Introduction

Your privacy and freedom are under constant assault. As electronic communications become more ubiquitous, more entities are paying attention to what you say, where you browse, and what information you want to keep. Governments, businesses, industrial spies, hackers are all trying to get information from you that you might desire to keep private. Governments typically use public safety and national security as their reason for prying. Whether their allegations are true or not, the example of illegal domestic spying by the George W. Bush administration (2001-2009) in the US demonstrates how far they are willing to go. Businesses and others have different reasons. Typically, they want information about you in order to sell you something or even just to sell your information to someone else. Hackers want to cause damage. You may think your data and communications should be private, kept between consenting and interested parties, but none of these intruders agree. So, it is up to you to be responsible for your privacy. In many cases, by protecting your privacy, you are protecting your freedom.

This website is not a comprehensive guide to all the ways you can protect your privacy on the internet, nor to all the programs available. Rather, it identifies the major areas about which you should be concerend and measures you can put in place to protect your personal or private data and your communications, as well as some of the better programs that will help you. Using the internet, you will be able to find other programs you may like better, as well as new programs that will develop as time goes by and new threats to your internet privacy arise.

PGP - The "Must Have" Privacy Utility

PGP probably is "The Standard" for encryption programs. It seems to be the most widely known. It is available for Windows, Mac OSX, Unix, and several other operating systems. Use PGP to encrypt/decrypt emails and instant messages you send or receive and also to encyrpt/decrypt files on your hard drive or removable media. Like all the best encryption programs, PGP is so difficult to hack that Uncle Fed would like you to not have it. That sounds like the best justification for using it.

Original PGP comes as a complete package with a built-in user interface. PGP has plugins for use with MS Outlook, Eudora, and other popular email programs. It can be used realtime with online email and chat programs, such as ICQ. Not only that, the original version of PGP has a feature called SDA (Self-Decrypting Archive) with which you can create encrypted attachments that can be opened if your correspondent also has a PGP key. It has a portable component for use on a USB drive, but the user must have the full program installed on the host PC for it to work.

Since the original development of PGP (and sale to a private corporation), there has developed OpenPGP standards. OpenPGP standards are used to create other, most compatible open source versions of PGP. One well-known similar program to PGP is called GPG or GnuGP (GNU Privacy Guard). It is a free program that is a functional replacement for - but is NOT completely compatible with - PGP. GPG works with Windows, Mac OSX, Linux, and Unix. It has a few cryptographic improvements and more strict compliance with open PGP standards. GPG seems to have been written by programmers for programmers. This is unfortunate. The drawback is that it uses a command line interface which, for most users, is very difficult to figure out, let alone determine what to download and install. There are front end user interfaces available, such as Gpg4win or Cryptophane. Both are free. If you are going to use GPG from an encrypted removable medium, chose GPG4win. All of its components can be installed on the removable medium. Cryptophane needs to have some of its components on your hard drive. To make it easy on non-programmer users, both of these programs do include GnuGP. Unfortunately, they are not always 100% up-to-date with the latest version of GPG. GPG itself does interface directly with several email clients, such as Mozilla Thunderbird and The Bat!, so no command line knowledge nor extra interface is required.

Another, much simpler implementation of OpenPGP is Portable PGP. Despite it's name, PortablePGP can be run from a Windows PC, as well as completely from a USB storage device. It is an excellent choice for novices.

When using different PGP/GPG systems, the key factor is interoperability. In other words, one system should recognize at least the public keys from one of the other systems. If one system also recognizes the private key from elsewhere, then the user could completely switch systems if so desired.

Overall, compared to GPG, PGP may be simpler for most users to install. And PortablePGP is even easier. PGP it does have a extra features such as disk encryption and self-decrypting archives. But in actual, normal use (documents, emails, etc.), with a user interface, PGP and GPG offer about the same experience. But PGP is slightly behind the times, cryptographically speaking, and now is owned by a private corporation which controls its development, so those facts may be causes for concern. But again, PortablePGP is even easier and open source like GPG, though lacking many of PGP's extra features.

Get PGP or GnuPG

Download the latest free version of PGP from the PGP International Distribution site. The lastest paid version is provided by PGP Corporation. The paid version may be a more advanced version and have some additional program corrections.

GnuPG is available from GnuGP.org. Gpg4win can be downloaded from Gpg4win.org . Cryptophane is available from Cryptophane.org

PortablePGP can be found at Sourceforge.net.

PGP Instructions

Download the PGP simple user instructions (zipped file - requires an unzipping program like WinZip) 
or view the instructions now through your browser.

Encrypted Email Made Easy

First, a word of caution about encrypted email services. Even though they promise end-to-end security between users of their systems, do not trust that claim 100%. Many of the services are able and willing to provide allegedly secure email contents pursuant to a legal court order in their home country/state/province. To learn what a particular email service provider will do under such circumstances, read their Terms of Service very carefully. They all state that they will not tolerate use of their services for illegal activities.

