Which Lost/Stolen Laptop Trackers Do You Like?

saudadelinux writes "I was held up at gunpoint in July, and my laptop was stolen. There are companies out there which, for a fee, install tracker software on your laptop. If it's stolen or lost, they track its whereabouts whenever it gets on the 'Net and work with local law enforcement and ISPs to find the machine. I'm wondering: has anyone used one of these services? Does anyone have a recommendation for which company to go with? My new laptop is a a dual-boot Ubuntu/XP machine, and the couple of companies I've looked at do Windows-only. Are there Linux options?"

Hmmmm... Selfmade solution?

[jawtheshark]

A pack of semtex in your laptop.... If you fail to write the correct password after three times, it explodes...

I'm kidding... If those programs can track muggers, they can also track you and that's why I wouldn't trust them. The best way to handle this is to encrypt all your data and insure your laptop against theft. Oh, and daily backups of your data on trusted media which you lock away in a safe.

Essentially, only your data is worth something. The hardware can be covered by insurance.

Re:Hmmmm... Selfmade solution?

[glop]

Actually, there is something to be said for reducing the value of the stolen good. If you make it more dangerous to resell and purchase stolen laptops through identification techniques (engravings, serial ID marked stolen in the laptop vendor's customer service database etc.), you reduce the incentive for stealing them in the first place.
Just buying insurance does nothing to improve the situation, it just mitigates your own risk (which is good). Encryption and backups are good too, of course.

Re:Hmmmm... Selfmade solution?

[jawtheshark]

I forgot to mention: for encryption you don't need to shell out big bucks like the dolts at the IT department did where I work. Just install Truecrypt and encrypt your data partition. Let that partion map on your My Documents folder and you're done.

I use it on my USB sticks.... Love it

That said, while Truecrypt exists for Linux, I'm sure there is a native way to do encryption without additional software. If anyone has more information about that, I'll be glad to hear of it. (Migrating to Ubuntu full-time, so one day I'll need it)

Re:Hmmmm... Selfmade solution?

[Penguinshit]

A pack of semtex in your laptop....

That would make airline travel more enjoyable...

Re:Hmmmm... Selfmade solution?

Laptop trackers are a betrayal of the Free Software philosophy. The Free Software philosophy employs its own method of laptop theft countermeasures. If you install only linux on the laptop, the thief will be so confused, he'll return you your computer. Now that's what I call sneaky.

Re:Hmmmm... Selfmade solution?

[jawtheshark]

Granted, I didn't think of engravings... The same style as they do for cars where all windows are engraved with a serial number so that the car can be identified and that it would cost way too much to replace all windows.

However, in the cars case, I doubt that someone stealing your car and exporting it to Russia will care. (I live in Europe, this stuff happens) Someone who pays 100€ for a state of the art laptop knows that it doesn't come from legit sources. So an engraving won't help and who checks laptop engravings, eh?

Re:Hmmmm... Selfmade solution?

[SatanicPuppy]

Especially because they reformulated semtex to make it more detectable by bomb sniffing dogs. They'll be on you like you're smuggling milkbones.

Re:Hmmmm... Selfmade solution?

[ThinkingInBinary]

Your comment seems to miss the point. First, DRM, like encryption, can be used for good or bad purposes. Properly controlled, you can use it to deny thieves access to your laptop or deny them the ability to remove the DRM, while still allowing you (with cryptographic authentication) to modify it. The point of tracking down the thief is to recover the laptop, since it is worth quite a bit of money. Sure, insurance will cover it, but if you can save the deductible by just finding it, why not? I also disagree that laptop trackers "betray" the free software philosophy by definition. As long as *you* are in control, and could uninstall the software if you wanted, there's no problem.

Second, please don't try to explain how we shouldn't be annoyed when people steal our stuff because they need the money. That's a slippery slope that leads in a bad direction. Besides, like I said, it's about getting the data back.

Re:Hmmmm... Selfmade solution?

[Creedo]

don't complain when someone needs a few hundred bucks, more than you need a PORTABLE INTERNET COMMUNICATIONS DEVICE!!!!!
He was held up AT GUNPOINT! This wasn't a "broke the car window and swiped a laptop" type of crime, this was someone brandishing an instrument of death. Yes, sir, I want that person locked up until such time(if any) as they can be rehabilitated.

Re:Hmmmm... Selfmade solution?

[sdpuppy]

engraving won't help and who checks laptop engravings

Now you tell me, after I used my bowie knife to dig my name and contact information into the screen of my laptop... :-)

Re:Hmmmm... Selfmade solution?

[jinxidoru]

Also, the difficulty with trackers is that the require an internet connection. I suspect that most thefts involve stealing the hardware, not the software. Afterall, if you have a password on your machine, they aren't going to easily boot up the computer. So, I doubt those sorts of things will even work all that well. I could be wrong though.

That said, my friend has a little piece of software on her MacBook where if you try to unlock it without the remote, the iSight camera takes a picture of you then emails the picture to her and starts sounding an annoying alarm. I'm not sure if it would be effective, but it is a case where no one else is involved. In other words, it's not connecting to some tracking system.

Re:Hmmmm... Selfmade solution?

[AndersOSU]

How-To

Re:Hmmmm... Selfmade solution?

