Which Lost/Stolen Laptop Trackers Do You Like? 572
saudadelinux writes "I was held up at gunpoint in July, and my laptop was stolen. There are companies out there which, for a fee, install tracker software on your laptop. If it's stolen or lost, they track its whereabouts whenever it gets on the 'Net and work with local law enforcement and ISPs to find the machine. I'm wondering: has anyone used one of these services? Does anyone have a recommendation for which company to go with? My new laptop is a a dual-boot Ubuntu/XP machine, and the couple of companies I've looked at do Windows-only. Are there Linux options?"
Hmmmm... Selfmade solution? (Score:5, Insightful)
A pack of semtex in your laptop.... If you fail to write the correct password after three times, it explodes...
I'm kidding... If those programs can track muggers, they can also track you and that's why I wouldn't trust them. The best way to handle this is to encrypt all your data and insure your laptop against theft. Oh, and daily backups of your data on trusted media which you lock away in a safe.
Essentially, only your data is worth something. The hardware can be covered by insurance.
Re:Hmmmm... Selfmade solution? (Score:4, Interesting)
Just buying insurance does nothing to improve the situation, it just mitigates your own risk (which is good). Encryption and backups are good too, of course.
Re: (Score:2, Insightful)
Granted, I didn't think of engravings... The same style as they do for cars where all windows are engraved with a serial number so that the car can be identified and that it would cost way too much to replace all windows.
However, in the cars case, I doubt that someone stealing your car and exporting it to Russia will care. (I live in Europe, this stuff happens) Someone who pays 100€ for a state of the art laptop knows that it doesn't come from legit sources. So an engraving won't help and who chec
Re:Hmmmm... Selfmade solution? (Score:4, Funny)
Now you tell me, after I used my bowie knife to dig my name and contact information into the screen of my laptop... :-)
Re:Hmmmm... Selfmade solution? (Score:5, Interesting)
Re: (Score:3, Informative)
If I were ever to steal a laptop, the first thing I'd do is take out the HD. Slap the HD in another system as a secondary, so I could scan it for sensitive information (CC#'s, usernames, passwords), and then blast the drive with a squeaky clean install image. I'd do all of this before I even turned the laptop on for the first time. If I were really thinking, I'd probably also take out the laptop batteries until I was ready to flip it.
So how does your boot loader work with that attack vector?
--Joe
Re: (Score:3, Interesting)
Ah, there's the rub! Most criminals are lazy and/or stupid. The few who aren't tend to be engaged in pursuits far more profitable than mugging.
Re:Hmmmm... Selfmade solution? (Score:4, Interesting)
I had a note book stolen from my van once. The guy who stole it did exactly this after someone told them I have a script that checks into a website and leaves IP information as well as the location it was accessed the web from. He was having trouble getting rid of it because they didn't know the passwords. Anyways, he had issues getting some drivers installed and took it to my shop to get help with it. This is about 3 months after it was stolen and I guess the ass wipe didn't know he stole it from me. Fortunately, I recognized the product code I had to use to get drivers from dell and after a quick double check, the cops cops agreed. When we called to inform him to pick it up, the cops arrested him.
Of course this was a cluster fuck too, the cops wanted to keep it as evidence, then they wanted me to show my original receipt to prove ownership of it, and then it was lost in their evidence locker for year. I had started to sue the city when they found it and returned it. All in all, I was without it for a little under 2 years (20 months) because of the ordeal. In the end, I wish I just had better insurance and could have just forgot about it.
My advice, don't keep anything personal on it, make sure you have backups of everything, and enough insurance to cover it as a loss no matter how or where it is stolen from. By the time you get it back, you might have already moved on and nothing guarantees they will connect to the internet (and allow you to bust them) before they get anything personal from it. It would be nice if there was something built into the power supply or maybe the Ethernet card so it could be tracked without and OS installed like when charging or when and after reloading the OS. But absent something on a level like that, I don't think anything would be muhc help.
Agreed (Score:3, Insightful)
Essentially, only your data is worth something. The hardware can be covered by insurance.
Agreed. Hands down, this is the best solution, and it will save you in many cases other than theft where you lose data. Modern laptops come with s
Re: (Score:3, Informative)
Well, the author of the article mentioned it was a windows/linux laptop, and that he couldn't find a tracker for anything but windows.
I put for that that we've FINALLY found a real use for windows. Create a small partion on it for windows, with the tracker software, and only use it for that.
