Whether you’re trying to increase your security at an internet café, tunnel your way to your home computer from your cubicle, or leave no trace on your friend’s borrowed computer, a flash drive turned portable privacy toolkit is invaluable.
Photo by Dave Boyer.
Flash drives are enormously handy for carting around files, taking portable applications with you, and serving as a mobile computing base when you’re away from home. They’re also excellent tools for increasing your privacy when you’re away from your home computer. Below I’ll point you toward methods of setting up secure connections with SSH and round up a few of your best options for SSH-friendly applications; then we’ll look into encrypting data, permanently erasing data, and otherwise covering your tracks on any machine you’re using.
Before we begin, a big fat disclaimer is in order. Working from a flash drive privacy toolkit, in most situations, is rife with compromises. There is no way to, for example, set up a totally bulletproof system for browsing privately and anonymously from work. You can dodge IT, you can encrypt and tunnel, you can worm your way around security measures, and you might even be able to do it without getting caught. Doing so is grounds for termination at many company, however, and the IT admins frown heavily on users who punch holes in the firewall. If you absolutely must alleviate the boredom of your workday by streaming music from your home PC or browsing “off record” from your office, your best bet is to bring a netbook and tether it to your cellphone so all your activity occurs completely off the company networks and remains undetectable by your corporate overlords.
All of that said, the following tricks and applications push the limits of what the humble flash drive and non-administrative rights can do. We know you’ll find more than a few tricks that will make life from your flash drive toolkit more secure and your computer activities more private.
Down the Rabbit Hole We Go: Everything via SSH
Whether you’re trying to get around a pesky firewall or you’re trying to secure your laptop’s wireless connection against sniffing at the local coffee shop, Secure Shell (SSH) tunneling is your friend. If you’re unfamiliar with SSH tunneling, it’s largely what it sounds like: A secure “tunnel” is formed from the client machine (the remote terminal you’re working at) to the host machine (your server) and everything that passes through that tunnel is hush-hush to observers on the surrounding network. Observers with proper access to the network can see the tunnel, they can see that data is being transferred, but they can’t get at the contents. Whether you’re streaming high quality audio, high quality video, or just performing a remote disk backup, the specifics of your activity remains unknown to anyone watching the transfer.Photo by vkramer.
We’re not going to rehash setting up a personal SSH server and how to encrypt your web browsing session with an SSH SOCKS proxy in this guide because we have two excellent prior guides on the topic. Check out how to set up a personal, home SSH server to get started, then take a stab at encrypting your web browsing session with an SSH SOCKS proxy. Those two guides will get your home server setup and show you the basics of setting up Firefox to use a SOCKS proxy server. That knowledge will come in handy for configuring the proxy servers in some of the later apps we’ll be looking at.
Once you have a server setup, you’ll need some way to connect into it remotely. Our prior guide discusses clients, but we’re going to highlight some flash-drive-friendly examples here.
KiTTY: Kitty is a feature-packed branch of the well-known PuTTY line of SSH clients. It’s portable, supports drag-and-drop file transfer using SCP, and supports scripting.PortaPuTTY was our previously recommended portable PuTTY client of choice, but KiTTY supercedes it with more features and easier setup.
Web Browsers: Once you have your SSH tunnel set up, picking your portable browser is largely a matter of preference. Always, always, configure your portable browser ahead of time so that things are running smoothly by the time you need to securely browse from your remote location. As we noted in our guide to setting up encrypted web browsing sessions, you must configure your web browser to send DNS requests to your proxy server to bypass the local DNS server. Not only does sending DNS requests to the DNS server used by the local machine often lead to errors that render your proxy-driven-browsing impossible to use, but it defeats the whole purpose of setting up a SSH tunnel if you’re broadcasting all your DNS requests to the local host and network. You can find portable versions of your favorite web browsers here: Firefox, Chrome, and Opera.