[Reverend528]

One of the best self-made solutions I've heard of is a custom bootloader image (pretty easy to do in grub). It displays a picture of the owner, his or her name, and a phone number to contact if the laptop is found. It'll be the first thing the pawn-shop clerk sees when they turn it on to test it out.

Re:Hmmmm... Selfmade solution?

[SleptThroughClass]

"STOLEN GOODS - CALL 555-555-5555"

Look, that guy's carrying a stolen laptop as if he owned it! Call the cops!

Re:Hmmmm... Selfmade solution?

[mrsmiggs]

the average home break thug won't use the computer - they probably won't even turn it on, they'll sell it for drug money

Re:Hmmmm... Selfmade solution?

[darkonc]

Then don't complain when someone needs a few hundred bucks, more than you need a PORTABLE INTERNET COMMUNICATIONS DEVICE!!!!! The guy had a gun. If he really needed the money, he could have sold the gun.

Re:Hmmmm... Selfmade solution?

[Provocateur]

The only solution? Anti-theft stickers!

ANTI THEFT: Runs Slackware Only!

GENTOO: Not For You

DEBIAN: CUTTING EDGE (2 years ago)

NO GUI: RUNS CLI ONLY

and so on

I kid, I kid!

Re:Hmmmm... Selfmade solution?

[Kingrames]

I was originally hesitant to believe that linux made that big a difference, but it might work that way for mine. It has a fingerprint scanner, which worked nicely at first with vista installed, but I got so frustrated with Vista I tried installing xp - just to remember about that annoying "you have 30 days to register xp before it can no longer work" bit.

I installed fedora on it, and much to my surprise, suddenly my computer asked for my fingerprint BEFORE giving me the opportunity to change the BIOS settings. I was impressed. Now, not only do you have to have my fingerprint (or accompanying password) to get into my computer, but if you take longer than 10 seconds to do so, the computer beeps LOUDLY for a long time before shutting down.

I'd consider the data very secure. the most a common thief could do is say that he stole it, it's little more than a brick to him. For a more sophisticated hacker thief, I could at least consider my data reasonably secure. it shouldn't be hard for the police to track down the stolen laptop before they could remove the hard drive and apply vicious hardware hacking utilities to get to the data enclosed. At least I hope so.

I'd at least make it look like I was rich enough to reward the police if they can track down the stolen laptop in time. And if I couldn't pay them, I'd at least offer them some real security advice that they'd find a lot more valuable than a cash reward.

Perhaps I've thought things through a bit too far ahead. But you can never be too paranoid until it's too late.

Re:Hmmmm... Selfmade solution?

[jonadab]

> That said, while Truecrypt exists for Linux, I'm sure there is a native way to do encryption
> without additional software.

The question of what constitutes "additional software" is a bit less straightforward in the open-source world. Linux technically is the kernel, but to my knowledge nobody runs just the Linux kernel on a laptop with no other software. A typical distribution, on the other hand (Ubuntu, for instance) includes a great deal more software than the pitiful little collection of accessories that comes with Windows out of the box. But the details of precisely what's included vary a bit from distro to distro (although of course there are a number of things that all the major distros include).

Anyway, the usual way to encrypt an entire filesystem on Linux is to use a loop device for the filesystem. See for instance encryptionhowto.sourceforge.net

Re:Hmmmm... Selfmade solution?

[Adambomb]

Wouldn't that be like a fisherman selling his boat to afford the fuel?

yes yes, bad, but just sayin.

Re:Hmmmm... Selfmade solution?

[Grail]

To me, tracking down the thief is all about getting the chance to stick a gun in *his* face. But revenge, as they say, is a dish best served cold. Ideally, cold enough that the desire to beat the living daylights out of the ass who stole my stuff has long since waned.

A missing laptop is simply another machine I have to replace. I've dropped them, had them fried by lightning, I've even had them stolen (by light fingered people taking advantage of a lapse in attention, not by muggers). So losing property isn't such an emotional thing to me anymore.

Still, if someone stuck a gun in my face and took my stuff, the desire to track them down would have nothing to do with recovery of property.

Re:Hmmmm... Selfmade solution?

[sumdumass]

It would probably mean they would nuke the install and boot loader and reload some other operating system.

I had a note book stolen from my van once. The guy who stole it did exactly this after someone told them I have a script that checks into a website and leaves IP information as well as the location it was accessed the web from. He was having trouble getting rid of it because they didn't know the passwords. Anyways, he had issues getting some drivers installed and took it to my shop to get help with it. This is about 3 months after it was stolen and I guess the ass wipe didn't know he stole it from me. Fortunately, I recognized the product code I had to use to get drivers from dell and after a quick double check, the cops cops agreed. When we called to inform him to pick it up, the cops arrested him.

Of course this was a cluster fuck too, the cops wanted to keep it as evidence, then they wanted me to show my original receipt to prove ownership of it, and then it was lost in their evidence locker for year. I had started to sue the city when they found it and returned it. All in all, I was without it for a little under 2 years (20 months) because of the ordeal. In the end, I wish I just had better insurance and could have just forgot about it.

My advice, don't keep anything personal on it, make sure you have backups of everything, and enough insurance to cover it as a loss no matter how or where it is stolen from. By the time you get it back, you might have already moved on and nothing guarantees they will connect to the internet (and allow you to bust them) before they get anything personal from it. It would be nice if there was something built into the power supply or maybe the Ethernet card so it could be tracked without and OS installed like when charging or when and after reloading the OS. But absent something on a level like that, I don't think anything would be muhc help.