Do not decide on what email service to use based on whether it is free or paid. Usually, you get a better level of security when you pay. How much is that worth to you? Nevertheless, if you violate Terms of Service, your paid or free status will not be a factor in your cancellation.

A common sense tip for secure emailing: an email's subject line is not encrypted, so always put something innocuous and innocent as the title of the email or leave it blank, rather than give it a title that might identify the contents or purpose of the email.

SecureNym.net is one of the best secure email services. It offers end-to-end encryption and other features to users of the service. It is a paid service with an annual fee. How much is your email security worth? SecureNym takes user privacy extremely seriously. According to its FAQ, when a user subscribes to SecureNym, a randomly generated key is issued from the server. There is no record of who receives any key, and once the key is entered, it is immediately deleted from the key file. They do not maintain copies of messages or backups. Once a message has been deleted, it is gone forever. Nor does SecureNym log IP addresses, user activity, or keep traffic logs. So, were a legal order given to produce information about a user, they would not have anything to provide. They state that under no circumstances will they monitor, edit, or disclose the contents of a user's private communications. Like all the other secure email services, they ask that users not employ their system for any illegal activities. SecureNym supports both PGP and GPG and employs a public/private key combination. For end-to-end encryption, both the sender and the recipient must have an SecureNym account. Here's how SecureNym works: you send an email over an encrypted SSL channel to someone else who uses Securenym. Once the email arrives at the server, it is encrypted with the recipient's public key and sent along to the destination account and the server deletes the email. Once the email arrives at the destination, the recipient uses his private key (not stored on the Securenym server) to decode it. Therefore, as the SecureNym has no access to a user's private key, it is impossible for them to access the contents of emails. If only the sender or recipient has a SecureNym account, then the email will only be encrypted via SSL between the account holder and the SecureNym server. The rest of the way, because PGP/GPG can't be invoked, the email gets transmitted as plain text. When an email is sent outside the SecureNym server (to a non-SecureNym recipient), all personal identification data is stripped - message IDs generated by the user's mail client, IP address, and any anything else that could be used to try to identify a user, and the outgoing email is deleted upon leaving the server. SecureNym can be used via a browser or one of the major email clients, such as Outlook and Eudora, which have PGP or OpenPGP plug-ins. If you pay for SecureNym with a credit card, they employ a method by which they completely disconnect the cardholder from the account information. Thus, you remain completely anonymous to them and anyone who asks.

Another similar service is Anonymousspeech.com. Anonymousspeech is another a paid email service and is based in Japan. Anonymousspeech removes header information (called the IP address) from your emails so the recipient cannot identify the location from where your email was sent. This is basically the process called "anonymizing". See Surf Unseen below. It should be noted that while SecureNym strips IP address information that might bre added by your email client, Anonymousspeech does not. So you must use it from your browser in order to not generate IP address information. Anonymousspeech also provides for use with OpenPGP encryption. You can use standard PGP/GPG public and private keys or you can use their "safe box" method. In that case, you write an email. Anonymousspeech encrypts and stores it and sends a message to the recipient with a link back to the email waiting in the safe box and a one time password (unknown to Anonymousspeech) to decrypt the email. The company claims that the a subscriber's login and password are uncrackable, even by Anonymousspeech's own employees. The implication is that if you can't get into the emails, you can't know what they contain. They don't log IP addresses, and they keep traffic logs for only 5 days. There is nothing on their website about their policy on maintaining system backups. Anonymousspeech has some interesting features: time delayed sending, secure online file storage, anonymouse hosting, secure filesharing, and anonymous email forwarding from your email client on your computer via Anonymousspeech, and an anonymous forum where your identity is completely unknown. Payment options include: wire transfer, credit card, PayPal, and E-Gold,which to some extent, protects your identity. You have to purchase the E-Gold from a third party exchange, which in turns transfers the E-Gold to your E-Gold account. Then you can apply the E-Gold to a payment. So three entities in up to three countries are involved. Only the exchange company from which you buy the E-Gold (the first step) necessarily knows your identity.

Hushmail is the probably the most popular web-based solution for sending and receiving automatically encrypted emails via any web-browser. It is very easy to use and offers a limited free account and fully-featured paid services. It uses the Open PGP standard. Hushmail encryption only works if both users have a Hushmail account. If you correspondent does not have Hushmail, you can at least send messages that contain a unique digital signature that authenticates them as coming from you. Each time you log in to Hushmail, a java applet is downloaded to your computer via an SSL (secure socket layer) link. The applet decodes and encodes all messages in the current email session. Hushmail allows encrypted file attachments, email forwarding and has a basic address book. Hushmail is a foreign company with its server located in Canada., which gives your emails added protection against direct U.S. legal actions. But be aware that if Hushmail receives a legitimate court order from the Canadian government, they are capable of turning over to the authorities the contents of encrypted emails. If you are already in another country, you will have to find out more about the privacy laws where you live. (Here is an example of the assault on internet privacy in the UK.) If you're asking yourself, "Why bother with PGP when I can use Hushmail?", the answer is that PGP is adds more security and is a versatile solution for other needs in addition to email. Hushmail's only drawback is that it is a little slow during login, the result of using java. It works better on a fast computer. IMAP access from your email client is offered for an extra fee. Other Hushmail services include: increased storage, private domains, and secure web hosting (including online merchant services). Hushmail can be paid for with money order, credit card, PayPal, E-Gold, and Liberty Reserve. Liberty Reserve is similar to E-Gold. If you pay by credit card, some personal information will be required.

