Announcement

Collapse
No announcement yet.

Privacy Cleanup 101

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Privacy Cleanup 101


    This is a re-post of topic:
    Privacy Cleanup 101
    http://kubuntuforums.net/forums/inde....msg115011#new

    See:
    Lost Information
    http://kubuntuforums.net/forums/inde...opic=3117115.0
    Kubuntuforums SQL table corruption
    http://kubuntuforums.net/forums/inde...opic=3117108.0

    Caution: The text is good, but some links to references may be broken at this time.

    _______________________________________________


    Privacy Cleanup 101 (All new, as of 1-24-2010)

    Clean up private information, and
    free up disk space


    CAUTION: System breakage possible!
    If you delete certain files, you can break your OS. Keep this in mind as you read this how-to.

    Acknowledgment
    Credit and thanks goes to IgnorantGuru for his excellent cleaner, kscrubber, and for the tips and information in the thread
    A new privacy and log scrubber for KDE4, Firefox, & Flash
    http://kubuntuforums.net/forums/inde...opic=3108110.0
    and the kscrubber website
    http://igurublog.wordpress.com/downl...ipt-kscrubber/

    Notation, Tips
    -- OS = operating system
    -- Your home folder is abbreviated ~/ and that means /home/your_user_name/ (sometimes, more simply ~ is the same as /home/your_user_name , no ending /). (e.g., your Desktop folder is located at ~/Desktop)
    -- If files don't open when you left-click them, try right-click, Open with, Utilities, select Kate or Kwrite (text editors); if you get a warning that it is a binary file and saving it will corrupt it, ignore it, let the file open, then be careful not to corrupt it.
    -- Hidden files. A hidden file (or folder) has a name that starts with a dot: .thisfile. To see hidden files in Konqueror or Dolphin, click View > Show hidden files. To list all files including hidden files at Konsole and see details, ls -a -l (or ls -al) list all files, in long form.
    -- Asterisk *
    The asterisk is used to indicate all files, including no files.
    Example: /home/your_name/.macromedia/Flash_Player/*
    This includes everything under the Flash_Player directory (every file and folder).
    The asterisk is also used to indicate zero or more characters.
    Example: name*[$e]=
    This expression includes all expressions taking that form,
    where name is followed by ANY characters or no characters.
    E.g., it would include these: name1[$e]=; name[$e]=; namea01x22[$e]=
    -- Manual pages (man pages). The phrasse "See man rm," for example, means consult the manual page for the command rm by typing man rm at Konsole.

    = = = = = = = = = =
    Table of Contents

    SECTION 1
    The "problem" and your strategy
    -->> The section you will want to read, re-read and return to
    The "problem"
    Reasons for cleanup
    Difficulties in keeping your system cleaned up
    Your strategy for performing periodic cleanups
    A proposed strategy--a philosophy--for privacy cleanup: My recommendation
    Methods for doing a cleanup

    SECTION 2
    Finding files to delete
    Four categories of files to examine:
    system files (/tmp, /var/tmp, /var/log)
    root's home (/root)
    your home (/home/your_name)
    applications

    SECTION 3
    Special items to clean
    Adobe Flash Cookies (insidious cookies)
    Firefox (privacy settings; SQL database)
    Thunderbird email (compacting; nstmp)

    SECTION 4
    Wiping your data: a file, a partition, or an entire disk
    ->-> When you delete a file, you do not delete the file
    The solution:
    ONE zero-fill pass is enough to prevent recovery in almost all normal cases
    How to wipe, zero-fill, zero-out a file, a partition, an entire disk:
    Cleaners; secure-delete tools; do-it-yourself with the dd command

    SECTION 5
    Cleaners and tools: Software programs to use
    kcontrol; sweeper
    BleachBit
    kscrubber <= Recommended. See comments below.
    secure-delete programs srm <= Recommended
    dd, dcfldd <= Recommended
    shred; DBAN
    Delete files by inode
    Firefox add-ons (BetterPrivacy)

    SECTION 6
    Custom cleaning, designing your own cleaning plan
    Manual deletions
    GUI, using Trash
    Konsole: rm, does not use Trash
    Practice: Make backups and use rm -iv
    Remove versus "secure" removal
    Making your own simple script
    Make a simple script
    Cleaning configuration files: manually and by using sed at Konsole or in your script
    Example of a cleaning plan -- Summary

    SECTION 7
    Disk/Partition Full! Warning! What to do about it
    Checking your space: ls, df, du
    A decision tree when you disk is full

    Reply #1
    -- How to securely delete data: history, misconceptions, controversy
    My take on this -- A prescription for your data wiping
    Justification doing one zero-fill pass
    -- Archive
    When you delete a file, you do not delete the file
    How to Wipe Data: Logic behind a zero-fill
    Note the section titled: "See for yourself. A Deleted File is Not Deleted"

    Reply#2
    Disk/Partition Full! Warning! What to do about it: a decision tree
    Checking your space: ls, df, du
    Konsole, configure history (# lines to show)


    = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = =
    SECTION 1
    The "problem" and your strategy
    -> -> The section you will want to read, re-read and return to

    The "problem"
    Reasons for cleanup
    Difficulties in keeping your system cleaned up
    Your strategy for performing periodic cleanups
    A proposed strategy--a philosophy--for privacy cleanup: My recommendation
    Methods for doing a cleanup

    The "problem"
    Private data on your activities is saved in many places on your OS partition. It is being saved by you, by the OS, and by your applications. And when you "delete" a file, it is NOT really deleted.

    Reasons for cleanup
    > To free up disk space.
    > To hide private information from the person you share your PC with.
    > To protect your sensitive/confidential data, personal or business.
    > To wipe your disk clean before selling it or giving it to someone.
    > To wipe your partition or disk clean prior to installing/re-installing an OS.
    > To clean up viruses, malware, and artifacts on a hard drive.
    > You are generally paranoid (to some degree) or simply a privacy freak of sorts, and you want to "cover your tracks." More difficult, but you will enjoy doing it because you are you. (Not talking about any illegal activities. Period. For that, you better take a 1-year course in computer forensics and realize even then you will lose.)

    Difficulties in keeping your system cleaned up
    > You must locate the places (in your OS) that contain private information on your activities. Not as easy as it would seem (see examples in Section 2).
    > Furthermore, how and where personal information is kept depends on the OS you are using, the OS version (8.04, 9.04, 9.10, 10.4, etc.), and the applications you use. As any of these factors change, so must your cleanup strategy.
    > Even though you "wipe" a file, can you be certain that extra copies or file artifacts are not strewn around the system somewhere?
    > (Technical point, advanced users) If cleaning a journaled file system (e.g., ext3), are extra copies of a file generated, say during the zero-write process; and whether the file is actually zeroed in place.
    (All the reading I've done suggests that dd and srm should be OK with at least two of the three types of journaled file systems: The ordered and the writeback types; but maybe not the journal type.
    http://en.wikipedia.org/wiki/Ext3
    The ordered type of journaled ext3 system is the Linux default.)
    > (Technical point, advanced users) Although you may delete a file, you probably did not delete the file's metadata including the file name. This suggests you choose carefully names for sensitive files and folders. You can use a dd-grep search on the partition; see my how-to "The dd Command."
    > (Technical point, advanced users) When wiping a disk, what about bad sectors on the drive that are shut out but yet may contain sensitive data? (If discarding the drive, no problem: destroy the drive using hammer, burning, acid, physically shredding, etc.; but if keeping the drive or selling it, then its a potential issue.) Sometimes, you can use dd to write zeros to a drive or partition and overwrite bad sectors or cause them to be relocated. See my dd how-to, References: The dd Command, Part 2 (subsection on Bad Sectors).

    Your strategy for performing periodic cleanups

    > In general, only YOU can decide what your goals are and how much time and effort you want to put into keeping your Kubuntu and PC cleaned up and wiped of private information. There is no one single answer that applies to everyone. Furthermore, each user has different application programs installed and different versions of KDE and operating systems.

    A proposed strategy--a philosophy--for privacy cleanup: My recommendation

    If your interest in privacy management is only casual in addition to wanting to free up disk space,
    I recommend you keep it simple and quick for yourself, don't obsess about it too much. Do two things:
    (1) Determine the files you wish to clean and select a cleanup method you are comfortable with.
    (2) Understand the implications of "disk full" and know some basic tools for assessing disk space.

    If your interest in privacy management is more serious in addition to wanting to free up disk space,
    I recommend you accept that this is not a simple or quick or perfect task and that you do obsess about it somewhat. Then settle on a method and implement it regularly and without too much obsessing. Occasionally, review your method for possible improvements and for changes in your programs and OS. It takes some work, but you will enjoy it because you are you ...
    ... and, importantly:

    A Key Point
    -> You can't clean up your system perfectly, you can't get it all, so you MUST regularly do "free-space" partition wiping and re-installs on freshly zeroed partitions and disks (see SECTION 4: Wiping your data: a file, a partition, or an entire disk).

    Methods for doing a cleanup
    > Clean your system manually
    > Use a cleaner (a specially written program)
    > Automate your manual/custom method by writing a script
    > Use a combination of methods

    An important point: vulnerability
    You want to clean up your PC but what about your normal, personal files on the PC? If someone gains access to your PC, he/she can see what is there, down to your email and browser profiles. If that is a concern to you, deal with that threat. Your options include encryption, password protections, locking your PC, keeping a laptop under lock and key, running your operating system in RAM only (no hard drive), and using removable media (disks, flash drives) so nothing is left on the PC except the (volatile) RAM.

    (See Section 6 -- Example of a cleaning plan -- Summary)

    Caution: breakage!
    If you delete certain files, you can break your OS. Keep this in mind as you read this how-to.


    = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = =
    SECTION 2
    Finding files to delete

    Four categories of files to examine:
    system files (/tmp, /var/tmp, /var/log)
    root's home (/root)
    your home (/home/your_name)
    applications

    The goal of this section is to help you build a list of files to delete. As you read this, open the folders/files to see what's there. You may find a few surprises. If you use a cleaner (Section 5), a lot of this work may be done for you; HOWEVER, maybe not! You may have to run a cleaner and do some manual cleaning.

    System files: Read this carefully!
    The three system directories to look at are
    /tmp
    /var/tmp
    /var/log

    Summary
    /tmp is cleared automatically upon re-booting. It is safe to delete individual files in /var/log.

    > Basic cleanup:
    Don't mess with /tmp or /var/tmp. /tmp is cleared automatically upon re-booting.
    /var/log: you may delete individual files only.
    > Advanced cleanup:
    It is probably safe to delete /tmp and /var/tmp,
    -> but do so between reboots at a terminal before logging in to KDE.
    (KDE depends on files in /tmp and especially /var/tmp.)
    Do NOT delete the files in /tmp and /var/tmp while the system is running.
    It is safe to delete /var/log, but delete individual files only.
    -> See kscrubber (Section 5).

    Discussion, Recommendations

    /tmp: /tmp is written to during system operation and contains files needed temporarily; in some systems (e.g., Kubuntu), it is cleaned upon each re-boot. If you delete files under /tmp while your system is running, you may cause damage or break your system (in which case, one or two re-boots may fix it). For basic cleanup, since /tmp is cleared upon reboots, I recommend you not mess
    with the files under that directory. For more advanced users, see Section 5, Cleaners.

    /var/tmp: /var contains variable data; files and directories the system must be able to write to during operation. /var/tmp contains temporary files that are large or that need to exist for a longer time than what is allowed for /tmp--perhaps to persist between re-boots. Again, for basic cleanups, to be safe, I recommend you not mess with it. For advanced cleanups, it is probably safe to delete /var/tmp between re-boots; caution is advised; deleting it might break things for KDE--try rebooting to fix it; if using KDE, try deleting /var/tmp at the log-in screen (at a terminal from the menu there) BEFORE logging in. Again, see Section 5 on Cleaners.
    >>> /var/tmp: I found a lot of personal session data under
    /var/tmp/kdecache-mike/http/ (e.g., g: a google search) and
    var/tmp/kdecache-mike/favicons.
    I believe it is safe to delete /var/tmp/kdecache-mike/http/* and var/tmp/kdecache-mike/favicons/* -- I've never had a problem doing so.