Thunderbird: If you conduct all your email and contact management through a web-based email service like Gmail, then your browser+SOCKS proxy setup takes care of your email needs. If you require a desktop client to access your email, however, you’ll need a proxy-friendly client on your flash drive. Mozilla Thunderbird is an open-source and feature-rich email client you can take with you, set to use your proxy server, and enjoy robust and secure email management away from home. You can read more about Thunderbird in our previous guides to making Thunderbird your ultimate messaging hub and upgrading it with extensions.
Pidgin: Pidgin is a lightweight, open-source, and proxy-friendly IM client. At this point you’ve already set up your SSH proxy, so to IM with a little extra privacy, you can hook any proxy-friendly application into it—including Pidgin. Even if Pidgin isn’t your first choice for a desktop IM client, it supports 15 chat protocols, packs light on your flash drive, and is easy to set up for proxy routing and encrypted chat.
Selecting Additional Communication Apps: Regardless of what kind of applications you’re adding to your flash drive tool kit, if they need to communicate with the outside world, they need to be proxy-friendly. If you can’t configure the application you need to use your proxy then you’ll have to accept that its transmissions will be occurring outside your secure tunnel. Thankfully SOCKS proxies are an old—but dependable!—and incorporated in many applications.
Encrypt, Erase, and Cover Your Tracks
Encyption on portable media is tricky. The most comprehensive encryption tools require administrative access, which is rare when you’re using a computer at work or away from home. This rules out powerful tools like Truecrypt out for inclusion in a portable toolkit—yes, Truecrypt has a traveler-mode, but it’s a poor compromise given what Truecrypt can do with full administrative powers. With the restrictions of portable drives and non-administrator privileges in mind, we’ve put together a grouping of applications that are still functional even if you’re sitting on a guest account. (If you’re still interested, here’s how to encrypt your thumb drive with Truecrypt—you’ll just require admin access to get to the data, which most of the time isn’t an option.)
FreeOTFE Explorer: FreeOTFE (on-the-fly-encryption) Explorer is a free and portable application that allows you to create encrypted containers with on-the-fly-encryption for easy drag and drop file management. It has limitations—for example, you can’t run portable applications from within the container without extracting them first—but it offers a huge number of encryption techniques and it’s a great way to keep your data locked up tight until you need it.
LockNote: If you’re primarily concerned with locking down notes and not as concerned with running an encrypted volume, LockNote is a lightweight and open-source text-encryption tool. LockNote is great because the application and the text are bundled together—negating the need to run the app and mount an encrypted file—just click on the portable app, enter your password, and work on your notes.
KeePass: KeePass is one of the most popular password managers around. Choosing strong passwords is critical to good security and having a solid keyring tool like KeePass makes it all the easier to generate, store, and use long and complex passwords. If you’re not using some sort of password manager you’re really missing out on some great features and increased security. Check out eight great KeePass plugins here to supercharge your password keyring. On the flip side, if most of your password management is web-related, you can also install LastPass with your portable, SSH-proxied browser for one of our other favorite password-management solutions.
Neo’s SafeKeys: Neo’s SafeKeys is a secure on-screen keyboard that provides protection against hardware and software key loggers, including protection against screen logging, key logging, clipboard logging, and more. You can read about the technical aspects of how SafeKeys protects you in their extensive FAQ file here. Ideally you’ll never be on a machine where you feel the need to resort to spy-vs-spy virtual keyboard tools, but it’s lightweight and worth adding to your toolkit if you need it.
Eraser: Encryption is great, secure browsing is awesome, but sometimes you just need to nuke a file or two to ensure anyone that comes after you won’t be snooping around in them. Eraser Portable is the portable version of the popular Eraser tool. Eraser is extremely simple to use, but don’t let the simple interface fool you; its ease of use conceals a comprehensive overwrite tool that ensures nary a trace nor write-cached version of your file remains when the erasure is completed.
At this point you’ve got a solid privacy toolkit that will help you encrypt files, tunnel your traffic securely from the remote machine, and securely erase files. Have a favorite tool you think should be included in this kit? Let’s hear about it in the comments. Don’t forget to highlight the benefits and compromises that come with using your favorite privacy tool.
Send an email to Jason Fitzpatrick, the author of this post, at firstname.lastname@example.org.