Tags:FireFox portable psiphon security WiFi

LifeHacker.com has an excellent article on securing your browsing while at work. It covers some of the same ground I covered in “Protecting Privacy While Using Public Wireless” areas, here, but there are some additional things that I think are worth covering.

First, a few warnings that apply to the work environment:

  • Do not assume that taking any particular actions will stop your employer from detecting inappropriate activity.
  • Your employer probably has the right and ability to monitor your work actions. For instance, your employer may have a key logger installed on your office computer (legally), or they may take regular screenshots of your computer. (This is likely to be true even if you are successful in “masking” your network activity).
  • Your employer may not allow you to set up a vpn of any sort outgoing, or they may have policies that you should not implement an outgoing VPN.
  • Your employer may have policies prohibiting you from accessing certian cites (e.g. you may not be allowed to check your GMail from the Office, and its blocked. Using technological techniques to overcome that block could still get you in trouble — or even fired — even if the solutions outlined below (or at LifeHacker) allows you to circumvent the block
  • There are numerous valid reasons for securing your browsing environment, but please don’t do anything that will get you fired!

So, with that warning out of the way, here are some (other) ways to make your browsing more secure:

  • Use (and Portable Open Office, etc). Portable FireFox (and numerous other portable applications can reside on and run from your memory stick (a great site is here). From a point of view, this means:
  • Because its on a thumb drive, it avoids the need to install anything on your PC (you still need the right to run it however)
  • It writes all data (cache, passwords, history, cookies, etc) to the thumb drive, rather than the office PC.
  • You can take the application and all associate data with you when you leave. Your cleared data can sometimes/often be retrieved if the person attempting to do so is sufficiently determined and capable. However, if all the data is in your pocket, it will not be recovered from your computer (wink). Physical security is an important part of overall security.
  • If its your memory key, as opposed to an office-owned key (not allowed at some companies), you have a better claim to the privacy than inspecting the company’s computer.
  • Alway Use FireFox. Use FireFox even when using Explorer-only sites, with the IE Tab extension. It doesn’t work on every site (I have only found one site where I absolutely MUST use IE), but it allows you to almost always stay in FireFox.
  • You might also try PocketFlock to fulfill the same purpose as FireFox Portable (and most of the plugins work for both as well)
  • HTTPS wherever possible. The LifeHacker Article LifeHacker Article gives the same excellent advise I gave in the public wireless article, but it bears repeating.
  • Use Psiphon. Psiphon allows a user to use his own home PC as an secure, password-protected proxy running encryption that looks exactly like any other https:// connection, keeping whatever you are doing private. Also, note that you can do this with MSIE as well as FireFox, and that it requires you to put NOTHING on your computer, so it will work even if you don’t have the ability to run/install FireFox. I believe that this is a much better solution than using TOR for two reasons. First, using TOR raises a red flag, because its possible to tell that you are connecting to TOR. Second, TOR is slow. On the other hand, Psiphon appears to be just another secure web site. Some organizations will block your access to Psiphon based on the IP address. For instance, they may block all verizon home PCs from being connected to (I’ve seen this exactly once).
  • Set up a VPN. If you can Run a Virtual Private Network, this will keep your surfing private. I covered the possibilities in Nubility.Net” target=”_blank” href=”http://nubility.net/secure-wireless-browsing-away-from-home/”>this article on WiFi surfing. However, it may not be allowed by your employer to use a VPN, and if your IT Staff is savvy, it will notice that you are running a VPN, raising red flags of its own.