Re:Hmmmm... Selfmade solution?

[Grakun]

If you were a thief, you would be very stupid to hang around carefully inspecting the item you're thinking of stealing. Good way to get busted. You'd just grab it and go. Or in the case of your particular thought experiment, you'd grab both of them and go.

A thief isn't even going to notice an engraving unless it's in 30 point type on the laptop cover. And even then, he'd probably grab it anyway. People who make their living that way tend not to be complicated thinkers. There are professional thieves who discretely inspect the item and surroundings from before moving in. Not professional like you see in the movies, although I wouldn't be surprised if that's where they get some of their ideas. In a cafe, that'd be as simple as going in there and getting a cup of coffee, using a public terminal to check the news, etc...

I remember one time in college when our drain was backed up and the basement flooded, there was a plumber that stopped by to work on it. After he had left, my roommate noticed that her lockbox with all of her valuables was missing. Turns out, the landlords never sent a plumber. Fortunately, someone in their group was drunk and trying to sell some of the jewelry to someone who knew of our loss, so word got back around. They heard about our flooding problem from someone who knew one of my roommate's friends. Then they sent in someone who was very charismatic and appeared clean-cut, that none of us had ever seen before, to pretend to be a plumber and scope out the house. At some point he saw the safe in my roommate's bedroom through her open door, and slipped it into the bathroom with him. Then he slit the window screen, and slipped the lockbox out the window. We weren't sure if he had someone waiting out there, or he just grabbed it after he left. Although, they were mainly just scoping out the place. They were planning on sending this giant methed out black dude back in the middle of the night, at a later date, to get the rest of the stuff they wanted.

So while an engraving might not deter a thief who sees an quick opportunity and takes it without looking at what he's stealing, it could at least help to deter theft from the serious thief who'd rather steal the most valuable thing in sight. Also, if you use a lock with your laptop, that should significantly deter the opportunity thief.

Re:Hmmmm... Selfmade solution?

[Technician]

If you install only linux on the laptop, the thief will be so confused, he'll return you your computer. Now that's what I call sneaky.

Even if the thief doesn't know how to log-in, if there is a net connection a simple cron job to sync with your server would provide IP addresses as it phoned home as part of the daily routine. Trace the route and get a court order to find the subscriber of the ISP.

Part of the cron job could be to look for tasks to run. When the laptop is gone, have cron start the keylogger and collect the keystrokes on the guest account you left open for him. Then send him an e-mail from himself requesting it back. If that doesn't work, make a withdrawl from his bank account to cover the cost of your loss. Watch the fireworks..

Re:Hmmmm... Selfmade solution?

[sumdumass]

I don't know. The fingerprint scanner probably isn't fool proof. And if you leave your fingerprints on the computer somewhere, you are likely leaving anything the thief needs to access the stuff.

When I got my first inkjet printer, I noticed that it printed differently then the dot matrix it replace. Soon, we were using the scanner to scan finger prints into the computer and printing them on to paper. We even played around with painting latex on the paper to see if we could wrap it around someone else's finger and leave a print behind that looked natural.

The bottom line was yes we could. I have seen tests on biometric security devices in the past that show they could be easily defeated much in the same way. So if your going to rely on the finger print scanner, then make sure you keep your finger prints off the computer when your not using it. You could be giving the thief the key to your super safe locks.

Re:Hmmmm... Selfmade solution?

[Mr+Z]

If I were ever to steal a laptop, the first thing I'd do is take out the HD. Slap the HD in another system as a secondary, so I could scan it for sensitive information (CC#'s, usernames, passwords), and then blast the drive with a squeaky clean install image. I'd do all of this before I even turned the laptop on for the first time. If I were really thinking, I'd probably also take out the laptop batteries until I was ready to flip it.

So how does your boot loader work with that attack vector?

--Joe

Re:Hmmmm... Selfmade solution?

[fusion9290991]

Then again, if you take a hand every time he steals something, he won't be able to do it more than twice. It works in Saudi Arabia. A mate of mine forgot his cell phone on a table in a restaurant, and only realised it the next morning. In a flat panic, he asked the staff if anyone had seen it. One of them pointed to the table where he'd been sitting. The phone was still sitting there. Untouched. Exactly where he'd left it.

Contrast that with the brutal home invasions by armed robbers here in South Africa, where they will torture the families (children included) by pouring boiling water on them, or dripping melted plastic on them. This just to get hold of a cellphone or two, some cash and maybe a laptop if they're lucky. And then they'll probably shoot at least one of the family members, and rape another, just because they can. Then they'll go and rob the house next door, because it'll take the cops hours to arrive, if they ever do.

You think I'm joking?

http://www.news24.com/News24/South_Africa/News/0,,2-7-1442_2184926,00.html/ (Pensioner killed at home)
http://www.news24.com/News24/South_Africa/News/0,,2-7-1442_2157731,00.html/ 3 women repeatedly gang raped while robbers cook and eat the food they were preparing. Then robbers moved on to another house and repeat the process.
Usually the crime is black on white (gangs of 4 or 5 blacks, usually armed with guns and knives will force their way into a home).