Safe-mail.net is an Israeli-based secure email system using SSL, and works similar to Hushmail. It has a free service and several paid services for individuals and businesses. Its top-level service includes domain hosting on a secure off-shore server. With Safe-mail, a user can send encrypted mail to other Safe-mail users. Safe-mail has two notable limitations. First, it logs the IP addresses of all senders and receivers, so one's location can be identified. Second, unlike Hushmail, it doesn't send the passphrase through an encrypted link, so potentially that can be scanned. Like Hushmail, under its terms of agreement, the company may open your account information if it deems it to be in their interest, or for what they call technical or maintanence reasons, as well as under a court order. If you additionally encrypt emails with PGP, your emails become extremely secure. However, if you have their paid service, they claim they have no way of decrypting the data they might be required to turn over to the authorities. Safe-mail also has on on-line encrypted chat and bulletin board features and a: "safe box" method like Anonymousspeech's for sending encrypted emails to recipients without Safe-mail accounts. POP3 and IMAP access from your email client are included in the free service. If you pay for Safe-mail's premium services with a credit card, they promise not to share your card information. They do not state if they retain the information after the payment is made.

Zixmail is another excellent email-only service, similar to Hushmail and based on the PGP model. It is perhaps a bit more convenient than Hushmail because it integrates with popular PC-based email clients like Outlook and Lotus Notes, and also can be used from web-based email systems like Hotmail. Zixmail is based in the U.S. and has a nominal annual fee. Unlike Hushmail, Zixmail doesn't use downloadable applets. Instead, messages sent using Zixmail are both encrypted and digitally signed (a unique "fingerprint") to authenticate it as coming from you (also an option in PGP); attachments are automatically compressed and encrypted. With Zixmail, you keep a private key on your computer like you do with PGP. Public keys are stored on a Zixmail Zixit server. When you send mail, your recipient's public key is picked up from the server and the message is encrypted to it. The messages are then sent over an SSL connection. For increased security, all messages are given a digitally-signed, tamperproof timestamp as they pass through the Zixit server.

File and Disk Encryption

A program like PGP is outstanding for encrypting an individual file or two, or portions of files. But there are cases when you need to secure groups of files, entire folders, or all the files on storage media (zip disk, for example). PGP will do those things, but there are other programs which are more specifically designed for those activites. Some of the programs are freeware, some are not. Some are bundled with other features, such as a firewall, email encryption, shredder, self-extracting files that can be sent to people without the program in question, etc. Almost every shareware or commercial program offers a demo you can try for a specified period of time. As to cost, what is unbreakable security worth to you? Nothing? $30? $50? $100?

What you should look for in a multi-file encryption application is: 1) strong encyrption, 2) ease-of-use 3) file management, and 4) key handling.

Strong encryption - If an encryption key is not unbreakable, it isn't worth using. Given enough time (usually measured in years, not days) and computing power (usually measured in terms of supercomputers, not desktop PCs), any "unbreakable" key might theoretically be broken. Also, the way in which an encryption algorithm is mathematically deployed can be just as important as its size. So, for example, an algorithm like Twofish with a small key of 256 bits may, in fact, be more effective than a long Blowfish key of 448 bits. Currently, some of the most reliable encryption schemes are: Blowfish (never been broken), Rjindael (very new, follows the Advanced Encyrption Standard aka AES), Twofish (also AES, designed to replace Blowfish), DES (it's one of the older ones and legal for export, so that should tell you not to use it - possibly too weak), IDEA, Triple DES, and CAST. All the best encryption programs will use one or more of these schemes. One advantage of Rijndael or Twofish is that they are based on the latest encryption technology. On the other hand, Blowfish is very well-researched because it has been around for a while and works just fine.

Interface - A good user interface can make managing mutiple files or folders quite simple. Drag-and-drop is nice feature to have, as well a windows explorer style that you are familiar with. Good and comprehensive help is also essential, as using encryption is not alway intuitive the first time you work with it, and each program has its special features.

File management - Most of the encryption applications manage both individual files and groups of files. They generally work by creating a "container" file which holds all the files you encrypt. Look to see if a program lets you specify where you want the container to be, i.e, on the hard disk or a removable medium. A few programs, such as PGP Disk, allow you to specify the size of the container up to the limit of the drive or disk its being put on. Most programs allow the container to be relocated as necessary. Only a few fix it in place. The majority just create a container that changes size as you use it. Another thing to look for is whether an application retains the file structure of the group of files you are encrypting. For example, if you are encrypting a folder that contains subfolders, it should maintain the hierarchy and even restore files using the original structure. Some of the programs flatten the hierarchy so that all files end up on one level. That can be awkward.

