Open Source Adeona Tracks Lost & Stolen Laptops

An anonymous reader writes "Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there's no need to rely on a single third party. What's more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner's choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop."

Hmm...

[dahitokiri]

Mobile device + Linux + Adeona == cheap way to keep tabs on your girlfriend/wife/kids at all times?

Re:Hmm...

girlfriend/wife/kids

I especially like the order you've put those.

Re:Hmm...

[BPPG]

What??? Little Jimmy has his laptop open at the local strip bar? Sweet, I didn't know they had open wifi!

Re:Hmm...

[cthulu_mt]

...No, he knew where she was the whole time...

Re:Hmm...

[Potatomasher]

woha ! +3 Informative ?
Guys... THE strip bar doesn't really have open wifi. It was a joke. Now come back to your desks...

Re:Hmm...

[Hoi+Polloi]

Ok, let's look at the log!

Starbucks
Starbucks
Starbucks
Starbucks...

Re:Hmm...

[BPPG]

I'm as surprised as you are.

Re:Hmm...

The fact that this got modded "insightful" is rather intriguing.

Re:Hmm...

[alex4u2nv]

Dude! you left your statement wide open for attacks to many kinds of virus.
I would recommend while you're at the strip club, find Trojan man,and do some deep penetration tests.

Re:Hmm...

[Nick+Number]

A Funny moderation doesn't affect the poster's karma. Many moderators find this feature lame and will use Interesting, Insightful, or Informative instead.

The only good use of Funny is to encourage discussion of a post that you find undeserving of a karma boost.

Re:Hmm...

[j-pimp]

Hans shot first!!!

Re:Hmm...

It is always necessary to bring a trojan with you to the strip club

Re:Hmm...

[Grendel70]

Mobile device + Linux

= NO

girlfriend/wife/kids

This is Slashdot after all.

But without a central service

[pxc]

it may be more difficult for Adeona to gain traction with non-technical law enforcement officers.

"So who do I call to confirm that this laptop is stolen?"
"Umm, me. You see, there's this free software called Adeona that anyone can set up to track their own laptop."
"Never heard of it..."

In previous threads about stolen laptops (like the AskSlashdot thread on how best to recover a stolen laptop) I read some anecdotes where people were in a similar situation with similarly-purposed software that they rolled themselves. Perhaps the software having a common face (same name and features) will be enough to solve this problem.

Re:But without a central service

[acklenx]

"So who do I call to confirm that this laptop is stolen?"

The owner is probably the only person that should report it stolen regardless of the software "tracking" it. And how does someone know this laptop is your laptop? Perhaps the serial number (unless it has a large scratch through it). You do file that information with your insurance company, right?

Re:But without a central service

[peragrin]

ooh chinese? aren't mexican's cheaper to offshore?

Re:But without a central service

[jimicus]

"So who do I call to confirm that this laptop is stolen?"

The owner is probably the only person that should report it stolen regardless of the software "tracking" it. And how does someone know this laptop is your laptop? Perhaps the serial number (unless it has a large scratch through it). You do file that information with your insurance company, right?

I think the OP meant that this is how s/he imagined the conversation going at the police station; viz. unless and until the software is well known and respected, the fact that you have evidence to suggest where the laptop is is neither here nor there because there's a strong chance that the authorities will refuse to follow up on your evidence because they've got no reason to pay it much heed.

Re:But without a central service

[Joe+Snipe]

Now that's just silly. First off, if they are not technically oriented, you would simply drop them into dummy mode and then feed them instructions. Second, chances are since you were the one to set up the program, you would be the one to sign in and get the location data. Then you would call the authorities and say "according to my gps-enabled tracking software, the laptop is at location X," and they would send out a detective. If the detective is unwilling to accept your data, then you are parsing it wrong.

Re:But without a central service

[Lumpy]

You can mention MOSt of the laptop tracking apps out there and the response will be "Never heard of it..."

MOST non-technical law enforcement officers haven't heard of most tools used like this.

Hell most havent heard of linux or even understand what wifi is.

It will have as much traction as the open source CCTV systems and closed source CCTV systems do. Most of them blink when you hand them a CD with CCTV footage on it and the viewer app and they ask, "so I can play this on a DVD player?" 99.997% of all commercial security recorders record to a special format that is only viewable by the special player software.

your local storm troopers dont know squat past how to fill out the paperwork.

Re:But without a central service

[kabocox]

it may be more difficult for Adeona to gain traction with non-technical law enforcement officers.

Um, LEOs would actually love to have this preinstalled on laptops, desktops, cellphones, game pads, game consoles, and everything else under the sun. All they need is for you to file a police report that X device is stolen. The tricky thing is how easy would it be to make a LEO account so you could log in some where and give Joe Bob Police Officer tracking rights to that cell phone and ipod that were just stolen, but not the LCD tv, pc, and all the other toys.

Trust me, LEO would love for you to have your own tracking software/hardware installed on everything that you own because it makes there job so much easier.

Re:But without a central service

[Zenaku]

The important thing is to provide all the relevant details when you file a police report -- model, color, and most importantly serial number. If you don't file a police report, then nothing has been stolen as far as the law is concerned.

I did not have my serial number written down anywhere, but when my house was burglarized a few months ago and my Macbook Pro was stolen, Apple was able to provide me with it along with a copy of my invoice. I made sure the police report had the serial number in it, even though I did not have any special software installed for tracking it.

A few weeks later, I found a bunch of new bookmarks in my browser that I didn't recognize and I realized whatever fool had my laptop had not bothered to re-image it, and was still using my Firefox profile, which was still connected to my Foxmarks account.

So I changed them all to point to a redirect page on my own webserver, and set up a cron job to watch the logs and email me whenever it got a hit. Foxmarks dutifully synced my changes down to my stolen laptop the next time the guy opened Firefox, and suddenly I had his I.P. address. He sent it to me several times a day, and it was always from the same IP.

Now, the police in my precinct are not technical, but I called them and left a message explaining the information I had, and referencing my case number, and making it very clear that all they needed to do was get a subpoena to get the subscriber information from Comcast. It took about a week for someone to call me back to find out what the hell I was talking about, about 20 minutes on the phone for me to give him a brief "TCP/IP 101," and then about three more weeks for them to get the paperwork through the courts. But then one day the detective called me up, told me he was standing in the suspect's apartment, and asked me where to find the serial number on the laptop.

I told him how to remove the battery and find the serial number, he matched it against the police report, and I had it back a couple of hours later. The guy that was using it got charged with a felony (receiving and concealing stolen property).

All of my personal files were still on the laptop, just moved into the trash bin. Along with several pictures of the guy and his buddies mugging for the camera and throwing gang signs. (These, of course, I burned to a CD and gave to the police).

Anyway, my point is just that even though the cops are usually not remotely technical, they will follow up on this sort of thing if you are polite, take the time to explain the technology, and make sure to follow procedure by filing a detailed report as soon as your laptop is stolen.

I'll definitely be installing this software on the laptop as soon as I have a free moment -- I got lucky with Foxmarks, but it's better to be prepared than lucky.

Re:But without a central service

[pushing-robot]

Good lord, man! Misusing an apostrophe in a Slashdot thread? When the parent poster owns an open-source justice mob?

Delete your account! Throw away your computer! RUN FOR THE HILLS!

Re:But without a central service

[z80kid]

It sounds like you either live in a nice area, or you have an influential profession. :)

I think the OP was referring to the fact that in many places in the US, the police only really respect lawyers and corporations with lawyers. These people might actually cause trouble for them. For anyone else, they will begrudgingly file a report and no more.

Re:But without a central service

[Zenaku]

In my experience (meaning this is of course only anecdotal evidence) it all has to do with their manpower vs. the likelihood of making an arrest.

In my case for example, the house was burglarized. My alarm system went off, and the police did respond, but as I understand it, they noted that the door was open, and that was it. My friend who was house sitting had to call them back to fill out a proper report with the things she could tell were missing, and when I got back into town I dropped by the precinct with a written, detailed list of everything taken. At this point they did not have anyone assigned to investigate -- they basically take a report so you can send it to your insurance company, and that's all they do. So you're right about that.

But they aren't wrong to do that, exactly -- they have limited resources, and as a citizen I don't necessarily want them wasting their time on a case with no witnesses, no suspect, and no leads. A 5000 dollar property crime doesn't exactly warrant bringing in the CSI team to look for DNA. If it did, they would need a hell of a lot of CSI teams. I'd rather they spend their time and money catching violent offenders.

But when I ended up with the IP address that could lead them to the stolen property, suddenly they were more than willing to help. They assigned a detective, who took what I had and ran with it, because suddenly the solveability of the case had gone from a low probability and high difficulty to good probability and low effort. I'm nobody important, I assure you. Just a guy that had an actual lead.

Maybe I'm giving people too much credit, but I think most police (I've met some assholes too, I assure you) really do want to help -- it's just a matter of how best to spend their limited time and budgets.

