How can I protect sensitive information from service technicians?

Daily maintenance:

*Remember to backup weekly critical personal files (like passwords, PGP keys, and email addresses).

Wipe our browsing habits

We need to first clear out any incriminating caches that are on our system. Most of you probably run Internet Explorer, so you’d go to Tools and to Internet Options. Clear your history and especially your temporary Internet files.

Other browsers should have options in some sort of drop-down box about clearing your Internet history, Internet files (cache) and cookies.
Preparing the machine for service:

Step 1: Wipe your browsing files (re: above)
This is just in case the technician decides to access the Internet with your machine (ex. to search for new drivers/patches, etc). You should also backup and remove questionable Favorites links.

Step 1a: Hide your Links
Explorer does a poor job of backing up its ?Favorites? (Stored browsing links) , so you have to go in manually.
C: >Windows>Favorites> (Cut & Paste to floppy). Check your Favorites list to make sure this was done correctly, and your favorites list is removed.

Step 2: Locate all of your questionable stuff

Find all your pictures (.jpg, .gif, etc), files (.htm, .html, .DOC, .txt, etc). (**Note: try to hide everything of illegal value from computer technicians. Warez, movies, mp3s, pictures, porn, etc.). You probably have these files stored in specific folders, but a few may be ?floating? around, so I suggest doing a drive-wide search:

Remember to find/store and remove any sensitive stored email messages (Outlook, etc) on the hard disk.

(Optional)
Step 3a: (optional) Put everything into one folder.
You could also zip these files to reduce their size.

Step 3b: (optional) Encrypt this ?super file?

The recommend “bcrypt”. You can download it from http://bcrypt.sourceforge.net – it’s absolutely free! It uses Blowfish 448-bit encryption and has a pass phrase length of 8 to 56 characters.

The Windows version should be similar to the Linux version. It is controlled via the command line.

>bcrypt -s100 pictures.zip e-mails.zip movies.zip warez.zip porn.zip stash.bfe
(The command merges our 5 zip files into one file, stash.bfe. the -s100 means the input files are overwritten by random data 100 times.)

>type your passphrase
>retype it (That’s it! Encrypted to 448-bits!)

to decrypt it, you would type:
>bcrypt stash.bfe

>type your passphrase

Step 4: Burn your files to CD (or other removable media)
An encrypted backup of your files on removable media is a good idea. Keep it stashed and unlabelled. Keep the password in your head.

Step 5: Remove your browsing tracks

>Clear your recycle Bin (This does not remove the files. It merely allows the hard drive to overwrite them later on).
Technicians can easily find Last Modified Files/Folders to check previous disk activity:

>Start>Find Files or Folders>[Advanced tab]>of type> folders (?All files?, Folders?, ?Internet Shortcuts?, ?JPEG?, ?WinZip file?, ?Microsoft HTML Document 5.0?,Microsoft Word Document?, etc). Click on Modified to sort the list into the most recently modified.

The ultimate solution: Wipe your hard drive

If you are unable to locate, copy or remove sensitive files, it might be best to simply wipe the drive to be safe. At this point, you might want o re-install the OS and try to fix the problem yourself.

Read my FAQ on wiping your drive http://www.overgrow.com/growfaq/1482

Or, you could shred your sensitive info. File shredders are free on the Internet. PGP’s FREE suite comes with a file shredder

Note: WinZip 9.0 has AES encryption, one of the most hardest to crack encryption out there. However, WinZip is shareware, and also closed-source, which means only the company has access to the source code of WinZip and their AES encryption. On the other hand, if it was open source, the source would be available to anyone to review and to audit how secure WinZip’s code is. WinZip is not free.

WinCrypt 2.0 has 256-bit AES encryption, a drag-and-drop interface, self-decryption option.