Key handling - Some applications temporarily store a password or a key so you can reuse it without retyping it when you log out and back into a container. Also, some programs allow different passwords or keys for different containers. Keys might even be stored in a "keybook" or on separate media like a diskette so you don't have to worry about forgetting them. Otherwise, if you forget your password, you'd never be able to access your data. Of course, the same is true if you lose your key disk.

PGPDisk works by encrypting an entire disk or partition (the container). The files themselves cannot be seen individually unless the container is mounted first.Thus, anything within the encrypted container is secure from prying eyes. Up until version 6.02, PGP included PGPDisk as part of its freeware. Now it must be bought from Network Associates.

DriveCrypt Standard and Drive Crypt Plus are an outstanding collaboration from the two creators of Scramdisk and Encryption for the Masses (E4M), respectively, and is backward compatible with them. DC Standard creates encrypted containers on either a fixed hard drive or removable media, allowing you to encrypt entire folders with their file structures intact. The containers can even be disguised in such a way that they cannot be identified as containers. A container may be hidden within an outer container so a snooper would never know of it's existence. DriveCrypt allows you the choice from a variety of encryption algorithms, including AES and Triple DES, and Blowfish. The developers claim that DriveCrypt passwords cannot be snooped even by brute force techniques. One great feature is that DriveCrypt allows you to hide encrypted data within 16 bit stereo wave files. This very advanced technique is called steganography and is so difficult to detect that the U.S. Government is officially worried about it. All the more reason to use it. Another nice feature is the ability to work in conjunction with portable such as USB flash drives and CD's. As with other similar programs (Steganos, for example), some application files are carried on the portable media for this feature to work. On the flash drives, you can have a truly portable safe with reading and writing. Obviously, on a CD, it will be a read-only safe. DriveCrypt offers a 30-day free trial, after which you must purchase a copy. DC Plus allows the user to create a completely encrypted hidden drive. That means you can place an entire operating system plus data within the secret drive. Pricing is very reasonable.

True Crypt is very similar to DriveCrypt, but is free of charge. It works with Windows, Mac OSX, and Linux.

Steganos Security Suite is an all-in-one security solution, using AES encryption. Steganos has a nice, simple user interface. The program can create up to four "safes" or encrypted containers on a drive partition. Containers can be saved on removable/transportable (CD, DVD, USB flash drive, floppy) media. If containers are not required, simple file and folder encryption can be done. It has a very good file shredder, plus a feature for wiping internet traces. Steganographic encryption in sound or images files is included. It also creates self-decrypting email files. One nice feature of Steganos is that removable media can be configured to run from any computer, even ones without the Steganos software. It does this by including some installable application files on the medium. It allows both reading and writing. One negative that should be noted about this application is that it is very poor on user help and it is impossible to figure out how to contact the Steganos customer service. Steganos is moderately priced.

Cypherus is a very complete and reasonably priced program that just about does it all. It uses Blowfish for encyrption. You can set the level up to 448 bits. Cypherus has a good drag-and-drop, skinnable interface, maintains folder hierarchies, and can create self-extracting archives. It has optional file compression and files within a container can be viewed. It has email capabilities and also has an area to securely store various sensitive things like passwords, email addresses, and emails. The company also maintains a keyserver, so you can exchange easily keys with other Cypherus users. Cypherus allows you to change your password at will and it has an informative help file.

Kryptel is slightly less feature-rich than Cypherus that has excellent basics. For some people, it's all they need. The Kryptel control panel makes it easy to use. It works very well with files and folders, and is fairly inexpensive. It implements the most important features: it offers a choice of very strong encryption methods (Blowfish, Twofish, IDEA, DES, Triple DES), maintains folder hierarchies both during encryption and decryption (and lets you choose where you want the decrypted files to go), has a drag and drop interface, supports file compression, and has a file shredder that works from the Windows popup context menu. Files and folders can be encrypted individually (like with PGP) or by placing them in containers. One nice feature is that Kryptel containers are transportable and readable from any computer on which you've loaded the Kryptel application. Kryptel doesn't have a file viewer (necessary only if you think you need it). Self-extracting archive creation is available as an add-on (again, if you think you need it). Kryptel stands out in its support of both passwords and keyfiles. That means you can protect your container by a password you must remember or write down, or you can generate a external key on a removable medium which must always be available when you are using the program. Kryptel has a good help file.

AbsoluteLock, which is fairly expensive, takes a completely different approach and is well worth having in conjunction with any of the above choices. While those programs provide encryption for files and folders, AbsoluteLock puts a password lock on your entire system disk at a deep level by encrypting the partition table - code which is neccesary for it to run and even to access the harddrive (either from a floppy boot or from a harddrive boot). If you are a registered user, you can also encrypet the disk's bootsector. So, if someone can't unlock the passworded area on your system disk and the computer can't boot, then s/he can't penetrate the disk, the folders, or the files. The password must be used to open the system every time the computer is turned on. It cannot by bypassed. The password is not written anywhere on the system disk, so it can't be sniffed out. AbsoluteLock wisely lets you create a rescue disk, in the event you need to deinstall the program.