    /var/log:
    Quote: "One of the things which makes GNU/Linux a great operating system is that virtually anything and everything happening on and to the system may be logged in some manner ... Many are generated by the system log daemon, syslogd on behalf of the system and certain applications, while some applications generate their own logs by writing directly to filesin /var/log."
    Most of the log files are in plain text format, so you can open them in Kate or KWrite and read them. Older logs are rotated and may be compressed using gzip and so will appear as .gz files (use ARK to open them).
    Reference: Linux Log Files
    https://help.ubuntu.com/community/LinuxLogFiles

    > For basic cleanup, I'll let you decide whether to mess with your logs.
    > For advanced cleanups, assuming your system is working OK, it is safe to delete log files.
    However, based on my reading, it seems the safest way to do so is to delete only individual files under /var/log and individual files under any application folders you see under /var/log. That is, do NOT delete the application folders themselves (located directly under /var/log); delete only the files inside the folders.

    System files, notes
    /usr should only contain static data (programs and static configuration data); do not attempt to clean it.
    See Filesystem Hierarchy Standard (FHS)
    http://www.pathname.com/fhs/
    A tour of the filesystem, starting at root /:
    http://gd.tuwien.ac.at/linuxcommand....s0040.php#root

    Troubleshooting tip: reboot
    If you ever do have a problem after messing with /tmp or /var/tmp, rebooting your PC once or twice should clear it up.

    Technical note (advanced): the sticky bit
    Watch for the “sticky bit” on permissions. When the sticky bit (t) is turned on for a directory, users can have read and/or write permissions for that directory, but they can only remove or rename files that they own. Example: drwxrwxrwt (the “t” is the sticky bit). (See man chmod)
    Look at /tmp and /var/tmp:
    ls -l /
    drwxrwxrwt 13 root root 4096 2009-12-26 05:30 tmp
    cd /var
    ls -l
    drwxrwxrwt 5 root root 4096 2009-12-17 06:28 tmp
    The "t" indicates the sticky bit is on.
    If for some reason you find yourself re-creating /tmp, you should set the sticky bit on it (the leading "1"):
    chmod 1777 /tmp

    One more note about this: If the sticky bit is set on a file or directory without the execution bit set for the others category (non-user-owner and non-group-owner), it is indicated with a capital T:
    # ls -l test
    -rw-r--r-- 1 root other 0 Nov 10 12:57 test
    # chmod +t test; ls -l test
    -rw-r--r-T 1 root other 0 Nov 10 12:57 test
    (http://en.wikipedia.org/wiki/Sticky_bit)


    root's home (/root)
    If you use a good cleaner, /root may be taken care of for you. Be aware that the discussion of your home files below also applies to root's home!
    Tip: When your disk space is filling up near capacity, check root's home as one possible culprit. Sometimes, while using sudo, lots of un-needed stuff ends up there (e.g., using PhotoRec).
    Have a look: Open Konqueror (or Dolphin) as root (kdesudo konqueror), then click on home to see /root. You should see many of the same files in /root that you have in your /home/your_name. In particular, check these:
    /root/.local/share/Trash/files and /root/.local/share/Trash/info, /root/.kde/share/apps /root/.kde/share/apps/config, and /root/.thumbnails


    Your home (/home/your_name)
    (Your home folder is abbreviated ~/ and that means /home/your_user_name/ )

    To find files you want to delete, open your file manager (e.g., Konqueror, Dolphin), navigate to your /home/your_name folder. Click View > Show hidden files. A hidden file is a file (or folder) whose name starts with a dot; e.g., ".kde". We'll start at the top level, /home/your_name. Then we'll dig deeper into the KDE applications under home (where for each app, we'll look at /home/your_name/.kde/share/app/app_name and /home/your_name/.kde/share/config/app_name).

    To emphasize a point, two important KDE directories are applications and configuration files:
    /home/your_name/.kde/share/apps
    /home/your_name/.kde/share/config
    For each KDE application (e.g., kate), you need to study what is under these two directories.
    -->> configuration files may contain personal information. -->> The config file for a KDE application may contain your recent activity/history/documents. Do NOT delete entire config files--only delete parts of lines that contain private data.
    Other configuration files for non-KDE apps may also contain private data. For example, check:
    /home/your_name/.config
    /home/your_name/<application_name>
    as well as possibly other places.

    >> To Do and a note of CAUTION
    As we go through examples, navigate to the various directories/files and see for yourself what is there.
    >> Based on my tests and research, the files listed can safely be deleted, BUT READ THE CAUTION AT THE START OF THIS HOW-TO.
    >> Also read the Notation & Tips list at the start of this how-to.

    /home/your_name

    First, some top-level items directly under your /home directory (e.g., /home/mike).

    Thumbnails: /home/your_name/.thumbnails/large/* (a shocker to most users)
    Thumbnails: /home/your_name/.thumbnails/normal/* (Ditto)
    Recently used: /home/your_name/.recently_used
    Bash history (Konsole) /home/your_name/.bash_history
    X11 debug log: /home/your_name/xsession-errors
    Check for applications files here, too. For example, I found
    /home/your_name/.gimp-2.4/documents (Explore this)
    /home/your_name/.openoffice.org2/ (Explore this)
    /home/your_name/.mozilla (Firefox directory: do not delete!)
    /home/your_name/.mozilla-thunderbird (Thunderbird directory: do not delete!)
    /home/your_name/.java/deployment/cache/* (Should be safe to delete)

    Flash cookies (See Section 3 below!)
    These occur when using your browser (e.g., Firefox).
    /home/your_name/.macromedia/Flash_Player/*
    /home/your_name/.adobe/Flash_Player/*

    Trash
    /home/your_name/.local/share/Trash/files/*
    /home/your_name/.local/share/Trash/info/*

    KDE
    /home/your_name/.kde/cache-your_PC (your_PC = name of your PC)
    Favorite icons: /home/your-name/.kde/cache-your_PC/favicons/*
    Web cache: /home/your_name/.kde/cache-your_PC/http/*
    /home/your_name/.kde/cache-your_PC/http/cleaned
    KDE4: Caution--there may be more folders/files to clean. See Section 5 Cleaners.

    General items
    Recent Documents: /home/your_name/.kde/share/apps/RecentDocuments/*
    /home/your_name/share/config/kdeglobals:
    See the lines
    Recent URLs[$e]=
    History Items[$e]=
    (You may delete everything to the right of the "=" sign.)


    Applications Next, look at your applications (apps)

    As we said above, for each KDE application, you should check at least two directories:
    /home/your_name/.kde/share/apps and /home/your_name/.kde/share/config
    We will give only a few examples as it would be difficult to give an exhaustive list. Each user will have different apps to check.
    And, as we said above:
    Other configuration files for non-KDE apps may also contain private data. For example, check:
    /home/your_name/.config
    /home/your_name/<application_name>
    as well as possibly other places.


    APT (Advanced Package Tool)
    At Konsole, run these commands, BUT SEE NOTES below first:
    sudo apt-get clean
    sudo apt-get autoclean
    sudo apt-get autoremove

    NOTES (see man apt-get):
    -- apt-get clean clears out the local repository of retrieved package files. To clean up /var/cache/apt/archives (where packages are first downloaded). apt-get clean removes everything except lock files from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/.
    -- apt-get autoclean removes only package files that can no longer be downloaded. Like clean, autoclean clears out the local repository of retrieved package files. The difference is that it only removes package files that can no longer be downloaded, and are largely useless. This allows a cache to be maintained over a long period without it growing out of control.
    -- apt-get autoremove is used to remove packages that were automatically installed to satisfy dependencies for some package and that are no more needed.

    Specific apps

    Bash history (e.g., Konsole) delete the file /home/your_name/.bash_history

    kate (text editor)
    History: /home/your_name/.kde/share/apps/kate/metainfos
    Configuration file: /home/mike/.kde/share/config/katerc
    In katerc, see lines like Recent Files, LastSearchFiles, and others that reveal personal activity.
    E.g., Recent Files[$e]=$HOME/Documents/test. You may delete to the right of the "=" sign and so leave this: Recent Files[$e]= .

    klipper
    /home/your_name/.kde/share/apps/klipper/history*
    (there may be various history files, thus the asterisk)
    Also, check to see whether you have set klipper to "Save clipboard contents on exit" (right-click the klipper icon, Configure klipper, General tab)--you may wish to disable that.

    kpdf
    /home/your_name/.kde/share/apps/kpdf/*

    Konqueror
    /home/your_name/.kde/share/apps/konqueror, see/delete the following files:
    History (URL)
    /home/your_name/.kde/share/apps/konqueror/konq_history
    /home/your_name .kde/share/apps/konqueror/closeditems_saved
    /home/your_name/.kde/share/config/konqueror/konq_history
    -> Note the two Konqueror history files (in apps and config).
    Recent Documents /home/your_name/.kde/share/apps/RecentDocuments
    Web Cache /home/your_name/.kde/cache-mike-desktop/http/*
    Favorite icons: /home/your_name/.kde/share/apps/konqueror/faviconrc
    /home/your_name/.kde/share/apps/konqueror/autosave/*
    Cookies /home/your_name/.kde/share/apps/kcookiejar/cookies
    Form completion entries /home/your_name/.kde/share/apps/khtml/formcompletions

    Kaffeine
    /home/your_name/.kde/share/apps/kaffeine/playlists/*
    /home/your_name/share/config/kaffeinerc
    The line "Current Entry=" (delete after the "=" sign)
    Many under [Recent Files]
    File*[$e]=
    Name*[$e]=
    Delete everything to the right of the "=" sign, leaving the left side of each line.

    krunner (invoke using ALT-F2)
    /home/your_name/share/config/krunnerrc
    Check specific lines in that file for any lines indicating saved data on personal activity; delete everything to the right of the "=" sign.

    k3b
    /home/your_name/.kde/share/apps/k3b/lastlog.log (or /lastlog*)
    /home/your_name/.kde/share/apps/k3b/temp/*
    config file: /home/your_name/.kde/share/config/k3brc
    Look for any personal data (that is not configuration data) and delete after the "=" sign. Examples:
    [KFileDialog Settings]
    Recent Files[$e]= (you'll see your files or paths here; delete after the "=" sign)
    [file view]
    last url[$e]=
    [image writing]
    image path[$e]=
    last written image[$e]=
    [last used default data settings]
    image path[$e]=
    [last used default dvd settings]
    image path[$e]=
    [last used image writing]
    image path[$e]=

    Java
    /home/your_name/.java/deployment/cache/*

    Xine
    Multimedia viewer cache
    Delete /home/your_name/.xine/catalog.cache

    For KDE 4
    Use kscrubber or simply study it to locate other items. These, in particular:
    (checking ONLY the offending config lines; do NOT delete the entire files)
    plasma
    /home/your_name/.kde/share/config/plasma-desktop-appletsrc
    (label*=)
    kdeglobals
    /home/your_name/.kde/share/config/kdeglobals
    (history items and recent URLs)


    [End of the list: "Specific apps"]





    = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = =
    SECTION 3
    Special items to clean
    Flash cookies
    Firefox (list topics)FX (the sqlite database files)
    Thunderbird (list topics) compact + the temp file

    If you use other apps (e.g., Krusader), investigate. See the kscrubber script for some of these (Section 5).

    Adobe Flash Cookies
    When you visit a website using your browser, the website may set cookies in your filesystem; your browser can be used to control privacy cookie settings and to remove cookies that have been set. However, your browser can not control or delete another type of cookie, an Adobe Flash cookie called a Local Shared Object (LSO). These are insidious cookies: they may stay on your PC an unlimited time (until removed by the website); they can store a large amount of data; they can send visit-information and history; they can be used for "re-spawning": to reinstate regular browser cookies that you deleted; they can't be deleted by your browser or by the Flash player itself.

    To delete Flash cookies using the Adobe website
    (Caution: This allows Adobe to access your PC files.)
    http://www.macromedia.com/support/do...shplayer/help/
    Click on Settings Manager, then the tab Website Storage Settings, where you will see a list of websites setting Flash cookies on your PC and options for deleting.
    Caution: You can delete the cookies, but be careful using Setting Manager to prevent all cookies--Doinf that might cause certain websites to fail to work as you expect.

