Hello,

I have quite a few questions, so I'll try not to ramble on for too long...if someone knows the answer to one of my questions but not all, feel free to give me some partial help. I'm fairly new to security, so I've been trying to teach myself a lot of stuff, but these are some questions that I haven't been able to find definitive answers to.

I'm on Windows 7 Home Premium, running Norton.

Okay, so my basic situation is: Despite the fact that I'm 19, my dad has decided to monitor everything I do on my laptop (I'm currently in college, but living at home). So I'm trying to set up a general package of security measures that will prevent him from keeping track of what I do (honestly I'm not doing anything that bad, I just have issues with him invading my privacy). He has my laptop password, so he has the ability to install software and stuff on my laptop without me knowing. Here's what I have set up so far: I've used Spybot Search & Destroy, Malwarebytes Anti-Malware, and a little program called kl-detect which claims to detect keyloggers - all came up clean. I access the internet with Google Chrome in Incognito mode, and use the Tor Project for anonymity. Every week or so, I use BleachBit to wipe temporary files, mru lists, etc. and then wipe my free disk space to remove any traces of deleted files. So my first question is: are there any holes in this protection scheme? What else should I be doing to ensure my privacy?

Now some more specific questions:
1. I know there are a lot of security problems with the Tor Project, particularly at the exit nodes. Should I be okay as long as I am careful to use SSL for sensitive information?

And on that subject, when I log into Facebook the default is http, however I read that you can use https just by changing the web address, if the website supports it. The problem is that I have https on the login page, but when I login it takes me to an unsecured page. So are my username and password sent using SSL, or not?

2. My dad doesn't have them set up yet, but he's planning on putting parental controls on our router (maybe on my computer too, I don't know). People seem to think that the Tor Project or a proxy server will circumvent these, but I'm not sure I understand why. If the parental controls are based on a block list, it seems like it should work. If they scan the content of a page to determine whether to block it, how can a proxy overcome this? Really shouldn't the router be able to see everything that comes through it, even if it doesn't know where it came from? For example, even though the router can't tell I'm getting a page from google.com, can't it see an HTML file that looks like google.com come through? And is it possible for someone to view these pages?

3. Everyone says that Flash is a major vulnerability in Tor - since I use youtube a lot, this is a bit of a problem. I always assumed that youtube sent me an swf file over the same connection as everything else. But it sounds like Flash establishes its own direct connection between youtube and me? Am I understanding this correctly? Is there any way to overcome this problem?

In general, I'm primarily concerned with the security of my own computer and the ability to hide my internet traffic within my house - I'm not doing anything illegal, so it doesn't matter if my ISP or people can keep track of what I'm doing. Any advice will be greatly appreciated!

Thank you very much! I hope I haven't scared you all with the length of this message!