Ask Slashdot: Good Tracking Solutions For Linux Laptop?

First time accepted submitter WillHPower writes "So I have ordered a new Ubuntu-powered laptop. I spent some extra bucks on lots of RAM and a good sized solid state drive. After putting money into it, I'd like to find a way to track this laptop in case it's ever stolen. Are there any good tracking software/services the run on Linux laptops? Also, are there any other techniques besides tracking for dealing with a lost or stolen laptop that I should consider?"

No

No, there's no good Linux HW tracking software. Why? Cause there's no good software for other platforms either. It's all "make-you-feel-good-software" which doesn't survive a simple OS reinstallation...

Re:No

[fuzzyfuzzyfungus]

No, there's no good Linux HW tracking software. Why? Cause there's no good software for other platforms either. It's all "make-you-feel-good-software" which doesn't survive a simple OS reinstallation...

It doesn't exactly give you the warm-and-fuzzies to know that this is possible; but some models have it baked right into the firmware. A suitably provisioned AMT 6+ device can do entertaining things like phone home and provide 'home' with an IP KVM, regardless of OS state.

Re:No

[schnell]

No, there's no good Linux HW tracking software

Of course there is. You just need to tape a note to the laptop asking the thief to compile and install it after doing a code review to make sure it's trusted, and submitting any code patches necessary back to the developers.

Re:No

[gothzilla]

Sure there is. http://www1.euro.dell.com/content/topics/global.aspx/services/prosupport/computrace?c=uk&l=en&cs=ukbsdr3 Computer will ship with the Laptop Tracking and Recovery software agent and a persistence module embedded in the BIOS. The software agent can survive operating system re-installations, hard drive reformats and even hard drive replacements. When a lost or stolen computer connects to the Internet, the software agent contacts the monitoring center to report the computer’s location. For systems with GPS technology included, Laptop Tracking and Recovery has the ability to capture and report more detailed location information. It also provides the ability to track your laptops as they change hands or move around the organization.

Re:No

[melikamp]

Can you point out a free OR open-source implementation of a phone-home BIOS on a laptop? No. No one can, as there ain't one. And a closed-cource security feature is a scam, plain and simple. I'd stay away from laptops that HAVE that feature, even if "deactivated" (how would you know?) by default.

Re:No

[kthreadd]

Well, I guess it comes down to trust and if you trust the vendor.

Re:No

[tlhIngan]

It's all "make-you-feel-good-software" which doesn't survive a simple OS reinstallation...

False. Computrace (LoJack) actually survives OS reinstallation, provided the new OS is compatible (i.e., WIndows).

It does it by relying on a BIOS component that checks for it to be installed and if not, patches itself back in on the hard drive.

Of course, it lacks a lot of authentication and can easily be hijacked if you modifiy the BIOS...

Re:No

[greg1104]

There's a list of where BIOS level Computrace is available on their BIOS compatibility page.

Re:No

[davester666]

How about...try to establish communications with known terrorists using it. Claim you want to start your own cell. Then the NSA will track your laptop for you, for free.

A simple lawsuit will get them to tell you its location if its lost or stolen.

Re:No

[egamma]

Can you point out a free OR open-source implementation of a phone-home BIOS on a laptop? No. No one can, as there ain't one. And a closed-cource security feature is a scam, plain and simple. I'd stay away from laptops that HAVE that feature, even if "deactivated" (how would you know?) by default.

WillHPower did not make FOSS a requirement; why are you making it a requirement? Can you explain why a closed-source security feature must by a scam?

WillHPower wants to get his laptop back if it is stolen. He's not asking for ideological purity. He knows that if his laptop has a tracking device that the tracking data could be used by law enforcement against him. That's what tracking software does; it tracks. That is not a bug, that's a feature, and is actually the feature he wants to have. Apparently he doesn't wear tinfoil; he's not required to. It is his right as a thinking person to choose to be paranoid, or not be paranoid.

The best solution is some form of hardware lo-jack. Maybe a GPS transmitter that can fit in one of the external ports on his laptop, if that isn't built in already.

Re:No

[tibit]

I'm pretty sure it could be done using coreboot (formerly linuxbios). I don't think the code for it is written yet, of course, so yeah, there ain't one - yet.

Re:No

And security by obscurity is a fallacy.

1. No, it's not.
2. You ought to understand what a fallacy is before you start calling something that.
3. It's not even the correct quote.
4. The correct way to say it is like this: "Security ONLY by obscurity is ill-advised"
5. Obscurity is a perfectly valid layer in almost any security model.