Re:But without a central service

[ACMENEWSLLC]

My laptops have Antivirus that reports back to my admin server along with IP address (Local & the Firewall's.)

So when a laptop is stolen, I know where it is. But what good does that do me? If I call up the police myself and say I have this old company laptop worth $500 sitting somewhere in the open WIFI at the local truckstop, they will just say "so what?"

I can remote wipe the PC to eliminate any private data, if they don't do that prior to selling it on eBay.

Re:But without a central service

[jeebusroxors]

"And how does someone know this laptop is your laptop? Perhaps the serial number (unless it has a large scratch through it)."

I'm assuming a MAC would be good enough. The question is, would you have to provide some traffic showing that MAC on your network or would just having the MAC suffice? This I would like to know.

Re:But without a central service

[captnjameskirk]

I guess this is one situation where leaving on Automatic Login actually wasn't a bad thing. If the thief had been forced to login using a guest account, he wouldn't have been using your Firefox profile, and your Foxmarks wouldn't have updated.

Re:But without a central service

[ConceptJunkie]

TANJ! There Ain't No Justice

The open-source justice mob couldn't talk to each other to coordinate a meeting because they didn't have the necessary Broadcom wireless drivers.

Meanwhile, every time someone pluralizes with an apostrophe, a small part of all us dies inside.

Re:But without a central service

[mikael]

Listings and printouts can be faked. Having any serial number of firmware address registered with a legally acceptable third party such as an insurance company, the manufacturer or retailer would be necessary.

Re:But without a central service

[Zenaku]

Yes, I had that exact thought. And I'll admit that I had taken the physical aspects of my security for granted. Automatic Login was on, and if the guy had been a little more intelligent or motivated, he'd have been able to find everything he needed to steal my identity. Fortunately he wasn't that bright, and having the machine in a state where he could use it without changing a thing led to my getting it back.

In the future, I imagine I will still leave Automatic Login turned on. . . I'll just install actual tracking software and be sure to encrypt my sensitive data from now on. The less reason you give them to reinstall, the better the tracking software will work.

Re:But without a central service

[FreakinSyco]

Leads? Sure, I'll just check down with the boys at the crime lab... They've got four more detectives on this case... They've got us workin' in shifts!

Re:But without a central service

[FictionPimp]

All of my companies drives are encrypted with truecrypt. NO need to worry about wiping anything. However something like this might make it easier to verify a notebook was indeed 'stolen' when a loner laptop given to a student turns up missing or a recently fired employee decides to claim the same.

Re:But without a central service

My wife's wallet was stolen right out of her purse while sitting in the Barnes & Noble cafe. She noticed it missing before we left, and we called the credit card companies right away. The bookstore is on a main shopping street across from Rittenhouse Square, so charges were showing already showing up as the wallet worked its way down down the street. At that point we were about three blocks behind the cards, and the wallet had worked its way a couple of blocks north, onto Chestnut Street. The trail went dead at 15th and Chestnut because by that point all of the cards had been cut off.

By the time the cop showed up I had multiple clerks who had run up transactions when presented with my wife's card, I had the store copies of the receipts the crooks had signed, and a couple of the stores had the people on videotape. The cop mentioned this to his partner, who informed him that they had stood within five feet of the thieves earlier that day when there had been a disturbance at Urban Outfitters, and the description the partner had matched the description the clerks gave. Oh, and they had tried to pay a cell phone bill with one of the cards, so they were on tape there as well. One of the clerks also recognized that one of the thieves worked at the McDonalds a couple of blocks down the street.

You would think with all that this would have been a relatively easy case to wrap up, particularly with the victims having handled the investigation prior to the police showing up. Nope, haven't heard a thing since that day...

Re:But without a central service

In a case like that, where they had everything they needed and more, and you had already canceled all of your cards and weren't liable for the charges. . . why would you expect to hear from them? They didn't need anything else from you.

Did they at least give you a case number? You might try calling and asking if the case was resolved, and asking to get your wife's wallet back if it has been. Be proactive -- I doubt they'll go out of their way to let you know they caught the guy, unless you ask.

Re:But without a central service

[jeebusroxors]

Not trying to get TOO OT, but is this an argument to place ones MACs on record with the insurance company, vice a serial? Like it was mentioned, above, serials could be scratched. An internal wifi card seems a damn near foolproof way to identify a machine (if it's still in tact).

Or do I just have a case of the Mondays and can't think straight?

Re:But without a central service

[CharlieHedlin]

My neighbors car was burglarized, and the police asked if she wanted them to dust for fingerprints. Her response was that she didn't want to waste anyone's time if it was pointless and the detective assured her the evidence could be very valuable (granted we live in an upper middle income neighborhood, and there seems to be an outbreak of car break-ins).

I think the police want to help, but they don't want to waste time. I know Absoulte's Computrace (Lojack for laptops) web site claims the police are eager to follow up on their reports, because they usually turn up a lot more than just a laptop.

On the other hand, it took the police a week to call the GP back. I wouldn't expect that to work out so well in most cases. I would think having Absolute would help get a faster response.

Re:But without a central service

[mikael]

Possibly MAC addresses can be reprogrammed. If you boot into the BIOS of any system, you will see the serial number there as well.

Some workstation manufacturers would actually embed a serial number into every component - which led to some interesting discoveries when a service technician came to upgrade a system in some developing world country.

Re:But without a central service

[SuperBanana]

But they aren't wrong to do that, exactly -- they have limited resources, and as a citizen I don't necessarily want them wasting their time on a case with no witnesses, no suspect, and no leads. A 5000 dollar property crime doesn't exactly warrant bringing in the CSI team to look for DNA. If it did, they would need a hell of a lot of CSI teams.

The reason people commit $5000 property crimes is specifically because the police no longer bother to investigate.

If the police thoroughly investigated and had a high conviction ratio on even a relatively small number of crimes, people would be less likely to try it.

Furthermore, we're always preached to about how there are "gateway" drugs (I won't dispute or agree), but nobody ever seems to talk about how important it is to investigate and prosecute "gateway" crimes like B&E.

Re:But without a central service

[Drgnkght]

The government would love you too. Just a thought.

Re:But without a central service

[Zenaku]

The reason people commit $5000 property crimes is specifically because the police no longer bother to investigate.

If the police thoroughly investigated and had a high conviction ratio on even a relatively small number of crimes, people would be less likely to try it.

I don't disagree with you in the slightest on this point. Too bad we don't live in an ideal world with an unlimited supply of manpower. How much more would you be willing to pay in taxes to get every petty theft investigated?

Re:But without a central service

[Walkingshark]

Well, in Texas you can use lethal force to defend your property. Maybe buy a gun and go get your shit back? :)

Re:But without a central service

[DavidLJ]

Zenaku,

Congratulations -- on a job well done, and on what I consider a sensible attitude toward the cops.

                                              -dlj.

Re:But without a central service

You made a few assumptions, of which the probabilities are unknown: 1- The thief started up the engine, and since he is not a Windows fan (!), he's fine with the current existing Linux. 2- The thief encountered a log in screen and managed to crack your password (!) to use your Firefox browser together with your Firemarks. To sum up, the thief should be a Linux who is able to crack your password but doesn't bother to re-image your machine. Hopefully the geek thief doesn't read slashdot or found out about Adeona; otherwise he would re-image it. What do you say? I think the best solution for stolen laptop should be something OEM and standardized by all vendors. Cheers

Re:But without a central service

Hey, I've installed Adeona, but, where do I go to check the trakking??? there's not even a word on that on the website! Thanks

Reformat HD = Free Laptop?

[QuantumLeaper]

All you have to do is reformat the hard drive and now some one has your laptop for free.

Re:Reformat HD = Free Laptop?

[Verteiron]

Sure. This is betting on the fact that a lot of thieves are too dumb to do that, and either use or pawn the laptop without doing much to it. I'm willing to bet that's the case more often than not.

Re:Reformat HD = Free Laptop?

[Daas]

Yeah, the guys that steal laptops all know how to do that.

They all are pure evil geeks !!

Re:Reformat HD = Free Laptop?

[ChowRiit]

I suspect you may be somewhat overestimating the average criminal's technical abilities or knowledge. Maybe if this became a common sort of tool and were used all the time, people might begin to learn how to avoid it, but I can't see it being install on more than a tiny fraction of a percent of laptops for the near future...

Re:Reformat HD = Free Laptop?

[Verteiron]

Actually they state as much right in their FAQ:

What if a thief removes the software, reinstalls the OS or doesn't connect to the Internet?

A motivated and sufficiently equipped or knowledgeable thief can always prevent Internet device tracking: he or she can erase software on the device, deny Internet access, or even destroy the device. For example, Adeona currently has no mechanisms for attempting to survive a disk wipe.