South Africa has the highest rate of murder in the world. Over 50 people a day are murdered in this country. Approximately 18,000 women are raped every year. At least those are the ones being reported. You cannot open a newspaper without being bombarded with news about a baby being raped (certain superstitious sectors of our society believe that raping a 9-month old baby will cure them of HIV/AIDS, or they do it for revenge e.g.(http://www.mg.co.za/articlePage.aspx?articleid=304811&area=/insight/insight__national//)). They have no scruples. No shame. They take what they want, when they want it, and fuck you if you even look like you'll get in their way.

My point (after all that) is that prison doesn't work in terms of rehabilitating these people. Most of the people who do the kinds of atrocities mentioned above are people that have already been in prison, and have been let out or escaped (our prisons are well over 100% full). Prison is no deterrent. The only way to stop these guys from doing exactly the same thing 24 hours out of prison is to make them incapable of doing so. I'll leave those methods out of here, but I am pro-death penalty (I'm sure there's nothing like having your mom tortured, raped and then shot in the face, right in front of you, to make you radically change any liberal views you may have on something like that).

Most people (especially those who have never even been to Africa) are quick to point the finger, play the race card, and blame it all on the previous (White) government, forgetting that the regime changed nigh on 14 years ago (in 1994). That's a whole generation of school kids. With time to spare. And things have not improved. In fact they've deteriorated. Grinding poverty, failing infrastructure, crushing governmental incompetence and a lot of rage and hate are the primary contributors (particularly with regards to the gratuitous brutality of the crimes). We have (on average) a 2% conviction rate for violent crimes. 2%. And that's for the guys who get caught. Most don't get caught. They make a living off robbing people like this. Taking a life, even that of a child, means nothing to them.

And if you're coming here for the soccer world cup in 2010, please, for FFS be careful, because they WILL target foreigne

Re:Hmmmm... Selfmade solution?

[itwerx]

If I were really thinking

Ah, there's the rub! Most criminals are lazy and/or stupid. The few who aren't tend to be engaged in pursuits far more profitable than mugging.

Active Countermeasures

I use a built in grenade on a timer you must reset every 24 hours.

I did forget to reset it once with tragic consequences. I really miss that dog.

Oh well, its the price you have to pay for security.

Let me guess

O.J. just wanted those jpegs of him and hoover that were in your documents folder.

Don't bother.

[Bartab]

First thing that happens is the laptop gets wiped.

Re:Don't bother.

[MitchInOmaha]

Only if they're reasonably smart. We had a thief call Dell Support after he could not get logged in. Duh. -- Mitch

Re:Don't bother.

[A+non-mouse+Coward]

First thing that happens is the laptop gets wiped.

Exactly. There are only two motivations for theft of a laptop:

1) The hardware. In which case, the data will likely be destroyed immediately. There is no guarantee the machine will be booted with your hoodwinked "locator" software in tow.

2) The data. In which case, the drive will be imaged or some other "offline" method will suck up the data without booting the OS's controls.

The reason why remote wipe/kill functions work on a small device like a blackberry is because the service provider's network is required for the device to be usable. And even then, there's still the option that the theft is hardware-only motivated, and the thing will get wiped anyway. The blackberry wipe wasn't ever really intended on being used for a physical recovery method.

Potentially, a system BIOS would be a good place to run a "phone home" program, except that it would require advanced components, like a TCP/IP stack, etc., to run properly, and it could still be easily wiped by replacing the firmware with boot media. Apple, for that matter, has an upper hand at such a tool since they "own" both the hardware and software. But either way, what you're attempting to do is no more possible than DRM (and Slashdotters know that DRM is nothing short of an attempt at perpetual motion).

So lesson #1 is protect your data and insure your hardware. And please remember, that "protect your data" really could mean not having a copy of your data on the laptop at all. After all, encrypted data in the hands of an adversary is still your data, just with a time-sensitive lock on it (the length of time needed for CPU power to increase where access is trivial, or the length of time a well-resourced adversary will need to destroy today's top crypto).

Re:Don't bother.

[QuantumRiff]

Actually, Some of the newer Dell and HP laptops have the tracking software built into the bios/motherboard. Were looking at using it in combination with the Encrypted laptop hard drives, and fingerprint readers.. For us, its not so much about getting the laptop back, but making sure they can't get at our data. Privacy of our customers is critical. Also, the Computrace stuff built into the Dells can be told to remotely wipe the hard drive.

Re:Don't bother.

[p0tat03]

You do not understand the vast majority of laptop thefts. Sure, if this was a targeted hit and the perp is after some confidential data on the drive, then yes, they're likely to know every trick in the book. Keep in mind the average laptop thief is not even very technically savvy - they may know enough to wipe your personal settings, or even enough to reinstall the OS, but the VAST VAST majority will never crack the case open.

I've crossed paths with a few people who were selling hot laptops in university, these people were not technically savvy at all, the only thing they're really good at is swiping it, not what comes after. Most knew enough to pop the restore disc in, but that's only to clean the machine of personal information, and not to defeat any tracking devices.

Re:Don't bother.

[DavidTC]

Um, no.

A sizable portion of laptops are stolen for:

3) The laptop. The usable laptop. Not to resell, just to have a laptop, or to resell to someone else so that person can have a laptop. They don't know about tracking software, they aren't even thinking about stuff like that.