Without the ability to inspect the conduct and performance of elected officials, there's no reliable way to know who to vote for in an election.

And that's just flat out not true at all. For example, you could vote for someone who has never served in a government office.

Re:No

[hairyfeet]

Bullshit, just because something doesn't have code for you to play with doesn't automatically make it "security by obscurity" and it has been proven time and again that many eyes like the mythical man month is just that, a myth which even a tiny bit of logic and common sense can rip apart.

For something as complex as a security related program you would have to have 1.- Users with enough years of experience in the cryptography field to actually make heads or tails of it (see the obfuscated C code contest for why this is important) and 2.- These same users, which generally are some of the most in demand guys in IT, having enough free time to check not ONLY the program itself but ALSO anything that is interacting with the code,aka the "trust the compiler" problem.

Show of hands, how many here have done a detailed in depth code audit on Firefox? LibreOffice? Gimp? I rest my case. here is probably the most FOSS heavy geek site on the net and I bet you can't even find 5 people that has so much as even looked at a line of code from the above, which is the 3 most popular FOSS apps BTW, and you won't find even one that has done an in depth code audit for any of the above. And this of course isn't even taking into account the fact that code doesn't stand still so in the time it takes you to do a code audit of say LO 4.1 there will have been 3 releases so that LO is at 4.4 and your audit is worthless and you need to start over. after all who knows what weaknesses the changes added? Maybe a change affects a system you have already audited making it now a risk?

The "having the code automatically makes it more secure" myth hangs on a simple fallacy, the fallacy that assumes because something CAN happen it already HAS happened which real life proves wrong again and again. After all theoretically somebody COULD be born that is immortal but that doesn't mean there ARE immortals walking the earth, and I bet a good 70% of the little projects that make up the average Linux distro probably haven't had their code looked at by anybody that doesn't actually work on the project, everyone just ASSUMES that it has been. Well the same thing applies to proprietary, it COULD have been made by the smartest minds in cryptography or it COULD have been made by Indian call center workers, you don't know in either case how well or poorly the program has been built until AFTER somebody breaks it.

Theft prevention: label it "Linux Laptop"

[xxxJonBoyxxx]

You're probably better off going with theft protection. Your best bet might be to label it a "Linux Laptop" in big bold letters.

Re:Theft prevention: label it "Linux Laptop"

[54mc]

This is actually not a terrible idea. Kinda along the lines of how people joke that the best anti-theft an American car can have is a clutch.

Re:Theft prevention: label it "Linux Laptop"

[K.+S.+Kyosuke]

You're probably better off going with theft protection. Your best bet might be to label it a "Linux Laptop" in big bold letters.

It works even better if you buy a pink one.

Re:Theft prevention: label it "Linux Laptop"

[TheCarp]

ROTFL I have never heard that one but.... I used to live in a house (condo conversion) where 8 people in two apartments had 6 cars with 1 driveway (worst case, number of both cars and people changed over time). During most of that time, I had the only manual transmission (I find it amusing they are still called "standard" by many).

Generally speaking, nobody could move my car but me. Eventually someone moved in downstairs who could move it, but, for the most part, I had to do it, which meant I couldn't just leave without my car unless I made sure it was all the way in the back.

Prey

http://preyproject.com/

Re:PREY

[CosaNostra+Pizza+Inc]

LOL. At first, I misread your post. I thought you said "PRAY is great. It is more effective and runs on most Linuces.". I wouldn't resort to prayer, myself.

Re:PREY

[marcosdumay]

We encourage you to add a BIOS password and disable booting from removable devices on your PC

So that the thief must take the disk out of the computer for formating it? It requires a screwdriver, flawless security.

Re:PREY

[Jeremiah+Cornelius]

I think you are right. But the "plan" is not an intellectual construction, and includes evolution, chaotic interaction, and your own striving...

God isn't a "super human" - but entirely other. Outside time and space, as we can comprehend such things, therefore without "thought" which occurs in the context of the known, of unknowns and of memory. Without anticipation and without a transition of state, God is a category beyond what can be described as a mind or even a being.

Free but only partially useful solution

[Deathspawner]

Writing a bash script that automatically sends the laptop's current outbound IP address to a remote file is one idea. That would at least help you figure out to some degree there the laptop has been used from. It'd require law enforcement to go further than that, though...