We point out that we do not believe this renders Adeona (and other location-tracking systems) useless. The Adeona system was designed to protect against the common thief -- for example, a thief that opportunistically decides to swipe your laptop from a coffee shop or your dorm room, and then wants to use it or perhaps sell it on online. Such thieves will often not be technologically savvy and will not know to remove Adeona from your system. While device tracking will not always work, systems like Adeona can work, and it is against the common-case thief that we feel tracking systems can add significant value.

Re:Reformat HD = Free Laptop?

[Bert64]

Indeed they do, because the ones who didn't have already been caught and thrown in jail.

Re:Reformat HD = Free Laptop?

This is not the case with many proprietary tracking software/services. The laptops we use at work are all updated with Computrace Lojack program that was installed into BIOS (and we had some problems with Windows after they installed it, all resolved luckily).

The re-installation of the OS does not remove it. They even claimed that BIOS update would not remove it, but I am not sure how true it is (never researched on it).

Re:Reformat HD = Free Laptop?

Most thieves don't know enough to reinstall a laptop, but I'd imagine most know it's a good idea, and probably know someone who could do it for them.

I've been approached a few times to reinstall laptops that people have "acquired".

Re:Reformat HD = Free Laptop?

[_Sprocket_]

There's a sucker born every minute.

Re:Reformat HD = Free Laptop?

[von_rick]

Now if someone comes with a program - "OS installer for stolen laptops" which would format the drive/partitions and install a version of Linux or pirated XP with some preset parameters - that would make lives easier for laptop stealers.

Re:Reformat HD = Free Laptop?

Most thieves don't know enough to reinstall a laptop

Ah, the quaint image of an ignorant ruffian thief vs the bright (white) middle class victim. Do you have any stats to go with that prejudice or did you just pull that assumption out of your oft-seated backside?

I've been approached a few times to reinstall laptops that people have "acquired".

Yes, I too have been approached by people who had bought second hand laptops and wanted help with reinstallation. And I managed to help each one without some irrational ungeekythief association.

Re:Reformat HD = Free Laptop?

you have to understand that half of the thieves will steal the laptop and go pawn so they can get some quick cash. the other half is interested in what information they can obtain from the stolen laptop in order to commit fraud.

it's these thieves that you have to watch out for and protect yourself against! i can always replace a laptop. sure i'll be pissed and upset, but the harm that the theft can do to me stops at stealing the laptop.

it can take YEARS and thousands of dollars to repair the damage identity theft can do.

Re:Reformat HD = Free Laptop?

[arth1]

The proof of the pudding is in the eating. How many laptops has this system recovered so far?

Also, for a PC, I don't see what this software does that's more useful than the following crontab entry:

30 * * * * perl -e 'sleep rand(1800)';\
wget -q --spider http://my.website/report/LAPTOPNAME

That too does a connect on average every half hour, and the IP address and time is being logged.

It does not send any traceroute information (which would be easy enough to do with another half line in the crontab), because doing so could very well be considered illegal black hat activity on your part. Consider someone connecting a stolen laptop to a corporate network. Just because your laptop was stolen doesn't mean you have a right to examining the internal topography of that corporate network, and sending the information to a third party. I'm amazed that the authors of this software are stupid enough to do so!

Re:Reformat HD = Free Laptop?

Most people don't know how to reinstall a laptop, or why they would want to. Why would you assume anything more about the common thief?

Re:Reformat HD = Free Laptop?

[Albanach]

It does beg the question why this isn't a default feature of most BIOS chips. It really should be trivial for the bios to try and get a dhcp lease on the installed network cards and make a single network connection.

Sure, you can reset the BIOS, but that's typically a lot more challenging than reformatting the hard drive.

Re:Reformat HD = Free Laptop?

[Lumpy]

Most honest people cant format and reinstall windows. you expect the dumber parts of society, the thieves, to know how to do that?

Hell, I had a GPS recovered at a local pawn shop. I hacked it so when you turned it on it said "STOLEN FROM LUMPY! CALL 1-675-555-1212" and the moron still tried to sell it at a pawn shop.

Re:Reformat HD = Free Laptop?

[Vendetta]

How would it be illegal black hat activity on my part? It would be the fault of the douchebag who connected my laptop (that they stole) to this imaginary corporation's network. I'm not the criminal, the person who stole it is. Please, explain your logic to me.

Re:Reformat HD = Free Laptop?

[arth1]

It would be illegal on your part because it was designed to get that information, specifically, and clandestinely.

If you install a bomb in your laptop with a dead-mans-switch which requires you to touch a file at least every day, or it goes off, and someone steals your laptop and the bomb goes off killing innocent people, you can (and should) be blamed. This is no different.

You have no way of knowing whether the network that the thief connects to is open or not, and indeed, the traceroute information would only be valuable information if the network is not open -- otherwise, the traceroute can be done from the other side. And if you have the IP address, it should be the police or licensed investigator with cooperation of the company who obtains the inside network information if needed. Not you.

Re:Reformat HD = Free Laptop?

[photonic]

Consider someone connecting a stolen laptop to a corporate network. Just because your laptop was stolen doesn't mean you have a right to examining the internal topography of that corporate network, and sending the information to a third party. I'm amazed that the authors of this software are stupid enough to do so!

So according to your logic, if I have a machine at my office that (for some good reason) sends a scan of the local network to HQ, reboots random local machines and sends goatse pictures to the local printer, then if someone steals this machine and plugs it into his network, they have the right to complain??

Re:Reformat HD = Free Laptop?

[fm6]

A lot? Maybe. (There was an amusing case recently where the thief was caught because he uploaded photos of his tats the the victim's .mac account.) Most? Definitely not. Assuming you actually make your living stealing stuff, and don't just grab the odd laptop off a table at Starbucks, then you have to take your booty to a fence. And the first thing a fence does with any stolen property is to remove any traces of the original owner.

Re:Reformat HD = Free Laptop?

[Woy]

If you are right (which i don't know enough to tell), then that looks like a liability lottery.

Re:Reformat HD = Free Laptop?

Most people don't know how to reinstall a laptop, or why they would want to. Why would you assume anything more about the common thief?

You're just repeating the prejudice. Why are you assuming that people who go around stealing laptops are random opportunists? Someone who makes an income selling computers, through purchase or theft, would benefit from knowing more about computers than the average user. If his repertoire of stolen goods is too eclectic, he'd do well to have contacts with specialist knowledge.

Again, legitimate businessmen know this, so why do you think someone who chooses thievery lacks the ability to make the same judgment? All he needs is one conversation with one geek to learn that tracking software might be installed - just as one does not steal a high end car without contemplating whether it's fitted with a GPS that reports back to base.

Fortunately, the police have learnt to avoid various false assumptions, otherwise I'd be tempted to make a mint as a criminal of high tech goods, what with everyone working on the basis that I'm a retard :-).

Re:Reformat HD = Free Laptop?

[arth1]

So according to your logic, if I have a machine at my office that (for some good reason) sends a scan of the local network to HQ, reboots random local machines and sends goatse pictures to the local printer, then if someone steals this machine and plugs it into his network, they have the right to complain??

The owner of that network, which may not be the thief, most certainly has cause of grief if your system was designed to clandestinely do damage or steal inside information. The thief would have no reason to expect that it would do so.

This is slashdot; a car anology is in order.
If you equip your car with a hidden gun that randomly fires on average every 30 minutes, and someone steals your car, you are responsible for whoever gets shot, not the thief. Cause the thief had no rational reason to believe it would do such a thing -- it's not within the normal operational parameters of a car.

Re:Reformat HD = Free Laptop?

[arth1]

If you are right (which i don't know enough to tell), then that looks like a liability lottery.

Indeed, and I'm very surprised that the authors of this program chose to clandestinely collect information that may very well be proprietary.

Scenario: Vendor with this software on his laptop accesses a corporate network. The information is sent to the remote logging site.
A week later, someone breaks in to the corporate network, aided by the information about the local layout. This information was obtained by breaking into the logging site (or just plain snooping, if the info was sent unencrypted).
It seems clear to me that those who designed the software to send this information to a remote site would be liable in such a situation.

Re:Reformat HD = Free Laptop?

[0100010001010011]

Not everyone is a *nix geek. Yes there is a linux way to do things but not everyone wants to deal with that. There is an OS X and a Windows version.

I bought my sister, brother and myself a version of Orbicle's Undercover which does everything this does and a bit more. It'll take pictures of the thieves (if your Mac has a built in iSight), change contrast, etc.)

I was pondering making my own group of shell scripts do do something similar.
curl -O mywebsite/stolen.txt. Leave it at a 0, then make it a 1 when my laptop is stolen. Then have it do weird stuff. isightcapture can record pictures of someone as soon as the lid opens or during invalid login attempts. There are apple scripts to change the monitor contrast, computer volume, say stuff. (All of which Undercover does).

As soon as it detects it is in an Apple Store (by host name) it cranks the volume up and announces "This laptop is stolen. This laptop is stolen."

