Using Internet Cafes as securely as possible
This guide is no longer being maintained
This content is currently unmaintained and may be significantly out of date. Please do not rely on it.
Internet Cafés have developed along with the spread of the Internet itself, as a means of giving people access to the Internet, and all it has to offer, without necessarily having to own a personal computer, or for situations where they don't have access to their own internet connection or computer. For many, this remains the easiest and most reliable way to access a computer and connect to the Internet in order to socialise, communicate, make friends and even work. Their wide proliferation, low cost and accessibility has made them an important part of many communities, especially in developing countries.
However, along with the benefits and conveniences of Internet cafés, there comes a number of potential risks to your personal and professional data as a result of using them. Some risks are of a technical nature, such as the higher risk of virus infection; others are more behavioural, and relate to the possibility of spying or monitoring by those who control the computers in the café.
What you can learn from this guide
- How to reduce the risk of malware infection when using Internet Cafés
- How to securely remove as much of your information as possible from the computers you use, once you are finished using them
- How to mitigate the risk of spying and monitoring of your activities in an Internet Café.
Risks associated with Internet Cafés
Despite how useful they are to us, the nature of Internet Cafés and the way that they function pose a number of potential threats to our information. There are a many factors which contribute to this risk:
- The computers are shared among dozens or even hundreds of users who may all insert their own removable media, such as Flash Drives or SD cards, which leads to a high risk of malware infection.
- Many users forget to log out of their accounts properly and dispose of cookies and browsing history, leaving them vulnerable to identity theft.
- The computers are usually owned and administered by the people who own or run the Café, who can often monitor the activities of each computer, including what web-sites you are browsing.
- In particularly untrustworthy cases, the computers may have keyloggers installed, meaning hardware or software which can record everything the users type, including their passwords and emails.
- Some Internet Cafés require you to provide identification in order to use the computers, meaning that your identity can be linked to your activities on the computer. Moreover, they may be subjected to pressure by authorities or others who want to access user data.
Strategies for staying safer
Since an Internet Café is a public space, it's a good idea to consider the physical security of the space: who else is around, and how do we relate to them? You may want to consider the following questions:
- Which Café is the right one to choose? Is there one whose owners you can trust and would like to use regularly? Or is it better to change from place to place, in order to be less predictable?
- Do you have to provide identification in order to use this Internet Café? For obvious reasons, this is usually best avoided.
- Who else is in the Internet Café and can you trust them?
- Where are you sitting, and who can see your screen? It's best to sit somewhere that you can see people approaching before they can see your screen.
Taking control of our data in Internet Cafés means we need to stop depending -- as much as possible -- on the computers in the Internet Café in the first place, especially due to the risk of keylogging. If possible, the computers in Internet Cafés are not a place to work with sensitive information or using your personal accounts, and should be avoided. Instead, it is better to bring your own computer to the Café if you can, and be aware that the traffic in wireless network could still be subjected to monitoring. Moreover, you may want to avoid allowing your smartphone to connect to the wireless network in the café unless you have to.
If we have to depend on the computers in the Café we must try, then, to avoid depending on the software installed on the computers. The easiest way to do this is to begin using portable applications: that is to say, by bringing our own programs to the Internet Café on a Flash Drive or DVD, and using them instead of the programs already installed on the computers. In this chapter, we will explore some of the portable applications which could be particularly useful to you when using Internet Cafés.
The first and most basic problem we want to avoid is that of exposing our data to malware infection. As noted above, malware infection arising from the use of Internet Cafés is very common, as a result of the number of people who use them and spread viruses to them through removable media, among other things. In order to avoid this, it's a good idea to keep a few basic points in mind when choosing an Internet Café:
- It's safer if the Internet Café uses Linux operating systems, or free and open source software tools such as Mozilla Firefox and LibreOffice or OpenOffice
- If the computers in the Internet Café use a Windows operating system, it should be a legal, licensed version which will receive updates which protect against virus infection.
- The computers should have updated anti-virus and anti-spyware programmes and a firewall programme.
It is a good idea to bring your own flash drive with a portable anti-virus program, such as ClamWin Portable so that you can scan the computer that you are using from an external drive. It is even better if you can obtain a flash drive with a "hardware lock" -- a physical button on the flash drive itself -- which means it can be 'locked' before it is plugged in to the computer: this will ensure that no malware can write itself to the flash drive from the computer. This problem can also be avoided if your portable applications are burned to a CD or DVD, which can not be written to more than once.
Protecting your personal data
If you absolutely must use internet cafés to work with sensitive, perhaps work-related files such as documents, reports, pictures, or videos, there are a number of potential problems that may arise. If the files are of a sensitive or personal nature, we may think they are safe if we only save them on our own flash drives, and don't save them on the computer in the Café itself. However, this is not necessarily the case: an infected computer in the Internet Café may copy all the content from your flash drive or CD/DVD to the computer or other location in the network. Also many programs such as Microsoft Word or LibreOffice will automatically save drafts of the files we are working on as temporary files, without us having to save them. This is generally positive, as these temporary files mean that we can recover our documents if the program or computer crashes. These files, though, are not securely deleted once we are finished, and can be recovered by someone else who accesses the same device later (see our guide How to recover from information loss). This is of course also true if we do save our documents on the device we are using in the Internet Café, and even if we empty the Recycle Bin.