Disk encryption

[bradley13]

Assuming you have valuable and/or personal data on the machine, don't forget disk encryption. Either encrypt the entire disk, or perhaps just the data partition. Truecrypt is a good solution for this.

Re:Disk encryption

Exactly.

In fact, just forget tracking, and encrypt the whole disk---if it gets stolen, shrug it off, and buy another one (again, do full disk encryption).

There's not much you can do about crime (sure, you *might* be one of those few folks who locates their laptop, and then breaks the law in some stupid way trying to retrieve it---or infinitely less likely, gets the thief slapped on the wrist by the cops).

Password protect bios, encrypt disk, etc., make it a hassle for someone who ends up with it, but that's pretty much it. Your toy is gone---the quicker you get over it, the better off you'll be.

Re:Disk encryption

[greg1104]

If you encrypt the boot drive properly, it won't boot to anywhere useful without a password. That means you can't use any of the OS-level tracking solutions, because the thief won't be able to boot into the regular OS. If you've let a criminal boot far enough to track them properly, you've really let them get too close to your data.

It sucks in a way that a locked down system can't also phone home easily to find the thief, but realistically that's the trade-off here. I'm willing to write off the cost of a laptop if it's stolen, as long as the thief doesn't also get access to any personal data I have on the drive. Recovering from a case of identity theft costs a lot more than any single device.

Re:Disk encryption

[rvw]

Assuming you have valuable and/or personal data on the machine, don't forget disk encryption. Either encrypt the entire disk, or perhaps just the data partition. Truecrypt is a good solution for this.

Plus provide autologin, so the user won't feel the need to reinstall immediately.

Re:Disk encryption

You have to use the bios (firmware) level tracking stuff. This is especially important when using a Linux based machine as anyone who takes it is simply going to format it or replace the drive and install Windows. Any scripts or crap you setup in the OS are gone.

PREY

[kcmastrpc]

http://preyproject.com/download

Prey Project

[carlhaagen]

http://preyproject.com/

Re:Have it log in with DynDNS and open a VPN to yo

[carlhaagen]

A plethora of solutions already do this, without the overhead of reinventing the wheel. Check out http://preyproject.com/

Stop Theft Plates

[kullnd]

I'm a big fan of these - - They deter the actual theft before it happens.

http://www.stoptheft.com/

Here is what you could do:

[stewsters]

Get internal gps. Dual boot with a no-password windows xp account. The thief will have a much higher chance to log into that. Make it spam a home server with its coordinates every second its on and has access to the internet. Encrypt your linux partition. The key is you want the thief not to just wipe it and sell it, they need to power it on.

Re:Here is what you could do:

[CanHasDIY]

The key is you want the thief not to just wipe it and sell it, they need to power it on.

Depends on the style of thief; your typical, garden-variety tweeker looking for something to sell to the pawn shop probably won't even crack the top, let alone try and boot the thing... a pro or semi-pro identity thief, on the other hand...

Then there's the ever-present bored-teenage-vandal types (especially prevalent this time of year)... those kids are likely going to break into the machine to see what kind of "cool" (read: pornographic) stuff you've got on there, shortly before they completely trash the hardware.

Insurance

[L4t3r4lu5]

Encrypt the hard drive. Insure against theft. Forget about it if it's stolen.

Re:Insurance

[auric_dude]

Please don't forget to make and test backups every now and then otherwise you may well have your insurance payout but no data.

Re:Insurance

[bill_mcgonigle]

Encrypt the hard drive. Insure against theft. Forget about it if it's stolen.

Right, your data integrity is almost always worth more than the hardware itself. In order to install a tracker, you have to permit the attacker access to your filesystem. Don't do that.

If my laptop is stolen, they'll see a grub screen, and then dracut asking them for a password. I'm SoL on ever seeing it again but I don't have to go explain to clients how their security may have been compromised.

I guess ... you could try to bait them with a Windows boot option in grub. Maybe even make it the default if you think it's really likely that your laptop will be stolen. Install the tracker there, perhaps. One could continue along that train of thought with silent grub options and delays to make a deadman's switch of sorts, that would automatically bring up wireless, connect to any routable AP and send a help packet. Hey, there's an opportunity for the next guy who wants to make a new micro linux distro that does something unique - the more silent, slim, and faster the better. Maybe even a fake Windows splash screen while it's doing its business.

Tracking the IP is easy but...

...the problem seems to be that just knowing the IP of your stolen computer is not enough for the police to get it back for you. It seems they also want a photo of the thief taken while using the computer, which complicated matters a lot. At least that's what other users have reported.