I thought about how much work that would take and I thought, meh. I'm watching TV and bought Undercover.

Finally, this is open source. Isn't that what the slashdot crowd bitches about most "ZOMG IT'S NOT OPEN SOURCE BURNNN". Someone took the time to build an installer for 3 different systems, make it so it used a DHS so you didn't have to configure FTP settings (You know not everyone has a my.website that they can read logs on daily) and all 1/2 the people here can do is bitch about how stupid it is or easy it could be to do with cron.

Thieves are stupid. Most will boot the machine and use it. Look at Orbiclue's "success stories." One thief loaded WoW then tried to delete all the personal files of the person. This isn't going to stop a corporate hacker but the jackass that breaks into your car, you might have a chance.

Re:Reformat HD = Free Laptop?

[MyLongNickName]

          30 * * * * perl -e 'sleep rand(1800)';\
        wget -q --spider http://my.website/report/LAPTOPNAME

That too does a connect on average every half hour, and the IP address and time is being logged.

Average of every 15 minutes, I belive :)

Re:Reformat HD = Free Laptop?

[amohat]

Sort of off-topic, but why is the burden on the consumer to protect the banks from getting robbed?

Thieves don't steal anything from consumers in this scam. All they do is trick the banks into giving them money, and the banks somehow blame the consumer for their flawed security systems.

Just reminding folks...

Re:Reformat HD = Free Laptop?

[Robotech_Master]

Of course, this software won't necessarily work well if you have Linux as your primary OS on your laptop (or otherwise have it password-locked). If a thief boots your computer up and gets a login prompt, he's just going to wipe the hard drive and install Windows.

Re:Reformat HD = Free Laptop?

[arth1]

Average of every 15 minutes, I belive :)

Actually, no. You're thinking of a loop with a random wait of 1800 seconds. This is a cron job, not a loop.

However, you pointed me to a bug -- it executes on average once per hour.
It should have read:

0,30 * * * * perl -e 'sleep rand 1800';\
wget -q --spider http://my.website/report/LAPTOPNAME

That way, the script will be triggered once every half hour, after which it waits for up to half an hour and then executes. Two subsequent accesses may be as little as a second apart, and as much as an hour, but on average, once every half hour.

Re:Reformat HD = Free Laptop?

[hesaigo999ca]

yeah seriously, like formatting and installing linux is hard, i don't get this tracking
you laptop crap.

If i wanted the info from your laptop, i would take out the hdd once i got my hands on your laptop, and just resell it with a new hdd and keep yours to review your info.

And it also only works if you have internet connection, if I turn off the wifi and networks cards, no contact anywhere

Re:Reformat HD = Free Laptop?

[hal9000(jr)]

Listen to yourself, arth1. So if said user connects to uber-secret network, surfs to a web site his choosing, his IP is dutifully logged in the web server logs and the users cookie is logged in the app. So now the owner of the website is liable for having that IP?

Not likely. 1) traceroute is NOT hacker activity. It is a function of a properly working network stack. 2) if the user is connected to uber-secret network and htat network is in the reserved address space (rfc 1918), then the IP doens't matter. What does matter is the need to have one public IP addresses to track, hence the need for a traceroute. 3) traceroute only traces one path out. It does not "map the internal network."

Hell, I'd do it and laugh at anyone who wanted to charge me.

Re:Reformat HD = Free Laptop?

[MyLongNickName]

Wouldn't the rand give you a randome number between 0 and 1800, with an average of 900? This is 15 minutes. I do not user perl, so maybe I am misunderstanding the syntax...

Re:Reformat HD = Free Laptop?

[alphabet26]

What I would do is keep a CD with my laptop with all the drivers on it. If the tech is smart enough to format it, he/she will giggle with glee that they don't have to find and download all the drivers after reformatting the laptop.

Of course one of the drivers will be the tracking software... or heck with the right install tool ALL of the drivers will install the tracking software...

Re:Reformat HD = Free Laptop?

[Rakishi]

The owner of that network, which may not be the thief, most certainly has cause of grief if your system was designed to clandestinely do damage or steal inside information. The thief would have no reason to expect that it would do so.

I doubt this would happen unless you can cite previous cases of such things happening. In other words actually prove your point or I'm going to say it's just random absurdities. The system isn't designed per-say to steal information but rather to provide tracking information. Intent is generally important in such things as I understand.

This is slashdot; a car anology is in order.
If you equip your car with a hidden gun that randomly fires on average every 30 minutes, and someone steals your car, you are responsible for whoever gets shot, not the thief. Cause the thief had no rational reason to believe it would do such a thing -- it's not within the normal operational parameters of a car.

Laws on devices that cause injury are stronger and in many places lethal booby traps are in fact specifically illegal. In other words that's a weak analogy.

There are cars with gps tracking, remote disabling (imagine the economic loss that could cause) and so on.

Re:Reformat HD = Free Laptop?

How would it be illegal black hat activity on my part? It would be the fault of the douchebag who connected my laptop (that they stole) to this imaginary corporation's network. I'm not the criminal, the person who stole it is. Please, explain your logic to me.

This is the law. Logic and fairness are goals but not guarantees. Just because someone committed a crime upon you does not give you free rein to commit crimes upon them or third parties.

Re:Reformat HD = Free Laptop?

[arth1]

Wouldn't the rand give you a randome number between 0 and 1800, with an average of 900? This is 15 minutes.

With "0,30 * * * *", the job gets called at 00:00, 00:30, 01:00, 01:30 and so on. The job then waits for 0-30 minutes (an average of 15 minutes as you pointed out), and then executes. That delay doesn't change that it's still triggered every half hour, and will run on average every half hour.

The "perl -e 'sleep rand 1800'" could be changed to other values without affecting how often it runs. Just how long it waits. The 1800 is to ensure that there will be exactly one access within each half-hour time period. When, during this period, is random.
If using 900 instead of 1800, you would have one job trigger between 00:00 and 00:15, and another trigger between 00:30 and 00:45, which would be predictable.
If using 3600 instead of 1800, you would have one job trigger between 00:00 and 01:00, and another trigger between 00:30 and 01:30. That would be even more random, but you'd lose the guarantee that an access is made at least once every half hour.

I do not user perl, so maybe I am misunderstanding the syntax...

It's probably not perl that throws a cog in the wheels of understanding, but the combination of a crontab job and a delay.

If using "at" instead of "cron", you could use a value of 3600 to get an average of every 30 minutes. Example:

#!/bin/sh
wget -q --spider http://www.mysite/report/LAPTOPNAME
DELAY = `perl -e 'print int rand 3600'`
# schedule myself to run again in DELAY seconds
echo $0 | at NOW + $DELAY

The advantage to using "at" would be that you wouldn't sometimes see a process sleeping. The disadvantage is that if a job is missed, the at job has to be re-triggered.

The best would probably be a combination:

0,30 * * * * echo "wget -q --spider http://www.mysite/report/LAPTOPNAME" |\
at NOW + `perl -e 'print int rand 1800'`

Regards,
--
*Art

Re:Reformat HD = Free Laptop?

[Vendetta]

A script that performs a relatively harmless traceroute is not analogous to putting a bomb in a laptop. There is a HUGE difference between the two, and if you can't see that difference you are deluding yourself.

Re:Reformat HD = Free Laptop?

[MyLongNickName]

Thanks for the lesson ;)

Re:Reformat HD = Free Laptop?

[limaxray]

Yeah, I think some people underestimate thieves. I knew a kid in college who would steal laptops and other such equipment on a regular basis. The guy had a serious problem where he almost couldn't *not* steal stuff, and thus I learned to avoid him like the plague. Anyway, he wasn't the brightest crayon in the box, but he certainly knew how to reinstall Windows/OSX and would wipe his stolen wares as soon as he got it back to his room.

Now this probably isn't your average street thug thief, but I would bet it does represent your typical college / corporate campus thief. Basically, not every crook out there is a homeless crack head trying to support their addiction; some are educated and do it for kicks and a few extra bucks.

Re:Reformat HD = Free Laptop?

[arth1]

The IP address that the outside world sees is not proprietary information.

The IP address that you have on the inside of a NAT, as well as the routing information on the inside is.

A remote web site logging that I have 123.45.67.89 as my IP address only logs the public information. It doesn't see that my internal IP address behind the NAT really is 172.16.0.16 and that I use a router at 172.16.0.31, unless that information is specifically sent to the remote server.
The owner of the network I'm on might not want people on the outside to know that internal machines uses a 172.16.0.0/22 (or whatever) subnet, and how it sends traffic through various internal routers. The internal topography is proprietary information, but can be useful to intruders.

Re:Reformat HD = Free Laptop?

That's actually a pretty good plan... how hard would it be to modify the bios, so it prints something like that out on the screen as it's booting... so even a wipe wouldn't remove it? Perhaps it should be a new feature of modern bioses (how do you pluralise that?)

