Comments on: An open-source approach to tracking stolen laptops

A project being run out of the University of Washington is aimed at providing a method for locating stolen computers that offers privacy.

[The_Decider]

So how exactly does that key translate to any possible IP address that the laptop could be using?

The stolen laptop would have to know it is stolen to "broadcast" its IP and good luck broadcasting the IP address to where the person who lost the laptop is currently connected. Even on a campus network, the laptop won't likely be able to broadcast across the entire network. If thief and victim are on separate networks? Yeah, right.

You didn't post enough details to know for sure, but this sounds more like a feel good measure that will only work if the thief is a total moron and that the planets align just at the right time.

[Demolition]

According to the FAQ on their website, the tracking client automatically broadcasts an update (including internal and external IP addresses, network router names, access point names, photos (for Macs only)) at random intervals. If you suspect that your laptop has been stolen, then you would use the retrieval tools (installed on another computer) to gather the update's information which you would then provide to the police.

Seems fairly straightforward. A few of the commercial tracking products do essentially the same thing. The only difference is that Adeona is decentralized.

[The_Decider]

It is not straightforward at all.

You can't broadcast across the Internet and usually can't across subnets. Where is this "broadcast" going and how does a second computer with the recovery tools get the message?

[dude7895]

You are a moron. If you actually read the faq before posting, it would explain everything. Read before you comment.

[The_Decider]

The morons are those that think this doesn't use a server to track IP addresses like the article says.

There is no way to verify that this is not being used to invade privacy.

Learn to read.

[CloudedGuru]

What they meant by "broadcast", I hope, is not network broadcasting in networking terms. It would likely send its public IP address to a server the user owns or something as simple as email if the user hasn't verified his possession recently. The idea is you'd get regular notices, by email for instance, as to where it was being used.

This is how LoJack works, the difference being that LoJack can be nearly impossible to remove if it was purchased with a new computer. They have integrated LoJack with the BIOS of some new laptops so that it keeps installing itself on new OS installs. This one, being open-source and user installable could be removed by a simple OS reload. ...though in reality you'd hope your thief wasn't computer savvy.

[The_Decider]

You are probably correct, but how does that get around the claim that it doesn't need a server.

[daftkey]

Looking at the technology itself, it seems to be a "hot potato" (is Dan Quayle still around?) approach a'la Gnutella. (OpenDHT). So we have to assume there will be enough OpenDHT clients in use so that your laptop's broadcast signal reaches whatever computer you are currently using.

So the question is - how is more privacy provided by your location data hopping all over the internet instead of at a central server? Even more importantly, can we rely on all the location data hopping around the internet being timely enough to even help you find your computer?

The answer, I guess, is encryption - except that I'm pretty sure encryption is something that close-source programmers know how to do, too.

Is it any surprise that Terdiman attempts to cover his ass from these kinds of questions with the typical "it's not for everyone" disclaimer. So, like many other OSS initiatives that aim to replace already commercially available solutions, it's just for the elite among us with the "requisite understanding..of technology". Somehow I don't buy this last statement. We're talking about a security tool that should have some pretty simple configuration and setup. I don't see what kind of "technical understanding" you would need, other than to explain why the tool can't find your laptop as quickly as the central-server-based solutions.

[howard_nyc]

potential blindspot:

NO JOY... if thief does not have your OS level password

NO JOY... if thief does not attach to internet

NO JOY... if thief immediatel reformats harddrive and installs OS onto bare metal

NO JOY... if thief simply tosses laptop in trash (oh sure, there are no knuckleheads that nasty)

[jlkansascity]

Or, if you're running True Crypt you're just out the hardware. The data remains secure. http://www.truecrypt.org/

[The_Decider]

"If you use encryption you are secure" is one of the biggest myths.

It is completely dependent on two things:

1. The True Crypt implementation has no exploitable flaws.

2. The passphrase is sufficiently strong

Otherwise you are not secure at all.

[Alphaman63]

Amazing how most of the above comments are based on ignorance. I've been running Adeona on my Macbook for over a month now, and it's unobtrusive, secure, and continuously on the watch. It does not only record info after the unit's stolen. It encrypts everything it saves on the Internet. It takes photos at random intervals up to an hour apart (not 30 seconds, Dan). It does not "broadcast" the IP of the laptop, but stores it on the encrypted file store in a log file, along with ping and trace info that should help indicate where the laptop is. Only YOU can get that info off the encrypted store.

And any Mac owner who knows anything can easily set up their Mac to prevent the disk from being overwritten through a "reformat ... and install". RTFM, or even easier, boot from your installation DVD.

My only complaint about the software is that it is easy to uninstall. But, before you jump all over the developers, that is for a reason, while the software is still in beta form, and this "feature" is planned on being removed in the near future. You still need to get logged into the computer and be able to su or sudo to a priv'd account.

