Saturday, July 19, 2008

Retrieve your stolen laptop with Adeona

If you've ever traveled with me to conferences, you'll know the unhealthy level of paranoia I permeate when it comes to protecting my laptop from being stolen.

Don't be surprised at the number of locks I bring with me in my backpack.

Don't be surprised if you see me scanning the terrain carefully for heavy objects to chain my laptop to.

Don't be surprised if you see me chaining my laptop even when I'm not traveling (hey I paid for it with my hard-earned cash :)).

But what if despite all the security safeguards, the laptop is still stolen (*shudder*!!)?

Enter Adeona

I recently came across a new program to add to my security arsenal that I would like to share with you: Adeona. It installs a lightweight client on your laptop that periodically sends your location information to a distributed network.

If your laptop is ever stolen, you can track where it is by retrieving its most recent location from that distributed network. Of course that assumes the thief actually connected to the Internet with it and did not re-format your hard drive, which is hopefully most of the time.

There's already software to do this, so how is Adeona different? Here's why I think it's different:

  1. It's free.

  2. It's "privacy-preserving" which is really just academia-speak meaning you are the only one who can retrieve the location of your laptop. Stuff on the distributed network is encrypted with strong crypto so that you're the only one who can decrypt it.

  3. It's multi-platform where it works on Windows, Mac OS X, and Linux.


One cool thing about the Mac version is that it can even periodically take photos of the thief using the built-in iSight camera. You can check out a few photos of laptop thieves on the Adeona website -- hey Adeona authors, did you get signed model release forms from those thieves before publishing their photos?

Installing Adeona

I just tried installing Adeona on a MacBook and wanted to share my experiences. My overall impression is that it has a pretty geeky UI, but hey it works and it's free, so no complaints there. It's distributed as a typical .dmg file and you have to double-click the .mpkg installer to install it.

During the installation phase, it will ask you to define a "retrieval password" that you can use to retrieve your laptop's location. For some reason it asked for my password three times during installation.

The installer will also create a text file called adeona-retrievecredentials.ost on the desktop, which you would want to email to yourself or keep somewhere safely, because it's required to retrieve your location information. It's a short text file so you can even write it down and keep it in your wallet, Bruce Schneier style.

After installation, it said that I'll have to wait for an hour before the location of my laptop is registered with the distributed network. Although it said that, I found that my location was available in about half an hour.

Retrieving your laptop's location

As a test, I followed the documentation to retrieve the laptop's location. To do that, I had to go to Applications > Adeona and click on adeona-retrieve.term which opened a Terminal window (see what I mean by geeky UI).

It prompted me for the location of my .ost file, and upon providing the file, it asked me for my password. It'll also ask whether you want all locations or just recent locations, and for what time period (default is 2 days ago till now).

After all that, it created a folder on my desktop with a text file and a bunch of images it took from the iSight camera.

Of course, in a real situation if my laptop is stolen (oh may that day never come), I would have to install Adeona on another computer and provide it with my .ost file and password to get my location information. So yes that's why it's important to send the .ost file elsewhere and remember the password.

What can be retrieved

Here's the information you can retrieve using Adeona:

  • The internal IP address (e.g. 192.168.0.x)
  • The public IP address
  • A traceroute output from the public IP address to some Caltech IP address, showing all routers in between
  • The name of the wireless access point the laptop is connected to
  • A bunch of 160x120 photos of the thief (and yourself :))

Of course you'll have to explain what all that means to the police but that's another story...

Integration with iSight -- good or bad?

As I mentioned earlier, the Mac version integrates with the iSight camera, although you can also download another Mac version that does not have iSight integration.

In my opinion, the integration of the iSight camera is both good and bad. It's good where you get a photo of the thief, but it's also bad because it takes a photo of you every so often. When it takes a photo, the camera comes alive with that little green light, which freaked me out the first time it happened because I was coding in low-light conditions.

Thanks to Adeona, I now have a collection of photos of myself showing how I look like when I code. I can now finally see myself with bad hair and in various stages of sleepiness, including one of me sipping a Chick-Fil-A milkshake. No, you may not have them.