    To delete Flash cookies manually
    rm -r /home/your_name/.adobe/Flash_Player/*
    rm -r /home/your_name/.macromedia/Flash_Player/*
    E.g.,
    /home/mike/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/cookie_name
    /home/mike/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
    /home/mike/.adobe/Flash_Player/AssetCache/86SKG9MT/*

    To delete Flash cookies using a cleaner: See Section 5

    See:
    Flash Cookies: The Silent Privacy Killer
    http://www.imasuper.com/66/technolog...rivacy-killer/
    Flash Player Help
    http://www.macromedia.com/support/do...ashplayer/help
    Local Shared Object
    http://en.wikipedia.org/wiki/Local_Shared_Object
    Wired--Epicenter: You Deleted Your Cookies? Think Again
    http://www.wired.com/epicenter/2009/...s-think-again/


    Firefox
    Learn to use the privacy settings in Firefox web browser:
    Edit > Preferences > Privacy, where you have settings for History, Cookies, and Private Data where there is a settings button to click and make your settings on the panel that appears. Also, under Private Data is a Clear Now button.
    In 9.10, the menu is similar; however, instead of Clear Now, go to the Tools menu item on the main browser window, then Clear Recent History.

    As of January 1, 2010, there's another issue some of you may need to know about:
    Firefox fails to clean its SQL database:
    Even after clearing your history (using the Privacy menu), some of your history may still be present in a SQL database. "This is because Firefox fails to vacuum the sqlite file. To truly delete this information, clear your entire history in Firefox, close Firefox, and run kscrubber. kscrubber uses sqlite3 to vacuum all the non-locked sqlite databases in your system’s home folders. Vacuuming only removes (defrags) invalid data in the files while keeping the valid data." (IgnorantGuru/kscrubber).
    This bug report deals with the Firefox sqlite issue:
    https://bugs.launchpad.net/ubuntu/+s...e3/+bug/457791

    Your Firefox profile folder
    You will find private data in your profile folder:
    /home/your_name/.mozilla/firefox/********.default
    where the eight *'s indicate letters and numbers, and .mozilla is a hidden folder (to see it, open Konqueror or Dolphin, navigate to /home/your_name, and click View > Show Hidden files).
    -- Backup your profile folder
    “Mozilla Firefox stores all your personal settings, such as bookmarks, passwords and extensions, in a profile folder, stored on your computer. To back up your profile, restore it, or move it to a new location or computer, all you have to do is move or copy the profile folder.”
    http://support.mozilla.com/kb/Backin...profile_folder
    -- Bookmarks, backups
    Your bookmarks are in a file called bookmarks.html in your profile folder.
    Be aware that your profile also keeps the folder bookmarkbackups. You may wish to delete some or all of the files in it.
    -- Hide your bookmarks
    I haven't tried it but will mention “Hide Bookmarks: del.icio.us (extension)” and refer you to Firefox support.
    -- Protecting the contents of the profile: “Anyone with access to your system can view the contents of your profile.” See: http://kb.mozillazine.org/Protecting...file_-_browser
    -- Flash Drive
    “Store your profile on a USB flash drive by using utilities such as Mozilla Firefox, Portable Edition
    http://portableapps.com/apps/internet/firefox_portable. These utilities frequently support requiring a password to access the contents of the drive. Additionally, you can remove the drive when not on your computer. “
    -- Firefox Privacy & Security: http://kb.mozillazine.org/Category:Privacy_and_security


    Thunderbird email
    Two issues: Compacting and the nstmp file
    About “compacting” your email folders http://kb.mozillazine.org/Compacting_folders
    Quote:
    “When you delete or move e-mails from a folder, Thunderbird and other e-mail programs simply hide them (and mark them as ready for physical deletion later on), and these hidden e-mails still actually remain in the folder. Even emptying the Trash does not physically delete them. These hidden e-mails are physically removed only when the folder is compacted. If you don't compact your mail folders periodically, they can grow very large, and erratic program behavior may occur. Many e-mail users have never heard of compacting folders (not to be confused with compressing files). However, most e-mail programs use this approach to email storage and deletion. It improves performance by not requiring the email program to rewrite the entire Inbox or other folder every time you delete a single message. The difference is that most other email clients by default automatically compact the folder when a certain amount of space is wasted, whereas this has to be activated by the user in Thunderbird.”

    How to COMPACT email folders
    Open Thunderbird, rt-click the folder (e.g. Inbox), File > Compact Folder. Or, click Local Folders, File
    > Compact Folders.
    To set Thunderbird to automatically compact your email folders, Edit > Preferences > Advanced > Network & Disk Space > Disk Space > check the box Compact folders when it will save over 100 KB.

    Nstmp folders: Problems when compacting is interrupted
    http://kb.mozillazine.org/Nstmp_folders
    Quote:
    Thunderbird creates a temporary file called "nstmp" when it's compacting a folder. If Thunderbird is interrupted during the compacting, it will abort, and the temporary file will not be deleted. If the problem occurs multiple times, you'll see numbered files ("nstmp1", "nstmp2", etc.).
    Shutting the program down during the compacting process, whether intentionally or due to a crash, will interrupt the process. Receiving a new message in the folder you're compacting will also interrupt the process. You can avoid the problem by switching to working offline ("File -> Offline -> Work Offline") before you compact a folder, but thats a nuisance. Usually you can prevent this problem by keeping your inbox as empty as possible (store messages in other folders/child folders) and setting "Tools -> Options -> Advanced -> Network & Disk Space -> Disk Space -> Compact disk space when it will save over" to a lower value.
    Check to see which folder the nstmp folder is duplicating, and check that the original folder is okay (e.g. compare number of messages in "View -> Toolbars -> Status Bar"). If so, you can delete the "nstmp" folder(s) by right-clicking it and choosing "Delete Folder" (or by deleting the files in your profile). See the link for Related Problems. [End of quote]

    Thunderbird privacy issues
    -- Lots of stuff here to check/set for special needs:
    Account Settings: Open Thunderbird > Edit > Account Settings
    -- Security measures
    “All of your messages are normally stored in text files within your profile folder. Somebody else could read them using Thunderbird or by viewing the appropriate file with a text editor.”
    -- Thunderbird Privacy & Security
    http://kb.mozillazine.org/Category:P...Thunderbird%29
    -- Running from a USB drive - Thunderbird
    http://kb.mozillazine.org/Running_from_a_USB_drive_(Thunderbird)
    -- Thunderbird—Keeping it working, relevant tips http://kb.mozillazine.org/Keep_it_working_(Thunderbird)
    -- Your personal data is in your profile folder; the path is usually
    ~/.mozilla-thunderbird/xxxxxxxx.default/ (xxxxxxxx is a random string).
    This folder contains all personal email data, address book (abook.mab, history.mab), local mail, and personal settings & configurations.
    -- Backup
    To backup your email profile, simply copy the profile folder to backup media (flash drive, disk).
    http://kb.mozillazine.org/Profile_backup



    = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = =
    SECTION 4
    Wiping your data: a file, a partition, or an entire disk
    ->-> When you delete a file, you do not delete the file

    It comes down to this:
    > When you delete a file you do not actually destroy it. You only destroy the data structure (filesystem) reference to it. The bits and bytes of file information are still on your disk.
    > When you delete a partition, or re-format it, you do not actually destroy it. You only destroy the data structure (MBR partition table) reference to it. The bits and bytes of information comprising the partition are still on your disk.

    Proof? Easy as pie. Delete a bunch of your files (documents, photos, movies), and then before messing with that disk, use PhotoRec to find them and retrieve them. Or, use GParted Live CD to delete your Kubuntu or /home partition, then before messing with that disk, use TestDisk to find and restore the partition(s). Or, delete a file, then use dd and grep to search for key words in that file.

    The solution
    ONE zero-fill pass is enough to prevent recovery in almost all normal cases
    That is, to completely delete a file and prevent recovery, it is sufficient to write one pass of zeros over the file before deleting it. Same goes for wiping a partition or an entire disk: Write one pass of zeros to it before deleting/re-using it. A single pass is faster, too, than multiple passes, especially for large jobs.
    Terminology: To write zeros to a file is to zero-fill the file; or to zero-out the file; or to wipe the file [with zeros]. Instead of zeros, you can use random numbers if you wish.

    I go along with Starman's conclusions regarding the literature on this, which I think is even more true given the increased densities of new hard drives: one pass (with zeros) is enough.

    How to wipe, zero-fill, zero-out a file, a partition, an entire disk
    To wipe your data, you may use:
    -- a cleaner (Section 5) that employs secure-delete tools (e.g., kscrubber)
    -- the secure-delete tools (Section 5)
    -- or do-it-yourself with the dd command

    > By the way, wiping a disk before re-using it also makes it easier to recover deleted partitions (or partition table) in the future, assuming the disk contains any leftover extended partitions. (Such extended partitions that were NOT zeroed-out would interfere with recovering a new extended partition on the re-used disk. A good recovery tool for this is TestDisk.)

    Nuts and bolts of using dd
    See my how-to for everything you need to know and more:
    The dd Command, especially Part 3, wriiten for privacy Cleanup 101
    http://kubuntuforums.net/forums/inde...opic=3117215.0


    Advanced notes: More on this
    -> To read more about the logic of doing just ONE zero-pass, see Reply # 1.
    -> Ultimately, this comes down to one simple thing: verification. Not only must you select a method of wiping a drive, but you should verify that zeros (or random numbers) got written to all of the drive, especially the end. See my how-to The dd Command for a way to do it. If you feel a second pass is necessary, you may do it. E.g., one pass of zeros, one pass of random numbers. Or, do three passes. It is up to you. Certainly, IMO, it is not necessary to do seven passes or 36 passes. I use just one pass of zeros.



    = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = =
    SECTION 5
    Cleaners and tools: Software programs to use
    kcontrol; sweeper
    BleachBit
    kscrubber <= Recommended. See comments below.
    secure-delete programs srm <= Recommended
    dd, dcfldd <= Recommended
    shred; DBAN
    Delete files by inode
    Firefox add-ons (BetterPrivacy)

    Before using a cleaner, close all applications. Firefox: Clear Private Data, then close it. If your system seems damaged after cleaning, try to re-boot once or twice to see if it clears up the problem. Trade-offs: Some cleaners may not clean enough, yet be very safe, while some cleaners may clean too much and damage your system. Whatever cleaner you use, you must check for yourself to see exactly what files get deleted/cleaned. Your best strategy is to use a combination of methods (see Section 6).

    We'll take a quick look at these tools:
    kcontrol; sweeper <= Good for quick, casual use, but very incomplete.
    BleachBit <= Use with caution. See below.
    kscrubber <= Recommended. See comments below.
    secure-delete programs srm <= Recommended
    dd, dcfldd <= Recommended
    shred; DBAN <= You should know about these well-known programs.
    Delete files by inode
    Firefox add-ons (e.g., BetterPrivacy--see the FX website for this topic)

    => I recommend that you have a close look at kscrubber and consider using it.
    http://igurublog.wordpress.com/downl...ipt-kscrubber/
    -> kscrubber uses the secure-delete toolkit.

    kcontrol: Kubuntu 7.10, 8.04 (KDE 3.x) (no longer supported)
    http://en.wikipedia.org/wiki/KControl
    In 7.10 thru 8.04, to delete ten KDE categories of files. Open Konsole, type kcontrol (or Alt-F2, kcontrol); then: Security & Privacy > Privacy . The 10 categories are: General: Quick Start Menu; Recent Documents; Run Command History; Saved Clipboard Contents; Thumbnail Cache; Web Browsing (with Konqueror): Cookies; Favorite Icons; Form Completion Entries; Web Cache; Web History
    Trash--you must empty Trash manually.
    Cleans only Konquereor, not Firefox or other web browser.

    sweeper: Kubuntu 8.10-9.10+ http://userbase.kde.org/Sweeper
    Clean any combination you select from these items:
    General: Clipboard (saved contents); Recent Documents; Recent Applications; Run Command History
    Thumbnail Cache Web Browsing (with Konqueror): Cookies; Favorite Icons; Web History; Web Cache; Form Completion Entries; Cookie Policies (for visited websites)
    Trash--you must empty Trash
    Cleans only Konquereor, not Firefox or other web browser.