DigiSecret is primarily designed to create encrypted archives and self-extracting files. If all you need is a program that creates encrypted files that you want to store or send to someone, this special purpose application might be all you need. It is easy to use and integrates with Windows Explorer. It also has a shredder function.

Run Your Browser and Email Client from an Encrypted Drive

Using one of the programs in the section above, you can create an encrypted portion on your hard drive, or better yet, on removable media, such as a USB flash drive or an SD memory card. Then you can install a browser and an email program in the encrypted container. To use, you will have to open (unencrypt) the container to run those programs. The reason for this is that when the container is closed, your browser bookmarks will be protected and your emails will be hidden from view as well. Also, it means you are portable. If you use a USB drive, you can plug it into any PC anywhere in the world.

Whether you plan to use these programs from an encrypted volume on your hard drive or from encrypted removable media, the most convenient browser for this purpose is Mozilla Firefox and the most convenient email clients are Mozilla Thunderbird Portable Edition and The Bat! Voyager. Use the portable versions because they do not install components on normal installation regions of your hard drive. They keep all their components grouped together.

File and Disk Wiping

There are many programs that do file and disk wiping. You should have one for your system, if you have any security concerns whatsoever. When you delete files and folders, they are not really deleted until the space they occupy are written over with new data or you use a wiping utility. Otherwise, they can be reconstructed using special software and hardware. It is good practice to wipe frequently. If you use removable diskettes, they can be wiped too, though the process is rather slow.

About the Windows swap file -- Basically, the swap file is created by Windows to manage data for the applications you use. It is a large region on your hard disk whose size is always changing dynamically and that constantly has data coming and going from it. Windows keeps bits and pieces in it which it has used and might or might not need to re-use and which can be found if someone is deliberately examining the contents of your computer. Obviously, the swap file is required for Windows to operate, but you don’t necessarily want what’s in there to be visible to someone. The solution is to use a wipe program that also erases the swap file so you can eliminate it on a regular basis. Windows will create a new one when it finds the old one is gone.

Here are some of the popular file and disk wiping programs:

Eraser is a free wiping utility that destroys files and folders irretrievably. It has a drag and drop interface and a very handy scheduler function. It also can irretrievably erase the contents of the recycle bin, but doesn't erase the Windows swap file except if you are running Windows NT. 

BC Wipe is a similar program, but works only from a pop-up menu when you want to. Though a bit limited, it is very easy to use. There is no scheduler. It can erase free disk space on an entire drive without having to erase a file. BC Wipe automatically wipes your computer's swap file - or at least part of it - each time you destroy a file as well as when do a complete free space wipe. It can wipe the recycle bin or it can be run from a right-click context menu. If you use BC Wipe from the context menu, you never need to use the recycle bin. BC Wipe can clean the unused space in the swap file. But while it can't destroy the swap file, it has a unique feature called swap file encryption. You can set the program to encrypt/decrypt all data going to and from the swap file. Thus, if someone were to try to open your swap file, the encryption would prevent them from reading any of the date contained in it. BC Wipe comes as a free standalone program or as part of the commercial BestCrypt program.

East-Tec Eraser (not from the same developer as Eraser) is another wiping program that has more extensive capabilities than BC Wipe or Eraser.ET Eraser has a drag and drop interface, it can erase traces of your browser activities - histories, cookies, downloaded text and files (all of which you can already do manually, but this is more convenient) on demand - and deleted emails (if you use Microsoft Outlook, Netscape Messenger, or Eudora), has the ability to scramble the name and date information of deleted files and can wipe the recycle bin. ET Eraser also sanitizes the Windows Start menu Run log, recent Document and Find Files histories, and applications logs. It doesn't have a scheduler and wiping the swap file is not part of wiping a file or folder. It must be done as part of a separate operation in ET Eraser. This program comes as a 30-day demo. After that you must pay a fee to continue using it. Note that in 64-bit Vista and Windows 7, ET Eraser 2010 cannot delete shadow copies (it does that only in 32-bit). This is a serious limitation, as shadow copies contain restorable versions of your work. Later versions of the program may address this issue. That being said, no other eraser programs attempt to destroy shadow copies.

Window Washer is a popular and highly-rated program that erases (destroys) files, internet traces, the Windows swap file, cleans free space, etc. Functionally, it is similar to ET Eraser. It is relatively inexpensive for the value it provides.

Evidence-Eliminator is another comprehensive program very similar to ET Eraser, but is quite a bit more expensive.

None of these utilities are perfect. For example, ET Eraser and Eraser together make a good combination and gives you great bang for the buck. However, BC Wipe is the least complicated to use.

Now, if you want to see what any of the above wiping utilities do or don't leave behind on your computer, download the demo version of EnCase. EnCase is one of the most popular forensics recovery programs used by law enforcement. It may help you find some overlooked areas that require your further attention.