Therefore it is important to delete the traces of our sensitive files that we leave behind on the computers we use, if we want to be sure they can't be accessed by others. Thankfully, this is easy to achieve. Programs such as CCleaner Portable can be installed on a flash drive, and then used in order to securely delete files that we have stored on the hard drive of the computer in the Café, as well as temporary files generated while we work. At the end of each session you must simply wipe any temporary files before leaving the computer and the Café.
A number of other problems may arise when we use Internet Cafés for browsing the Internet or communicating. One such problem is invasion of privacy which can happen when we leave behind our browsing history and cookies, and forget to log out from e-mail and social networking accounts before leaving the Café. This problem could be solved with a little vigilance: simply ensuring that we clear our browsing history and log out correctly from our accounts before we end our session. This can also be done by using CCleaner.
An even easier way to avoid this is by bringing our own browser to the café on a flash drive, such as Portable Firefox or Tor Browser Bundle which is also a portable program. With these tools, you can ensure that your browsing history is not saved on the Internet Café's computers. Furthermore, you can benefit from a number of privacy enhancing add-ons which may not be available on the browser in the Internet.
Communicating more safely
Using portable tools, it is also possible to communicate more securely at Internet Cafés. If you want to encrypt your chat conversations, you can use Portable Pidgin with OTR or extract Portable Jitsi to your flash drive and go on using them as you would on your personal computer.
Similarly, if you want to use GPG to encrypt your emails, you can use Gpg4usb: this will allow you to write and encrypt your emails on your own computer, then bring them to the Internet Café as encrypted text files on a flash drive, and send them from there.
Spying and keyloggers
By far the most difficult risk to overcome when using Internet Cafés for anything of a sensitive nature is that of spying by the Café's administrators and, even worse, keylogging of the computers.
The first thing to consider is how much you can trust the administrators of the Café, and how well you know them. If you have access to a Café which is run by someone you know and trust, it's best to use this as your 'default' Café as much as possible.
It may be safer to assume that all the computers in any Internet Café are keylogging you. Unfortunately, if this is the case, there is very little you can do to protect any sensitive data you deal with on this computer. In this case, it is extremely important to:
- If possible, avoid logging in to any personal accounts
- Change all the passwords you have used from a different device as soon as you log out
- Bring all e-mails to the internet café encrypted in advance with GPG4USB on a USB key or DVD
- Wipe your USB keys with a progam such as CCleaner on a trusted computer with an updated antri-virus program after using
More tips can be found in the Internet Café Checklist.
Checklist: Safer Internet Café usage
This short checklist should help you prepare and use Internet Cafés as securely as possible.
1. General tips
- Consider whether it's a better idea to use a single Internet Café whose owners and administrators you trust, or better to change places regularly in order to make it harder to track you
- Avoid Internet Cafés where you have to provide identification
- Choose a location to sit where your screen can not be seen by others (including through windows), and where you can see others approaching you
- In the event of a raid or inspection, have a plan for closing programs and deleting traces as quickly as possible.
2. If you have your own computer
- Make sure you have anti-virus, anti-spyware and firewall programs installed and updated
- As the internet connection may be monitored, make sure you browse the internet using the Tor Browser or a VPN to prevent others connected to the network from spying on you
- Always ensure that the services you use online (for example, email or social networks) are configured for a secure connection (HTTPS). Along with Tor Browser, you can use Mozilla Firefox with the HTTPS Everywhere add-on as your browser.
- Do not allow your smartphone to connect to the wireless network in the Internet Café
3. If you don't have your own computer
- Try to choose an Internet Café which uses Linux operating systems.
- If possible, try using a bootable operating system from a USB key such as Tails, which is designed for anonymity and privacy and not to leave traces of your activities on the computer itself.
- If this is not possible, try to choose an Internet Café with licensed, updated versions of Windows, anti-virus, anti-spyware and firewall programs.
- Assume that everything you type, including your passwords and all content of your USB flash drive or CD/DVD you connect to the Internet Café computer may be copied and shared.
- Avoid using the software installed on the computers themselves: instead bring portable versions of your programs on your USB flash drive.
- Avoid logging in to any personal or professional accounts unless absolutely necessary. Change passwords of the accounts you logged in from secure computer as soon as you can after this.
- Use a virtual keyboard application such as On-Screen Keyboard Portable to type your passwords
- You may want to set up a new, empty e-mail account only for use in Internet Cafés and ask your contacts not to send unencrypted mails to this address.
- Write your emails beforehand on a different computer and encrypt them using GPG4USB. Then bring them to the Internet Café on your USB flash drive and copy/paste them into your webmail
- When you're finished with your USB flash drive: ensure that your own computer's anti-virus and anti-spyware programs are up to date and that the Autorun feature on the flash drive is switched off. Then, insert your USB flash drive and wipe it using CCleaner.
- Immediately change passwords of all accounts you used in Internet Café from a different, secure device once you're finished.