How to protect my security/privacy on a (linux) computer where I am not the administrator?

I have to sometimes work on linux computers in my college lab, and I am not the administrator there. So what steps would you recommend to protect my privacy/security on these computers? (I am mainly concerned with access to external services like email etc.)

The steps I currently take are :

Using a master password on my firefox profile.
Using HTTPS logins for services when available.

EDIT : I am assuming that my system administrator is not out to get me, but may perhaps one day in an irritated mood change my email password or something. I would also like to know how secure using a master password in firefox is. (I suspect it won't protect my browser history).

apoorv020

Posted 2011-03-12T10:28:27.180

Reputation: 2 274

Take a look at encfs, I updated my answer. – haridsv – 2011-04-15T18:51:34.810

Answers

There really isn't too much you can do.

Firstly, I would surf Firefox in privacy mode (assuming you have a FF installed that will support this). If that wasn't possible, try using a portable firefox on a USB stick or some such.

I would also agree to using Truecrypt. You can create a file container with it and use that as a small portable filesystem.

Those are the two best things you can do since the biggest reasons you would have to use a computer in a lab (w/o admin rights) is as a student. I'm assuming your use case is projects and surfing the Internet. You can store any projects that you're working on in Truecrypt and it will only be available to theft (at least easily) and such while you have it open and are working on it. The only way to escape someone stealing online credentials would be use either a portable web browser in an exncrypted Truecrypt container or use a web browser that doesn't save credentials, cookies, history, etc.

Other than that, without being an admin you are extremely limited in options. On top of the above, use safe habits, assume the admin has access to any/all of your files whenever he pleases, and assume your network traffic is always being monitored.

EDIT: This has some useful information for you on the Truecrypt end. It's a thread where someone has the same issue as you. One person in there recommended running things from a USB device that has HW encryption to avoid any privilege issues.

Vert

Posted 2011-03-12T10:28:27.180

Reputation: 147

You really can't do much. Even TrueCrypt is not effective because you need to mount the container to be able to access the files, and an admin will also be able access them (while it is still mounted), besides you need admin privileges to be able to mount TrueCrypt containers. Apps that store their data in an encrypted form are better (e.g., KeePass and the newer Vim 7.3's Blowfish encryption to save your important files). If you store passwords using Firefox, then make sure you choose a strong password to make it secure enough. Alternatively, use something like Lastpass to avoid storing them locally. This of course doesn't solve your issue with browser history and cookies, so the best you can do is to use private browsing as Vert suggested (and I know at least Firefox doesn't write any data to disk, such as history, cookies or cache, so an admin can't pry on the disk).

Update: I just learned that anything mounted using FUSE by default is not visible to even root, so take a look at FUSE based encrypted filesystems such as encfs.

haridsv

Posted 2011-03-12T10:28:27.180

Reputation: 401

Use a VPN through which your route all your traffic. SSH port forwarding might be a viable alternative for some activities. Remember that not all services support HTTPS etc.

Store as much of your data as possible in an encrypted container, e.g. using TrueCrypt.

But, if your administrator is truely malicious, there's very little you can do to protect yourself. You'd never find the keylogger, or that he patched a few system binaries, etc.

Daniel Beck

Posted 2011-03-12T10:28:27.180

Reputation: 98 421

No, I am not assuming a truly malicious admin, but want to protect myself from very simple cracks which someone might do if it seems very easy to do. – apoorv020 – 2011-03-12T10:51:03.197