Surf Unseen

Your travels around the world wide web are pretty easy to follow UNLESS you use a "proxy server". Normally, when you access a website, the site collects information identifying your location on the web using your IP (Internet Provider) address (including what port you are logged into), your browser, and a lot of other stuff. Using a "proxy server" is the only way to hide that information. Using a proxy server will often slow down your web surfing. However, not allow you access or work properly in the presence of a proxy server. Unfortunately, the only way to know which do or don't is by trial and error.

Anonymizer is one of the best-known and most comprehensive websites from which you can visit other websites without your IP address being revealed. This prevents websites from knowing who you are, where you are, and other personal details that are routinely collected from visitors. You can also send anonymous email from Anonymizer. The site also has other useful features - including blocking embedded java and other hostile applications that may attack, infiltrate, or take information from your computer - and cookie removal. Basic Anonymizer surfing is free. Premium services have a subscription fee. Among the premium services are secure browsing (your ISP can't track where you surf), anonymous downloads, emails and newsgroups, their own secure ISP dialup service, and anonymous website hosting.

IDzap primarily provides anonymous surfing for free and paid service levels that include secure surfing, anonymous website hosting (lots of storage!), and javascript management.

Internet Anonym Online is made by the same company that makes the Steganos Security Suite. It works via an SSL connection to the Steganos server, to camouflage the user's identity when surfing. It requires a yearly subscription.

All Nettools is good all-in-one website that gives you a choice of anonymous proxy servers similar to, and including, Anonymizer. There are some other very useful on-line tools available from the All Nettools home page, This is an interesting site from which to begin learning about how the internet works.

A4Proxy is an extensive, highly configurable anonymizing program that you can install and use from your own computer. It maintains a list of proxy servers through which to route your internet requests. The program has extensive help. You can download a 30-day demo version of A4Proxy.

Several of proxy sites mentioned above have instructions for setting up to use a proxy server.

Encrypted Chat

There are several applications that allow you to chat with secure end-to-end secure encryption.

Skype started as a VOIP (voice over internet protocol) calling program, but has expanded. It now offers chat and video. Both the voice calls and the chat are encrypted when communications are between Skype users. It is a free program.

Trillian is a unique program that supports simultaneous chats on multiple messaging systems: Yahoo Messenger, MSN Messenger, ICQ, mIRC, and AIM. You can have chats going on several services at once, with Trillian as your "switchboard". When you use Trillian with another Trillian user, the chatting is encrypted.

SIMP from Secway is a chat client that provides secure instant messaging with MSN Messenger, Yahoo! Messenger, ICQ/AOL Instant Messenger (AIM), and Jabber/Google Talk. SIMP requires both parties to be using the same chat/messaging service to enable the encryption, whereas Trillian just requires both users to be using Trillain for encryption to be active.

Pidgin from Pidgin is also a multiple chat client similar to Trillian. It enables the user to have conversations on more than one chat service at a time. It supports an extensive list of services: AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MSN, MySpaceIM, QQ, SILC, SIMPLE, Sametime, XMPP, Yahoo!, and Zephyr (at the time of this writing). Pidgin encryption only works when both parties enable the encryption. It also allows them to turn the encryption off. Pidgin is also available as a portable version for use with removable drives - which is especially useful if you travel or choose to have an encrypted USB drive.

Encrypted Voice Calls

Skype is one of the premiere VOIP (voice over internet protocol) calling programs. It lets you make calls from your computer and other devices. All voice calls between Skype users are encrypted end-to-end. It is a free program.

Speak Freely is a free voice chat application that is totally secure. It automatically encrypts and decrypts your voice and the other person's, so only you two will be able to understand what is being said. An eavesdropper would not hear anything that sounds like words. Speak Freely uses a computer-to-computer connection, rather than phone-to-phone or phone-to-computer.

Offshore Email Account 

An offshore email account is an excellent way to ensure your email cannot be obtained by domestic authorities. No U.S. court order can make an email service provider in another country give up any email data or account information to them. Of course, that doesn't mean it can't be hacked or can't be snooped while you are online and downloading to or uploading from your foreign email provider (unless you have an SSL connection). Having a foreign email service does improve your security odds but you and your correspondents should still use PGP encryption

FEPG is an excellent site with hundreds of choices for offshore email services. Most of these accounts are free of charge.

If you want the convenience of working from your current email program instead of only browser-based email (like Hotmail), look for the email services that allow you POP3 access to download emails to your computer's email program and SMTP access that allow you to send from your computer's email program via the offshore email server. Be aware that some email services that advertise POP3 only let you collect email from your other accounts, rather than download the emails to your computer.

Regardless of the type of email service you choose, wipe your hard drive frequently. If you choose to use a browser-based email service, remember to eliminate your browser history, temp files, and cookies. If you use a POP3 account, remember to delete all sensitive downloaded emails or keep them encrypted if you must keep them at all - whether on your system or on the email server wherever it is.