    BleachBit: Kubuntu 8.04, 8.10, 9.04, and 9.10+
    http://freshmeat.net/projects/bleachbit
    http://bleachbit.sourceforge.net/features
    (1/1/2010) BleachBit looks promising. It has a simulation mode so you can Preview what it intends to clean without actually running the cleaner, a good way to learn where the files are. (kscrubber also has this capability.)
    Caveats
    I have not tested BleachBit as much as I'd like, but would caution you that it might be an example of a cleaner that cleans too much and may adversely affect your system. You are referred to this discussion:
    A new privacy and log scrubber for KDE4, Firefox, & Flash
    http://kubuntuforums.net/forums/inde...opic=3108110.0
    See: Reply #31; Reply#32; Reply #66
    (Issues for Kubuntu: kpm, OpenOffice configuration deleted?, cookie backup not deleted?, does not edit config files for private info; over-cleaning.)

    kscrubber: Kubuntu 8.04+, especially KDE 4 <= Recommended
    IgnorantGuru's Blog:
    http://igurublog.wordpress.com/downl...ipt-kscrubber/
    --> See this discussion thread on cleaning and kscrubber:
    A new privacy and log scrubber for KDE4, Firefox, & Flash
    http://kubuntuforums.net/forums/inde...opic=3108110.0

    For 8.04, 9.10 and KDE 4.x. kscrubber uses the secure-delete tools (see below); e.g., srm. The default for kscrubber is that srm will write two passes of random numbers (srm -l) to a file before deleting it. The --onepass option runs it with just one pass of random numbers (srm -ll). kscrubber has a simulation mode (--sim) so you can preview what it intends to clean without running the cleaner, a good way to learn where the files are. kscrubber deletes Flash cookies and vacuums the SQL database in Firefox. It also carefully cleans some tmp files and it cleans log files unless you tell it not to. You may study its script to see how it works, what files it cleans and where they are located, you may even modify the script or use only parts of it in your own script. See the web site for the latest options and details. Includes a tutorial on using scripts. It cleans kmail but not Thunderbird EXCEPT to clean up the SQL database.

    -- secure-delete toolkit (includes srm, sfill, sswap, smem)
    You can get the secure-delete programs by using your package manager or by running (at Konsole):
    apt-get install secure-delete
    Then use man srm, man smem, man sfill, and man sswap to learn about each tool.

    srm (secure removal) is used to remove files and directories. First, it overwrites the files (with zeros or random numbers), then it removes the file from the file system. You can control the number of passes it makes in overwriting a file: for two random passes, use srm -l file_name; for one random pass, use srm -ll file_name; for one pass of zeros, use srm -llz file_name. It seems srm does well with filesystems, and, for example, uses fsync, flushing disk caches. See man srm.
    To remove a file (located in the current directory):
    srm file_name
    To remove a folder and its contents (located in the current directory):
    srm -r folder/
    sfill - secure free disk and inode space wiper
    sfill will securely clean the free space on your disk (you can specify the directory to clean; e.g., your /home or root /). See man sfill.
    sswap is designed to delete data in your swap space in a secure manner. See man sswap.
    smem is designed to delete data in your memory (RAM) in a secure manner. See man smem.

    You can also do secure deletions manually using the dd command
    -- dd
    The Linux command dd is very handy for wiping data from your system: wiping files, partitions, disks. For a comprehensive list of detailed examples, see my how-to
    The dd Command, especially Part 3 which is written for Privacy Cleanup 101
    http://kubuntuforums.net/forums/inde...opic=3117215.0
    See also the next tool, dcfldd.

    -- dcfldd
    dcfldd is based on dd and is an enhanced version of dd. It was developed at USA Dept. of Defense.
    dcfldd includes progress reporting and verification, as well as various methods for ensuring accuracy and speed. To get dcfldd, use your package manager, or
    sudo apt-get install dcfldd
    See: man dcfldd
    Syntax and many command-line options are the same as for dd. Suggestion: If you are doing a lot of zero-fills of large drives, you might want to try dcfldd. You can run it just as you do with dd, from a live CD, from GParted Live CD, from Kubuntu, even from a flash drive. In place of dd in recipes, simply substitute dcfldd.
    dcfldd: references
    > dcfldd(1) - Linux man page
    http://linux.die.net/man/1/dcfldd
    > See also, dev notes re verify:
    http://www.networksecurityarchive.or.../msg00004.html
    > dcfldd - Latest version 1.3.4-1
    http://dcfldd.sourceforge.net/

    -- shred
    The program shred can be used to overwrite a file any number of times (with zeros or random numbers) and then remove the file. Use sudo apt-get install shred and then see man shred. Limitation for ext3 and ext4 (journaling) filesystems: it will not work on data=journal mode, "...which journals file data in addition to just metadata. In both the data=ordered [default for an ext3 Linux OS] and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount)."
    Workaround for journaled file systems in "journal mode":
    Shred and secure-delete: tools for wiping files, partitions and disks in GNU/Linux
    http://www.freesoftwaremagazine.com/columns/
    shred_and_secure_delete_tools_wiping_files_partiti ons_and_disks_gnu_linux
    A limitation of shred is that it does not have the recursion option -r, thus it is best for overwriting files, not directories. After overwriting a file with shred, you may then have shred remove the file. Removal is an option you would normally use for regular files; however, for device files, /dev/sdxn or /dev/sdx, you would overwrite the file (with random numbers or zeros) but not remove it. See man shred for these options.

    -- DBAN
    DBAN http://dban.sourceforge.net/
    (Well-known program. Wipes hard drive. Starman cautions to be careful configuring your command statement (dban may try to wipe ALL your drives). DBAN is based on a Linux kernel.)

    -- Delete files by inode
    How to: Linux/UNIX Delete or Remove Files With Inode Number
    http://www.cyberciti.biz/tips/delete...de-number.html
    (For files with strange file names; also use of an escape character \)

    Links
    Howto Delete Files Permanently and Securely in Linux
    http://www.techthrob.com/2009/03/02/...rely-in-linux/
    (Shred and secure-delete srm)

    Shred and secure-delete: tools for wiping files, partitions and disks in GNU/Linux
    http://www.freesoftwaremagazine.com/...isks_gnu_linux
    (Shred and secure-delete srm)

    srm (Unix)
    http://en.wikipedia.org/wiki/Srm_(Unix)

    Source code (for shred, dd, etc.)
    http://www.gnu.org/software/coreutils/



    = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = =
    SECTION 6
    Custom cleaning, designing your own cleaning plan

    Manual deletions
    GUI, using Trash
    Konsole: rm, does not use Trash
    Practice: Make backups and use rm -iv
    Remove versus "secure" removal
    Making your own simple script
    Make a simple script
    Cleaning configuration files: manually and by using sed at Konsole or in your script
    Example of a cleaning plan -- Summary


    Manual deletions

    So you've compiled a list of items to delete from your PC, most of them in your /home. Of course, you can delete items manually; you can do it in GUI (using Konqueror or Dolphin), or at Konsole.
    -- When deleting a file in GUI, it goes to Trash, and you should remember to empty the Trash. (Trash is located at /home/your_name/.local/share/Trash/ where you will see files and info folders, both of which must be cleaned.) Many items can be cleaned in GUI--simply navigate to the target for cleaning and delete the item. Some items have a menu. E.g., Klipper: left-click, Clear clipboard history. Trash: left-click, Empty Trash. Firefox: Edit, Preferences, Privacy. Konqueror has this menu:
    Konqueror > Settings > Configure Konqueror
    History Sidebar – Clear; Cookies – Management – Clear some/all; Cache – Clear (web pages visited)
    Bookmarks – Review for deletions; contains ALL URLs including local files
    NOTE: To clear individual history entries:
    Konqueror > Settings > Show Navigation Panel, History icon (left), Right-click to Remove Entry

    -- When working at Konsole, to remove files or folders, use the remove command rm. See man rm. When you remove a file (or folder) using rm, it does not go to Trash; the file is gone.
    To remove a file:
    rm myfile
    To remove a directory and its contents:
    rm -r mydirectory
    where -r = recursive => remove the directory and all its contents (including subdirectories).
    To keep myfolder but remove its contents (subfolders and files),
    rm -r myfolder/*

    Tip Practice by making backups and use rm -iv
    If you are designing your own custom, manual plan for cleaning, practice cleaning files one-by-one, confirming to yourself that you are doing it properly and safely. This way:
    -- Make a backup copy of the file you are cleaning in.
    -- For testing purposes, use the options - i and -v with rm:
    rm -i -v myfile (or rm -iv myfile)
    rm -iv -r mydirectory (or rm -ivr mydirectory)
    -i prompt before every removal, an interactive option
    -v explain what is being done (same as --verbose)
    After you perfect your system, you can omit the backups and the -iv options.

    Remove versus "secure" removal!
    Review Section 4 (wiping your data) and Section 5 (cleaner tools): when you delete a file or folder, it is not really deleted.
    -- If you use GUI or rm, you must schedule periodic wiping of your /home (and possibly the root /) partition. You can perform the wipe using dd or using sfill (from the secure-delete toolkit).
    -- If you use secure removal, srm (instead of rm), you've done a pretty good job getting rid of the file or folder. However, you should still schedule a general wiping of your home and root partitions to delete any metadata, remnants, fragments left behind.
    Recommended:
    srm -llz myfile
    srm -llz -r mydirectory (or srm -llzr mydirectory)
    => Use just one pass of zeros.
    For other ways, see man srm.

    -- Reminder, a bit extreme and you may not agree, but now and then back up all your personal data, then re-install the OS AFTER wiping the entire root and home partitions using dd.

    The dd Command, especially Part 3 written for Privacy Cleanup 101
    http://kubuntuforums.net/forums/inde...opic=3117215.0



    Making your own script
    A quick-and-dirty, how-to make a script that includes a list of your custom delete commands.

    Summary Create your script mycleaner in the folder myscripts
    Create the text file mycleaner.
    Type your commands, starting with the first line #!/bin/bash.
    Make mycleaner executable: sudo chmod +x mycleaner
    Create myscripts folder as root and set ownership and permissions:
    sudo mkdir myscripts
    sudo chown root:root myscripts
    sudo chmod 755 myscripts
    Copy mycleaner into myscripts.
    Run mycleaner by giving its pathname.

    Details
    (See the kscrubber website: Script Installation Instructions
    http://igurublog.wordpress.com/libra...-instructions/ )

    To save time and typing, you can easily automate a list of simple cleaning commands (e.g., rm, dd, sed).
    A simple example Let's say you have a bunch of custom delete commands you wish to automate by running them in a script. Suppose you wish to name the script mycleaner. To keep it easy, suppose you are in your home directory. Using GUI (Konqueror or Dolphin), create a text file:
    Right-click, Create New > Text File, filename is mycleaner.
    Or at Konsole, open Kate:
    kate
    File > Save and use filename mycleaner.

    Type the following in the text file mycleaner, then File > Save:

    #!/bin/bash

    # This is my cleaner
    rm file1
    rm -r directory2
    # That's the end of my cleaner

    Make the script file executable (so it can be run as a program)
    cd ~ (or cd /home/your_name)
    sudo chmod +x mycleaner

    That's all you need for this simple script. Start your script with the line "#!/bin/bash" (without the quote marks). Lines introduced by "#" are comment lines where you can type anything you wish. Instead of the remove command rm, you can use secure remove srm.