Re:Tracking the IP is easy but...

[jamstar7]

...the problem seems to be that just knowing the IP of your stolen computer is not enough for the police to get it back for you. It seems they also want a photo of the thief taken while using the computer, which complicated matters a lot. At least that's what other users have reported.

Not to mention the police will want to talk to you about all that Indonesian plant porn the thieves downloaded onto your laptop after they stole it. Denying that you did it just won't work with them, but might work with a jury if you have a good enough l*wy*r.

Nice Try, NSA

You'll have to try harder than that to get me to help you track people.

Prey!

I would recommend Prey: http://preyproject.com/blog/2011/04/its-official-prey-is-now-on-ubuntu

I have used it and it seems to work well. It's free for up to 3 machines too.

Linux OS likely to be erased offline

[advid.net]

The first thing the theft will do: an offline OS installation.

I bet the stolen Linux laptop will have its OS erased to either to run MS Windows or an other Linux distro.

Re:Linux OS likely to be erased offline

[whoever57]

The first thing the theft will do: an offline OS installation.

Exactly. My daughter's Ubuntu laptop was stolen some years back. It was configured to start OpenVPN on boot-up. The VPN never connected after the theft, so I can safely conclude that it was never connected to the Internet while the original Linux install was present.

Re:Do nothing

[pmontra]

I know it's almost offtopic but what happens if they steal a Mac? I've seen a raided office a few days ago. They got all laptops, half of them were Macs. Do they install some OSX on them?

Prey

[Jane+Q.+Public]

I tertiary the others on this.

While it is true none of the solutions will survive an OS re-install, in most cases that's not terribly relevant. You want to track it down before they re-install the OS anyway.

Prey is very unobtrusive; I often forget it's even there. It can give you screen shots, access location information, and even snap pictures with the webcam if your laptop is so equipped.

Great product and service.

CompuTrace

[DigiShaman]

Depending on the laptop (in BIOS), you can use CompuTrace with Dell laptops.

http://www.absolute.com/en/products/absolute-computrace

Re:Do nothing

Actually they do the same thing, install windows on it. Go to craigslist and notice how many suspiciously cheap macbooks with windows installs there are.

Prey

[readingaccount]

Apologies if this sounds like I'm some sort of shill, but I'm not. Just a happy customer:

http://preyproject.com/

* Free and open source
* Completely passive
* If the laptop is reported missing (and has net access to know this), Prey will report its geo-location via Google Maps, take passive captures of the user with the laptop's webcam, take screenshots of their activity, and if necessary completely lock down the computer (though you'd normally do this manually and as a last resort - once locked, the thief will probably ditch it very quickly). Does other things as well.
* Works on Win/OSX/Linux/iOS/Android

* Allows you to run it in two ways:
1. Make an account on the website, install the software and link it to your account, so that should your laptop go missing you can report its absence via the site and it'll do its thing once the laptop goes online elsewhere. Free accounts all you to link up to 3 devices, pro accounts allow more in addition to more features, but you'll easily be fine with a free account.
2. If you want to be completely independent, you can run Prey stand-alone. No account needed - it works by monitoring for the existence of a URL when online, and if said URL reports a 404 error, it triggers and sends reports via email. Hence, you set up some free hosting with a dummy file, point Prey to the full URL of said file, then if laptop goes walkies, remove the file from the host to trigger Prey. No reliance on accounts or anything. Bit much for a regular user but easy enough for advanced users and not dependent on a company for the software to keep working.

Since you're running Linux ...

[MacTO]

Since you're running Linux, you will probably discover that any thief will reformat the hard drive to install Windows. This leaves two options:

1) Look into software that may already be baked into the firmware.

2) Have it automatically, and preferably transparently, boot into Windows then follow some of the other advice found here.

Neither route will help you recover a laptop once it has passed through the hands of professionals.

Overall, you'd probably be better off detering theft in the first place: don't use it in overly public places, never leave it alone in public places, invest in a good lock, and make it look undesirable. (One thing that I like about my ThinkPad is that it looks 10 years older than it actually is. Stickers, especially "non-removable" ones, make more identifiable and harder to resell without a cleanup effort. Scratches and dings will reduces its apparent value. Heck, smashing the slot for the lock will probably deter most thieves since it would be harder to sell.) Remember, the best way to avoid being a target is to avoid looking like a target.

Oh, and write down every serial number on the system.

