Free Software Tracking a Stolen Computer?

JeffTL asks: "By necessity, I carry around an Apple iBook running OS X Panther. In the event of its theft, I would like to have the thing send me its IP address, not only for the benefit of law enforcement but also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up. I am not really wanting a subscription, so I am looking for a free-as-in-beer (and if anything beyond a shell script is involved, free-as-in-speech would be much preferred to make sure that no one else is getting anything). Currently, I have a bash script that can create a report, and I am thinking about sending it using either e-mail or FTP. I am considering setting it up to where it only starts barraging me if a specific code is posted to an HTML document of my choice. Is there already something like this in existence somewhere for free? If not, does anyone have any pointers on how this can be done?"

www.no-ip.com

[itsme1234]

... is just what you're looking for. I strongly recommend encryption and backups though.

dyndns.org

[OmniVector]

the client is nice, and works great in os x. one thing you have to consider though is if your laptop gets stolen, there's a very high chance the hard drive will be wiped before the thief even gets a chance to boot your old machine. besides, if you password protect your login (which you should) then they won't get anywhere and will need to format in the first place.

Isn't a custom BIOS needed?

[ChaseTec]

Like most people are pointing out there is a good chance the the drive is erased before even being booted. So wouldn't a custom bios be needed with all the reporting tools, dhcp clients, etc? Besides LinuxBIOS anyone have any data about adding custom programs to a BIOS?

A quick search turned up this which seems like a good idea. Also this site discusses varies ideas to make theft and reselling more difficult.

Use a web page?

[NanoGator]

You could always set up a web page that tracks the IP of whoever hits it. Set up the laptop to automatically go to that page when it boots. (Maybe give it a magic forwarder that sends it to Google News or something after it's visited?) Then you at least get the IP. If you wanted to be snazzier, you could also have it read the HTML that comes down and look for a self destruct message. I'm not sure how you'd do this with the Mac, but I imagine it's not too hard. In the Windows world, I'd just write a little VB app to do that, wouldn't take very long.

Why not...

[burns210]

Here is a novel idea... set your laptop to not show user icons(and thus give the person your screenname) and not auto login... THEN, set your home directory to be encrypted using a strong(STRONG!) password using... YUP, the builtin File Vault technology. Make a good backup before you encrypt, then setup regular off-laptop backups while it is encrypted.

If that isn't good enough for you, and i don't see why it wouldn't be, have your web browser's home page(or an applescript that runs every time it verifies a network connection) to post to a 'secret' webpage you have on your site... have it post its information(ip, blah blah) and timestamp it... this way, you have a clear record every time the laptop has a connection, and you can just take note whenever it has an entry while NOT in your posession.

Re:why bother, make it a paper weight.

[DrSkwid]

lol, if you think some lame BIOS password you could well have a stiff surprise waiting the day they take the HD out!

Without encryption
Physical access == data access

cronjob for dynamic IP address reporting

[dimss]

One of my servers at very remote location is connected to ADSL with dynamic IP address. Simple cronjob reports its IP-address every ten minutes. It is wget requesting special CGI-script which writes remote IP-address to text file.

This scheme should work fine for stolen computer unless they disable this cronjob (or whatever in other OSes) or reinstall software completely.

Re:Easy way out

[asteinberg]

Hmm, I've actually been thinking about setting up something similar. The catch is that I have a Sony Picturebook with a built in camera. I'm thinking about setting it to automatically take a picture any time someone opens/boots it and emailing me the picture. Maybe also if they type a bad password? (How do I set a script to run on bad password entry??) Possibly helping the situation is that I just leave a wireless card plugged in and here on campus anywhere I take the laptop is likely to have wireless.

I could imagine a scenario where I accidentally leave it somewhere for a minute, someone walks up to it, sees it, opens it up, likes what he sees, and runs away with it. As long as they don't pull the wireless card before opening it and open it while still in an area with wireless coverage, I think I should be golden. Also, if they ever try to use the wireless card anywhere on campus again I could easily find out where the MAC address is being used from through the DHCP server's logs. Anyone see any holes in my plan?

I used to do that!

[MarcQuadra]

I never stole anything in my life, but for a while a few years ago I was helping some 'questionable' friends wipe out machines of 'questionable' origin. At the time it was a way to feed myseld and get deals on hardware, I'm not into that sort of thing anymore.

You can be SURE that if a laptop gets stolen, the kids that wiped it are going to take it straight to their local geek who will boot the machine off a CD and wipe the drive. Usually stolen goods go right into local low-level organized-crime units for 'laundering' and appraisal.

My advice is to not allow your iBook to get stolen in the first place. I tote my PBG4 AL with me everywhere I go, it's never out-of-sight, not even when I hit the bathroom at my local coffee joint. Do backups and get homeowners/renters insurance on it and encrypt your home folder.