As for 2), a lot of thieves aren't that smart and even if they're after personal information, they'll use your OS to get it. They'll fire it up, check your email, check your browser history and try to figure out if they can get into accounts that would be useful. Yes, if we were criminals, we wouldn't do that.

And even if it's 1) they're after, and have a brand new counterfeit OS and everything to put on there, are you willing to bet they won't boot it at least once to see if you have anything useful on there? Like a stolen car, maybe they're planning on selling it to a 'repackager' where it will end up on a pawnshop with a new OS on it, but they can't resist booting it up to see if you've got any cool games.

Criminals often behave very stupidly, and saying 'They wouldn't be that dumb' is crazy. I think if someone published statistics of what percentage of computer with tracking software that got stolen were recovered, it'd be near 50%.

Of course, I don't know what these places charge, and if they're actually any good. (If they were smart, they'd already have existing agreements with ISP to track down physical locations of addresses.) I'm willing to bet a free program could be almost as useful, with maybe a bit more work if the thing is stolen.

Re:Don't bother.

[drawfour]

So who's going to buy a laptop without being shown that it works? A pawn shop certainly isn't going to let you pawn it off to them unless you can show it works, and anybody with a slight amount of sense is going to as well. Maybe they can find someone who's going to buy it without even turning it on, but I doubt that.

Yes, laptops are a crime of convenience. And so is selling them. If it's not convenient for them to sell it, then they're going to toss it. Into the nearest garbage can, maybe just toss it off a bridge into a lake. There are lots of places where the thing will never come back.

Re:Don't bother.

[vertinox]

First thing that happens is the laptop gets wiped.

Most people stealing laptops at gun point aren't that technically inclined or professional. There have been documented instances where the thieves were viewed with the built in laptop camera. Most of the time the they only grabbed the laptop from you because it seemed valuable.

Secondly, if you go to a pawn shop and pickup a laptop you can usually get the last owners personal data.

However, thieves that target laptops professionally will probably wipe your data, but usually they'll snatch your laptop from the air port or coffee shop while your not working, but those people are extremely rare and you don't see that much anymore since laptops aren't as valuable as they used to be.

Roll your own or wait...

[Dareth]

Either roll your own or wait. If you are lucky, someone will rob Linus Torvalds of his laptop, all production on the kernel will stop while Torvalds and friends crank out a "stolen laptop tracking system" that is greatly superiorthan any other.

If you are really proactive, you could go steal his laptop yourself. That way you have another laptop to use, and you will jumpstart this scenario.

Re:Roll your own or wait...

[pugugly]

BRB - off to mug Linus

Re:Roll your own or wait...

[QuantumRiff]

Heaven help us Linux users if some commercial company were to get access to the source code for the Kernel!

Re:Roll your own or wait...

[slimjim8094]

I hear he sleeps with nunchucks

Linux Monitoring

[Nosklo]

It seems to me that you can always install some software like that yourself. Once I lost my laptop in my own house. Since I have ipcheck in a cron job, updating my laptop's IP address on DynDns, I just SSHed into it and made it play loud sounds until I found it under the bed. (I don't answer questions about what it was doing there)

Re:Linux Monitoring

[everphilski]

kinky.

CompuTrace

[ironwill96]

Our University is using CompuTrace/Lo-Jack on our laptops. AFAIK, this is built into the BIOS and is not something that nuking the OS etc can remove. It allows for tracking location OR the option of remotely nuking the data on the drive to stop identity theft. It is a pretty widely used system and I think they are also responsible for the Lo-Jack system that Police Departments use to track physical equipment such as construction equipment when it is stolen. The website is here: http://www.absolute.com/laptop-security-solutions.asp

Re:CompuTrace

[packetmon]

I suggest you read about Computrace and how they offered me money to hush and go away with their false claims. http://www.infiltrated.net/lojack.pdf

Re:CompuTrace

[ironwill96]

The assumption you have here is that some thieves are not complete morons. Some thieves are smart enough to do the easy workarounds like you said, but there are others (many of them) who are not and will easily get caught. I view most of these solutions merely as "deterrence" more than an actual way of recovering the items. We had some computers stolen, we put in cameras and large signs notifying people they were under 24-hour surveillance. I think the signs are probably more effective than the actual cameras, the point is to make people wonder "Hmm, maybe I will get caught if I steal from this place, why not try something easier.."

Cron

[delirium+of+disorder]

Just set up a cron job to periodically connect to any server that you have access to. Make it connect to an obscure port or just request a non-public file (not indexed nor linked and with a long obscure name to keep crawlers/bots off it). Check your logs and you have the IP address that your thief is using.

If you want top be super paranoid, install a keylogger and set up a cron job to periodically scp the files to an ssh account you own. You would have every password, url, word processor document, etc typed by your attacker.

Dell has this in many of their laptops BIOSs

[Ransak]

Dell has been embedding Absolute's Computrace in many of their laptops (I'm typing this on a SuSE 10.2 install on a Dell Latitude D820 that has it enabled). Once you enable it in the BIOS, there is no way to disable it without physically removing and replacing the chip.