Overall, Adeona is at least equal to, if not better, than the commercial versions of the software out there. I do wish that people who didn't know what they were talking about would LEARN ABOUT and INVESTIGATE the software before making outlandish and irresponsible comments about a very useful program. At least read the FAQ on the UW site. Yeesh, people...

[daftkey]

(I prefer to call it a deep charcoal, myself, Pot, but thanks for noticing).

Okay, so you have anecdotal evidence on your laptop that it is tracking.. "something". You still haven't answered the biggest question that us ignorant nitwits have asked - how does the location of the laptop, and all those pictures, get back to the owner after it's stolen? There isn't exactly a magic internet out there for data to flow through without servers of some sort getting involved, though you and Terdiman wants us to think this. (yes, it's encrypted on "the internet" - so what's the internet, genius?)

Any Mac owner that knows enough to prevent booting from a system DVD (and no, it's not as straightforward as you think) also knows how easy it is to get around this "fix". There is a built-in reset on all Macs with this capability. If you don't know how to use the reset, any Mac authorized technician will be able to do it within about two minutes.

I would guess that your "overall" statement about Adenona comes from the same ignorance that you accuse other commenters here of. That is, of course, unless you have actually used some of the commercial equivalents and had your laptop stolen enough times to render an actual opinion. In that case, please accept my apologies on behalf of all us uninformed morons in this forum who don't read FAQs and accept them at face value.

[Lerianis]

Here is the best way to prevent laptops being stolen: don't leave them alone in the first place and do what I do: have them connected by a chain to my person (the bag is connected, not the laptop itself) and have a lock on the bag so it cannot be open by anyone but you without someone noticing.

Really, as inexpensive as laptops are today..... who would want to steal one, unless it's a super-expensive Alienware one? No one I can think of, not even professional criminals.

[daftkey]

While you're at it - sleep in your car as well. That'll probably prevent it from being stolen. Then you don't have to spend all your time chasing that, too!

Same thing with bikes - make sure you keep it in your bedroom at night. Unless it's a cheap one like laptops are these days - you know, they don't ever get stolen, either!

[AJ Pants]

I agree. Don't let them out of your sight in the first place.

For those lucky enough to be on a Mac, the Firmware Password Utility can be used to render your iBook/Macbook etc completely unusable in the event it does get pinched. Check it out.

[daftkey]

Except for those of us who know the (rather easy) way to reset the EFI to re-allow booting from the system CD. In fact, it is so easy, some users do it by accident when upgrading their system.

[chlimouj]

**sigh**

I wouldn't want Fraus, the Roman goddess of treachery, watching over me.

[jasonschlachter]

in reply to Lerianis...as in expensive as laptops are? Mine personal laptop is $2,500 and I have a work laptop that is worth $3,500...not everyone is a college student with a $500 laptop. Besides, $500 is still a lot of money to say it's not worth protecting.

[Fire Balls]

Lojack while it is in the BIOS can be disabled permanently from the BIOS. Also BIOS passwords are very easy to over write and erase. If the thief is tech savvy at all lojack is a joke. Your best bet is like "jlkansascity" said encrypt your hard drive or sensitive data. You may not get your hardware back but you don't have to worry about your sensitive data getting into the wrong hands. Nothing wrong with having laptop recovery software don't misunderstand me. But it is in no way foolproof and can be disabled much easier then they would like you to believe.

[jwkware]

I thought of a decent Idea, comment and tell me if you think it would work. Take a GPS-like system and put in the laptop. A small one, Like you would bug someones car with. If you could track that GPS, You would know exactly where that laptop is and could go get it. Tell me if you think something like this would work, and why or why not. Thanks, Joe(jwkware)

PS: even tho the GPS would have to have a power source, couldnt there be a Little battery built in for that, and it charges when you charge the actual laptop battery. A gps would not require near as much power.

[jwkware]

I thought of a decent Idea, comment and tell me if you think it would work. Take a GPS-like system and put in the laptop. A small one, Like you would bug someones car with. If you could track that GPS, You would know exactly where that laptop is and could go get it. Tell me if you think something like this would work, and why or why not. Thanks, Joe(jwkware)

PS: even tho the GPS would have to have a power source, couldnt there be a Little battery built in for that, and it charges when you charge the actual laptop battery. A gps would not require near as much power.

[susieart5]

So, can any of you tell me how to retrieve my stolen laptop, without a tracking device having been installed prior to the theft?

[seanlabs]

there's another open source laptop tracker called Prey. I just switched to it from Adeona (now that open dht isn't working) and it works quite well. it works in windows & macs too. the url is preyproject.com by the way