    Making your scripts directory
    Again, keeping this simple, we make scripts owned by root and allow users to execute them (but only root can change or rename a script: you use sudo for such editing). If you call your script folder myscripts, then set it up in your home directory using these commands at Konsole:
    cd /home/your_name (or simply type cd ~)
    sudo mkdir myscripts
    sudo chown root:root myscripts
    sudo chmod 755 myscripts

    Notes
    chown sets root as the owner and root as the group of the folder myscripts.
    chmod 755 sets permissions: The owner (root) can do anything with the folder (7 = read, write, execute); the group and others can read and execute but not write (i.e., can not change anything).
    See
    man mkdir, man chown, and man chmod
    Commands at Konsole: Beginners: 3 parts
    http://kubuntuforums.net/forums/inde...opic=3117209.0
    (see Part 2, ownership and permissions)
    Tuxfiles
    http://www.tuxfiles.org/linuxhelp/files.html
    (see ownership and permissions)

    Copy your script into your script directory
    You can do that at Konsole:
    cd ~
    sudo cp mycleaner myscripts
    Or using GUI (Konqueror or Dolphin):
    kdesudo konqueror
    (And then copy or drag & drop the file mycleaner into the folder myscripts.)
    We have to use sudo (root) because only root has write permission on the folder myscripts.
    (Write permission for a directory (folder) means: you can add, delete, and rename files in that directory.)

    Using your script
    When you want to run mycleaner, open Konsole, make sure you are in your home directory (cd ~), then run this command:
    myscripts/mycleaner
    To run it as root,
    sudo myscripts/mycleaner
    (If you are not in your home directory, run it from anywhere using its full pathname:
    /home/your_name/myscripts/mycleaner .)
    Caution! In this toy example, make sure that file1 and directory2 either do not exist or are toy examples you made up and placed somewhere.

    Cleaning KDE configuration files /home/your_name/.kde/share/config
    As a reminder, you need to clean the KDE applications at /home/your_name/.kde/share/apps and possibly some KDE configuration files at /home/your_name/.kde/share/config--those that contain personal information (e.g., your recent activity/history/documents).
    An example:
    Configuration file: /home/your_name/.kde/share/config/konquerorrc
    where you may find the line
    Recent Files[$e]= (which shows specific, recently opened files)
    The goal is to delete to the right of the "=" sign and so leave this: Recent Files[$e]= .
    -- You can easily do that deletion manually in GUI.
    -- Or in a command (manual or or in a script) using command sed (see man sed).

    Using sed at Konsole or in your script

    Thanks to IgnorantGuru for the how-to, in this thread:
    A new privacy and log scrubber for KDE4, Firefox, & Flash
    http://kubuntuforums.net/forums/inde...opic=3108110.0

    sed is an automatic line editor and takes the form
    sed 's/xxx/yyy/' filetoedit

    That causes sed to search the file filetoedit for lines containing "xxx". It will change "xxx" on those lines to "yyy". Output is sent to the screen (standard output, stdout) unless you include the -i switch, which means edit the file in place. The \1 you see in sed replacements means copy the first part (#1) in parenthesis. Since "Recent Files[$e]=" is in parenthesis, it copies that to the replacement line, but not what follows it. Thus it effectively deletes everything after the equal sign. sed uses regular expressions, and you need to escape some characters (a left parenthesis "(" as "\(" for example).

    So this:
    sed -i 's/\(^Recent Files\[\$e\]=\).*/\1/' ~/.kde/share/config/konquerorrc
    is equivalent to this:
    sed -i 's/^Recent Files\[\$e\]=.*/Recent Files\[\$e\]=/' ~/.kde/share/config/konquerorrc

    In other words change "Recent Files[$e]=etcetera" to "Recent Files[$e]=". The caret ("^") just means that Recent Files must occur at the very beginning of the line. (kscrubber has a lot of sed lines if you want to work by example.)

    That's all you need for what we are doing here. Simply copy this example to other instances where you are cleaning a configuration file by stripping off the right side of certain statements (that contain personal data). You can use the sed statement manually at Konsole or in your script file. (Note that /\ is made by typing / then \)

    Non-KDE applications, configuration files
    Other configuration files for non-KDE apps may also contain private data. For example, check:
    /home/your_name/.config
    /home/your_name/<application_name>
    as well as possibly other places.


    Example of a cleaning plan -- Summary

    Of course, you need to fill in the blanks (which is what this how-to is all about), but here's an example outline of what might go into a cleaning plan.

    As you work, keep things on the surface cleaned up.
    Klipper--Clear Clipboard History
    Check whether you have set klipper to "Save clipboard contents on exit"
    (right-click klipper icon, Configure klipper, General tab--you can disable it)
    Google search window: right-click, clear history
    Empty Trash
    Keep basic privacy items cleaned in your Firefox browser.
    Keep Thunderbird files compacted.

    Prepare to run a cleaner (kscrubber):
    Thunderbird: Compact the Local Folders; close Thunderbird
    Firefox: Clear privacy settings; close Firefox
    Close all applications
    Run kscrubber

    Then,
    If kscrubber doesn't clean everything you want cleaned:
    do your own manual cleaning (at GUI or at Konsole);
    run your own script to do it;
    (or have modified kscrubber to include your custom cleanups)

    Now and then, re-boot to clear /tmp, /var/tmp.
    Advanced: You may want to delete the contents of
    /var/tmp/kdecache-user/favicons and /var/tmp/kdecache-user/http

    Then, schedule this or do it now:
    Clean the free space on your /home partition: Use dd or sfill.
    Optional:
    If the root partition (/) is separate from the /home partition, clean the free space on root /.

    Then,
    (important, depending on your privacy concerns)
    Consider re-installing the OS at some point(s), as follows:
    First, back up your data.
    Zero-out the entire root partition. Zero-out the /home partition.
    Re-install the OS. Set up /home again (copy your data back).



    = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = =
    SECTION 7
    Disk/Partition Full! Warning! What to do about it
    Checking your space: ls, df, du
    A decision tree

    If you fill up your Kubuntu partition (or a separate /home partition), it may become impossible to work in the operating system. And if you were to re-boot, you will not be able to log in to your KDE (and you'd have to work only at a command line). To be safe, some experts recommend not exceeding 85% full (and at that point, you should start deleting files you do not need).

    If this happens to you, what must you do?
    => You must delete some files
    from your Kubuntu root partition or from your /home partition.
    => Check root's home, /root.
    => Check the Trash in your home and in root's home:
    /home/your_name/.local/share/Trash/files and /home/your_name/.local/share/Trash/info
    /root/.local/share/Trash/files and /home/your_name/.local/share/Trash/info
    (You'll have to do the latter as root: kdesudo konqueror or kdesudo dolphin. Also, for each, enable View > Show Hidden Files.)
    => Check the items discussed in this how-to, Privacy Cleanup 101 or run a cleaner.
    => Know how to use these tools (at Konsole):
    ls-al, df -hT, and du -sh, du -h and du -ah
    => Another tool for seeing disk usage in a visual way is Filelight (in the repos).

    Decision Tree: What to do when you get disk full or partition full
    A comprehensive plan of attack is given in Reply #2 of this thread (below).


    = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
    References

    kscrubber
    http://igurublog.wordpress.com/downl...ipt-kscrubber/

    A new privacy and log scrubber for KDE4, Firefox, & Flash
    http://kubuntuforums.net/forums/inde...opic=3108110.0
    Read this thread for discussion, tips, insights

    The dd Command, especially Part 3 which is written for Privacy Cleanup 101
    http://kubuntuforums.net/forums/inde...opic=3117215.0

    srm (Unix)
    http://en.wikipedia.org/wiki/Srm_(Unix)

    Source code (for shred, dd, etc.)
    http://www.gnu.org/software/coreutils/

    Flash Cookies: The Silent Privacy Killer
    http://www.imasuper.com/66/technolog...rivacy-killer/
    Flash Player Help
    http://www.macromedia.com/support/do...ashplayer/help
    Local Shared Object
    http://en.wikipedia.org/wiki/Local_Shared_Object
    Wired--Epicenter: You Deleted Your Cookies? Think Again
    http://www.wired.com/epicenter/2009/...s-think-again/

    Bug report deals with the Firefox sqlite issue:
    https://bugs.launchpad.net/ubuntu/+s...e3/+bug/457791

    Firefox Privacy & Security
    http://kb.mozillazine.org/Category:Privacy_and_security

    Thunderbird Privacy & Security
    http://kb.mozillazine.org/Category:P...Thunderbird%29

    About “compacting” your email folders
    http://kb.mozillazine.org/Compacting_folders

    To backup your email profile, simply copy the profile folder to backup media (flash drive, disk).
    http://kb.mozillazine.org/Profile_backup

    dcfldd: references
    > dcfldd(1) - Linux man page
    http://linux.die.net/man/1/dcfldd
    > See also, dev notes re verify:
    http://www.networksecurityarchive.or.../msg00004.html
    > dcfldd - Latest version 1.3.4-1
    http://dcfldd.sourceforge.net/

    Shred and secure-delete srm: tools for wiping files, partitions and disks in GNU/Linux
    http://www.freesoftwaremagazine.com/columns/
    shred_and_secure_delete_tools_wiping_files_partiti ons_and_disks_gnu_linux

    How to: Linux / UNIX Delete or Remove Files With Inode Number
    http://www.cyberciti.biz/tips/delete...de-number.html

    Howto Delete Files Permanently and Securely in Linux
    http://www.techthrob.com/2009/03/02/...rely-in-linux/
    (Shred and secure-delete srm)

    DBAN http://dban.sourceforge.net/
    (Well-known program. Wipes hard drive. Starman cautions to be careful configuring your command statement: dban may try to wipe ALL your drives. Apparently, DBAN is based on a Linux kernel.)

    BleachBit: Kubuntu 8.04, 8.10, 9.04, and 9.10+
    http://freshmeat.net/projects/bleachbit
    http://bleachbit.sourceforge.net/featuressrm (Unix)
    http://en.wikipedia.org/wiki/Srm_(Unix)

    Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory
    http://www.cs.auckland.ac.nz/~pgut00...ecure_del.html

    Peter Gutmann, Epilogue
    http://mirror.href.com/thestarman/as...nnEpilogue.txt
    (Credit goes to thestarman.)

    RE: Peter Gutmann data deletion theaory (sic) ?
    http://seclists.org/bugtraq/2005/Jul/464

    Daniel Feenberg, "Can Intelligence Agencies Read Overwritten Data? A response to Gutmann."
    http://www.nber.org/sys-admin/overwr...a-gutmann.html

    Charles H. Sobey, "Recovering Unrecoverable Data - The Need for Drive-Independent Data Recovery,"
    527KB PDF. Published April 14, 2004.
    http://www.actionfront.com/ts_whitepaper.aspx

    Daniel B. Sedory (starman), "How To Permanently Erase Data from a Hard Disk"
    Copyright©2003-2008 by Daniel B. Sedory (starman)
    http://mirror.href.com/thestarman/asm/mbr/WIPE.html

    Daniel B. Sedory (starman), "An overwriting standard: there was some truth to it in the past"
    http://en.wikipedia.org/wiki/Talk:Na...ting_standard:
    _there_was_some_truth_to_it_in_the_past

    Daniel B. Sedory (starman), "DoD 5220.22-M and its relation to the so-called DoD Wipe Standard"
    http://mirror.href.com/thestarman/asm/5220/index.html
    Compiled by Daniel B. Sedory
    All Original Research is Copyright©2008 by Daniel B. Sedory
    (re Where did the so-called 7-pass DoD 5220.22-M Wipe Standard originate?)

