The myth of no fingerprints

Secure Sockets Layer VPN vendors must like frequent flyers: Many of the products we looked at in this review are geared toward the oft-mentioned Internet kiosk user. The idea here is that people travel around and want to log on to these PCs with Internet connections that dot the landscape in airports, hotels and better bus stations.

Secure Sockets Layer VPN vendors must like frequent flyers: Many of the products we looked at in this review are geared toward the oft-mentioned Internet kiosk user. The idea here is that people travel around and want to log on to these PCs with Internet connections that dot the landscape in airports, hotels and better bus stations.

The problem, of course, is that browsers are notorious for littering the local hard disk with information about where you’ve been and what you’ve done. Cookies, URL histories, page caches and files you might have clicked on are all captured on that machine when you’re finished.

This detritus apparently gives network managers indigestion. SSL VPN vendors spent a good deal of time trying to soothe this issue with features that clear out the local system after a session is over, wiping the fingerprints off of the local hard disk in an effort to erase any knowledge of a user’s actions.

The information left over would let the next person get a clue to what the SSL VPN user did. URL caches, for instance, might be fairly innocuous, but cookie files can have usernames and passwords in them, and cached files might have all sorts of sensitive corporate data in them.

F5 Networks, Neoteris and Whale Communications all put various bells, whistles and bits of code designed to delete more and more data off the systems. For some products, it’s a big deal to trumpet in their marketing literature; for others, it’s a simple checkbox you might miss.

However, in all the products with this feature, it’s a waste of time. This technology is most needed exactly where it will never work. If you’re at a kiosk in Charles de Gaulle Airport, you’re lucky to have a keyboard, much less a browser that is going to be compatible with these tools. For example, Whale makes it pretty clear in its documentation what the problem is. For its “attachment wiper” to work, you have to not only be running a recent version of Internet Explorer on Windows, but you also must have the browser configured to download and run ActiveX objects, and you must be logged on with elevated privileges.

Whale isn’t alone here; anyone who wants to delete files and clean up the browser is going to have to write operating system and browser-specific software that is at odds with your typical Internet kiosk.

In other words, this technology works great on your own PC where you control all the variables, except you don’t really care so much about wiping your browser history on your own PC. But when you’re at a kiosk hoping to grab those sales numbers, it’s unlikely that these tools will work. And that’s where you need them the most.