Re:Reformat HD = Free Laptop?

[MrNiceguy_KS]

So install WinXP on a small partition and set it up as the default boot option with no password. And like CowboyNealOption said just above, leave lots of porn so they are encouraged not to wipe the machine

Re:Reformat HD = Free Laptop?

[MrNiceguy_KS]

Most honest people cant format and reinstall windows. you expect the dumber parts of society, the thieves, to know how to do that?

So true. TV and movies have criminal masterminds who pull off brilliant crimes because they are smart enough to get away with it. Real life has people who commit crimes because they aren't smart enough to hold down a job.

Re:Reformat HD = Free Laptop?

[xtracto]

So according to your logic, if I have a machine at my office that (for some good reason) sends a scan of the local network to HQ, reboots random local machines and sends goatse pictures to the local printer, then if someone steals this machine and plugs it into his network, they have the right to complain??

Well, afte all it is in the USA were a thief can sue you when huring himself after trying to climb your house wall to steal from you.

Re:Reformat HD = Free Laptop?

[arth1]

The system isn't designed per-say to steal information but rather to provide tracking information. Intent is generally important in such things as I understand.

The problem with the intent here are twofold:
1: It collects the private data clandestinely.
2: The information gathered is only useful if the network is protected, either by packet dropping routers, a NAT device or otherwise. It is useless if the network is open in the first place -- then the traceroute could be done from the outside, and not the inside.

As such, the intent seems to be to secretly obtain and divulge information that is NOT publically available. I see a big problem with that.

No, go to the police or a licensed investigator with the outside IP address and time stamp. The network owner can then discover and disclose the needed information without disclosing his internal network topography.

Re:Reformat HD = Free Laptop?

[arth1]

A script that performs a relatively harmless traceroute is not analogous to putting a bomb in a laptop. There is a HUGE difference between the two, and if you can't see that difference you are deluding yourself.

The type of harm differs, Captain Obvious, but in both cases you have intentionally prepared something that is likely to cause an illegal act if stolen. There's no reason for the thief to suspect that this will happen, and thus no way to prevent it, and the responsibility for the action falls back on you.
Logically, there's no difference, although emotionally there obviously is.

Re:Reformat HD = Free Laptop?

[Rakishi]

As such, the intent seems to be to secretly obtain and divulge information that is NOT publically available. I see a big problem with that.

The question was not if you see a problem with this but if you have any evidence that this is illegal, so far you have failed to show anything besides analogies.

As such, the intent seems to be to secretly obtain and divulge information that is NOT publically available. I see a big problem with that.

You are assuming that the public IP of a company, or rather a specific router used by it, is public information while in fact it may not be.

No, go to the police or a licensed investigator with the outside IP address and time stamp. The network owner can then discover and disclose the needed information without disclosing his internal network topography.

What information can they disclose? If they have 10k machines with internal ips and you tell them the outside ip and a timestamp they'll give you a blank stare if you're lucky. If you have the mac address they may be able to track that but possibly not.

Re:Reformat HD = Free Laptop?

[FictionPimp]

If a company is not auditing the computers it allows on their network, then they are a open network.

Is it the fault of the user who brings a notebook with a virus on it that infects the entire network, or the IT staff for not insuring he was running anti-virus before allowing him access?

Re:Reformat HD = Free Laptop?

[Rakishi]

No there is a logical difference as a result of potential negative consequences. The world is not black and white. Even when it forced to be black and white the line is not drawn where you think it is drawn but where society (let's say the law in this case) says it is drawn.

By your logic there is no difference between pepper spraying or shooting someone to subdue them (let's say it was an unarmed thief) because in both cases the intent was to stop them. Of course society and the law disagree which is why we have the concept of "excessive force" and so on. Likewise you can have a hidden car alarm (thief may get distracted and crash car but not likely) but not a hidden car bomb (intent is to kill not to prevent theft).

In this case it's the difference between getting the minimal information needed to track the laptop successfully and uploading everything you can find on the network (or taking down the network).

Re:Reformat HD = Free Laptop?

[arth1]

What information can they disclose? If they have 10k machines with internal ips and you tell them the outside ip and a timestamp they'll give you a blank stare if you're lucky.

In addition to the timestamp, you also have the information of which web site they accessed. Normally, in medium-to-big companies, all web accesses get logged by a security proxy, with the internal IP address.

But again, that discovery is something that should be done by those explicitly allowed to do that kind of discovery. Vigilante investigations are not permissible in a modern society.

Re:Reformat HD = Free Laptop?

[arth1]

The question was not if you see a problem with this but if you have any evidence that this is illegal

Where, exactly, was that question posed? Except in your post right now? Moving the goal posts when running out of arguments?

Re:Reformat HD = Free Laptop?

[Atti+K.]

he's just going to wipe the hard drive and install Windows.

I have a PPC Mac, you insensitive clod!

Re:Reformat HD = Free Laptop?

[Rub1cnt]

itll probably be on TPB.org by sundown.

Re:Reformat HD = Free Laptop?

[Rakishi]

To quote my original post:

I doubt this would happen unless you can cite previous cases of such things happening. In other words actually prove your point or I'm going to say it's just random absurdities.

You're the one who's ignoring my questions and even the post I'm replying to does the same. Instead of answering my question you ignore it and accuse me of trying to change the argument. Since you're the one making the strong and original statement (ie: this is illegal) then ti falls upon you to back it up with something concrete. In other words all I asked was you to back up your points with something other than weak analogies and so far you have failed.

Re:Reformat HD = Free Laptop?

[mjwx]

You can bet that the first thing a thief will do with a stolen laptop is sell it. Thieves aren't too smart (else they would be come lawyers and salesmen, the legal form of thieves) but they are smart enough to get rid of the incriminating evidence in short order.

Re:Reformat HD = Free Laptop?

[faqer]

I suppose it's like blaming the gun manufacture for not preventing bad guys from using the guns when they steal them from police/army.
The only difference it that those bad guys know what a gun can do, while the laptop thief doesn't.

Re:Reformat HD = Free Laptop?

[bloodninja]

The type of harm differs, Captain Obvious, but in both cases you have intentionally prepared something that is likely to cause an illegal act if stolen.

So, what you are saying, is that the picture taking feature should be disabled too, because the theif just might be 16 years old and naked when he powers on your machine? Because that's kiddie porn right there.

Re:Reformat HD = Free Laptop?

[bloodninja]

If a company is not auditing the computers it allows on their network, then they are a open network.

Is it the fault of the user who brings a notebook with a virus on it that infects the entire network, or the IT staff for not insuring he was running anti-virus before allowing him access?

It is the fault of the IT staff for running a system vulnerable to such attacks. First rule of security: everyone is attacking you, especially those you trust.

Re:Reformat HD = Free Laptop?

[arth1]

You being ignorant of 18 U.S.C. 2701, 3121 and the Cyber Security Enhancement Act (a.k.a. section 225) isn't my problem.

In particular, installing a pen register to log addressing and routing information without a court order is specifically forbidden under U.S.C. 3121.

And what, I hear you cry, does a pen register have to do with this? The legal definition of a pen register:

(3) the term "pen register" means a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider or any device or process used by a provider or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of its business;

The PATRIOT act removes any ambiguity by specifically pointing to this section, and clarifies that it includes "an Internet Protocol address, port number, or similar computer network address or range of addresses", and also clarifies a pen/trap device "to include an intangible "process" (such as a software routine) which collects the same information as a physical device"

Adeona's process for clandestine recording of routing and addressing information fits this description, spot on.

Now go away.

Re:Reformat HD = Free Laptop?

If you install a bomb in your laptop with a dead-mans-switch which requires you to touch a file at least every day, or it goes off, and someone steals your laptop and the bomb goes off killing innocent people, you can (and should) be blamed. This is no different.

It's totally different both in magnitude and in detail. The difference in magnitude is obvious. The difference in detail is that it would be highly unusual to have a bomb in a laptop. While only a small minority of users may have tracking software installed on their laptops, it's still common enough that it shouldn't be an unexpected threat if you consider what it's doing to be harmful (which seems like a stretch anyway). Your argument seems to hinge upon the "harmful" act being so unusual as to not allow anticipation. If you are allowing untrusted computers to connect to your network, it would be reasonable to assume that they could be running tracking software.

How does it work?

Does it install some firmware into the BIOS?
Or I can just format the HD, install a brand new OS and workaround that lost&found tool?
The only useful tool to avoid a laptop to be lost or stolen is the brain: always keep an eye on your laptop and keep on reading Slashdot.

Missing..

[vigmeister]

Desktop love...

Why exactly would this NOT work on a desktop? Or a UMPC? Or a ULCPC?

Cheers!

Re:Missing..

[Darkness404]

Why exactly would this NOT work on a desktop? Or a UMPC? Or a ULCPC?