Agreed

[Valdrax]

If those programs can track muggers, they can also track you and that's why I wouldn't trust them. The best way to handle this is to encrypt all your data and insure your laptop against theft. Oh, and daily backups of your data on trusted media which you lock away in a safe.

Essentially, only your data is worth something. The hardware can be covered by insurance.

Agreed. Hands down, this is the best solution, and it will save you in many cases other than theft where you lose data. Modern laptops come with support for hardware acceleration of crypto (those blasted TPM chips) that can be turned in your favor.

While it's nice to maybe one day find your thief, it's not worth the security and privacy trade-off in my opinion. Besides, you should be encrypting a laptop anyway just as a matter of policy.

Re:Agreed

[cayenne8]

"While it's nice to maybe one day find your thief, it's not worth the security and privacy trade-off in my opinion. Besides, you should be encrypting a laptop anyway just as a matter of policy."

Well, the author of the article mentioned it was a windows/linux laptop, and that he couldn't find a tracker for anything but windows.

I put for that that we've FINALLY found a real use for windows. Create a small partion on it for windows, with the tracker software, and only use it for that.

It is doubtful the criminals would know what to do a boot into linux...so, encrypt and protect your real work on the Linux side, and leave the windows part for them to log into when they steal it.

Re:Agreed

[Applekid]

It is doubtful the criminals would know what to do a boot into linux...so, encrypt and protect your real work on the Linux side, and leave the windows part for them to log into when they steal it. IANALT (I am not a laptop thief), but, if I were to steal one, the first thing I'd do is a reformat/install of my favorite OS, after disconnecting the battery for a few days to take care of any CMOS passwords.

Not that the comedy of having a thief get all caught up with Bonzai Buddy is lost on me, though...

Re:Agreed

[ashSlash]

disconnecting the battery for a few days to take care of any CMOS passwords.

Decent laptops don't use battery-backed CMOS to store the password etc. You can leave the battery unplugged for a year and the password will still be there.

Re:Agreed

[Sen.NullProcPntr]

IANALT but If I were I would try to get the Laptop away from me and turned into Cash as fast as possible. Not wast time Installing an OS, or trying to get pass the password. Also most people who rob others at gunpoint are usually so desperate that they wouldn't think about doing such.... Being that you could do such activities you could at least get a job at CompUSA fixing these things. The thief may not have time to do this but the fence probably does. After all most car thieves don't strip the car they steal - they take it to a chop shop (is there an equivalent for PC/laptops?).

Your $1k laptop may only get the thief $50 (more than enough for an addict to risk pointing a gun at someone), but the next guy in the chain maybe gets $200-$300 after he reformats the drive and alters the serial numbers, MAC address, etc.

Re:Agreed

[Mr+Z]

Those places always seemed kinda fishy...

I have a question for the question...

[lena_10326]

There are companies out there which, for a fee, install tracker software on your laptop. If it's stolen or lost, they track its whereabouts whenever it gets on the 'Net and work with local law enforcement and ISPs to find the machine.

I've been the victim of a stolen vehicle before... and I know police really don't give a diddly squat about stolen vehicles. Sure, paperwork will be filed but that's all they do. When a stolen vehicle is recovered it's almost always recovered due to happenstance. So, my question is.. what makes anyone think police care about your $1000 laptop when they barely care about your $20,000 vehicle as it is?

Even with an IP address, postal address, and mapquest directions to the thief's house, I have a hard time believing an officer will put down his chocolate iced donut to go knock on doors over a laptop.

Re:I have a question for the question...

[bigdavex]

I've been the victim of a stolen vehicle before... and I know police really don't give a diddly squat about stolen vehicles. Sure, paperwork will be filed but that's all they do. When a stolen vehicle is recovered it's almost always recovered due to happenstance. So, my question is.. what makes anyone think police care about your $1000 laptop when they barely care about your $20,000 vehicle as it is?

The impression we get from TV crime drama is out of touch with reality. For lack of resources or otherwise, even violent crimes don't get the attention CSI portrays. I was shot by a robber at a friend's house, and the detective declined to review the crime scene with me. When the police allowed my friend back into the house after they collected the evidence, he pointed out the shooter's hat was still on the table.

There's nobody with tweezers going through the carpet looking for hairs. Nobody really gives a shit about a laptop or a car except the victim.

Re:I have a question for the question...

[Angst+Badger]

No kidding. When I was young and wild and involved in a bunch of very minor infractions of the law, I couldn't get rid of the police.

Now that I'm approaching middle-age and actually have assets worth stealing, I can't get the police to do anything. I stopped reporting break-ins a long time ago. The few minutes I spent on the phone trying to convince someone to let me file a report were better spent cleaning up the mess.

Re:I have a question for the question...

I was shot by a robber at a friend's house

For the love of... I shoot you just once and you won't shut the hell up about it!

Re:I have a question for the question...

[garnetlion]

Seriously! How many times were the police on my ass and my friends' asses when we were 12 or 13 smoking cigarettes? And where were they when my house was broken into? Probably out hunting down truant teenagers.

In all fairness, it probably has to do with complaints. No one but me bitches that some jerkoff broke into my house, but I bet the whole neighborhood calls in to report loitering teenagers. As public servants, they have to follow the guide of public interest.

Re:I have a question for the question...

[umStefa]

Call me old fashioned but I still like to believe that the majority of Police do have an interest in protecting the public, the members who are only interested in the power trip are a minority (although the do exist).