Beware of Keyloggers

One of the most insidious things that someone can introduce to your computer is a keylogger. A keylogger monitors every keystroke you make. That includes sensitive information like passwords, credit card information, URLs of websites you visit, contents of your emails, etc. Some people intentionally install keyloggers to remember certain data, but they can be installed on your computer without your knowledge - by an employer, a competitor, a government agency, a parent, an identity fraudster. The list is endless but the reason is simple: to spy. Keyloggers can be introduced by trojan horses via the internet, as well as manually. Sometimes, keyloggers are very hard to find, as they are buried in your system and might leave a very faint footprint. After it collects your data, a keylogger can use your internet connection to transmit to the interested party. Typically these programs run quietly in the background unless they detect a threat.

You can protect your computer with a good anti-malware program. Such a program will discover a keylogger and eliminate it. Also, you can use a key scrambler or anti-keylogger. A keyscrambler encrypts your keystrokes so they can't be read by a keylogger. You still see plain text, but the keylogger doesn't. An anti-keylogger prevents keyloggers from seeing your keystrokes.

KeyScrambler is an excellent anti-keylogging program for your browser. Its basic free version can be installed as an add-on for the Firefox, Internet Explorer, Opera, Safari and other browsers. KeyScrambler encrypts your keystrokes at the kernel driver level to defeat known and unknown keyloggers. It runs automatically in the background whenever you open a webpage, protecting all parts of the page. Most importantly, it scrambles URL's, log-ins and passwords, and any live data you enter (such as web-based emails and credit card information). A live display shows you when Keyscrambler is active. The paid versions offer additional features, such as keyscrambling for various office, financial, email, and IM applications. For more thorough protection beyond the browser and basic applications, you need a full-blown anti-keylogger.

PrivacyKeyboard for Windows is a very good, comprehensive anti-keylogger. It is one of more expensive anti-keyloggers. Not only does it prevent keystrokes from being recognized, it also protects you against a variety of potential keylogging threats: windows text capturing (such as when you are working in MS Word or Excel); clipboard capturing, screenshots of an active window or the entire desktop. PrivacyKeyboard can automatically detect programs that require passwords, but in case it mistakenly disallows and disables them, you can manually re-activate them, and you also to add trusted applications to a "whitelist", so keystokes will not be disabled. One very handy feature of this program is the privacy keyboard, which offers extra security. That is a virtual on-screen keyboard you can use to in pass keystrokes to an application or website without them being read by a keylogger. Essentially, it works like a keyscrambler and is very useful for inputting data such as credit card and banking information. You can open and manipulate Privacy Keyboard's functions from the icon it places in the system tray.

On the other end of the spectrum, Anti Keylogger Shield, is a very simple program that protects you against basic keylogger threats by preventing keyloggers from capturing any keyboard input. It has no user controls, asks no questions (allow? prohibit?), has no whitelist feature, etc. It just works in the background without causing any fuss.For some users, that is sufficient. You know it's active because it places an icon in the system tray.

Online File Storage

For sensitive information, it's best to keep certain files stored somewhere other than on your PC. What you need is a "file dropbox" that you can access at will. Some dropboxes work by FTP (file transfer protocol), others via your web browser. Still others map the dropbox to look like a logical (network) drive on your computer - but it's presence lets outsiders know you have offsite storage. When you store files offsite, that is, online, think about encrypting them, as they basically are being kept on someone else's computer and a system administrator likely has super-user access to them. Don't even think about storing files in your directory on your ISP's server. That is much too obvious a hiding place for your data. 

Hushmail and Safe-mail offer online encrypted storage. And, many other sites exist for online file storage. Three good websites for offsite storage are Dropbox, Driveway, and X:drive. You use them via any browser and they are passworded. However, if you want real security -whether you use Dropbox, Driveway, X:drive or even Hushmail or Safe-mail for online storage, use PGP or something similar to encrypt the files and folders you are putting in online storage. These two services both have webfolder options. FreeDrive's is called FDDesktop and requires a user ID and password. So if you use it and don't use the "save password" option, you have some security from people prying on your system. They may know you use FreeDrive, but not how to get to your files. X:drive's isn't as secure, so use the browser to instead. X:drive does have an SSL (secure link) option. FreeDrive appears to be a little quicker, but it will not work from behind a corporate firewall or via a proxy server; X:drive will pass through a firewall under Win95/98, but not NT. FreeDrive gives you 65mb free space. X:drive has a low fee scale that depends on the amount of space you need. So, of the two, FreeDrive is probably the better choice, in terms of convenience and getting low-cost storage.

These days, almost all of the online storage sites are now fee-based, starting at around $US 5.00 per month. Once you decide you want to pay, though, you do lose the advantage of anonymity. The billing has to go somewhere, unless the service provider takes a money order, cash, or e-gold.

