I promptly deleted cache. The customer didn’t want me to have information, nor did I.

Would You Hand Your Credit Card To A Stranger? ---------------------------------------------- The previous example showed how simple it is to inadvertently reveal a large amount of data. It’s funny how easily a person can dismiss this type of loss. After all, it’s not your data, right?

So let’s get a bit more personal.

Convenience And Computer Security Are Rarely Compatible ------------------------------------------------------- I have a good trust relationship with my next client. She is quite comfortable with me administering and securing corporate network. When it comes to her personal credit card information however, well, not so much.

Pretty much every web browser available these days has quite a few convenience features designed to make your day to day “net experience simpler”. One of these convenience features came into play in this example, specifically Firefox browser’s auto-completion feature.

Not too long ago, I was tasked by this client to make arrangements for transfer of an internet domain to their ownership. Not a difficult task, she could have handled it herself. She was quite a capable computer user; she just didn’t want to be bothered with process.

I set aside 20 minutes to go through her domain registrar’s step-by-step transfer wizard. I summoned client to explain details of transfer displayed on my laptop screen. Facing payment options screen client asked if she could proceed. I relinquished control of my laptop and she entered credit card information required to complete transaction.

Web Browsers Cache Your Personal Information -------------------------------------------- Most modern web browsers, for convenience, will cache information entered into web forms. The intent is to be able to recall this information if it’s requested by another form. The following day, I was in process of registering another domain with same registrar and was surprised, for half a second, when payment screen pre-populated using same information used day before. In addition to credit card information I also had my client’s personal home address, and telephone number. This was quite a bit of personal information client never had any intention of giving me.

So What's Your Point? --------------------- These two examples are very different but do share two important attributes. First, data client intended to keep private was revealed to me. Second, reason for “compromise” of data was due to “victim” working with said data on a computer they neither owned nor were familiar with. Under different circumstances, end results could have been quite devastating.

Conclusion ---------- When using a computer system you do not own, perhaps at a kiosk, or Internet Café, be aware that computer itself is going to remember a lot of what you’ve done as part of basic functionality. Additionally, most entities that are going to provide you with access to a computer, including your employer, probably have systems in place that could collect additional data you don’t desire to share. Even WiFi hotspots that allow you to use your own notebook or PDA to surf web while sipping coffee can be a potential information collector. The moral of story is, when dealing with computer systems that aren’t your own, never handle data or documents that you wouldn’t want left behind unprotected. In all odds, once you walk away from that computer, you’ve done just that.