    Delete files by inode
    How to: Linux / UNIX Delete or Remove Files With Inode Number
    http://www.cyberciti.biz/tips/delete...de-number.html

    Linux Log Files
    https://help.ubuntu.com/community/LinuxLogFiles

    Filesystem Hierarchy Standard (FHS)
    http://www.pathname.com/fhs/
    A tour of the filesystem, starting at root /:
    http://gd.tuwien.ac.at/linuxcommand....s0040.php#root

    Commands at Konsole: Beginners: 3 parts
    http://kubuntuforums.net/forums/inde...opic=3091607.0
    (Part 2, ownership and permissions)

    Tuxfiles
    http://www.tuxfiles.org/linuxhelp/files.html
    (see ownership and permissions)

    More:
    Cleaning up a Ubuntu GNU/Linux system
    http://www.ubuntugeek.com/cleaning-u...in-ubuntu.html
    KleanSweep http://www.kde-apps.org/content/show.php?content=28631
    HOWTO Cleaning old KDE thumbnails (using scripts)
    http://kubuntuforums.net/forums/inde...opic=3082403.0
    HOWTO: Cleaning local package archives, Rog131
    http://kubuntuforums.net/forums/inde...opic=3082399.0
    Need some help with shell scripts.
    http://kubuntuforums.net/forums/index.php?topic=5493.0
    Trash settings:
    http://kubuntuforums.net/forums/inde...opic=3086602.0

    HOWTO: Cleaning local package archives, Rog131
    http://kubuntuforums.net/forums/inde...opic=3082399.0

    Cleaning up an Ubuntu GNU/Linux System
    http://www.ubuntugeek.com/cleaning-u...in-ubuntu.html

    FAQ: Free Disk Space, Rog131
    http://kubuntuforums.net/forums/inde...opic=3086353.0

    ======================
    NOTE re Vacuum

    Vacuum a file

    The vacuum command copies all of the information required to recreate a database into a temporary file in memory and uses that information to create a new database file. As the command creates the new database file, it eliminates free pages, makes table data contiguous, and reorganizes the database file structure.

    vacuum(7) - Linux man page
    http://linux.die.net/man/7/vacuum

    kscrubber:
    # Remove residual data from firefox sqlite databases
    if [ -d $userhome/.mozilla ]; then
    find $userhome/.mozilla -type f -name '*.sqlite' -execdir sqlite3 '{}' 'VACUUM;' 2> /dev/null \;
    fi




    An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

    #2
    Re: Privacy Cleanup 101


    Privacy101_Reply_1_NEW

    How to securely delete data

    Contents

    -- How to securely delete data: history, misconceptions, controversy
    My take on this -- A prescription for your data wiping
    (This is the current version of the topic)

    -- Archive (a previous version)
    When you delete a file, you do not delete the file
    How to Wipe Data: Logic behind a zero-fill
    Note the section titled
    See for yourself. A Deleted File is Not Deleted
    (An experiment: dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts')

    How to securely delete data, history, misconceptions, controversy.

    How many "overwrites" are needed to safely wipe your data?
    Can you recover overwritten data?
    How should you overwrite your data?
    How about the government DoD 7-pass standard?
    and, finally,
    -> My take on this -- A prescription for your data wiping

    Answers:
    One.
    No.
    Any way you wish.
    Where did THAT come from?
    My take on this? See below.

    Here's the scoop, my logic, and I'm going to be brief because we have better things to do in this how-to.
    The references are the key.

    In 1996, Peter Gutmann Department of Computer Science, University of Auckland, wrote his now (in)famous, Secure Deletion of Data from Magnetic and Solid-State Memory. THAT is the document that is widely misquoted and misused to promote/preach all sorts of extreme overwriting strategies and rules ("voodoo incantations") for how to overwrite data to prevent recovery. You'll see them all over the Internet, secure data deletion programs that perform up to 35 passes over the data, each time overwriting the data using zeros, ones, other numbers, random numbers, and pseudo random numbers.

    Even Gutman takes issue with the mis-use, misinterpretation, of his paper. Sometime between 1996 and 2002, he wrote his Epilogue:

    "In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical
    analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, 'A good scrubbing with random data will do about as well as can be expected'. This was true in 1996, and is still true now." [Emphasis added]

    In July 2003, Daniel Feenberg, National Bureau of Economic Research, Cambridge MA, published a cogent rebuttal to the Gutman paper, "Can Intelligence Agencies Read Overwritten Data? A response to Gutmann." After working through several logical points, as well as points of evidence, Feenburg concludes, "... that Gutmann's claim belongs in the category of urban legend. Or it may be in the category of marketing hype ..." and " ... Of course it has been several years since Gutmann published. Perhaps microscopes have gotten better? Yes, but data densities have gotten higher too. An hour on the web this month looking at STM sites failed to come up with a single laboratory claiming it had an ability to read overwritten data ... Recently I was sent a fascinating piece by Wright, Kleiman and Sundhar (2008) who show actual data on the accuracy of recovered image data. While the images include some information about underlying bits, the error rate is so high that it is difficult to imagine any use for the result. While the occasional word might be recovered out of thousands, the vast majority of apparently recovered words would be spurious ... Charles Sobey has posted an informative paper "Recovering Unrecoverable Data" with some quantitative information on this point. He suggests that it would take more than a year to scan a single platter with recent MFM technology, and tens of terabytes of image data would have to be processed."

    Charles H. Sobey, in his white paper, "Recovering Unrecoverable Data - The Need for Drive-Independent Data Recovery," (see Section 4.2.2 Magnetic Force Microscopes (MFM)), after rather technical analysis, concludes, " ... Although such exotic methods of data recovery are theoretically possible ... I have found no evidence of commercially viable recoveries being performed. Furthermore, I have seen no public demonstrations of any of these methods that show the recovery of files or even user data--only images or raw encoded data." And like other sources, Sobey points out that the error rates inherent in the technology of trying to read any data off disks are very high.

    Starman--Daniel B. Sedory--having researched the topic to its outer limits, concludes that for most of us and almost all home or personal privacy needs, "... we believe simply 'zeroing-out' a drive AND checking that it has actually been done is more than adequate." And, further, "...NOW IN THE YEAR 2008, after 15 years of people warning others and passing along their fears of possible scenarios involving electron (sic) microscopes, WE STILL have NEVER heard of a single case from any lab actually using a microscope to discover any useful bit patterns [emphasis added]!" And, "Personally, I'm not at all concerned about anything I 'zero-out' on a hard disk ever being seen by someone else again. If you think that any local law enforcement or government agency is going to attempt to find data on a drive with ALL zeros by taking a very long time and spending more money than they can really afford with no assurance whatsoever of finding anything(!), then you're living in a dream world that's already beyond all the fictional elements in TV shows like CSI and other such scientific forensic evidence dramas. It's much easier ... to obtain data about you using many other means!"

    Finally, you will see MANY Internet references to the US government 7-pass DoD wipe standard (as per DoD 5220.22-M). After another extensive research effort, Starman is unable to fully trace where this came from. Although it can mean many things, most references to the government 7-step wipe consider it to be " ... three cycles of alternating patterns of 0x00 and 0xFF, followed by an 0xF6 byte pattern for a total of seven passes. But as the DSS and other security organizations have pointed out, they rarely include a verification pass!" (See Starman, "DoD 5220.22-M and its relation to the so-called DoD Wipe Standard")

    -> My take on this -- A prescription for your data wiping

    For most of us, it suffices to do a simple one-pass zero-fill (zero-out) of your files/partition/drive to ensure that no one will be able to retrieve your data. That includes users who keep on their PCs personal correspondence/emails, documents, normal business, finance, and medical records, family/personal photos, and personal items downloaded from the Internet (including legal adult materials).

    Other things you can do: Now, if you wish to do a pass with random or pseudo random numbers instead of zeros, that's fine, too; or do multiple passes. Another thing some folks believe in is doing a zero-fill followed by a fill with truly random numbers; the random numbers making it less obvious that a file was wiped, and maybe making it technically more difficult to detect meaningful information from the wiped bits. Or, do a zero-fill of a file, then before deleting the file change it's name to some random characters or a nonsense name, again making the job of data recovery folks more difficult. Some sources do a wipe using random numbers, then a final wipe with zeros (the opposite of what has been said above).

    If your data is extremely sensitive for whatever reasons, my sense is that you will be able to decide what to do based on what is said here and the links (which I'm sure you will read in great detail). Having said that, (1) the evidence suggests that one zero-fill will likely do the trick; (2) some folks would probably feel better doing two or three passes, perhaps with zeros and random numbers; and (3) most folks in the category will want to secure their data and PC physically, and when done with a drive will want to physically destroy it (using standard means of physical shredding, burning, hammering it into small pieces, using a blow torch on it, etc.).

    References

    Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory
    http://www.cs.auckland.ac.nz/~pgut00...ecure_del.html

    Peter Gutmann, Epilogue
    http://mirror.href.com/thestarman/as...nnEpilogue.txt
    (Credit goes to thestarman.)

    RE: Peter Gutmann data deletion theaory (sic) ?
    http://seclists.org/bugtraq/2005/Jul/464

    Daniel Feenberg, "Can Intelligence Agencies Read Overwritten Data? A response to Gutmann."
    http://www.nber.org/sys-admin/overwr...a-gutmann.html

    Charles H. Sobey, "Recovering Unrecoverable Data - The Need for Drive-Independent Data Recovery,"
    527KB PDF. Published April 14, 2004.
    http://www.actionfront.com/ts_whitepaper.aspx

    Daniel B. Sedory (starman), "How To Permanently Erase Data from a Hard Disk"
    Copyright©2003-2008 by Daniel B. Sedory (starman)
    http://mirror.href.com/thestarman/asm/mbr/WIPE.html

    Daniel B. Sedory (starman), "An overwriting standard: there was some truth to it in the past"
    http://en.wikipedia.org/wiki/Talk:Na...ting_standard:
    _there_was_some_truth_to_it_in_the_past

    Daniel B. Sedory (starman), "DoD 5220.22-M and its relation to the so-called DoD Wipe Standard"
    http://mirror.href.com/thestarman/asm/5220/index.html
    Compiled by Daniel B. Sedory
    All Original Research is Copyright©2008 by Daniel B. Sedory
    (re Where did the so-called 7-pass DoD 5220.22-M Wipe Standard originate?)




    = = = = = = = = = = = = = = = = = = = = = = = = =
    = = = = = = = = = = = = = = = = = = = = = = = = =
    Archive, a previous version.
    Note the section titled
    See for yourself. A Deleted File is Not Deleted
    (An experiment: dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts')


    When you delete a file, you do not delete the file
    How to Wipe Data: Logic behind a zero-fill.

    Contents
    -- How to Delete Data from Your Hard Drives & USB Drives
    -- History
    -- Deletion: This will explain the issue
    -- Preparing a drive for new partitioning & formatting
    -- Methods of performing a zero-out of (or a zero-fill on) your drive
    -- See for yourself. A Deleted File is Not Deleted
    (An experiment: dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts')
    -- References (the classic sources for this)
    -- SEAGATE's excellent explanation of Zero Fill


    How to Delete Data from Your Hard Drives & USB Drives

    Answer:
    Zero-out the drive: Perform a zero-fill to the drive.

    Question:
    How can you delete data/partitions from your hard drive to ensure (with probability close to 1.0) that no one can retrieve the data or would expend the effort (time, equipment, expense) to retrieve the data?

    An easy, quick fix? Perhaps. You can google on this and run into just about anything you are looking for. You have to decide for yourself based on all that is written and sold on the subject. Personally, I believe what I wrote above as the answer, and I've given you some key references to look at for yourself.

    - - - -
    History

    It started with the classic voodoo formula(s) of Peter Gutmann in his “Secure Deletion of Data from Magnetic and Solid-State Memory,” to which later he wrote a “moderating” Prologue. All sorts of commercial cleaners have quoted Gutmann and used his methods (e.g., the multiple, sequential, structured overwrite passes). Daniel Feenberg with the National Bureau of Economic Research wrote his rebuttal of Gutmann's paper, and it seems to make the most sense, which Starman takes pretty much as his position. It's all in the References--and there is some interesting reading, notwithstanding whatever the scientific and clinical truths may be.

    - - - -
    Deletion: This will explain the issue
    In a certain real sense, when you delete a file, you do not delete the file.

    When you perform a “delete a file,” you are merely deleting the name of the file or the database references (pointers) to the file; same goes for “deleting a partition”: You are simply deleting the partition entry in the Master Boot Record (or Extended Partition records). In both cases, the data in the file or partition remains on your disk.

    In practice, properly deleting data, rendering it essentially unrecoverable, is done using either software or physical means. Using software, the best way to delete the data seems to be to simply overwrite the bytes with zeros (or with random numbers). Using physical means, the best way seems to be using a sledge hammer followed by extreme heat (e.g., by blow torch); and somewhere I've read that is the recommended method used by the DoD. If you are feeling paranoid or extra cautious, you can perform more than one overwrite pass on your disk/partition/file to ensure it is “gone.” You might overwrite it with zeros, then random numbers (and, perhaps, zeros again).