As a personal example, a couple of years ago I had a bike stolen from my garage. It was probably only worthy $200-$300 and I figured the chances of the police finding it where non-existant so I didn't bother to even file a police report. About 2 weeks later I was driving on the other side of town (well city of 650,000) and guess what I saw in the trunk in front of me... my bike. I tried to follow the car but lost it in one of the worst areas of the city, but I did get the licence plate. I then went straight to the police station and filed a report, unfortunatly the licence plate was stolen. The next morning the police came out to my house and took a formal report. 2 hours later, they called me back and had found my bike 2 blocks from where I lost the car. The cops had actually driven down every street and alley in the area looking for it.

To make a long story short, the police do care about finding stolen property but they need an idea where to look for it. They don't have the ability to look in every pawn shop in an average city, every day. Software can help, assuming the theif simply stole the laptop to get a quick couple of bucks.

Re:I have a question for the question...

The function of the police institution is not to stop crime. The function is to convince the populace that an authority that enforces social norms simply exists. That impression is better conveyed by harassing everybody about the more absurd norms that everybody is likely to break at some point than by focusing the energy on a couple of criminals who already know that they are breaking the law. I think it's called a panopticon. It's not important to watch everything, it's important to convey a sense of being watched.

Don't worry about Ubuntu

[gosand]

If you have Linux on your laptop, they won't be able to figure out how to get on the net anyway, especially via wireless. :)

Why bother at all?

[johnthorensen]

There are two reasons to care about a lost/stolen laptop: 1) losing the value of the laptop itself, and 2) the value of the data within.

For the value of the laptop itself, I would argue that the cost of any tracking solutions is bound to be more than (the chance of laptop being stolen x value of laptop itself). This comes down to the age-old question of 'whether or not to buy insurance'. In this case, it's just not worth it - especially considering that you're buying insurance that may or may not 'pay' in the event of a loss!

Regarding the value of the data contained in the laptop, my reasoning is that if you are carrying around data that is *truly* valuable, then being able to get the laptop back if stolen is the least of your worries. If you are not responsible enough to keep valuable data either by your side at all times, or in a safe place, then you aren't responsible enough to be working with said data to begin with. Secondly, if people are clever enough to track down a laptop with valuable data in the pursuit of corporate/governmental espionage - they're damn well clever enough not to hook the thing up to the internet. Finally, if by some chance the swipers decide to drop the thing off at the pawn shop in order to make an extra $100 (yeah right), by the time you get the laptop back the real damage has been done anyway.

Summary: tracking services = waste of time. -JT

software != best idea

[weirdcrashingnoises]

software can be deleted, chances are the hard drive will be wiped, so all ur data's already gone

really the best idea is to call chuck norris, and convince him roundhouse kick every laptop thief in the universe.

Re:Held up at gunpoint?

[everphilski]

I did not steal a notebook, but had I stolen a notebook, here is how I would have done it ...

Re:If you have a Macbook

[dollar99]

I checked out the undercover website and noticed that in one of the perp snapshots the dude is in the bathroom, sitting on the can. I'm not sure if I'd want my Mac back after seeing that pic.

remember, people trust the computer

[geekoid]

and believe what it tells them.

Just periodically have it pop up a dialog that says something like "To begin routine maintenance, please enter the password otherwise click cancel"

The if they fail to enter the password, it shoots you an email the contain a trace from it to google.com, or some other site that is unlikely to move. If it connects through a wireless device, be sure to have it email that info as well. Also turn on a key logger and get that information. It's actually pretty easy to do. Could probably be written in less then an hour.

Do it once a day until you can turn it off. This can get you a pretty good idea of it's location.
You could open up a shell and have it pop up a message that tells the person they had better return the laptop or you will go to the police. If it has a built in camera, take is picture and let him know.

You could hire someone to be an intermediary so the person never sees you. and as far as you tell him, ensures that you never see him. Probably get somebody to do it for 50 bucks. Hell, spend 200 bucks and ask a lawyer to be the intermediary at his office.

It might be handy to make it look like there is something valuable in the data so the thief doesn't want to wipe it. Most unprofessional thieves will want to snoop.

Nothing is BulletProof, but do it with HARDWARE

[Kyrka]

I've been down this road several times... and can't say enough good things about CompuTrace. Most of their staff are former law enforcement, and there is an "insurance policy" for lack of a better word that accompanies situations in which they locate the device but it's in, say, the Soviet Union and the like. (For example, if stolen, properly reported, and unrecoverable within 30 days you get $1K the first year, $500.00 the second, and $250.00 the third towards replacement.)

To me, the most vitally important aspect is going for something that is hardware based. With TPM enabled bios and such these days on a modern laptop, the client is embedded and does not rely on your OS whatsoever. This is great considering most of what we seem to be discussing in this thread is Linux.

CompuTrace worked so well that in our tests (and later, based on four thefts out of 300 systems) that we noted the following: - I can wipe the hard drive (even low-level format) and the system will _still_ phone home immediately once on the Internet. - If you take the hard drive out and place it in a different system, _THAT_ system _also_ phoned home, based on the TPM components there.

