Filed under: Internet, Security, Utilities, Features
Keeping it private (and safe!) on public computers
Even if you have a computer at home, on occasion you'll find you need to use the public computers at a library, internet café, or your local copy shop. Traveling, technical glitches at home, or the sheer convenience of checking on something right now brings almost everyone to a public computer once in a while. It brings a few people -- whether they own computers or not -- to public computers daily.I have a confession to make. In a former life, I was a systems librarian. I know what's on public computers. No, I don't have your personal information. I removed that from the public computers, along with a lot of keylogging software, viruses, and spyware. What I do have is a few little tricks to keep your private information private.
The cardinal rule of public computing is the most obvious. It's also the one most often broken. Sometimes there's no avoiding breaking it. Sometimes, though, it seems there is a digital variety of the "belief in immortality" that's usually attributed to young adults. This digital immortality seems to affect people of all ages.
The cardinal rule? Don't put private information on a public computer. This means, despite the fact that the IRS encourages electronic filing, don't file your taxes online at the library. If you have no other access to a computer, file the old fashioned way. Trust me on this. It maybe faster and easier to do online, but not if your entire family's social security numbers are picked up by a keylogger.
The cardinal rule also covers more mundane things, though. When you access sites with a "Remember Me" option, make sure it's unchecked. Be sure to physically log out when you're done. It seems really paranoid and obvious, and people still don't do it. If I had a dollar for every library patron that opened up Yahoo! mail and asked me why they were getting l0v3rboi6969's messages.
So what if you do have to break the first commandment of public computing? What if your old computer is in a smoldering heap on your desk at home, and you have no choice but to order one from an online retailer? There are a few things you can do.
Ask your friendly library professional, or internet café attendant, whether the desktop session resets on log out. If it doesn't, you have two options. You can either ask permission to clear the cookies, cache and temp files yourself, or you can ask your friendly library professional or internet café attendant to do it for you (if the computers are locked down, they'll have to). If the desktop session does reset, ask if it clears cookies, cache, and temp files, or any combination thereof. I've seen some software designed to erase sessions that really doesn't work as desired.
Another alternative is to BYOB (bring your own browser). Portable applications are great. You can install web browsers, mail clients, and office suites on flash drives, and bring them with you. Since you're not installing anything on the host computer, and because many portable apps keep your associated information on your flash drive, they're an excellent way to keep your data safe and the systems librarian happy.
Be aware, as well, that there are often prying eyes at public computer terminals. Usually if someone's giving you the hairy eyeball while you're at the computer, they're either putting a whammy on you so that you'll finish your session faster and they'll get a turn, or they're trying to see what you're doing. I've found it's more often the former than the latter, but if you are entering sensitive information and someone's looking you over a little too closely, minimize the browser and (politely) ask them to give a little space.
Always remember to exit your browser before you end your computer session. If you are at a computer that has timer software, and you leave your session before your time is up, log out. It's a nice sentiment to leave your session running so someone else gets a little more time, but it opens you up to the very real risk of someone seeing your information that shouldn't.
There are, of course, other risks inherent with public computers. I'm talking about viruses. Even if the computer is equipped with anti-virus software, can you really be sure the software is up to date? Don't count on it. Viruses don't follow a set schedule, and, unfortunately, public computer maintenance often has to. So that file you downloaded to your flash drive may not have sounded any alarms with the computer's anti-virus, but that doesn't mean it's safe.
Watch out, especially, for macro viruses in Office programs. Generally, it's a good idea to avoid using macros on public computers (and indeed, many places have disabled them for this reason).
It's not far-fetched to suggest scanning everything downloaded or created on a public terminal before you put it on your own machine. It may even be beneficial to scan with a couple different virus scanners (the one on your machine, and a free online scanner, such as Trend Micro's HouseCall).
Public computers are risky by nature, but you can minimize the risk. Even if you have to break cardinal rule number one.
Reader Comments (Page 1 of 1)
LeeH said 10:22AM on 1-18-2008
The main worry on public computers is keystroke loggers and it won't help much to have your own browser on a USB key. Whenever you need to type in a password on a public computer, for example to access your email account, type in a few characters in the password box, then click on some other window/search box/etc and type in a bunch of random characters. Switch back to the password box and type a couple more of your real password characters. Repeat until your real password is entered. Keystroke loggers don't generally follow focus.
Reply
Kristin Shoemaker said 10:59AM on 1-18-2008
That is a good one, Lee. Thanks for that!
zParacha said 12:57PM on 1-18-2008
Lee this is a good tip. Thanks
Sir Loin said 10:47AM on 1-18-2008
LeeH - excellent tip, I will be remembering that one. Thanks!
Reply
Rich said 10:59AM on 1-18-2008
Or, keep a text file with passwords in, and copy and paste them into the box, hence no typing and non keylogging.
Reply
LeeH said 11:33AM on 1-18-2008
That still seems risky to me. I'd be worry that someone's installed a utility to suck files off my USB drive or keep a log of the clipboard. If you're going to do that, I would at least keep my password like this in the text file: FirstPartofPassword_RANDOMCHARACTERS_secondPartofPassword.
then paste the password in two operations (copy and paste the first part. Copy and paste the second part)
GoOrange said 11:31AM on 1-18-2008
Nice article, and great tip LeeH.
I was thinking of setting up a browser on a flash drive, and thought perhaps I could set it up to automatically fill in passwords for sites like my email, to avoid having to type in the username and password on the public computer with a possible keylogger.
Reply
Kristin Shoemaker said 11:40AM on 1-18-2008
That could work as well.... Check out http://portableapps.com/
It will save any settings on the flash drive, but of course you'd have to input the passwords on your home computer... Not a bad workaround.
LeeH said 1:04PM on 1-18-2008
There are a couple of problems with this. Again there's a risk of someone sucking all the files off your drive (including all your browser files). Second, what happens if your drive is lost or stolen? I've lost two USB drives recently. Luckily I found both of them buried in my sofa, but until I found them again, it had me worried about what information I had on the drives and where they might have gone.
Davin Peterson said 1:45PM on 1-18-2008
Here at the Library of Congress we set our public machines to automatically clean out IE cache and history when the computer is rebooted.
We do allow people to use USB drives.
Reply
T-Man said 4:42PM on 1-20-2008
Interesting and valuable advice so far. Thanks!
Is there any way to check for key loggers on public computers? Anything to search for, or symptoms to be on the lookout for?
Reply
Kristin Shoemaker said 5:25AM on 1-21-2008
Hi T-Man
Keyloggers seem to come in many shapes and sizes, and short of doing a scan or actually digging around on the hard drive to look, they are fairly difficult to discover.
That being said, I *didn't* see them as often as other privacy issues on public computers (they actually were a relative rarity, and became virtually non-existent when a set maintenance plan was put in place). We had more issues with people logging into their bank accounts and either not bothering (or not being able) to log out.
I would, of course, steer clear of any public computer that allows you to download and run an application off the hard drive (even if they don't advertise the ability)... That, too, sounds really obvious and kind of crazy (it's just inviting trouble), but there are some out there that do...
andreas said 9:16AM on 2-21-2008
did you check kyps.net ? (http://kyps.net) - it lets you log into websites without the public computer getting the password - no matter how "clever" the spyware.
Reply