12.06.10

Covering Your Online Porn Tracks

Are your private Internet habits permanently burned into your hard drive? Tom Weber on what your IT department knows about you— and whether it’s possible to fully cover your tracks.

Are your private Internet habits permanently burned into your hard drive? Tom Weber on what your IT department knows about you—and whether it’s possible to fully cover your tracks.

It’s been an eventful year in the annals of privacy, from the new airport dilemma—digital strip search or physical pat-down?—to WikiLeaks’ reminder that today’s supposedly private emails may be tomorrow’s Internet fodder. The next possible frontier: your laptop.

Or more specifically, where you’ve surfed to on it? When the most powerful government on earth can’t keep its interoffice memos private, do your own secrets stand a chance?
 

Previously, The Daily Beast identified eight different groups of people with the ability to pry into your private Web surfing, from marketers who track your movements online to nosy neighbors snooping into your WiFi network. ( See The Porn Spies in Your Laptop.) But one group intrigued us in particular: the office IT staffer or repair technician who may wind up working on your computer. Can an average person cover their tracks well enough to keep that guy on the corporate help desk from finding out that they’ve been spending time on, say, Manhunt.com? Are your habits safe from even that most everyday of snooper?

To learn more, we decided to concoct a test. Specifically, even if you’re scrupulously diligent about clearing the private data from your laptop, can you mask the details of, say, visits to X-rated sites? And if not, how long would it take a corporate IT technician to uncover evidence of your naughty surfing?

Try yes—and a half-hour or so.

That’s right. Thirty minutes of poking around by a skilled geek who gets their hands on your computer is more than enough to turn up what turns you on—even if you think you’ve cleared off your computer.
 

This isn’t just an academic question. When we began talking to IT staffers about data privacy, it was clear that they’ve seen it all. While they generally don’t snoop on purpose (mainly because they don’t have the time), users’ trails bubble up, such as when one technician we spoke with asked to diagnose a slow laptop, found a hard drive clogged with hardcore.

So we decided to test this threat. First, we created the trail: We gave a bemused volunteer a ThinkPad with a clean installation of Windows XP, and told him to start surfing for porn—specifically, every one of the top 50 adult sites ranked by Alexa.com—the mild (Playboy.com), the wild (LiveJasmin.com, a site that offers webcam feeds with performers in all kinds of categories, from “grannies” to women in uniforms) and everything in between. By clicking around each site at random, our test laptop gobbled up X-rated photos and videos along with “cookie” tracking files. In the course of the test, our volunteer used three different browsers: Internet Explorer, Firefox, and Chrome.
 

When we began talking to IT staffers about data privacy, it was clear that they’ve seen it all.

Next, we attempted to hide it. Each of the browsers contains a variation of the “Clear Recent History” command—for each of the three, we faithfully executed the directions that promised to shield our activities from prying eyes, including browsing history, download history, cookies and temporary files (such as images on Web pages).

Finally, the hunt: We turned the laptop over to an experienced IT tech on a corporate help desk, and asked him to search away. On his first pass through the computer, our tech didn’t spot any dirty pictures (or any other evidence of adult-site surfing).

But then he reached for a tool commonly used on help desks: a data-recovery program designed to “undelete” missing files. Typically, the recovery tools are brought into play when someone has accidentally wiped out that quarterly spreadsheet from their PC and desperately needs it back. In this case, though, our tech was using them to play detective.
 

Bingo. Our tech swiftly discovered all sorts of tracks. For starters, he recovered the cookie files we had cleared off—and with them, evidence of visits to a number of pornographic sites. Then there were the so-called temporary files—the images you see on Web pages—that yielded porn aplenty. In about a half an hour, our help-desk volunteer had fairly well retraced where we’d been. (In case you’re curious—or keen to check up on someone else—there are plenty of data-recovery tools available for consumers.)

For those looking to play defense, one IT pro recommends “data shredders.” These programs use extreme methods to wipe out data on your hard drive—thwarting data-recovery tools by writing new, random data over the location of your cookies over and over until there’s no trace of the incriminating information. Short of that, the best strategy is knowledge: When it involves a computer, unlike a book or television set, your reading and viewing habits follow you.

Thomas E. Weber covers technology for The Daily Beast. He is a former bureau chief and columnist at The Wall Street Journal and was editor of the award-winning SmartMoney.com. Follow him on Twitter.