    - - - - -
    Many “issues “ involved when we talk about “deleting” files. This is not our topic here, but to alert you to the ideas, here's a quote from Feenberg (see References):
    “ ... modern operating systems can leave copies of " deleted" files scattered in unallocated sectors, temporary directories, swap files, remapped bad blocks, etc, ... “ A good example is encryption: when you encrypt a file, do you ever think about deleting (zero-ing) the original text file?

    - - - - -
    Preparing a drive for new partitioning & formatting

    This is another reason to wipe the drive (zero-out the drive, or zero fill it), especially so if you may ever need to recover data/partitions on that drive (as it is easier to do if there are no lingering remnants of prior partition table information, especially so for prior extended partitions).

    - - - - -
    Methods of performing a zero-out of (or a zero-fill on) your drive
    Ways to write zeros to a file, to a partition, or to an entire drive

    --- dd command
    Read my How-To on it and follow up the references given there:
    http://kubuntuforums.net/forums/inde...opic=3117215.0

    Very easy to do—one dd command to zero-out a disk, a partition, or a file. On one test, I used a one-line dd command to write zeros to a 160 GB Seagate SATA HDD; it took 45 minutes. Keep in mind that dd works bit-by-bit, and thus, is quite effective in overwriting the drive.

    --- dcfldd: the souped-up DoD version of the command dd (which gives you a progress report as it goes).

    --- Knoppix Live CD: Run dd from there. (See References.)
    If you need root privileges at the command line, sudo su always works.
    If you must mount a drive, right-click the Desktop drive icon, select Mount.
    To see a list of packages installed in Knoppix, at a terminal type
    dpkg --get-selections > list_of_programs
    (Then open Konqueror > Home > and you'll see the text file list_of_programs under the root home. Mine had 1343 programs listed on the CD (use Edit > Find Line).)

    --- Run dd from any Linux Live CD, including your Kubuntu Live CD.

    --- Your hard drive manufacturer may have a utility to zero-fill the drive.
    Seagate does, on its DOS Seatools CD. Seagate also has an excellent description of zero fill on its knowledge base support page. It's so good, I decided to reproduce it at the end here.

    -- And possibly other methods, such as dban (see References—and Starman's Caution!)

    = = = = = = = = = = = = = = =
    See for yourself. A Deleted File is Not Deleted

    To keep it simple, safe, manageable, and fast, I did this with a 2 GB flash drive.
    While in Kubuntu, plug in the flash drive, let it come up, say OK, then close the flash drive window. To see how Kubuntu sees it, run
    sudo fdisk -lu.
    Mine is seen as /dev/sdc.
    Zero-out the 2 GB flash drive:
    dd if=/dev/zero of=/dev/sdc
    Output (note that it took about 11 minutes):
    dd: writing to `/dev/sdc': No space left on device
    4030465+0 records in
    4030464+0 records out
    2063597568 bytes (2.1 GB) copied, 659.81 seconds, 3.1 MB/s

    Partition it using GParted: K > System > Partition editor > Device > sdc.
    Make a 1 GB, FAT32 partition, sdc1. (You will be asked first to set a Disk Label – say Yes.)
    Re-run sudo fdisk -lu:
    Disk /dev/sdc: 2063 MB, 2063597568 bytes
    255 heads, 63 sectors/track, 250 cylinders, total 4030464 sectors
    Units = sectors of 1 * 512 = 512 bytes; Disk identifier: 0x000479e1
    Device Boot Start End Blocks Id System
    /dev/sdc1 63 2040254 1020096 b W95 FAT32

    Cylinder size:
    63 sectors (per track) * 255 heads = 16,065 sectors per cylinder.
    1 sector = 512 bytes = b (“b” is the abbreviation for 512 bytes).
    => 1 cylinder = 16,065b bytes (= 8,225,280 bytes)
    => it's a handy “block size” to use (since a partition contains a whole number of cylinders)

    OK. Have a look at it.
    dd if=/dev/sdc1 bs=16065b | hexdump -C
    That prints to the screen the locations (“offsets”) (hexadecimal in the left column), the contents in the main columns, and a (somewhat) “regular” (ASCII) format in the right section. The dd command “copies” (and processes) data in blocks of 16,065b bytes at a time. You should see a bunch of zeros. If there are too many ending zeros, they are represented by an “*”.

    Put a text file in the partition sdc1:
    On Kubuntu Desktop, right-click, Create New > Text File; name it Financial dataWW.
    Open Financial dataWW and type: Zmy Zfacts.
    Open the sdc1 icon, drag/copy the file Financial dataWW into it.
    Have a look at it. Close sdc1. At Konsole, you can type the same hexdump command as above, or this one:
    dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts'
    126+1 records in
    126+1 records out
    1044578304 bytes (1.0 GB) copied, 117.039 seconds, 8.9 MB/s
    001ff400 5a 6d 79 20 5a 66 61 63 74 73 20 0a 00 00 00 00 |Zmy Zfacts .....|
    NOTE: grep searches the hexdump for Zmy Zfacts; it found it at location (“offset”) 001ff400.
    Or, do a FULL dump: dd if=/dev/sdc1 bs=16065b | hexdump -C
    00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    00004030 ff ff ff 0f 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    00004040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    000fca30 ff ff ff 0f 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    000fca40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    001f5400 42 61 00 57 00 57 00 00 00 ff ff 0f 00 7c ff ff |Ba.W.W.......|..|
    001f5410 ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff |................|
    001f5420 01 46 00 69 00 6e 00 61 00 6e 00 0f 00 7c 63 00 |.F.i.n.a.n...|c.|
    001f5430 69 00 61 00 6c 00 20 00 64 00 00 00 61 00 74 00 |i.a.l. .d...a.t.|
    001f5440 46 49 4e 41 4e 43 7e 31 20 20 20 20 00 00 1a 7f |FINANC~1 ....|
    001f5450 48 38 48 38 00 00 12 7f 48 38 0c 00 0c 00 00 00 |H8H8....H8......|
    001f5460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    001ff400 5a 6d 79 20 5a 66 61 63 74 73 20 0a 00 00 00 00 |Zmy Zfacts .....|
    001ff410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

    ==>>> Do you see anything on the right that looks familiar? (You should!)

    Now delete that file from sdc1 (open sdc1, right-click on the file, Move to Trash), and run the hexdump again:

    dd if=/dev/sdc1 bs=16065b | hexdump -C
    00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    001f5400 e5 61 00 57 00 57 00 00 00 ff ff 0f 00 7c ff ff |.a.W.W.......|..|
    001f5410 ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff |................|
    001f5420 e5 46 00 69 00 6e 00 61 00 6e 00 0f 00 7c 63 00 |.F.i.n.a.n...|c.|
    001f5430 69 00 61 00 6c 00 20 00 64 00 00 00 61 00 74 00 |i.a.l. .d...a.t.|
    001f5440 e5 49 4e 41 4e 43 7e 31 20 20 20 20 00 00 1a 7f |.INANC~1 ....|
    001f5450 48 38 48 38 00 00 12 7f 48 38 0c 00 0c 00 00 00 |H8H8....H8......|
    001f5460 e5 2e 00 54 00 72 00 61 00 73 00 0f 00 e4 68 00 |...T.r.a.s....h.|
    001f5470 2d 00 31 00 30 00 30 00 30 00 00 00 00 00 ff ff |-.1.0.0.0.......|
    001f5480 e5 52 41 53 48 2d 7e 31 20 20 20 10 00 00 e3 80 |.RASH-~1 .....|
    001f5490 48 38 48 38 00 00 e3 80 48 38 0d 00 00 00 00 00 |H8H8....H8......|
    001f54a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    001ff400 5a 6d 79 20 5a 66 61 63 74 73 20 0a 00 00 00 00 |Zmy Zfacts .....|
    001ff410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    00200400 2e 20 20 20 20 20 20 20 20 20 20 10 00 00 e3 80 |. .....|
    00200410 48 38 48 38 00 00 e3 80 48 38 0d 00 00 00 00 00 |H8H8....H8......|
    00200420 2e 2e 20 20 20 20 20 20 20 20 20 10 00 00 e3 80 |.. .....|
    00200430 48 38 48 38 00 00 e3 80 48 38 00 00 00 00 00 00 |H8H8....H8......|
    00200440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
    *
    ==>>> Look down the right column—see anything familiar? (You should!)

    Or, simply run the targeted search for the key phrase Zmy Zfacts:
    dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts'
    And get this output:
    mike@mike-desktop:~$ dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts'
    126+1 records in
    126+1 records out
    1044578304 bytes (1.0 GB) copied, 136.503 seconds, 7.7 MB/s
    001ff400 5a 6d 79 20 5a 66 61 63 74 73 20 0a 00 00 00 00 |Zmy Zfacts .....|

    => CONCLUSION: Looks like our deleted file data is not deleted.
    You can continue experimenting. Next, I saved a new text file in sdc1, looked at it, and one can see how the two data files show up, with some of the first file (Financial dataWW) being overwritten.

    Another way to verify that a deleted file is not deleted: PhotoRec
    Delete a file from your /home, then use PhotoRec to recover files of that type (text, odt, jpg, whatever type the deleted file is). PhotoRec will (probably) find the file you thought was deleted. The file was only deleted in your filesystem; it was not deleted from your disk.

    = = = = = = = = = = = = = = =
    References

    Secure Deletion of Data from Magnetic and Solid-State Memory, Peter Gutmann
    http://www.cs.auckland.ac.nz/~pgut00...ecure_del.html
    (*** Read his updated Epilogue!)

    National Bureau of Economic Research, Daniel Feenberg
    Can Intelligence Agencies Read Overwritten Data?
    http://www.nber.org/sys-admin/overwr...a-gutmann.html

    How To Permanently Erase Data from a Hard Disk, Daniel B. Sedory (starman)
    http://www.geocities.com/thestarman3/asm/mbr/WIPE.html

    Helix Live CD
    http://www.e-fense.com/helix/contents.php
    (with the special dd version dcfldd)

    Knoppix
    http://www.knoppix.org/

    DBAN http://dban.sourceforge.net/
    (wipes hard drive – Caution: Starman cautions you to be careful configuring your command statement! dban may try to wipe ALL your drives!)

    PhotoRec
    http://www.cgsecurity.org/wiki/PhotoRec

    = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

    SEAGATE's excellent explanation of Zero Fill
    (www.seagate.com)

    Quote:
    How Do I Low-Level Format a SATA or ATA (IDE) Hard Drive?
    Answer
    * What does "low level formatting" a SATA or ATA (IDE) drive mean?
    * Why would I want to Zero Fill my drive?
    * How do I Zero Fill my drive?

    What does "low level formatting" a SATA or ATA (IDE) drive mean?

    Actually the term "low level" is a bit of a misnomer. The low-level process first used years ago in MFM hard drives bears little resemblance to what we now call a "low-level format" for today's SATA and ATA (IDE) drives. The only safe method of initializing all the data on a Seagate device is the Zero Fill erase option in SeaTools for DOS. This is a simple process of writing all zeros (0's) to the entire hard disc drive.

    Why would I want to Zero Fill my drive?

    The most common reasons to Zero Fill a SATA or ATA (IDE) hard drive are:

    * to remove a virus that cannot be removed without destroying the boot sector.
    * to change from one operating system to another and wish to remove everything from the drive.
    * to erase confidential information for privacy reasons.
    * to scan for bad sectors that can be detected and replaced with good spare sectors when writing to the sectors.

    By design, modern disc drives maintain spare sectors for reallocation purposes. Usually, sectors become difficult to read long before they become impossible to read. In this situation the actual data bytes in the sector are preserved and transferred to the new spare during a sector reallocation. Similarly, when a disc drive writes data (like a zero fill erase procedure) and encounters a problem, the drive firmware retires the problem sector and activates a replacement before giving successful write status.

    How do I Zero Fill my drive?