It is doubtful the cri
Re: (Score:3, Insightful)
It is doubtful the criminals would know what to do a boot into linux...so, encrypt and protect your real work on the Linux side, and leave the windows part for them to log into when they steal it.
IANALT (I am not a laptop thief), but, if I were to steal one, the first thing I'd do is a reformat/install of my favorite OS, after disconnecting the battery for a few days to take care of any CMOS passwords.
Not that the comedy of having a thief get all caught up with Bonzai Buddy is lost on me, though...
Re:Agreed (Score:4, Insightful)
Your $1k laptop may only get the thief $50 (more than enough for an addict to risk pointing a gun at someone), but the next guy in the chain maybe gets $200-$300 after he reformats the drive and alters the serial numbers, MAC address, etc.
Well, at least... (Score:2)
Re: (Score:3, Insightful)
I forgot to mention: for encryption you don't need to shell out big bucks like the dolts at the IT department did where I work. Just install Truecrypt [truecrypt.org] and encrypt your data partition. Let that partion map on your My Documents folder and you're done.
I use it on my USB sticks.... Love it
That said, while Truecrypt exists for Linux, I'm sure there is a native way to do encryption without additional software. If anyone has more information about that, I'll be glad to hear of it. (Migrating to Ubuntu full-t
Re:Hmmmm... Selfmade solution? (Score:5, Funny)
That would make airline travel more enjoyable...
Re: (Score:3, Interesting)
Smuggling milkbones (Score:5, Funny)
Re: (Score:3, Funny)
+1 Funny: A moderator's intent to see the moderated shamed, humiliated or otherwise injured by their own sarcastic illustrations.
Re:Hmmmm... Selfmade solution? (Score:5, Funny)
Re:Hmmmm... Selfmade solution? (Score:5, Funny)
ANTI THEFT: Runs Slackware Only!
GENTOO: Not For You
DEBIAN: CUTTING EDGE (2 years ago)
NO GUI: RUNS CLI ONLY
and so on
I kid, I kid!
Re: (Score:3, Interesting)
I installed fedora on it, and much to my surprise, suddenly my computer asked for my fingerprint BEFORE giving me the opportunity to change the BIOS settin
Re: (Score:3, Interesting)
When I got my first inkjet printer, I noticed that it printed differently then the dot matrix it replace. Soon, we were using the scanner to scan finger prints into the computer and printing them on to paper. We even played around with painting latex on the paper to see if we could wrap it around someone else's fing
Re: (Score:3, Interesting)
Even if the thief doesn't know how to log-in, if there is a net connection a simple cron job to sync with your server would provide IP addresses as it phoned home as part of the daily routine. Trace the route and get a court order to find the subscriber of the ISP.
Part of the cron job could be to look for tasks to run. When the laptop is gone, have cron start the keylogger
Re:Hmmmm... Selfmade solution? (Score:5, Insightful)
Your comment seems to miss the point. First, DRM, like encryption, can be used for good or bad purposes. Properly controlled, you can use it to deny thieves access to your laptop or deny them the ability to remove the DRM, while still allowing you (with cryptographic authentication) to modify it. The point of tracking down the thief is to recover the laptop, since it is worth quite a bit of money. Sure, insurance will cover it, but if you can save the deductible by just finding it, why not? I also disagree that laptop trackers "betray" the free software philosophy by definition. As long as *you* are in control, and could uninstall the software if you wanted, there's no problem.
Second, please don't try to explain how we shouldn't be annoyed when people steal our stuff because they need the money. That's a slippery slope that leads in a bad direction. Besides, like I said, it's about getting the data back.
Re:Hmmmm... Selfmade solution? (Score:5, Insightful)
He was held up AT GUNPOINT! This wasn't a "broke the car window and swiped a laptop" type of crime, this was someone brandishing an instrument of death. Yes, sir, I want that person locked up until such time(if any) as they can be rehabilitated.
Re: (Score:3, Interesting)
That said, my friend has a little piece of software on her MacBook where if you try to unlock it without the remote, the iSight camera takes a picture of you then em
Re:Hmmmm... Selfmade solution? (Score:5, Insightful)
Re: (Score:3, Insightful)
yes yes, bad, but just sayin.
The problem with your risk/return analysis (Score:5, Insightful)
Re:Hmmmm... Selfmade solution? (Score:4, Funny)
Active Countermeasures (Score:5, Funny)
I did forget to reset it once with tragic consequences. I really miss that dog.