DDoS

[DougOtto]

Configure it to launch a DDoS against the NSA and FBI if your password isn't entered within 30 seconds of booting.

Cron

[sl4shd0rk]

This will get you an IP address every 15 mins in your apache log so you can login or trace it.

      */15 * * * * /usr/bin/curl https://mywebserver.org/checkin

Also, if you don't want to run a full apache stack, boa is a nice light webserver which will do the same. Also, many options for perl/python servers which could be lighter yet but you would need to implement your own logging. Another cool option is have your laptop open a reverse ssh tunnel right to your server when it boots.

      @reboot /usr/bin/ssh -R 43811:localhost:22 mywebserver.org

Re:Just ask the NSA

[kthreadd]

They will? I thought that was classified.

How about a C4 "Deadman" Switch

You're a slashdot guy, so you must be pretty talented. Open the thing up and find some unused GPIO (or serial port) that you can tap into and hook a small block of C4 and a detonator up to it [1]. Then, create a cron job that runs daily to check that you've been logged in at least once, and if it doesn't it should assume the laptop was stolen and trigger the detonator. No. Wait. Better make the cron job run every 12 hours. You can never be too careful. Just make sure you never sleep in on weekends or leave your house without your laptop.

Next, to be extra safe, you'll want to somehow monitor failed login attempts and trigger the C4 whenever too many happen. Not sure how to do this as I'm a hardware guy myself, but I'm sure you can figure things out on your own or with your frienemy Google. I'd say that allowing one failed login attempt should be a safe threshold, but I'd recommend against allowing any more than that, as you're just asking for trouble. In fact, unless you're some kind of pussy that can't type, you can probably get away without any grace login attempts.

If you were really paranoid, you could try to implement some sort of retina scan or proximity sensor using the built-in webcam, but that's an advanced topic probably better left for some future "Ask Slashdot" post.

[1] If you have sort sort of issue with using C4, maybe you should consider somehow using a thermite charge instead. Less "bang", yes, but definitively more colourful, and would give new meaning to the term "toasted skin syndrome".

Simple solution

[PPH]

Put a Windows 8 sticker on it. Nobody will touch it.

Re:Simple solution

[danomac]

And make sure it's a bright pink laptop. People will pay you to take it back!

PREY

[Jeremiah+Cornelius]

Prey is great. It is more effective than "Find My Mac" and runs on may platforms, including most Linuces. :-) Android, MacOS and iOS - besides teh usual vanilla from Redmond.

http://preyproject.com/

From the FAQ:

Can Prey be removed by a thief?

Not unless he has your administrative password.

And what if he formats the computer?

That's a different story. We encourage you to add a BIOS password and disable booting from removable devices on your PC, so that the thief will be forced to boot into the previous installation and thus, not be able to format your hard disk easily.

If you have a Mac, there's a firmware password utility on your Tiger/Leopard Mac OS installation DVD (look for it in in Applications/Utilities). On OSX Lion you'll find the utility by booting from the recovery partition.

Re:Just ask the NSA

No, just enter the following URL:

www.nsa.gov/applications/search/index.cfm?q=I lost my laptop could you tell me where it is

I have to admit I was freaked out when the result came back and said, "You're ON your laptop. Stop fucking around, Robert"

Re:Thieves are generally not very bright...

[geminidomino]

Unless they start it up and are greeted with a LinuxMint login screen.

Easy!

[capebretonsux]

Just set up your laptop to post crap about bombs, etc, if you don't reset a timer after a period of time. The NSA will find it for you right quick!

Hardware solution Auduino + GPS+ SMS

[hibble]

Whilst not necessary cost effective as a demo for our IT department we hid a 'Geogram One' arduino device in a laptop. runs off usb power so works whenever the theft powers on the laptop. GPS antenna is hidden in the screen you can get the location by sending a 'Text Message' to the device and it responds with the co-ordinates.

1. laptop stolen
2. IT department sends sms/textmesage with password and instruction to hidden device
3. when laptop is next powered on it starts periodically sending sms messages with location to within 2-4m in our tests.
4. ring cops with location.

will survive any hard drive swap or format and with the corect epoxy if they find it they will atleast brick the laptop in the process as it takes the smd components with it.

downside is time to install and price. also ultrabooks have little space to hide it but any larger laptop you can often find a spot.

Dogma corrupts the mind.

[hessian]

Because closed source is obscure. And security by obscurity is a fallacy.

Any time dogma takes precedence over reality, you're going to fall like the Soviet Union.