Conclusion

Wow I thought of just penning a few notes about Adeona but it looks like this blog post has become a mini-review. Anyway here are my thoughts on its pros and cons:

Pros:

  • It does what it says it would do (sadly this is not true of most products these days, even or perhaps especially commercial ones)
  • It preserves your privacy using strong crypto mechanisms
  • It's free
  • If you don't trust it and your paranoia level is worse than mine, the source code is available and you can compile it yourself (but do you trust your compiler? Or the compiler that compiled your compiler?)

Cons:

  • The somewhat geeky UI might discourage non-techies from using it
  • The Mac version stores stuff in /usr/local, which is very un-Mac
  • It's easy to remove (though does not come with an uninstaller, which is actually a good thing given what this software is meant to do). Being easy to remove kinda defeats the purpose of the software but is based on the sorta reasonable assumption that most laptop thieves are opportunists who will try to sell your stuff immediately in eBay without erasing the hard drive first
  • The name "Adeona" is hard to remember, especially when you're in panic mode after your laptop is stolen. :) But hey if you can't remember it, just remember you first read about it on the "Calyptix" blog :P

I would definitely recommend installing Adeona, especially if you travel with your laptop often. The Adeona website also has links to a few helpful URLs for other hints on preventing your laptop from being stolen.

Now if you would please excuse me, I need to find my key so that I can unchain this laptop...

(Note: For more stories on Lawrence and his laptop, talk to Ben Sanders... though I'll probably deny everything)

13 comments:

Karl said...

Those pictures of the "thieves" are actually pictures of the authors, so no model release needed. ;)

Lawrence Teo said...

That's hilarious!!

Funny how they look so intense. :)

Michael Pope said...

Very cool - on the Windows side, we have used Kaseya agents to retrieve information related to a stolen laptop to apprehend the thieves and retrieve the laptop for a customer. We (http://www.dependablepc.com/) have a service called Remote Trace and Erase(R) in which we not only trace the laptop but we can also erase the data on the laptop as soon as it connects to the Internet if the customer notifies us that it is stolen ahead of time.

Anonymous said...

You need to look up the meaning of the word permeate.

Anonymous said...
This comment has been removed by a blog administrator.
Dan Weber said...

The best thing about grammatically poor blog-spam is that it's easy to search for duplicates of it. If you really want to read the last comment, here's some pointers:

http://www.google.com/search?q=%22but+Life+Lock+take+security%22

Alex said...

I heard about not bad application-ost file convert, convert from ost to pst software will convert *.ost to *.pst extension, that can be easily opened by any email client, compatible with Microsoft Outlook, recover your contacts, messages and calendars, is very easy to use even for beginners, we do not care about you computer skills, friendly graphic interface permits to perform all operations in several mouse clicks.

Anonymous said...

Crap! Now I gots to start wearin a damn ski mask!

ubahmapk said...

ya know, I was just thinking what a great idea this was when I had a sudden realization.

If you're really paranoid (or even security conscious) you'll already be using full disk encryption on your laptop. Which means that whoever steals your laptop won't be able to load the OS, which means that Adeona won't be able to run and hence is useless.

drat.

Jackie said...

Hello! I just had my Macbook stolen (along with about $1000 worth of other things) but I hadn't installed Adeona and I have no idea what a .ost file is. Is there anyway to figure this out from my account on Apple or iTunes or from my registration papers? Please help me if you can! I am poor and this Macbook was an extremely special graduation present for being valedictorian at my highschool. Thank you so much!

Lawrence Teo said...

Jackie, sorry to hear that your MacBook was stolen.

There's a story about a MacBook owner who managed to recover her MacBook using the Back to My Mac feature on .Mac (now MobileMe):

http://www.macnewsworld.com/story/62972.html

It's a long shot though.. and would obviously only apply if you're a MobileMe subscriber.

jackcools said...

HP G62-340us 15.6-Inch Laptop PC - Up to 4 Hours of Battery Life (Charcoal)

prabhat said...

Very easy and effective way of tracking stolen laptop there is also Complete Laptop Security which guarantees up to 100% of your valuable data security by deploying highly skilled recovery professionals.