Tests and Scans
What Your PC Tracks
You should always assume that whenever you use your PC, you are leaving behind a record of what you are doing. That's the benefit of a computer; it's supposed to keep track of things so you don't have to do it yourself. But there are times that you don't want it to be so good at keeping track of things, such as the fact you're editing your resume at work because you hate your job. Or perhaps you share a computer with other people and don't want them to know what you are doing or where you've been on the Internet.
Fortunately, there are steps you can take to protect your privacy. Everyone knows about obvious things like files in the My Documents directory. But there are many other places where traces of your PC work and play are left behind, intentionally or accidentally. Deleting files or hiding them in obscure directories won't always do the trick. Some of the most privacy leaks you'll encounter are described below; for help in removing some of these tracks see our cleanup page.
Tracks You Can Clean
Browsing history: Every time you visit a web site, the browser keeps track of the pages you visit so that you can easily get back to them later. You can decide how far back that history goes, and whether you to clear out the browsing history entirely. (Our privacy scan can show you what's currently in your browser history.)
Internet cache: To speed up web surfing, browsers keep a copy of the files you retrieve while browsing the Internet. This includes web pages, images, Flash animations, and even large files like videos. All of these files can easily be seen in Internet Explorer; just click View, Internet Options, Settings, View Files.
Recently-used file lists: Many program keep a list of files that you have recently opened while using that program; it's a feature of Microsoft Office applications for example. Windows itself keeps a list of recently used documents for all applications on the Start Menu under Documents. Some of these can be disabled if you prefer not to see or show them.
Last-Used directories: Sometimes a program won't keep a specific list of files, but instead remembers the last directory where you opened or saved a file. The next time someone opens up the application or tries to save a file, they view a directory containing your files. For example, WinZip offers this feature; it can be turned off through WinZip's Options, Configuration, Folders dialog.
Form entries: Browsers often have an option to remember the data you have entered into forms. Programs such as RoboForm or Google Toolbar also offer form-fill features. If someone else is using the computer, they may be able to use the data that is remembered to automatically access web sites using your logins or get persional information. Where possible, you should protect your information with a master password or turn off form auto-filling to prevent the data from being recorded.
Autocomplete URLs: Another browser feature remembers the sites that you type into the address bar. Like browser history, this can help to keep track of where you've been. Unlike browser history, these are addresses that you specifically typed into the address bar, so there is little doubt that you meant to go to these sites.
Recycle Bin: Sometimes it's easy to forget that deleting a file in Windows doesn't completely delete it. When you highlight a file and hit the Delete key, it actually goes into the Recycle Bin. Windows XP keeps a separate Recycle Bin for each user login, which helps maintain privacy a bit--if you use separate logins! Otherwise, anyone can simply open the Recycle Bin and see the files that you no longer wanted, and perhaps the files you wanted nobody to see.
Temporary files: As programs run, they sometimes create working files that they "forget" to clean up when they are done. These working files may include many different types of sensitive information. If you are editing your resume, for example, one of the temporary files may be a complete copy of your resume. Temporary file directories are also common hiding places for spyware and viruses, so it's a good idea to clean them out to make sure they don't harbor anything bad.
Document properties and revisions: Programs like Microsoft Word and Excel put your name and other information into the document properties. If you send the document to other people, they can see that you created it using the information in the document properties. Microsoft Word also has a revision tracking feature that remembers the changes you have made to a document. You may have Word set to show only the most recent revision. If you were to send the document to someone else, however, they might have their options set so they can see those edits and comments. That could potentially reveal proprietary or embarrassing information. (Microsoft makes a free tool that can remove this data; also see this Microsoft article on how to minimize personal data being stored into documents.
Tough to Hide
No matter how careful you are, there are some things that are difficult to hide. The good news is that a casual snooper is rarely going to go through the amount of work it would take to retrieve personal or incriminating information from one of these sources. The bad news? If you are doing something on your computer that you believe is serious enough to justify this level of snooping, you are probably doing something illegal. Don't think that it is possible to cover all your tracks. Every technique you can use to eliminate evidence has a flaw, and a determined investigator can find it. Here are a few of the items that are tough to hide:
Fragmented file names: When the Windows 2000/XP version of Disk Defragmenter runs, it displays the names of the file that it is currently defragmenting on its status bar. The names of large and fragmented files may stay on the screen for a minute or more as they are defragmented. Also, the report generated by Disk Defragmenter's analysis includes the names of the ten most fragmented files on the drive. These names will be displayed even if the files are marked as hidden or system files.
Deleted files: When you delete a file directly (without sending it to the Recycle Bin), or when you empty the Recycle Bin, most of the file name and file data are actually still on the drive. It may be a long time before the space used for the deleted file is re-used by a new file; the algorithm used by Windows for creating new files almost guarantees that the space will not be used immediately. A file undelete program such as the one in Norton Utilities can usually retrieve files that have been recently deleted, and potentially can recover files that are months old.
Slack space: On most hard drives, files use a multiple of 4,096-byte (or larger) clusters of data on the drive. If the file is only 100 bytes, for example, Windows does not erase the remaining 3,996 bytes; this is known as "slack space." The slack space may contain the data from previous file at that location, or it might be data from the program that created the file. Programs that read the file through Windows will never see the data in the slack space, because Windows will only return the first 100 bytes. However, a determined snooper with a low-level disk editor could search the drive and might find interesting personal data in the slack space.
Paging file: Windows uses the paging file (also known as the swap file) to handle the situation where the programs that are running need more physical memory (RAM) than is installed in the PC. The paging file may be used even with systems that have a large amount of memory, particularly for memory-intensive operations such as editing large images or video files. When data from a program is written to the swap file, it may contain personal information that could compromise privacy. A well-written program should not keep this kind of information in memory, but it is difficult for a user to know whether the data is protected. Using a low-level disk utility, someone could scan the swap file to find this kind of information.