As the Blackbook I have been long term loaned and therefore is not mine I am always loath to take it anywhere further than the bedroom (must return it very soon). However, for this (and all my machines in the house) I decided for now to install a small "spy on me" application called
Adeona.
Adeona (aside from being a Roman deity for the 'safe return of goods') is dubbed
"the first privacy-preserving, decentralized, open source laptop tracking system that can help in the recovery of lost or stolen laptops." What this means is Adeona does not rely on a proprietary, central service that the customer pays a protection racket to use, but relies instead on a small, discreet bit of code that every now and then makes a note of where it is and, if available, takes a snapshot of anyone via any installed webcam.
What makes Adeona interesting (aside from the fact it is free and it has a very small footprint in terms of CPU usage), is the fact its designed to use the open source distributed storage service (OpenDHT), to store its location updates. Its also very privacy friendly -- the software client component of the system uses strong crypto to not only encrypt its location data, but it also ensures its ciphertexts that are stored within OpenDHT are anonymous and unlinkable however making retrieving the location information easy.
Its not exactly software I hope to make use of, but its quietly in the background snapping away shots of me as I use this Laptop (at random intervals and beaming out my location). and I hope to see how well the tracking process goes.
Unfortunately, while this piece of software is useful, the fact that there's no protection racket behind it to organize and mobilize its safe recovery hinders its utility somewhat. At the moment I simply do not think that the Police would be interested in a series of IP addresses showing the IP location (not necessarily the actual location) of the laptop and a few blurry sub-VGA resolution snapshots of some thief (or recipient of stolen good) in a cafe, if I told them my laptop was in fact at xxx.xxx.x.x and could they pick it up for me, I don;t think they would have the resources to go to the ISPs, trawl through the DHCP allocation logs and get an address, go to the cafe and track all credit card purchases within a certain time at that cafe and hope they bought something with a card...
Its much more likely they would sign me a police incident report and tell me to make a claim on my insurance.
Of course I'm more interested in the data on the laptop itself rather then the laptop (to that end automated backups like Time machine to a RAID server are more useful to me) and it would be interesting what would happen if the police retrieve it and discover it had been used for downloading illegal porn or for "terrorist activity" -- which opens up a whole new can of worms about how accountable these logs are...
I needed to rejig things on the laptop -- setting up a guest account with Adonia running. This software works by making the machine usable to a thief so if the only user account is password locked or encrypted with no user access then such a system will not work. The Thief will be presented with a login they cannot get past so they will shift it on and someone will scrub eventually the machine and the trail runs cold.
What I'd suggest to anyone using this sort of thing is have an open guest login with the spyware installed which the thief is most likely to use and therefore be tracked by -- keeping your own user login locked-down with no access rights (and is invisible) to the Guest login.
Still, all that aside for now, the information I can pull up is interesting: this is what I got (actual IP data has been anonymized):
info: ======== start location data =========
update time: 07/18/2008,00:29 (BST)
internal ip: 192.168.x.xx
external ip: xx.xxx.xxx.xxx
access point: xxxxxxxxxxxx
Nearby routers:
1 1.883ms 192.168.1.1 (xxxxxxxxxx)
info: ========= end location data ==========
info: iSight snapshot saved in /Users/tanais/Desktop/adeonaretrieval-07-18-2008-0031/adeona-snapshot-07-18-2008-0029-BST-xx.xxx.xxx.xxx.jpg
info: ========== END STATE RETRIEVE ==========
There's a lot of other stuff in the report file but that section alone is pretty comprehensive!
What I think needs to be done is to provide friendlier reporting that takes the file and produces a prettified report -- with a map, a contact number (by querying the Whois/RIPE databases), drops the picture of a thief on the web page and also pulls together other user-supplied information such information about the laptop itself, serial number, photo of the laptop from a product database; it might be fun to produce a "have you seen this laptop thief?" type leaflet generator (a simple XML job) which you can create Web Pages, PDFs and printouts to hand out to campuses and coffee shops.
...the fun one could have is endless. Hot laptops get shifted pretty quickly, and they are very rarely scrubbed as laptop thieves often do not have access to OS disks and driver disks and so only delete user data (if they even ghave that knowledge) -- I would have liked to have seen an installation option to set the application's folder to invisible - a minor gripe.
As I said, I think on this day in the UK the chances of retrieving a laptop with information provided to the police by Adeona are limited, but it does no more or less than the very expensive commercial laptop recovery packages out there and it certainly doesn't hurt having it in someone else's property for the time being.
![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
tanais's journal
