Computer Forensics

One important piece of information necessary to answer the question is who are you defending against?

That is going to be a much different answer if it is a parent, spouse, or boss, than if it is a well funded police force or a national security agency.

Defending against a threat who only has physical access to your PC is going to be much easier than defending against a threat who has subpoena and warrant powers to go after third parties (your ISP, the originating server, the search engine you used to find the bad stuff in the first place, etc.)

With SSDs, used on any reasonably modern computer, it’s a bit better than that. Either the operating system or the drive itself will periodically go through and reset storage areas that are marked as not in use. This is a process known as “trim” and gets unused portions of the SSD ready for new data to be written to them. As far as I know, once free space on the drive has been trimmed, there is no way to get the old data back.

As @Chronos says, for any competently configured server this is probably not true. The one big exception is if the police, spies, etc. already have access to the server you are connecting to. For example, the FBI have taken over CSAM sites in order to collect information on the users.

For most people, they have one internet IP address for their PC - actually the IP assigned their modem/router/cable/DSL box. Everything in your home, on your private IP network, looks like it came from that address. The box keeps track of which device to send any replies from the internet - PC? iPad? Phone on WiFI? Similarly, for commercial servers, they tend to have odd IP schemes - You connect to your bank or Gmail or news site, but it gets so much traffic it may forward your connection/conversation to one of many servers; or for smaller sites, like your favourite cooking recipes, they are hosted on a large server with multiple URL names associated with it.

If you use a VPN, the server you are talking to only sees the IP of the VPN company’s access point, not you - but of course, if the VPN company is cooperating with the authorities, they have a record of your traffic. Again - the only data likely available there unencrypted is destination address, time, and volume of data. Netflix and others who care what country you come from or other reasosns, tend to have a list of VPN access points to prevent people from hiding their real address. (For example, banks may not like clients who hide behind an anonymizer - too likely to be trying to commit fraud.)

Also - very good point, who knows what programs are hiding (logging) what data? For a hilarious look at the early days of computer (in)security, see if you can find Clifford Stoll’s The Cuckoo’s Egg. He notices an outside hacker because there was a home-made accounting program to track usage on a university computer. The hacker erased his presence from the standard UNIX logs, but did not know of the secondary logging. Ah, the good old days. Email was stored as plain text files on the server, so the hacker could search the entire email database, scan for “password”. So many users would send emails “Hey, Bob - I’ll be away for a week, can you watch my email? User is XXXX and password is YYYY.” So many unpatched flaws, honor systems, etc.

It was not (always) hilarious oversight; there was a deliberate hacker ethic of openness:

The Cuckoo’s Egg guy was particularly egregious because he was a criminal selling stuff to the KGB for money, not a “real” hacker.

The bit where you could dial a number for a certain organization, get connected, no password, to a service which was essentially a modem that you could then ask to dial anywhere in the world - and that organization paid the long distance charges back when those could be susbstantial - doesn’t seem to have been guided by anything other than a total lack of awareness. Their response when asked about this reinforces the point.

Clear text email seems to have been more a reliance on the basic, easily bypassed standard computer security. (Plus, any encoding outside plain text probably would eat up too much computing power when the system was first devised). Heck, the ability to “fake” emails was only made more difficult when spam soared to unacceptable levels. I remember showing people how to use TERM to fake email senders in the late 90’s; validation of sender IP address / server name was slow in coming.

Even with my first computer course in the early 1970’s, my university was restricting access (to the point of discipling and expelling cheats) and doing a passable attempt to track computer use costs. I would more attribute the problem to complacency than ethic.

The cited article is confusing because of the change in the definition of the word “hacker” between the '60s when it meant a really nerdy computer guy and the '80s when it came to mean someone who uses someone else’s computer illegally. The term “hacker ethic” refers to the former and not the later who are notorious for a lack of ethics.

Interestingly, Clifford Stoll, the author of “The Cuckoo’s Nest” was the first person I ever heard use the word “hacker” in the modern sense.

I can’t recall where I read this, but it was in a book written in the last 20 years. The author suggested that we all should “get used to it” because extensive surveillance is so ubiquitous that we cannot escape it, no matter how hard we try. Additionally, it is of no concern to the average, law-abiding citizen. Your private life is no longer private. Deal with it.

Unless you are part of the .01% who has stuff to hide. Or is misidentified by authorities. YOU should be VERY concerned.

Or you’re a member of an out group, be it because of ethnicity, LGBTQ+ status, gender, religion, political affiliation, wealth, etc.

The older definition wasn’t quite precisely “nerdy computer guy”; it was “someone who is good at getting computer systems to do things they aren’t designed to do”. Which has a bit of overlap with the “uses computers illegally” definition, because granting access to people they’re not supposed to is something computers aren’t supposed to do. On the other hand, someone who just gets computers to do what they ARE supposed to do, no matter how good they are at it, wouldn’t be a hacker.