Oh well, its the price you have to pay for security.
Let me guess (Score:2, Funny)
Don't bother. (Score:5, Insightful)
Re:Don't bother. (Score:5, Funny)
Re: (Score:2)
Not if it's a properly configured MacBook laptop. If you set a firmware password then they can't simply wipe & re-install. That, combined with a product like Undercover [www.orbicule] from Orbicule can make recovery of a stolen MacBook much more likely.
Re: (Score:2)
Re: (Score:3, Insightful)
Yes, laptops are a crime of convenience. And so is selling them. If it's not convenient for them to sell it, then they're going to toss it. Into the nearest garbage can, maybe just toss
Re: (Score:2)
Re: (Score:3, Interesting)
You do not understand the vast majority of laptop thefts. Sure, if this was a targeted hit and the perp is after some confidential data on the drive, then yes, they're likely to know every trick in the book. Keep in mind the average laptop thief is not even very technically savvy - they may know enough to wipe your personal settings, or even enough to reinstall the OS, but the VAST VAST majority will never crack the case open.
I've crossed paths with a few people who were selling hot laptops in university,
Laptop security is possible (Score:3, Interesting)
> I not knowing where it is doesn't make it any less so.
Or not. Laptop makers have become serious about security because so many customers demanded it. Not sure what Apple is doing exactly, but if a Thinkpad has a hard drive password set the only way to defeat it is to send the whole unit along with either documentation proving ownership or LEO creds to one of a select group of data recovery houses. Th
Re: (Score:2)
Re:Don't bother. (Score:5, Interesting)
1) The hardware. In which case, the data will likely be destroyed immediately. There is no guarantee the machine will be booted with your hoodwinked "locator" software in tow.
2) The data. In which case, the drive will be imaged or some other "offline" method will suck up the data without booting the OS's controls.
The reason why remote wipe/kill functions work on a small device like a blackberry is because the service provider's network is required for the device to be usable. And even then, there's still the option that the theft is hardware-only motivated, and the thing will get wiped anyway. The blackberry wipe wasn't ever really intended on being used for a physical recovery method.
Potentially, a system BIOS would be a good place to run a "phone home" program, except that it would require advanced components, like a TCP/IP stack, etc., to run properly, and it could still be easily wiped by replacing the firmware with boot media. Apple, for that matter, has an upper hand at such a tool since they "own" both the hardware and software. But either way, what you're attempting to do is no more possible than DRM (and Slashdotters know that DRM is nothing short of an attempt at perpetual motion).
So lesson #1 is protect your data and insure your hardware. And please remember, that "protect your data" really could mean not having a copy of your data on the laptop at all. After all, encrypted data in the hands of an adversary is still your data, just with a time-sensitive lock on it (the length of time needed for CPU power to increase where access is trivial, or the length of time a well-resourced adversary will need to destroy today's top crypto).
The actual product tracking companies are selling (Score:5, Insightful)
No it couldn't. The software is trivial. A program that sends a web request with the serial number embedded in the url a few seconds after a network interface comes up is all that is needed. But once you know your laptop is at IP x.x.x.x that doesn't do YOU a damned bit of good. No ISP is stupid enough to give you the IP+timestamp to physical connection point mapping for liability reasons. Think it through and imagine the Pandora's Box doing that would open. That is what you are actually buying from the tracking company, their preestablished relationships with law enforcement and the ISP community. Once known and trusted as a laptop tracking company they CAN get that info into the hands of law enforcement. Although I bet for legal reasons the tracking company itself NEVER sees the phone number/node/physical address.
Re:Don't bother. (Score:4, Informative)
Re: (Score:3, Informative)
Most people stealing laptops at gun point aren't that technically inclined or professional. There have been documented instances where the thieves were viewed with the built in laptop camera. Most of the time the they only grabbed the laptop from you because it seemed valuable.
Secondly, if you go to a pawn shop and pickup a laptop you can usually get the last owners personal data.
However, thieves that target laptops professionally will probably wipe your dat
If you have a Macbook (Score:2, Redundant)
Re: (Score:3, Funny)
Roll your own or wait... (Score:5, Funny)
If you are really proactive, you could go steal his laptop yourself. That way you have another laptop to use, and you will jumpstart this scenario.