When setting up your dropbox account, use fictitious personal information and email address so nothing can be linked to you. If you remember to erase your browser location bar history at the end of your internet session, no one will ever know you went there or even where "there" is. You should also check your "\windows\cookies" and "\windows\temporary internet" folders to see if cookies have been placed there by such sites as these. If so, be sure to wipe them with one of the eraser programs.

As an alternative, any number of websites give you free space for webpages. No one says you have to use the space to mount a website. You could just use it for storage. However, you typically would need an FTP program for uploading and downloading. 

Install A Firewall On Your PC

Firewalls prevent unauthorized access to your PC, either from the internet (when connected) or on an internal network, such as you might find at your workplace AND they prevent messages from going out from applications on your computer to the internet and compromising your security - very important. A firewall is particularly useful if you have a cable modem or DSL, which are normally connected to the internet full-time. There are many, many choices of firewalls on the market. In general, even if your operating system, such as Windows, has a built-in firewall, you should use a third-party program. They are usually more advanced and capable.

ZoneAlarm is a outstanding, easy-to-use, free PC firewall application. For a fee, it has advanced services, but they really aren't necessary for the average user. Zone Alarm has special configurations for use with ICQ and other interactive net programs. ZoneAlarm also guards against viruses sent via visual basic scripts attached to emails. Zone Labs recommends using an anti-virus scanner along with their firewall program. Steve Gibson, a bigtime software developer/guru, really likes ZoneAlarm.

Other notable firewall programs are: Norton Internet Security, Comodo, and Outpost.

Buy a Crosscut Paper Shredder

Duh.

A Few Useful Tips

• Run your applications from a removable drive as much as possible - it's more hassle, but offers you more protection. Some applications, such as the Firefox browser and the Thunderbird e-mail client, have portable versions specifically for this purpose.


• Keep all your sensitive data on a removable drive, such as a USB flash memory drive, not on your hard drive.


• Wipe the swap file, deleted files and free space on your computer often. Daily would be best. Wiper/eraser programs usually have schedulers in them that makes this easy for you.


• Clear your browser's history file often, or set the options to not allow it to keep a history of the URLs you visited.


• Clear your browser's private data file before you shut down the browser.


• Set your browser's options to not allow it to auto-fill passwords, forms, or remember searches you've done.


• Clear your browser's private data file.
• Set your browser to clear cookies when you close it. Cookies can be used to track and report information about your browsing habits.
• Use long passphrases. The longer the passphrase, the harder it is to crack. Don't put spaces between words. Add random characters (such as @ , $ % +) and numbers throughout the passphrase. This increases the difficulty of cracking because you will be creating new words/character combinations that cannot be found in a dictionary.
• Make anonymous payments whenever possible. Cash is the most anonymous, and not illegal to mail, but be aware there is no record and nor recourse if it is stolen. However, you can send by mail with tracking. Money orders not bought at a bank, but at a convenience store, are anonymous. You don't need to sign them with your real name. E-Gold, Liberty Reserve, and other digital money services are partially anonymous. You will have to use your real identity to purchase the digital money from an exchange, but after that, you can disguise your identity somewhat when dealing with E-Gold and the others. PayPal (and similar services) and credit cards are not anonymous. PayPal, the credit card companies know who you are and verify and preserve the information. Wire and bank transfers are not anonymous. You must present identification to wire or transfer funds.

Some Free Advice

If you are a U.S. citizen, you always have the right to remain silent or have an attorney present when being questioned by the civil authorities. Avail yourself of that right and say, "I have nothing to say, except in the presence of my attorney", or else say asbolutely nothing at all. Most people mistakenly think they can just answer a few friendly-seeming questions and go on about their business. Sorry, but that's not reality. That's only how they do it on television AND they always get the confession and convict the person. So, shut your mouth and lawyer up. Anything and everything you say, with or without an attorney present, will be written in a report or recorded and probably will be used against you. Local, state, and federal government law enforcement officers and agents are trained to intentionally act very intimidating or very empathetic with the sole purpose of getting you to reveal information. So ignore the theatrics. You cannot be coereced to speak whether you are charged or not. Once charged, the Fifth Amendment to the U.S. Constitution protects you from being compelled to make statements that would incriminate yourself (that includes revealing passwords - at least up to now in early-2008). Anyone reasonably forseeing being interrogated by the government should speak with a good local criminal lawyer and maybe even put him on retainer, just in case. At the least, carry his business card or memorize his phone number.

Unfortunately, in the U.K., as of 2007, you may NOT withhold a password if required by a court to reveal it. Of course, one's memory can be a tricky thing, passwords can be overly complex or forgotten ...

Further Resources

Paladin Press has lots of great books and videos on edgy topics most publishers are afraid to print - such as personal and financial freedom, surveillance and investigation, survival and preparedness, weaponry, martial arts and self-defense, military and police tactics, and other subjects protected by the First Amendment .

Most of these programs are not freeware, but shareware and commercial. Some require a registration fee (well worth the money) after an evaluation period. Please read the appropriate readme files, licenses, disclaimers, and other fine print that comes with them. Your freedom and privacy may depend upon these programs.