«
»

Chrome private browsing in 3 steps using TrueCrypt

Secure your Google Chrome profile in 3 easy steps. Instead of using the Private Browsing feature, you can keep your history, cookies and other settings while securing your profile from prying eyes.

The goal is to move your Google Chrome profile to an encrypted volume. You’ll need to take three basic steps to get private browsing to the extreme:

  1. Create an encrypted volume using TrueCrypt.
  2. Move your Chrome profile to the encrypted volume.
  3. Tell Chrome about the new location of your profile.

Step 1: Create an encrypted volume using TrueCrypt.

TrueCrypt is an open-source disk encryption tool. Using the TrueCrypt volume creation wizard, you create a TrueCrypt volume file (basically a large password-encrypted file). Using TrueCrypt, you mount the volume as a disk drive, and it shows up in Windows as a hard drive just like your C-drive.

You can create files, delete files, manipulate directories, and basically anything you normally do with a disk drive. The main difference is when you unmount the volume, the volume file is encrypted. Without the password, the volume file is completely useless and unreadable.

For more detailed directions on how to create a volume and mount it, check out the TrueCrypt Beginner’s Tutorial.

Step 2: Move your Chrome profile to the encrypted volume.

Once your volume file is mounted, you’ll want to move your existing Chrome profile to the encrypted TrueCrypt volume. Let’s say your TrueCrypt volume is mounted as the Z-drive.

  • Shutdown Chrome.
  • Create a directory on the Z-drive named ChromeUserData\.
  • Copy files from C:\Users\<username>\AppData\Local\Google\Chrome\User Data\ directory to the TrueCrypt Z:\ChromeUserData\ directory.
  • Rename C:\Users\<username>\AppData\Local\Google\Chrome\User Data\ directory (you can delete this later).

Step 3: Tell Chrome about the new location of your profile.

  • Create a symbolic link to directory on the TrueCrypt volume. I had to run the command shell as Administrator.
cd C:\Users\<username>\AppData\Local\Google\Chrome\
mklink /D "User Data" "Z:\ChromeUserData"
  • Launch Chrome.

If your version of Windows doesn’t support symbolic links, a comment from cRaig indicates Chrome supports the -user-data-dir switch.  By changing the Properties > Target for the Google Chrome shortcut in your Start Menu, you can tell Chrome about your new profile location. Your Target text might look something like this:

C:\Users\<username>\AppData\Local\Google\Chrome\Application\chrome.exe -user-data-dir="Z:\ChromeUserData"

Using either approach for changing your Chrome profile location, once you unmount the TrueCrypt volume, no one will be able to look at your profile. If someone gets a hold of your computer, they won’t have a chance at getting to your Google Chrome profile.

Tags: ,

This entry was posted on Sunday, October 3rd, 2010 at 5:12 am and is filed under Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Chrome private browsing in 3 steps using TrueCrypt”

  1. Arjan Salomons Says:
    November 5th, 2010 at 6:19 am

    Thanks for the tip!
    This sadly does’nt work for XP because of the absence of the mklink command, however I found a workaround using the Link Shell Extension on http://schinagl.priv.at/nt/hardlinkshellext/hardlinkshellext.html

    This extension helps create junction folders. You can also set up TrueCrypt to auto-mount your encrypted volume using shortcut keys! Of course you still have to type in your password then..

  2. Raymond Li Says:
    November 7th, 2010 at 9:21 am

    @Arjan: In the past, I’ve found junction or link creation tedious. This tool you mentioned (Link Shell Extension) seems like it could remedy this since it works for XP, Vista and Windows 7. Thanks for sharing your tips!

  3. cRaig Says:
    December 27th, 2010 at 10:42 am

    Curious… What’s the difference between this solution and simply launching with the –user-data-dir switch?

    For Windows Vista: C:\Users\Aryaman\AppData\Local\Google\Chrome\Application\chrome.exe –user-data-dir=”..\User Data\Your_Name”

    For Windows XP: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe –user-data-dir=”..\User Data\Your_Name”

  4. Arjan Salomons Says:
    December 28th, 2010 at 9:49 am

    @cRaig: Nice find! Your version might work better regarding Chrome. I did not look into Chrome switches so did not know…
    However, forementioned method also works with other programs which might not be so fortunate to have user-dir switches :)

  5. cRaig Forrester Says:
    December 28th, 2010 at 2:06 pm

    On second inspection, I think the difference between the solutions is that in the original article, the symlink points to the *entire* installation directory, thus running everything — including the executable — off the TC volume. Whereas the User Data directory switch is only placing the profile on the TC volume.

    I’ll have to try the Link Shell Extension, because I’m running Windows XP SP3 and I want the entire install on the encrypted drive. I’ve also come across the new Google Chrome Standalone Enterprise install, packaged as an .msi, which may provide the option to install to a different location. I’ll report back my findings.

  6. Raymond Li Says:
    January 2nd, 2011 at 4:40 am

    @cRaig: The blog post is updated with the -user-data-dir switch. As for running the entire installation from the TC volume, that might slow things down considerably. The original solution creates a symlink to the User Data\ directory and leaves the Chrome Application\ directory unchanged.

  7. Danna Says:
    January 28th, 2011 at 4:01 pm

    TC is fine but too complicated in usage and trying to open TC encrypted container get errors. I switched to Rohos Mini – neat, easy-to-use and highly secure.

Leave a Reply