Open Source Adeona Tracks Lost & Stolen Laptops

An anonymous reader writes "Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there's no need to rely on a single third party. What's more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner's choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop."

But without a central service

[pxc]

it may be more difficult for Adeona to gain traction with non-technical law enforcement officers.

"So who do I call to confirm that this laptop is stolen?"
"Umm, me. You see, there's this free software called Adeona that anyone can set up to track their own laptop."
"Never heard of it..."

In previous threads about stolen laptops (like the AskSlashdot thread on how best to recover a stolen laptop) I read some anecdotes where people were in a similar situation with similarly-purposed software that they rolled themselves. Perhaps the software having a common face (same name and features) will be enough to solve this problem.

Missing..

[vigmeister]

Desktop love...

Why exactly would this NOT work on a desktop? Or a UMPC? Or a ULCPC?

Cheers!

The Linux Way

[mcrbids]

Also, what does it do that the following doesn't do in crontab?

1 * * * * wget -O /dev/null http://www.myprivatehomepage.com 2>/dev/null

Did we need this?

[pla]

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service.

...Because putting "wget mywebsite.com" in your system startup script (yes, you can do that on Windows as well, you just need to download wget first) has sooooo many proprietary, centralized dependancies?

I actually use something very like that, solely for the purpose of finding my own remote machines' dynamic IP addresses. I don't really see the need for a dedicated "project" to make an entry in your access_log on startup.

Re:Missing component to open-source project.

[nategoose]

1. My brother's alienware laptop was stolen. 2. Reported to the police. 3. Alienware got a tech support call from some guy that bought it on eBay. 4. Guy sends it in for repair. 5. Alienware calls my brother to tell him they have it and only need the police to ask for it officially so they can send it as evidence. 6. My brother tells the police. 7. Police say "huh?" 8. Laptop never sent, buyer never questioned, thief never caught. Similar thing when my sister's credit cards were stolen and used to buy gas at places with security cameras, except then even the credit card company didn't seem to care.

Re:Reformat HD = Free Laptop?

[arth1]

The proof of the pudding is in the eating. How many laptops has this system recovered so far?

Also, for a PC, I don't see what this software does that's more useful than the following crontab entry:

30 * * * * perl -e 'sleep rand(1800)';\
wget -q --spider http://my.website/report/LAPTOPNAME

That too does a connect on average every half hour, and the IP address and time is being logged.

It does not send any traceroute information (which would be easy enough to do with another half line in the crontab), because doing so could very well be considered illegal black hat activity on your part. Consider someone connecting a stolen laptop to a corporate network. Just because your laptop was stolen doesn't mean you have a right to examining the internal topography of that corporate network, and sending the information to a third party. I'm amazed that the authors of this software are stupid enough to do so!

Re:But without a central service

[Zenaku]

The important thing is to provide all the relevant details when you file a police report -- model, color, and most importantly serial number. If you don't file a police report, then nothing has been stolen as far as the law is concerned.

I did not have my serial number written down anywhere, but when my house was burglarized a few months ago and my Macbook Pro was stolen, Apple was able to provide me with it along with a copy of my invoice. I made sure the police report had the serial number in it, even though I did not have any special software installed for tracking it.

A few weeks later, I found a bunch of new bookmarks in my browser that I didn't recognize and I realized whatever fool had my laptop had not bothered to re-image it, and was still using my Firefox profile, which was still connected to my Foxmarks [foxmarks.com] account.

So I changed them all to point to a redirect page on my own webserver, and set up a cron job to watch the logs and email me whenever it got a hit. Foxmarks dutifully synced my changes down to my stolen laptop the next time the guy opened Firefox, and suddenly I had his I.P. address. He sent it to me several times a day, and it was always from the same IP.

Now, the police in my precinct are not technical, but I called them and left a message explaining the information I had, and referencing my case number, and making it very clear that all they needed to do was get a subpoena to get the subscriber information from Comcast. It took about a week for someone to call me back to find out what the hell I was talking about, about 20 minutes on the phone for me to give him a brief "TCP/IP 101," and then about three more weeks for them to get the paperwork through the courts. But then one day the detective called me up, told me he was standing in the suspect's apartment, and asked me where to find the serial number on the laptop.

I told him how to remove the battery and find the serial number, he matched it against the police report, and I had it back a couple of hours later. The guy that was using it got charged with a felony (receiving and concealing stolen property).

All of my personal files were still on the laptop, just moved into the trash bin. Along with several pictures of the guy and his buddies mugging for the camera and throwing gang signs. (These, of course, I burned to a CD and gave to the police).

Anyway, my point is just that even though the cops are usually not remotely technical, they will follow up on this sort of thing if you are polite, take the time to explain the technology, and make sure to follow procedure by filing a detailed report as soon as your laptop is stolen.

I'll definitely be installing this software on the laptop as soon as I have a free moment -- I got lucky with Foxmarks, but it's better to be prepared than lucky.

Re:Common Sense?

[filthpickle]

the common thief already knows that you have to wipe a stolen laptop. Or at least the vast majority do.

When I was younger and dumber I helped some common theives wipe/reinstall. They, like you said, either didn't know the login pw and knew that it had to be wiped to get around that, or they knew that they couldn't sell it at most(not all) pawnshops if they couldn't boot it to to the dtop to show that it worked.

I quit doing it because I came to a point in my life where I had too much to lose to mess with silliness like that. And the happy ending is that I heard thru the grapevine a few months ago that they got lowjacked and caught.

Re:Did we need this?

[manastungare]

And their claim is far from accurate: there have been several systems, home-grown or libre software, before theirs.

Here's mine, for example: laptop theft protector [tungare.name], which has been around for at least an year.

Photos too!

[FirstTimeCaller]

Hmm... the Mac version also snaps a photo with each update. I hope no one is doing anything inappropriate while in front of their computer. Here's hoping that your Macbook isn't stolen by the Goatse guy.

Re:Common Sense?

[Anonymous Coward]

They, like you said, either didn't know the login pw and knew that it had to be wiped to get around that, or they knew that they couldn't sell it at most(not all) pawnshops if they couldn't boot it to to the dtop to show that it worked.

This might argue for creating a passwordless guest account for the thief to use so he doesn't wipe the computer. Assuming that all your datas are well protected-- identity theft could be worse than the loss of hardware.

Anyone have a recommendation for how to sandbox the guest account to make sure it can't do any damage?

Re:Missing component to open-source project.

[silas_moeckel]

Actually CC companies make a lot of money on charge backs. There is an approx $30 fee that goes along with each one and it's for the full amount so they keep there original 1-5% fee as well. As vendors have more charge backs they even up the percentage they pay on all transactions. People with cards and the merchants are the only people that pay in the CC system the banks and CC companies just make money with no risk.

Re:Reformat HD = Free Laptop?

[hal9000(jr)]

Listen to yourself, arth1. So if said user connects to uber-secret network, surfs to a web site his choosing, his IP is dutifully logged in the web server logs and the users cookie is logged in the app. So now the owner of the website is liable for having that IP?

Not likely. 1) traceroute is NOT hacker activity. It is a function of a properly working network stack. 2) if the user is connected to uber-secret network and htat network is in the reserved address space (rfc 1918), then the IP doens't matter. What does matter is the need to have one public IP addresses to track, hence the need for a traceroute. 3) traceroute only traces one path out. It does not "map the internal network."

Hell, I'd do it and laugh at anyone who wanted to charge me.

Encrypted drives...

[Kludge]

Assuming that I encrypt my hard drive, this software will not work, correct? And if you have a laptop, you really should encrypt it, no?