Re:Roll your own or wait... (Score:5, Funny)
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Why do we need another tracker? (Score:2)
Re: (Score:2)
neither are likely
Re: (Score:2)
Re: (Score:2)
(I bought a laptop Circuit City had on sale for $350 a few weekends ago, regular price $600. Sempron 3600+, 80GB hdd, 512M RAM, GeForce 6100, widescreen. Popped in a gig of RAM. I'm actually suprised how well Vista runs on it, given the Sempron processor. I installed XP and ran it side by side with my favorite MMORPG and couldn't tell the difference. But anyways...)
Linux Monitoring (Score:4, Interesting)
Re:Linux Monitoring (Score:5, Funny)
CompuTrace (Score:2, Informative)
Re:CompuTrace (Score:5, Interesting)
Re: (Score:3, Insightful)
Re: (Score:2)
Cron (Score:3, Interesting)
If you want top be super paranoid, install a keylogger and set up a cron job to periodically scp the files to an ssh account you own. You would have every password, url, word processor document, etc typed by your attacker.
remember, people trust the computer (Score:3, Interesting)
Just periodically have it pop up a dialog that says something like "To begin routine maintenance, please enter the password otherwise click cancel"
The if they fail to enter the password, it shoots you an email the contain a trace from it to google.com, or some other site that is unlikely to move. If it connects through a wireless device, be sure to have it email that info as well. Also turn on a key logger and get that information. It's actually pretty easy to do. Could probab
Dell has this in many of their laptops BIOSs (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
I have a question for the question... (Score:5, Insightful)
Even with an IP address, postal address, and mapquest directions to the thief's house, I have a hard time believing an officer will put down his chocolate iced donut to go knock on doors over a laptop.
Re:I have a question for the question... (Score:5, Informative)
The impression we get from TV crime drama is out of touch with reality. For lack of resources or otherwise, even violent crimes don't get the attention CSI portrays. I was shot by a robber at a friend's house, and the detective declined to review the crime scene with me. When the police allowed my friend back into the house after they collected the evidence, he pointed out the shooter's hat was still on the table.
There's nobody with tweezers going through the carpet looking for hairs. Nobody really gives a shit about a laptop or a car except the victim.
Re: (Score:3, Interesting)
Now that I'm approaching middle-age and actually have assets worth stealing, I can't get the police to do anything. I stopped reporting break-ins a long time ago. The few minutes I spent on the phone trying to convince someone to let me file a report were better spent cleaning up the mess.
Re: (Score:3, Insightful)
In all fairness, it probably has to do with complaints. No one but me bitches that some jerkoff broke into my house, but I bet the whole neighborhood calls in to report loitering teenagers. As public servants, they have to follow the guide of public interest.
Re:I have a question for the question... (Score:5, Funny)
For the love of... I shoot you just once and you won't shut the hell up about it!
Re: (Score:3, Informative)
As a personal example, a couple of years ago I had a bike stolen from my garage. It was probably only worthy $200-$300 and I figured the chances of the police finding it where non-existant so I didn't bother to even file a police report. About 2 weeks later I was driving on the other side of to
Don't worry about Ubuntu (Score:5, Funny)
could be done with LinuxBIOS (Score:2)
Stop (R) (Score:2)
Re: (Score:2)
Re: (Score:2)
Why bother at all? (Score:3, Insightful)
For the value of the laptop itself, I would argue that the cost of any tracking solutions is bound to be more than (the chance of laptop being stolen x value of laptop itself). This comes down to the age-old question of 'whether or not to buy insurance'. In this case, it's just not worth it - especially considering that you're buying insurance that may or may not 'pay' in the event of a loss!
Regarding the value of the data contained in the laptop, my reasoning is that if you are carrying around data that is *truly* valuable, then being able to get the laptop back if stolen is the least of your worries. If you are not responsible enough to keep valuable data either by your side at all times, or in a safe place, then you aren't responsible enough to be working with said data to begin with. Secondly, if people are clever enough to track down a laptop with valuable data in the pursuit of corporate/governmental espionage - they're damn well clever enough not to hook the thing up to the internet. Finally, if by some chance the swipers decide to drop the thing off at the pawn shop in order to make an extra $100 (yeah right), by the time you get the laptop back the real damage has been done anyway.
Summary: tracking services = waste of time. -JT
Teddy says... (Score:2)
You could script it for Linux (Score:2)
For Linux..... (Score:2)
2. Set up on Linux a DynDNS client updater. Do the same for Windows.
3. Set up a secure rootkit with your authentication. Use kernel module hiders and use the kmod that hides certain port sniffing.. Its in HoneyD
When you deal with a thief...