It would work. But UMPCs and ULCPCs are usually put into the category of laptops. And laptops have slowly become to mean, something that is a computer and mobile.

As for desktops, who carries a desktop around? Most people I know leave them at home. And if your house is broken into, you usually have a lot more to worry about then just your desktop being stolen. Plus, if there is evidence that your home was broken into, the police are going to be a lot more alert and through then if your laptop was taken.

Re:Missing..

[BPPG]

Well, desktops tend to have rotary garfuncters, laptops use malleable garfuncters. Also, desktops tend to be too large, it needs to be on a smaller laptop for the software to work properly. Any computer shop employee can explain this to you.

Re:Missing..

[pla]

Why exactly would this NOT work on a desktop? Or a UMPC? Or a ULCPC?

It would work just fine... But do you often take your desktop PC out for coffee?

Re:Missing..

[Arcane_Rhino]

But do you often take your desktop PC out for coffee?

Well, not so much anymore. Once I realized it was a "sure thing" I kind of stopped the romance.

I felt kinda bad until I inserted the comment, "I wanna just stay in today" on the start-up splash.

Re:Missing..

[cecille]

Apparantly you've never had the police respond to a break-in at your house. Around our area, they couldn't possibly care less. When our break-in happened, it was the middle of the day and there was a half hour between when my roommate left and when the police were called because someone saw the broken window. My roommate saw three kids out front before she left. Kids were spotted running out back like 20 mins later. These were not the slickest criminals either - we gave the police the soda bottle and various other items that they LEFT in our house (reverse theft I guess) and an address. Hell, they even manged to CASH a cheque they took and even that netted no resonse. Hours spent on the case to date? Zero. People questioned? Zero. Items recovered? Zero.

Now, I'm not saying that a laptop would get a better response, but the main problem we had was that I was not able to prove that the total amount taken was >$1000, and hence it was not considered grand theft. I can SAY that my guitar was woth x-hundred dollars, but until you hit that magic number and it's PROVEABLE, no one cares. I think a laptop would be over that amount almost by default.

Re:Missing..

[Darkness404]

I think a laptop would be over that amount almost by default.

Well, it depends, Ive had a few $500 laptops and I am typing this on my EEE PC which is $350. But for the laptop the police could simply say that you lost it and are panicking and to call back X-days later, when a thief could wipe the HD, install pirated XP and sell it.

Re:Missing..

[pbhj]

It would work just fine... But do you often take your desktop PC out for coffee?

She prefers tea.

Re:Missing..

[Anonymous+Cowpat]

but the desktop is the machine with the beasty graphics card and water cooling. I've been pricing up a new computer recently and a moderately powerful system (but by no means bleeding edge), without a case or monitor (or water cooling) comes to just shy of the sterling equivalent of $1000. I can't see an entirely nicked desktop (can you include software in that $1000? "That machine has got office on it, add $100s") coming out under $1000, and certainly not much under.

Crappy about the lack of police response that you had.

Re:Missing..

[shvytejimas]

But do you often take your desktop PC out for coffee?

I personally don't. But these guys do ,)

Re:Missing..

You sad little man...

business model

[dissolved]

1. Post story about leaving your laptop at home
2. ???
3. Profit!

(I'm so sorry)

Prior art ?

[Gothmolly]

I get warnings that my computer is broadcasting its IP address all the time !

Re:Prior art ?

[Rub1cnt]

Okay....I can see the ideal laptop recovery solution.. When flagged stolen, the laptop automatically connects to the National Reconnissance office, files a request for priority targetting and reconnissance with Joint Chief's auth, an orbital bird is retargetted to the live GPS tracker, once eyes are on the target, a predator Q is dispatched, then whamm-o, the thief gets eradicated while driving/walking down the street by the hellfire missile. Extreme...yes.. Effective, yes... But man, think of the drop in crime the first time! :)

Comment removed

[account_deleted]

Comment removed based on user account deletion

No proprietary, central service?

[iminplaya]

This sounds suspiciously like some kind of P2P thing. I think it should be outlawed :\

The challenge is set

[tttonyyy]

users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop

Honestly, publishing that on slashdot is like telling a small child "there is no way you can reach the delicious stash of chocolate in that cupboard right there"

Re:The challenge is set

[ShiningSomething]

You beat me to it! That quote is just asking for trouble. Apart from being absolutely, obviously false.

Re:The challenge is set

[Darkness404]

No, its more like saying, you have the key, no one else can open it. Which I suppose that someone could cut off the locks, and open whatever you have locked. But the possibility of that would be lower then if you gave the key to 10 other people.

And it is no more of a challenge then saying that your browser is open source, that means that no one can force you to upgrade it.

Re:The challenge is set

[wvmarle]

False, why? Can you prove it? (I can't either way) The makers of the software will probably be very interested if you can. If I understand the workings well, they did a pretty decent job.

Or go a bit further: show the actual exploit that tells where other people's laptops are. Abuse the system, show the faults. Adeona will only get better because of that.

Re:The challenge is set

[Lumpy]

All I care about is the ability to remotely WIPE the machine. I dont care about recovery as Insurance gives me a new upgrade when it's stolen. I want to be able to trigger a switch that will wipe the thing hard and replace the windows boot with "STOLEN LAPTOP!" but will settle for simply wiping the drive silently.

Re:The challenge is set

[Lord+of+Hyphens]

If it wasn't for the obvious issues, I'd love a system where I could cause the machine to detonate/meltdown.

Re:The challenge is set

[arth1]

A dead man's switch would do that.
The problems with them are that they are more often triggered inadvertently than for good reason. If you have to touch a file, access a web page, or otherwise take an action, what happens when you get pneumonia and are out with fever for a week? And if relies on an external automated function, like your server hitting a port regularly, and a zap occur if the machine hasn't been poked in a few days, what happens when you go on vacation or have the machine repaired, and forget to turn the timer off?
Or what happens if your clock battery dies, and the new one defaults to several years ago?

Laptops with built-in cell phones that can wake the system would probably be a better solution -- then you could log in remotely and do what you needed.

Re:The challenge is set

[MrNiceguy_KS]

Replacing the Windows boot screen with "STOLEN LAPTOP" is certainly doable. For extra fun, also hit the desktop wallpaper, Startup sound, and, if you really want to be obnoxious, every other system sound. Doing so in a way that would survive a drive wipe would be much more difficult.

You could compromise with storing all user data in a separate partition, which could be wiped via remote trigger. The idea of turning the laptop into one bit "STOLEN LAPTOP" announcement is too much fun to simply go with the remote wipe. Especially since most laptop volume controls are all software only. Heck, some BIOS update programs will let you change the image displayed on the POST screen.

Re:The challenge is set

[znerk]

All I care about is the ability to remotely WIPE the machine. I dont care about recovery as Insurance gives me a new upgrade when it's stolen. I want to be able to trigger a switch that will wipe the thing hard and replace the windows boot with "STOLEN LAPTOP!" but will settle for simply wiping the drive silently.

The abovementioned cronjobs could be helpful with that.

I'm imagining a series of cronjobs, actually.
One that grabs a specific file from a webserver, then another shortly after that executes the downloaded shell script. The script would do nothing at all, of course... until you replace it (on the webserver) with the one that wipes all your sensitive data, then sets another cronjob to scream for help at some inopportune moment.

Ways to scream for help:
Faking a midnight DoS attack on fbi.gov sounds like a good way to get your laptop's thief caught. Of course, your laptop will probably be confiscated as evidence, and this might actually result in *you* going to jail, but whatever. Another downside would be the internet lagging like a beast as soon as it started, making the network traffic very obvious to the (illegal) user.

Wait for a phone line to be plugged into a modem, and dial 911 every 10 minutes with a voice message "I am a stolen [make/model] laptop computer with serial number xxxxxxxx, please trace this call and come bring me home. Thank you." Yes, I know, who uses phone lines these days? Perhaps VOIP would be a better option. Or maybe a cell phone in the casing? I've seen several articles on hiding a (caseless) cell phone in your vehicle, I don't think it would take too much ingenuity to do it to a laptop.

You can do quite a bit with a cron'd wget, followed by a cron'd shell script (pulled with the wget). If they turned your laptop on in the presence of WiFi, it could immediately alert you to its presence. Perhaps you could set the downloaded script to email you with location data every few minutes, or even hack a GPS unit into the laptop casing and USB it to the mainboard, so that you could email yourself actual coordinates. Plug those into google earth, and then call the cops and tell them "My laptop was stolen. Its GPS tracking software just told me that it's at [insert address here]. Please go pick it up, it's a [brand and model] with serial number [serial number]". Or go get it back yourself, if you are so inclined.

Have the embedded camera start taking snapshots (or even video). Have the microphone record the ambient noise (and any talking nearby). I'd worry less about accidentally capturing "sensitive data" than the thieves should about my laptop calling the cops on them when they turn it on.

