better than I will ever do) how to protect your data: http://www.schneier.com/essay-199.html. If encrypting everything is not what you need, but you just want to keep your browsing secret, then encrypting just the profile folder is fine.
- Detectives: This situation is awkward. Maybe you are suspect of stalking a woman, and they get an order to confiscate your hard drive, and the fact that you have naughty sites in your history won’t help the jury to think you’re innocent. Just to be clear, I’m obviously not talking about hiding the proof of an illegal action; the tool itself is neither innocent nor guilty, it’s the user. One possible security measure could be keeping the profile on a removable drive and remove all traces of that profile on the hard disk.
- ISP: Your provider could snoop your Internet traffic. They have all the tools to do it. Maybe the ISP is honest but one of their employees is not. For this reason (but not only for this reason), it is important to control that when you enter an important password or when you access a private document, the site location starts with https:// . This is a good indicator that the ISP cannot see what you are transmitting and receiving, even if it’s not completely secure (http://news.cnet.com/8301-1009_3-10129693-83.html). There are some systems that provide better security (in exchange for performance), such as encrypted proxy servers and Tor. Those services enable anonymous and encrypted traffic from your computer to their servers. If you use those systems, your browsing traffic will be as secure as the system you use (in case of Tor: very secure).
This is my personal solution for secure Firefox browsing, that assumes a PC with Internet connection, the ability to attach a USB stick and assumes having administrator privileges for TrueCrypt encrypted volume mounting. Disclaimer: This solution is presented “as is” and does not imply that you will not have security problems and is not intended to work on 100% of the computers.
- Take a USB stick drive and plug it.
- Download TrueCrypt from here: http://www.truecrypt.org/downloads.php
- Extract TrueCrypt and copy it on the removable drive.
- Open TrueCrypt from the USB stick (it is called Traveler mode, more info here: http://www.truecrypt.org/docs/truecrypt-portable.php)
- Create a new encrypted file container (100MB is enough for me) like this: http://www.truecrypt.org/docs/tutorial.php
- Mount the encrypted volume as a removable drive (e.g. on letter S:). Note that this is the part that requires administrator privileges.
- Create a new folder in the encrypted volume that will contain the Firefox profile.
- Create an icon (or a launcher) on the encrypted volume that opens Firefox with the option “-Profile <folder>”, where <folder> is the profile folder you just created.
- Close any Firefox that is running.
- Open Firefox with the newly created launcher. The profile folder will be populated with default files by Firefox.
- Install the NoScript Firefox add-on (http://noscript.net/)
- Install the CookieSafe Firefox add-on (https://addons.mozilla.org/en-US/firefox/addon/2497)
- Install the Foxyproxy Firefox add-on and setup Tor (http://foxyproxy.mozdev.org/faq.html)
- Browse the web (finally!).
- Close Firefox.
- Dismount encrypted volume from TrueCrypt.
- Choose to remove USB stick safely and when safe unplug it.
- To open the profile again, plug in the USB stick, open TrueCrypt, mount the volume and run the launcher.
Note: If you have issues regarding the lifespan of your USB stick, you can copy the encrypted volume on the hard drive, mount it from there and copy it back on the USB stick when you’re done.
If you are not the administrator of the machine you could deviate from this solution as follows (instructions for a Windows PC):
Instead of steps 2 to 8:
- Download Eraser Portable and 7-zip Portable from here: http://sourceforge.net/project/showfiles.php?group_id=151265
- Install Eraser Portable and 7-zip Portable on your USB drive.
- Go to “Start” -> “Run…” and type “%tmp%” to access your temporary directory.
- Create a new folder (named for example VaultDir) in your temporary directory that will be your vault folder.
- Create a new folder in the vault folder that will be your profile folder.
- Create a new shortcut to Firefox in the vault folder. Open its properties (Alt+Enter).
- Add the option “-Profile <folder>” at the end of the “Target” entry, where <folder> is the profile folder you just created (for example VaultDir). Clear the “Start In” entry.
Instead of steps 16:
- Create a VaultClose.bat file in your USB drive that has commands similar to the following ones:
"%cd%\7-ZipPortable\App\7-Zip\7zG.exe" u -mhe -p "%cd%\Vault.7z" "%tmp%\VaultDir"
"%cd%\EraserPortable\App\eraser\eraserl.exe" -folder "%tmp%\VaultDir" -subfolders -keepfolder -method Random 2
Notes: You should replace the directories with the correct ones. %cd% is a special variable that expands to the current directory. The -mhe option encrypts also the file names and directory structure. Eraser does not support relative paths. The “-method Random 2″ option is slightly less secure but faster. Feel free to remove this option if you want more security.
- Create a VaultOpen.bat file in your USB drive that has a command similar to the following one:
"%STARTDIR%\7-ZipPortable\App\7-Zip\7zG.exe" x "%STARTDIR%\Vault.7z" VaultDir
Notes: You should replace the directories with the correct ones. 7-Zip extract command does not want absolute paths as destination.
- Run VaultClose.bat. It will ask for a password, then it will compress and encrypt the vault folder and securely delete the uncompressed one.
- When you want to access the secure profile you can run VaultOpen.bat and enter the password. The vault folder will be populated and opened in an explorer window, and then you can run the Firefox launcher.