(This was mostly HP TC4200 and HP TC4400 tablets.)
www.absolute.com

Bash Cron Job

[skeeto]

As stated before: cron a bash script,

#!/bin/sh

/sbin/ifconfig | mail you@where.com

Smuggling milkbones

[benhocking]

Remind me to try that (smuggling milkbones, that is) next time I fly somewhere. Boy, would that be a funny misunderstanding. Well, for some definitions of the word "funny".

Re:Smuggling milkbones

[slashbob22]

Well, for some definitions of the word "funny". Funny: See +1 Funny
+1 Funny: A moderator's intent to see the moderated shamed, humiliated or otherwise injured by their own sarcastic illustrations.

Re:For Linux.....

[Chineseyes]

4. Locate the IP address via DynDNS. Log into the stolen machine. 5. Stream the audio from mics (pipe it from raw device to mp3 and send compressed). Do the same with webcam if it works with Linux 6. Go then show up and stick that fucker up with a gun. See how he likes it. "I want my laptop back.."

7. Get arrested for assault with a deadly weapon
8. Go to jail

I'm not sure where people on slashdot get some of these retarded ideas from but I know someone personally who was held at gunpoint for his belongings when we were in college. The thief used his cellphone that very night and with the help of the cell company he was able to get all of the numbers the person called. A reverse directory lookup later he had the address of one of the thieves friend/female family member.

After waiting in his car for two days (no shower, no sleep) he finally saw the guy who robbed him walking to his girlfriends house and held him at gunpoint. The guy who had originally robbed him called the cops and told them HE was held at gunpoint and guess where this genius is at now? In a state prison doing his third year for assault with a deadly weapon. When he was sentenced the judge told him that he didn't see any difference between him and the guy who he was robbed by.

Before you start posting on slashdot advocating vigilante justice I suggest you think about the consequences of being a vigilante. You aren't dog the bounty hunter and this isn't A&E.

The problem with your risk/return analysis

[benhocking]

Your car might drive you into the ground first. Please make sure, for your sake and others', that you're at least keeping your car safe.

Laptop security is possible

[jmorris42]

> I think it's a foregone conclusion that there's a reset jumper somewhere on the MacBook. You and
> I not knowing where it is doesn't make it any less so.

Or not. Laptop makers have become serious about security because so many customers demanded it. Not sure what Apple is doing exactly, but if a Thinkpad has a hard drive password set the only way to defeat it is to send the whole unit along with either documentation proving ownership or LEO creds to one of a select group of data recovery houses. The drive password is stored on a chip inside the drive bubble as well as in the CMOS memory. So pulling the backup battery only gives you a brick.

Pulling the drive and trying to read it from another computer also fails, again because of the drive password kept in the drive itself. So if you don't have a passwordless guest account and properly protect the boot sequence to prevent booting from alternate media you can lock a laptop down to the point it is only a few spare parts to a thief.

That said, I can still think of ways to defeat the security but none that a typical 'gangster' kiddie could attempt.

Orbicule's Undercover for OS X (yeah, not Linux..)

[5n3ak3rp1mp]

http://www.orbicule.com/undercover/

I use that on my mac machines. I know it's not linux specifically but I just thought I'd toss that out there. It uses the built-in cam to take clandestine photos, too...

The actual product tracking companies are selling

[jmorris42]

> I'm willing to bet a free program could be almost as useful, with maybe a bit more work if the thing is stolen.

No it couldn't. The software is trivial. A program that sends a web request with the serial number embedded in the url a few seconds after a network interface comes up is all that is needed. But once you know your laptop is at IP x.x.x.x that doesn't do YOU a damned bit of good. No ISP is stupid enough to give you the IP+timestamp to physical connection point mapping for liability reasons. Think it through and imagine the Pandora's Box doing that would open. That is what you are actually buying from the tracking company, their preestablished relationships with law enforcement and the ISP community. Once known and trusted as a laptop tracking company they CAN get that info into the hands of law enforcement. Although I bet for legal reasons the tracking company itself NEVER sees the phone number/node/physical address.

Re:I just set a boot password

[bcmm]

You need to set it up so that if you don't run a certain script once a week, the Goatse wallpaper happens.

Linux is easier and free

[JustNiz]

Just set up a cron job on your laptop to run traceroute to some arbitrary place (say google) and email you the output twice a day.
Have the spam filter on your inbox just toss the email away until the day you need it.

It does rely on the thief not knowing enough to fire up linux in sngle-user mode and kill your crontab entry, which is probably a safe bet.
Or (more likely) to just blow away your whole linux partition with a fresh windows install, but that would even affect a commercial product the same, unless it was hardware-based.

"instrument of Death" my arse

[emj]

Remember guns don't kill people, they are harmless things.

Re:"instrument of Death" my arse

[fadzlan]

Yeah. Pen don't write too, unless you made them to write. By that logic, pen is not an instrument of writing.

Orbicule and Lojack for your laptop.

[jixii]

Orbicule and Lojackforlaptops, since they run on Macs and Mac's OS X is sitting on top of Darwin ( Unix) either should to the trick. Kyle

BIOS-level via OEM

[belgar]

Absolute Software might have what you want:

Absolute BIOS-Level Protection

(Disclaimer: Not involved with these guys at all -- did a training session with some of their developers several years ago, and was impressed by their pitch)

Comment removed

[account_deleted]

Comment removed based on user account deletion