4. Locate the IP address via DynDNS. Log into the stolen machine.
5. Stream the audio from mics (pipe it from raw device to mp3 and send compressed). Do the same with webcam if it w
Re:For Linux..... (Score:5, Interesting)
7. Get arrested for assault with a deadly weapon
8. Go to jail
I'm not sure where people on slashdot get some of these retarded ideas from but I know someone personally who was held at gunpoint for his belongings when we were in college. The thief used his cellphone that very night and with the help of the cell company he was able to get all of the numbers the person called. A reverse directory lookup later he had the address of one of the thieves friend/female family member.
After waiting in his car for two days (no shower, no sleep) he finally saw the guy who robbed him walking to his girlfriends house and held him at gunpoint. The guy who had originally robbed him called the cops and told them HE was held at gunpoint and guess where this genius is at now? In a state prison doing his third year for assault with a deadly weapon. When he was sentenced the judge told him that he didn't see any difference between him and the guy who he was robbed by.
Before you start posting on slashdot advocating vigilante justice I suggest you think about the consequences of being a vigilante. You aren't dog the bounty hunter and this isn't A&E.
What's the risk? (Score:2)
As another read said here, the only thing really worth anything is your data. Back it up and save it. Encrypt it on your disk.
Is it really worth it to pay possibly 10% of the new value of the computer, if not more, to maybe catch someone who stole it in the unlikely event it gets stolen?
Using software like this reminds me of buying a lot of warranties. They generally are
software != best idea (Score:2, Funny)
really the best idea is to call chuck norris, and convince him roundhouse kick every laptop thief in the universe.
Simply spread (Score:2)
Don't use anything software- or firmware-dependent (Score:2)
A decent alternative has nothing to do with the OS or the BIOS. There are a number of security devices available, but I like this method:
- The laptop (or laptop bag) has a module on/in it.
- There is a another module that fits e.g. in your pocket.
- If the distance between Module A and Module B exceeds N meters (configurable, and/or varies by product), the modules generate a loud and piercing alarm.
The idea is that the thief will become unnerved and will drop the stolen item.
...but will it survive DBAN? (Score:2)
A linux solution... (Score:2)
Nothing is BulletProof, but do it with HARDWARE (Score:3, Informative)
To me, the most vitally important aspect is going for something that is hardware based. With TPM enabled bios and such these days on a modern laptop, the client is embedded and does not rely on your OS whatsoever. This is great considering most of what we seem to be discussing in this thread is Linux.
CompuTrace worked so well that in our tests (and later, based on four thefts out of 300 systems) that we noted the following: - I can wipe the hard drive (even low-level format) and the system will _still_ phone home immediately once on the Internet. - If you take the hard drive out and place it in a different system, _THAT_ system _also_ phoned home, based on the TPM components there.
(This was mostly HP TC4200 and HP TC4400 tablets.)
www.absolute.com
Orbicule's Undercover for OS X (yeah, not Linux..) (Score:4, Informative)
I use that on my mac machines. I know it's not linux specifically but I just thought I'd toss that out there. It uses the built-in cam to take clandestine photos, too...
Linux is easier and free (Score:3, Interesting)
Have the spam filter on your inbox just toss the email away until the day you need it.
It does rely on the thief not knowing enough to fire up linux in sngle-user mode and kill your crontab entry, which is probably a safe bet.
Or (more likely) to just blow away your whole linux partition with a fresh windows install, but that would even affect a commercial product the same, unless it was hardware-based.
BIOS-level via OEM (Score:3, Interesting)
Absolute BIOS-Level Protection [absolute.com]
(Disclaimer: Not involved with these guys at all -- did a training session with some of their developers several years ago, and was impressed by their pitch)
duh (Score:2)
Re: (Score:2)
Re: (Score:2)
At least until he pulls the CMOS battery. With unfettered physical access to the hardware, there is no possible way to secure it completely. You can make the job tougher by having custom hardware that does things like put a bunch of chips into one of those surface mount resin blobs you see in some cheap consumer gadgets, but even those can be gotten around with enough effort.
Re: (Score:3, Funny)
Re: (Score:2)
Re:Held up at gunpoint? (Score:4, Funny)
Re: (Score:2)
Just get it insured, and keep your backups current.