Use private browsing modes to avoid history/cache, connect through VPN or Tor to prevent IP tracking, disable autocompletion and password saving, and manually clear browser data before leaving. Use Tails OS or Whonix virtual machines if handling sensitive credentials on shared machines to ensure no data persists. Avoid keyboard logging by using onscreen keyboards when possible, assume screenshots are captured by surveillance software, and never access accounts containing sensitive data on public computers unless absolutely necessary, operational security is more effective than technical defenses alone.
Table of Contents
- Prerequisites
- Advanced - Ephemeral Operating Systems
- Additional Security Considerations
- Troubleshooting
Prerequisites
Before you begin, make sure you have the following ready:
- A computer running macOS, Linux, or Windows
- Terminal or command-line access
- Administrator or sudo privileges (for system-level changes)
- A stable internet connection for downloading tools
Step 1 - Understand the Threat Model
Before implementing countermeasures, recognize what you’re protecting against:
- Browser history and cache: Websites visited are stored locally
- Downloaded files: Any files you open may remain in temporary directories
- Session cookies: Authentication tokens can persist across sessions
- Typed URLs: Browser address bar suggestions reveal your activity
- System logs: OS-level logging captures application usage
Step 2 - Browser Isolation Techniques
Use Private/Incognito Mode Effectively
Private browsing mode prevents local storage of history, cookies, and form data. However, it does not hide your activity from network monitors or system-level logging.
Launch Firefox in private mode from command line
firefox --private-window
Chrome incognito with additional flags
google-chrome --incognito --disable-extensions --disable-plugins
For maximum effectiveness, combine private mode with the following techniques.
Clear Browser Data Programmatically
After each session, manually clear all browser data. You can automate this process:
Clear Chrome/Edge data on Linux
rm -rf ~/.config/google-chrome/Default/Cache/*
rm -rf ~/.config/google-chrome/Default/Code\ Cache/*
rm -rf ~/.config/google-chrome/Default/GPUCache/*
rm -rf ~/.config/google-chrome/Default/History*
rm -rf ~/.config/google-chrome/Default/History\ Provider\ Cache
rm -rf ~/.config/google-chrome/Default/Visited\ Links
rm -rf ~/.config/google-chrome/Default/Network/Cookies
rm -rf ~/.config/google-chrome/Default/Network/History\*
Portable Browser Solutions
Consider running a portable browser from an USB drive. This approach keeps your browser profile isolated from the host system:
Extract portable Firefox
tar -xvf firefox-portable.tar.bz2 -C /media/usb/firefox/
cd /media/usb/firefox/
./firefox --profile ./profile --no-remote
Step 3 - Network-Level Privacy
Avoid Credential Persistence
Never save passwords on public computers. Use these alternatives:
- Password managers with clipboard clearing: Copy passwords temporarily, then clear clipboard after use
- One-time authentication tokens: Use services that generate time-based codes
- Hardware security keys: YubiKey or similar devices that don’t expose credentials to the host
Clear clipboard after use (Linux)
sleep 30 && xclip -selection clipboard -d
macOS
sleep 30 && pbcopy < /dev/null
VPN Usage on Public Networks
Always route your traffic through a trusted VPN. This encrypts data transit and masks your IP address from the public computer’s network logs:
Connect to WireGuard VPN (requires configuration)
sudo wg-quick up wg0
Verify IP change
curl ifconfig.me
Step 4 - File System Hygiene
Temporary File Management
Public computers often have aggressive file caching. Avoid creating permanent files:
Use /tmp with automatic cleanup (Linux)
TMPDIR=/tmp/sealed_session
mkdir -p $TMPDIR
chmod 700 $TMPDIR
Work in RAM-backed tmpfs for sensitive operations
sudo mount -t tmpfs -o size=100M tmpfs /ramdisk
Clear Recent Files Lists
Most operating systems maintain recent files lists:
Clear recent files on Linux
rm -rf ~/.local/share/recently-used.xbel
rm -rf ~/.local/share/Recent\ Documents/*
echo "" > ~/.local/share/recently-used.xbel
Clear Windows recent documents (run as admin)
del /q %APPDATA%\Microsoft\Windows\Recent\*
Advanced - Ephemeral Operating Systems
For high-risk scenarios, consider running your entire operating system from USB:
Live Linux Distributions
Tools like Tails or Kali Linux route all traffic through Tor and leave no traces on the host:
Verify Tails ISO signature (example process)
gpg --verify tails-amd64-*.iso.sig tails-amd64-*.iso
Containers and Sandboxes
If you must use the host OS, isolate your activities:
Firejail - sandbox applications on Linux
firejail --private --private-tmp firefox
bwrap - unshare namespace for isolation
bwrap --unshare-user --private /tmp --dev /dev bash
Step 5 - Practical Session Workflow
Follow this sequence for maximum privacy on public computers:
- Pre-session: Boot from USB or use portable browser
- Connection: Activate VPN before any authentication
- Authentication: Use temporary credentials or hardware tokens
- Activity: Minimize file downloads; work entirely in browser memory
- Post-session: Clear all browser data, clipboard, and temporary files
- Verification: Check for any residual files in home directory
Step 6 - Limitations and Realistic Expectations
No method provides absolute anonymity. Public computers may have:
- Hardware keyloggers: Physical devices installed between the keyboard and computer
- Software keyloggers: Malicious programs that record all keystrokes
- Screen recording utilities: Applications that capture screenshots or video
- Network traffic monitoring: Corporate or institutional surveillance systems
- USB device monitoring: Logging of USB device insertions
- Browser fingerprinting: Scripts that identify unique browser configurations
For sensitive operations, avoid public computers entirely. Use your own device on trusted networks instead. If you must use a public computer, assume that sophisticated adversaries can monitor your activity regardless of the precautions you take.
Additional Security Considerations
Browser Fingerprinting
Beyond clearing history, be aware that websites can fingerprint your browser through:
- Screen resolution and color depth
- Installed fonts
- WebGL renderer information
- Audio context fingerprinting
- Canvas fingerprinting
To mitigate fingerprinting, consider using Firefox with Enhanced Tracking Protection or the Tor Browser, which standardizes browser properties to blend with other users.
JavaScript and Extension Management
Disable JavaScript for non-essential sites to reduce the attack surface:
Firefox - Create user.js with these settings
user_pref("javascript.enabled", false);
user_pref("webgl.disabled", true);
Network Timing Attacks
Be cautious about timing your activities. Pattern analysis can reveal sensitive information even when individual sessions appear secure.
Physical Security
Always check for suspicious devices connected to USB ports or keyboard cables. Use your own keyboard if possible, or inspect the connection before typing credentials.
After Leaving the Computer
Even after you log out and clear your session:
- Check for saved sessions: Some computers auto-save terminal sessions
- Review SSH known hosts: Connections to servers may be logged
- Check for planted malware: Files may have been secretly dropped on USB drives
- Monitor accounts: Watch for unauthorized access in the following days
Troubleshooting
Configuration changes not taking effect
Restart the relevant service or application after making changes. Some settings require a full system reboot. Verify the configuration file path is correct and the syntax is valid.
Permission denied errors
Run the command with sudo for system-level operations, or check that your user account has the necessary permissions. On macOS, you may need to grant terminal access in System Settings > Privacy & Security.
Connection or network-related failures
Check your internet connection and firewall settings. If using a VPN, try disconnecting temporarily to isolate the issue. Verify that the target server or service is accessible from your network.
Frequently Asked Questions
How long does it take to use public computers safely without leaving any?
For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.
What are the most common mistakes to avoid?
The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.
Do I need prior experience to follow this guide?
Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.
Is this approach secure enough for production?
The patterns shown here follow standard practices, but production deployments need additional hardening. Add rate limiting, input validation, proper secret management, and monitoring before going live. Consider a security review if your application handles sensitive user data.
Where can I get help if I run into issues?
Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.
Related Articles