    * Zero Filling a SATA or ATA (IDE) drive destroys 100% of the data on the drive. Make sure the drive is completely backed up before proceeding.
    * The Zero Fill erase option in SeaTools for DOS is the best method for use with Seagate hard drives. Some system BIOS may include a Low-Level Format option; these should be avoided, as they may produce undesirable results.

    SeaTools for DOS can be downloaded from the SeaTools homepage. It includes three Erase (Zero Fill) options. Zero Fill writes zeros in each data sector for the complete capacity of the drive and cleans up most defects.

    The download routine for SeaTools for DOS creates a bootable CD or floppy diskette. Boot from the CD media or diskette to start SeaTools for DOS. After startup, it is a good idea to test your drive. The Basic Short Test takes less than a minute to complete. The Basic Long Test can take several hours to complete, depending on the capacity of the drive. When you are ready to erase the drive

    select the drive you want to erase. Then select one of the three zero fill Erase functions.

    Erase Track ZERO: Erases just the first 63 sectors on the drive which takes less than a second to complete. This procedure removes the Master Boot Record (MBR) and Partition Table. This will cause the drive to look "empty" to a new installation of the operating system.

    Timed Erase: Erases sectors for various time limits up to 5 minutes. These options will overwrite the sectors at the beginning of the drive where the majority of the static operating system files reside.

    Full Erase: Erases every data sector on the drive and takes a long time to complete. This procedure can easily take several hours to complete. The advantage of this option is to discover and reallocate any defective (hard to read) sectors to good spares. This option comes closest in concept to the original idea of a low level format.

    When the process completes, reboot the system from the operating system install CD and follow the instructions to prepare (partition and format) the drive and install the operating system.

    [END OF SEAGATE's TEXT]




    An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

    Comment


      #3
      Re: Privacy Cleanup 101

      Disk/Partition Full! Warning! What to do about it

      Checking your space: ls, df, du
      Konsole: configure history (# lines to show)
      A decision tree
      References


      Checking your space: ls, df, du

      ls and du: work relative to the directory you issue them from
      df: works from any directory you are presently in

      ls -al
      List all files (in the present working directory) in long form and shows you their size. A quick way to check things. First, change directories (cd) into the directory (folder) you wish to check.
      See man ls.

      df -hT
      A quick way to see your mounted filesystems, the space Used and Available, your root (/) and /home directories. You can issue this from any directory and get the same result.
      See man df.

      du
      Shows you the disk usage of each file. Change into the directory you wish to check. du will check it and subdirectories recursively. So you run it, study the output, pick a directory from the output to investigate further, change directories into that directory (using cd), run du again, study the output, etc. Try these now, first changing into the root directory (cd /), then after changing into your home directory (cd ~ , or: cd /home/your_name).
      du -sh is a summary (-s) only, in human readable form (-h)
      du -h shows directory details (and subdirectories).
      du -ah shows (all = -a) files
      See next topic about configuring Konsole.


      Konsole: configure history (# lines to show)
      When you issue a command that prints a large number of lines, you can scroll up to see lines that have scrolled off the screen; or use Up arrow or Page Up. The default is to show you 1000 lines this way. If you need more (e.g., using du in certain cases), you can configure Konsole to show you them all:
      Open Konsole, Settings, History, History Configuration, Set Unlimited, OK.


      Disk/Partition Full! Warning! What to do about it: a decision tree

      -> Applies to your hard drive or flash drive or external USB drives.

      If you fill up your Kubuntu partition (or a separate /home partition), it may become impossible to work in the operating system. And if you were to re-boot, you will not be able to log in to your KDE (and you'd have to work only at a command line). To be safe, some experts recommend not exceeding 85% full (and at that point, you should start deleting files you do not need).

      If this happens to you, what must you do?
      => You must delete some files
      from your Kubuntu root partition or from your /home partition.

      Things to check when your disk/partition is full or you receive a warning message
      > Root's home: /root
      > Trash
      > Check package archives (APT, Advanced Package Tool)--see below
      > Remove old kernels?
      > Privacy 101 checklists (especially things like large email archives)

      Tools to use: ls-al, df -hT, and du -sh, du -h and du -ah)

      The culprit is often the home of root: /root. When working or messing around, as you have invoked root (using sudo or kdesudo), you may have inadvertently saved a large amount of data to root's home (this can occur, for example, when using various programs, like PhotoRec).

      Also check the Trash, including its actual location:
      /home/your_name/.local/share/Trash/files and /home/your_name/.local/share/Trash/info.
      And check the Trash in root's home, /root.

      Check package archives (APT, Advanced Package Tool). But read man apt-get first.
      At Konsole, use some/all of these these commands
      sudo apt-get clean
      sudo apt-get autoclean
      sudo apt-get autoremove

      Old kernels -- use your package manager to remove old kernels and their (many) files (linux-image and linux-headers).

      And, of course, check the items listed under Privacy Cleanup 101.


      Decision Tree: What to do when you get disk or partition full

      Step 1 Rescue your data
      If the data stored on the drive/partition is important to you, copy it off now, as soon as you realize there is a problem. Boot into a live CD or any OS on your hard drive.

      Live CD, working from: mounting.
      sudo fdisk -lu to see how the drive/partition is named (e.g., sda2, sdd1, etc.). Suppose it appears as sdxn.
      sudo mkdir /media/sdxn
      sudo mount /dev/sdxn /media/sdxn
      When you are done working, unmount it and exit:
      sudo umount /dev/sdxn1 /media/sdxn
      exit

      To open Konqueror as root (if necessary):
      kdesudo konqueror (or try kdesu konqueror for older Kubuntu versions)

      Step 2: Are you able to boot into the Kubuntu partition? If not, go to Step 3.
      If you able to boot into your Kubuntu, then:

      Boot into it. Find the folders/files containing your data, delete/remove any data you don't need.
      Checklist:
      > Root's home: /root
      > Trash
      > Privacy 101 checklists (especially things like large email archives)
      Tools to use: ls-al, df -hT, and du -sh, du -h and du -ah)
      Remember to use the manual pages; e.g., man ls, man du, man df
      Use df, ls, and du to see if your efforts to free up space were successful.
      If you are satisfied, re-boot; hope for the best.

      Step 3: If you are NOT able to boot into your OS.
      Now, this is a problem, but it is often solvable.
      Symptoms
      When you try to boot into Kubuntu, you get strange error messages. (Popular ones are "No write access to /.ICEauthority"; "Could not start ksnserver"; or "Disk full" messages). Or, you hit the log-in screen but are bounced back to a blank screen or to the log-in screen again (log-in looping).

      Solutions
      Remove excess data from the Kubuntu partition and your home partition
      As in Step 2, you must try to delete/remove as much unneeded data as possible. But since you can't log in, you'll have to do the work using a live CD or by booting into another operating system on your hard drive. In either case, you must access the partition from where you are, and that simply means you must boot into an OS (on disk or a live CD), run sudo fdisk -lu, then mount the broken partition(s) if it is not automatically mounted, then open it and see the files on it (doing this either at the command line or from Konqueror/Dolphin).

      Dropped to a prompt
      Perhaps you can almost log in, but can't, and you are dropped to a prompt or are able to get a prompt.
      In this case, you may be able to do the work at the command line, using commands like cd, pwd, ls -al, and rm (or rm -r dir). See the tips in Step 1. Remove as much data as you can.

      Try now to re-boot
      If you can, you are done!
      If not, perhaps something got damaged and must be fixed. Continue:

      Step 4: Check/repair the filesystem
      Find out how the broken partition is named using sudo fdisk -lu. Let's say it is sdxn (e.g., sda1, sdb1, sdc1).
      First, unmount the flash drive!!! <= VERY IMPORTANT!!!
      (sudo umount /media/<mount point> or sudo umount /dev/sdxn)
      sudo fsck -vt /dev/sdxn
      And/or, for ext2/3:
      sudo e2fsck -vt /dev/sdxn

      After that's done, re-boot to test.
      If that works, your are done!
      If not, continue:

      Step 5: KDE settings damaged
      Re-boot, try to get to the log-in screen. If you can't get that far and you've done all the above, you will have to try something else--this guide will not help you further. Post the issue at a forum. See tips below, too.
      If you can get to the log-in screen:
      At the log-in screen, get a virtual console by pressing Ctrl+Alt+F1.
      You may have to log in by typing root. (If you are asked for a password, try yours; if it won't go, try to set a new one: passwd, then make one up.)
      Rename your KDE folder (called /.kde):
      mv /home/your_name/.kde /home/your_name/kdesaved
      (the dot in .kde means it is a hidden file)
      Get a graphical log-in screen by pressing Ctrl+Alt+F7.
      You may get a KDE wizard to help you build a new KDE configuration and/or a new /.kde folder will be constructed for you and you'll be booted into Kubuntu.
      Try re-booting.
      If that fails, continue:

      Step 6: kdm repair
      Boot recovery mode, at the first pause (where you are the root user) enter the command:
      /etc/init.d/kdm start
      Then perform a normal shutdown/restart and use your normal boot line.
      Or, if needed, another idea:
      Remove / reinstall kdm and see if that works.
      sudo aptitude remove kdm
      sudo aptitude update&&sudo aptitude install kdm
      Re-boot.

      Step 7: KDE unable to start
      You try to log in to Kubuntu and you get a message
      "No write access to home/user/.ICEauthority KDE is unable to start" and/or then another one saying "Could not start ksmserver. Check your installation"

      Possible solution (quote dibl):

      You have made the mistake of performing some root operation, or running the X server as root, from your user's home folder, resulting in the permissions on that file being changed to root. To restore them, at the command line you need to stop the X server:
      sudo service kdm stop
      then delete the two files that are likely "contaminated":
      sudo rm /home/your_name/.ICEauthority
      sudo rm /home/your_name/.Xauthority
      then restart the X server:
      sudo service kdm start

      log in, and you should be OK. But don't run the X server with "sudo", and don't save files in your user's folder when running as root.

      Thanks to dibl, here:
      KDE is unable to start (dibl)
      http://kubuntuforums.net/forums/inde...opic=3109580.0


      References for this problem (locked up booting, broken KDE, or log-in looping)

      >>> From dibl: --> These links have changed!!! <--- See How-To's
      Top 20 Kubuntu FAQ
      http://kubuntuforums.net/forums/inde...opic=3099811.0
      FAQ#16. Out of disk space, filesystem full, how can I tell where it went, etc. etc.
      FAQ#10: Log-in loop
      "I log in, the screen goes black, and then I get the login GUI again / Login Loops but can't log in." There are multiple possible causes, and thus multiple possible fixes. Start here, and check the linked threads if necessary. Do NOT ever perform "sudo" or root operations, such as installing software or saving files, using your user's home directory -- this is a common cause of the "login loop" problem. The permissions on the hidden files .ICEauthority and .Xauthority are easily changed by root use of your user's home directory, and thereafter the user is locked out.
      KDE is unable to start (dibl)
      http://kubuntuforums.net/forums/inde...opic=3109580.0
      >>> From Rog131:
      FAQ: Free Disk Space
      http://kubuntuforums.net/forums/inde...opic=3086353.0
      >>> From Herman:
      Fixing filesystems, damaged superblock:
      Filesystems and Mounting (and fixing):
      http://users.bigpond.net.au/hermanzone/p10.htm
      >>> Log-in Loop:
      http://kubuntuforums.net/forums/inde...opic=3096050.0
      http://kubuntuforums.net/forums/inde...opic=3097104.0
      http://kubuntuforums.net/forums/inde...opic=3096050.0
      http://kubuntuforums.net/forums/inde...opic=3088389.0
      http://kubuntuforums.net/forums/index.php?topic=9765.0

      [End of Decision Tree]


      ------------------------------------------------------
      ------------------------------------------------------
      References

      RESCUE Partitions & Data, TestDisk--PhotoRec--Knoppix
      http://kubuntuforums.net/forums/inde...opic=3091847.0 )
      --> This link has changed!!! <--- See How-To's

      Commands at Konsole: Beginners: 3 parts
      http://kubuntuforums.net/forums/inde...opic=3117209.0

      dd Command
      http://kubuntuforums.net/forums/inde...opic=3117215.0

      An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

      Comment

      Working...
      X