"Hi, this is [name], my stolen laptop appears to be in use right now at the Starbucks on the corner of Third and Main. It'll be the one screaming its head off, probably being run away from by the guy that stole it. It's gonna start a 50-decibel siren and lock its inputs in about 15 minutes. I'll meet you there (I'm calling from my car, and I'm about 10 minutes away), so that I can shut it off for you (thus proving that it's mine). I'd appreciate it if I didn't have to make a citizen's arrest first, so please hurry."

Adeona sounds like a nice Q&E method of retreiving a stolen laptop, but I'd rather make it uncomfortable (or even dangerous!) for a thief to walk off with my notebook.

Hmm... maybe even just use the timed login feature to automatically log on to to the Desktop with an account named "Administrator" after a minute or two. Once it logs in, it checks for the presence of a network, and if it finds one, starts some of the nastiness described above while emailing you its IP.

Taken a step further, "dual-boot" the thing with a timed grub boot to a "clean" Windows XP install with no password, straight to the desktop... while running a bunch of "phone home" utilities in the background. How's that for a deadman switch? Yes, it would mean having to wait through the POST and pressing a key or two to kee

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Missing component to open-source project.

All we need now is an open source justice mob with open source pitchforks and torches?

That's SO UN-DIGITAL!!!

The Linux Way

[mcrbids]

Also, what does it do that the following doesn't do in crontab?

1 * * * * wget -O /dev/null http://www.myprivatehomepage.com 2>/dev/null

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Missing component to open-source project.

[von_rick]

What do you mean? WoW is as digital as it gets. Its not open source, but there's no reason for open source digital pitchforks and bloodhounds to exist.

Open sores?

I don't like the sound of that.

Did we need this?

[pla]

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service.

...Because putting "wget mywebsite.com" in your system startup script (yes, you can do that on Windows as well, you just need to download wget first) has sooooo many proprietary, centralized dependancies?

I actually use something very like that, solely for the purpose of finding my own remote machines' dynamic IP addresses. I don't really see the need for a dedicated "project" to make an entry in your access_log on startup.

Re:Did we need this?

[manastungare]

And their claim is far from accurate: there have been several systems, home-grown or libre software, before theirs.

Here's mine, for example: laptop theft protector, which has been around for at least an year.

Re:Did we need this?

[rukkyg]

Not everyone has their own web servers. This system uses the OpenDHT so anyone can use it, and it doesn't depend on your servers being up.

Re:Did we need this?

[maypull]

I don't really see the need for a dedicated "project" to make an entry in your access_log on startup.

For the people for whom "wget" and "startup script" mean nothing?

Re:Did we need this?

[jroysdon]

Which is all well and good, but it should be optional. Since it is OSS it could be changed, but it would be nice to have an easy option so you can check "Use my server" and perhaps optionally use OpenDHT if my server isn't reachable (or not, if you just don't care and only want to trust your own system(s)).

I've written my own script that does this same thing (supplies all the same data, doesn't use OpenDHT), and getting the webcam automated was next on my list (which they don't have yet for Linux anyway), but it's always nice to have automated updates (assuming it gets rolled up as a package in Fedora, the distro I use) and automatic cool features.

Re:Missing component to open-source project.

The user is probably not the thief but a buyer, etc.

Possession of stolen property is a crime, even if the person doesn't know it's stolen.

Re:Missing component to open-source project.

[nategoose]

1. My brother's alienware laptop was stolen. 2. Reported to the police. 3. Alienware got a tech support call from some guy that bought it on eBay. 4. Guy sends it in for repair. 5. Alienware calls my brother to tell him they have it and only need the police to ask for it officially so they can send it as evidence. 6. My brother tells the police. 7. Police say "huh?" 8. Laptop never sent, buyer never questioned, thief never caught. Similar thing when my sister's credit cards were stolen and used to buy gas at places with security cameras, except then even the credit card company didn't seem to care.

The challenge is set? Good!

[pxc]

Because I'd say that /.ers are more interested in the challenge for the challenge's sake, and interested in proving that it can be done. If somebody reads the article here and sets out to find a flaw in Adeona's security model, and they win, chances are they'll publish it in order to brag, or, if they're the FOSS type, contribute to the project in their own way.

I'd much rather a /.er try to beat the system now than have some lucky/bright thief figure it out and keep it to themselves while they horde laptops and sell them on the streets.

Such naiveness

There's always the posibility of having a design fault that is broken beyond repair, not all faults can be fixed, you know.

Also, why would anyone reveal any exploit they are abusing? Do you honestly think 'black hats' are morons? Not even good-minded people will do it, because there is a long story of people jailed for trying to make things safer.

Open Source Security?

[andy19]

Think about it...is an open source security/tracking system really a good idea? The code is there to look at and study in order to program something that will bypass or disable it.

Re:Open Source Security?

[NevarMore]

No the code is there so that when someone does find a way to bypass or disable the system that we can see the code and fix the bug.

Re:Open Source Security?

[argent]

The code is there to look at and study in order to program something that will bypass or disable it.

Anyone who is going to bother would simply reformat the drive anyway.

Common Sense?

[artifex2004]

it is against the common-case thief that we feel tracking systems can add significant value.

Perhaps, but a stolen laptop is useless without being hacked/reformatted (except for using for parts) if you actually do the minimum of security precautions: having a password required to login/come back from screen saver, etc.

Re:Common Sense?

[filthpickle]

the common thief already knows that you have to wipe a stolen laptop. Or at least the vast majority do.

When I was younger and dumber I helped some common theives wipe/reinstall. They, like you said, either didn't know the login pw and knew that it had to be wiped to get around that, or they knew that they couldn't sell it at most(not all) pawnshops if they couldn't boot it to to the dtop to show that it worked.

I quit doing it because I came to a point in my life where I had too much to lose to mess with silliness like that. And the happy ending is that I heard thru the grapevine a few months ago that they got lowjacked and caught.

Re:Common Sense?

They, like you said, either didn't know the login pw and knew that it had to be wiped to get around that, or they knew that they couldn't sell it at most(not all) pawnshops if they couldn't boot it to to the dtop to show that it worked.

This might argue for creating a passwordless guest account for the thief to use so he doesn't wipe the computer. Assuming that all your datas are well protected-- identity theft could be worse than the loss of hardware.

Anyone have a recommendation for how to sandbox the guest account to make sure it can't do any damage?

Re:Common Sense?

[CowboyNealOption]

Encrypt stuff you care about (in a hidden volume might be nice) and leave lots of porn and other goodies so they are encouraged not to wipe the machine.

Re:Common Sense?

Glad to see you had "too much to lose", instead of realizing that you're helping some crack-smoking thieving piece of shit steal property that peopled worked to earn. Earn.

Re:Common Sense?

[74nova]

That is honestly a great idea if you don't have a login for the machine. If they can get to the desktop just fine and they fine porn there, you're probably right about their tendency to wipe the drive.

however, I think I'd rather have my laptop stolen that have my wife find porn on it. Please, I'm not trolling for comments about her being prude, just pointing out that this isn't necessarily a viable solution.

Re:Common Sense?

[Harlequin]

Errr... no, honey, that's not MY porn. It's there... ummm... in case my laptop gets stolen. Uh, yeah.

Re:Common Sense?

[pclminion]

Well I'm happy to know that you only stopped helping criminals because you were too afraid of being caught yourself. Morals? Who needs 'em!

Re:Common Sense?

[tehcyder]

I quit doing it because I came to a point in my life where I had too much to lose to mess with silliness like that. And the happy ending is that I heard thru the grapevine a few months ago that they got lowjacked and caught.

Would it still be a happy ending if you'd been caught and charged as an accomplice too?

The Face of Laptop Theft

[slyborg]

I love those sample pictures of debased laptop thieves furtively inspecting their ill-gotten goods...

Or maybe the Mac demographic is a lot less latte-drinking yuppie than commonly assumed? ;D

Re:Missing component to open-source project.

You should've said that the laptop had police pension information on it and their retirements could be jepordized. THAT gets the police going!

Re:Missing component to open-source project.

[kabocox]

Seriously, from what I understand. Locating your laptop is a lot easier than recovering it.
The police are not likely to get involved. The user is probably not the thief but a buyer, etc.

Um, the police don't like to get involved if there isn't tracking software/hardware in place because then it becomes nearly impossible to actually find said object. Best that they can do is put all the info into NCIC just incase it is found or recovered by any other law enforcement agency. Now, if you had tracking and knew exactly where said object was, as long as the it doesn't cost too much, then they'll be happy to jump through the hoops to recover your stolen object. It doesn't matter if the party that currently has the object was a buyer rather than the actual thief. They are in possession of stolen property and if they don't want to get arrested will return said property and be very helpful in IDing where they got said object.

Propriety Centrality

[fm6]

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service.

Define your terms, please. It's a client-server application, so by definition there's a central location. As for "proprietary", well, I guess it's cool that the software is open-source, but most of us don't choose software for religious reasons.

