EARLIER FEATURES

FEATURES CONTENTS

LATER FEATURES

ANOTHER FILE THAT SNOOPS

Brian Grainger

brianATgrainger1.freeserve.co.uk

I should preface this article by declaring a prejudice. I am a bit of a privacy advocate. I do not subscribe to the view that 'if you have nothing to hide then you have nothing to fear' when personal data is collected. The usual response of the privacy advocate to this mantra is to ask the speaker how much they earn. Apart from the fact that I think privacy is a fundamental right there are other things to consider:

• The number of innocent people that get their lives blown apart, on the basis of a false positive from personal information, is unacceptable.
• I think it is some kind of perverse logic that in order to find the guilty it is necessary to collect personal data on all the innocent to try and eliminate them. I would prefer that our law enforcement agencies go back to using their brains, instead of using databases, to try and solve crimes.
• Personal data once collected can get into the wrong hands, no matter how secure the collector says it is. It has been reported more than once that credit card details, for example, have been openly available on the Internet because of some malfunction within a banking or retailing system.
• Everybody has SOMETHING to hide.

Prejudice declared, it is now time to get to the meat of this article - files on your computer that collect personal data without your knowing.

I think most people who know a bit about Windows computing know that the URL of every web site you visit can be found by looking at the mysterious history files. These hidden system files, which are in use all the time that Windows is running, are extremely difficult to remove. You would think that clicking the 'clear history' button in Internet Explorer would remove the history, but it doesn't. That simply removes the history display on the screen. The records kept in the history file are still there, so that anybody adept in computer forensics can determine where you go on the web. Once this facility was discovered by the techie community tools have come out to remove the history files.

A second source of personal data is the 'prefetch' folder in Windows XP. The idea of this folder is to store data about the programs that you run so that the next time you run the program it will boot up faster. Well, it does do that, but it is also a handy repository to determine what programs a user has run. I guess this data is not quite as contrary to privacy as some. Nevertheless, for those organisations that demand their employers only run the software they are given and discipline employees who run their own tools, it would be a good folder to snoop into. On your home PC you can probably see the 'prefetch' folder and delete its contents. In fact, it may be a good idea to do so every once in a while if the folder has lots of entries. You might find, contrary to expectations, that when the 'prefetch' folder is empty booting up software is quicker, because it does not waste time searching for the prefetch data! However, in the enterprise environment an Administrator can block user access to the 'prefetch' folder.

This week I found another file that holds personal data. It is relevant to those of you who use Outlook as your email client and it has been present since Outlook 2002. It is not relevant to Outlook Express.

I received an email at work with an image that I quite liked and I wanted to isolate the image so that I may use it in my own emails. As I discovered a long time ago, reported here, the way to isolate the image was to send the email containing it to my email address at home and pick it up with Outlook Express. As I was typing my home email address in the 'To' box Outlook got as far as the third letter and then filled the rest in for me! Now, that was nice - until I considered how Outlook might know my home email address. I had used it before, but it was not in my Address book or contacts list. I guessed that there must be a file somewhere holding my home email address so I started a search for possibilities. I eventually came across 3 files in my profile area that related to Outlook. These are listed below, together with their purpose, (discovered with an Internet search).

• Outcmd.dat - This file stores toolbar and menu settings.
• <Profile Name>.fav - This is the Favourites file that includes the settings for the Outlook bar.
• <Profile Name>.nk2 - This file stores the nicknames for AutoComplete.

It is the .nk2 file that was holding my home email address. Of course, like all Microsoft files this was not written in plain text. It was written in some weird format that has not been disclosed. It appears to store all e-mail addresses that you use in the 'To' or 'cc' fields of any emails you send. Anybody who wishes to snoop on who you have emailed can look here. It works the other way as well. Anyone who has emailed you using Outlook will have your email address in their nk2 file.

The AutoComplete feature is quite nice - but why is information about this file so scarce? Microsoft do not have any editing tools available for it, although there are enough requests on the internet for help in extracting the addresses from this file to put them in the Address book. If you were moving PCs it would be quite useful to do this, as you would lose any useful addresses in that file. In fact, if you have customised settings that you want to replicate on another computer using Outlook, you may want to include the three files above in your back up along with the personal folders (.pst) file.

I did an Internet search for any utilities pertaining to the .nk2 file and came up with only two. The one was a full featured tool, but it was not free of charge. The second was free of charge and is called nk2.info.exe. This will allow you to extract any SMTP email addresses from the .nk2 file into a .csv file. The latter can be read and edited with a spreadsheet program or, at a push, with a text editor. The resulting .csv file can be imported into the Address Book.

The drawback of the nk2.info.exe tool is that it only deals with SMTP addresses, like anyone@isp.co.uk. Addresses that were internal to my work's network were not exported, despite the fact they are in the .nk2 file. To get this functionality you need the paid for tool.

The nk2.info.exe file can be downloaded from: http://www.nk2.info.

If you simply want to delete email addresses from the .nk2 file there are two possibilities. First, you can delete the file, which will get rid of ALL the addresses in the file. If there is just one email address to remove then one way is to create an email to send to the address in question. Type the address slowly and when the full address is shown for autocompletion right click on the highlighted address and delete it.

Now you know about the file, you can maintain your privacy!

TOP