This solution is touted as being more privacy-conscious than existing "phone home" solutions, but I don't see it. In theory, use of encryption makes the data inaccessible to anybody but the owner of the laptop. In practice, technology is not a substitute for a well-managed system. I'd rather trust my data to a professionally managed system owned by a company with published privacy policies than to some kludged-up system managed by a hacker for whom it's just a hobby, no matter how "foolproof" the software supposedly is. As they say, fools are fiendishly clever.

Oh yeah, and I want my phone-home software in my BIOS, so that the thieves can't just wipe my hard disk to get rid of it.

Open source does have security advantages over proprietary software, and all other things being equal, I'd choose OSS over proprietary for something like this. But all other things are not equal — not, at least, until hardware manufacturers start burning the Adeona client into the BIOS.

Which is not to run down Adeona itself. It's a notable achievement. But I do get tired of the way every OSS milestone is treated as something we should all switch to, post haste.

Re:Propriety Centrality

[jroysdon]

Does LoJack, et. al. have BIOS-level software? I haven't researched that specifically, but that seems like a lot of overhead, but perhaps if that is their only line of work they just by the BIOS software and add their code blobs and update your machine with it... that sounds kinda risky, but I guess so long as they'll replace your laptop so long as they blow up the BIOS.

Re:Missing component to open-source project.

[gcatullus]

Credit card companies couldn't care any less, because THEY are not out any money. Anything that was fraudulently charged on the cards gets charged back top the merchant. The gas station can try and go after the thief, but the police don't always go after that aggressively.

My suggestion..

[msimm]

Then don't code for the project.

The thing here isn't if you think "we" need it; it's that someone thought we might and created it.

I mean are we really so desperate to complain about something that if someone gives us something for free (and open) we still feel entitled to moan? Maybe the project will pick up more interest and start doing some other interesting things, like integrating with the open bios project. But either way, this is gravy. Applaud it or ignore it, but for fucks sakes enough with the complaining already.

Re:My suggestion..

[oncehour]

Well said. There's far too many in this community that would rather bitch and moan than help or provide support.

Photos too!

[FirstTimeCaller]

Hmm... the Mac version also snaps a photo with each update. I hope no one is doing anything inappropriate while in front of their computer. Here's hoping that your Macbook isn't stolen by the Goatse guy.

Re:Missing component to open-source project.

[silas_moeckel]

Actually CC companies make a lot of money on charge backs. There is an approx $30 fee that goes along with each one and it's for the full amount so they keep there original 1-5% fee as well. As vendors have more charge backs they even up the percentage they pay on all transactions. People with cards and the merchants are the only people that pay in the CC system the banks and CC companies just make money with no risk.

Is something like this needed?

[Espectr0]

I just got my laptop stolen. As i understand, there is no way to log in to a Vista laptop if you don't know the password to the machine's only administrator account. If they can't log in, they will just reformat.

If i would have logged in with no password , yes maybe i could have tracked them with their ip address and such, but then they would have had access to all my files which of course i don't want to.

So, is this really needed? Next laptop i will also set a password in the BIOS.

Re:Is something like this needed?

[sheph]

Yes because it's so difficult to set the jumper that clears the BIOS.

Re:Is something like this needed?

[jroysdon]

I have a locked down on my laptops called "Guest-password-is-BLAH" where "BLAH" is the password they need to login. They can just click on the "Guest-password-is..." account and put in the password and have access, and hopefully they'll associate to an AP and I'll know about it. Sometimes you gotta spoon-feed them.

Re:Is something like this needed?

[Espectr0]

On a laptop you can do that without opening it? Of course on desktops it is extremely easy, but i don't think it would be easy on laptops

Re:Missing component to open-source project.

[gcatullus]

You are quite right - IMHO THAT is the reason that we don't have a more secure credit card system in place. There is absolutely no incentive for the cartel to do any better. Especially with this illusion of PCI compliance. PCI is just a clever way for Visa/Mastercard to palm off any responsibility whatsoever to the merchant.

Re:Missing component to open-source project.

[Hugonz]

Allow the market to work in the security, police and court industry. Everyone agreed to recover the property, except the one that's *supposed* to be interested in it. Here's how:

http://www.freedomainradio.com/Traffic_Jams/stateless_society_take_2_320.mp3

I encrypted my hard drive

[Britz]

Now I am supposed to set up a second system the laptop defaults to boot into just to install this software? Not thx, not on my limited laptop hard drive. I mean the whole point of my completely encrypted laptop is so that I don't have to worry about it getting stolen, because they won't be able to use the data aginst me or my customers.

Argh, another GPL clickthrough

[Digana]

Dammit, people. The GPL is a license, not a contract. It doesn't need explicit consent from its users. It doesn't need a clickthrough. So why does this software have a clickthrough GPL? This looks to me like a very basic misunderstanding of what the GPL does. I also have some reservations about them making this software GPLv2 only, but that's a very minor thing.

Create a no password user account. Good idea?

[forkush]

If all my user accounts are password protected, then even a dumb or lazy thief will probably want to do a disk wipe - and no more Adeona protection. So I created a non-administrator account, helpfully call NoPassword, so that a wipe is (apparently) unnecessary. I don't see much of a downside to this.

Re:Missing component to open-source project.

Did you call the local police, or the police that have jurisdiction where the Alienware shop was?

If the Alienware guys call in stolen goods like that, the local police would already know what to do.

Or just call the FBI next time, since it's across state lines.

Encrypted drives...

[Kludge]

Assuming that I encrypt my hard drive, this software will not work, correct? And if you have a laptop, you really should encrypt it, no?

Re: BIOS

[Caseyscrib]

Actually most Dell laptops have a setting in the BIOS that enables a tracking feature. Once it is activated there is no way to disable it (according to my BIOS setup screen). http://www.dell.com/content/topics/global.aspx/services/prosupport/computrace?c=us&cs=555&l=en&s=biz

Re:Missing component to open-source project.

[Anonymous+Cowpat]

since when?
Unless you had a good reason to suspect that it was stolen and didn't ask (i.e. you were negligent) it's not a crime to be in possession of it, but you do have to give it back (and try to pursue whoever sold it to you to recover what you paid). Incompetent prosecutors may try to string innocent mugs up for it, but not having known (and not having been reasonably expected to know, or find out) is a defence. IANAL, etc, etc.

Nice "Examples"

"If you install a bomb in your laptop..."

If you equip your car with a hidden gun..."

So, like are you 13 years old or what?

Most of your "examples" are violent, whatsamatter? can't come up with any non-video game references?

Re:Missing component to open-source project.

[debatem1]

Identity theft here. The guy used checks against my account to pay his phone bill, of all things. Cops had NO interest, even though one call would have given them the address.

Re:Missing component to open-source project.

[bill_mcgonigle]

Cops had NO interest, even though one call would have given them the address.

Did you take it to your elected representative responsible for the police budget?

hah!

[filthpickle]

You meet the wrong people, you do the wrong things sometimes. Esp. when you are young and dumb (as I mentioned I was)

you only stopped helping criminals because you were too afraid of being caught yourself

That's a bad reason to stop? So if the world were made up entirely of pillars of morality like yourself we wouldn't need any laws?

Re:hah!

[pclminion]

You meet the wrong people, you do the wrong things sometimes. Esp. when you are young and dumb (as I mentioned I was)

I don't think it makes you a demon. Just somebody who clearly didn't care that it was wrong. Saying "I stopped because it was dumb" would have been enough, right?

I'm no "pillar of morality." But yes, if the world really WAS composed of such "pillars" we wouldn't need laws.

Re:Missing component to open-source project.

[quantaman]

That's nothing.

A few years back my friend's roommate walked into their apartment while it was being robbed.

She recognized the attacker, it was a friend of someone from the building.

My friend gave the name and address of the thief to the police.

Think anything ever happened? (after months of pestering)

Nope.

eeepc

[vajorie]

did anyone try to install this to eeepc? I tried but got a file not found error about some openssl files even though openssl is installed.

retrieve

[vajorie]

it seems like you need your stolen laptop to retrieve it according to the documentation. I'm most probably wrong, so how do you do the retrieve? I read the documentation but couldn't understand how it works. any details if you tried a retrieve?

Windows version can't take photos?

Why not? Why just the Mac version? Whats so hard about the windows version not being able to take a picture?

Re:How did the thief get into your computer?

[colinnwn]

Was the thief savvy enough to find a way around your password, or did you not have a password?

This got me thinking of putting a honeypot account on my XP and Ubuntu computers, with Adeona or something similar, possibly multiple traps. With Windows it would be easy to have an account without a password since account names are visible. In Ubuntu you must know both the username and password.

Anyone have thoughts on how to create an obvious account to use as a honeypot on Linux/Ubuntu?

gone with the wind

[vajorie]

well it's gone now... no longer availble for downlod.