New track-and-snap anti-theft software roams freely...and privately
A software project from U. of Washington and U. C.-San Diego researchers will make its way to ToorCon next week, and if your laptop should happen to go to that conference without you, you could use this software to see that it makes it there.
Adeona loads code onto your system that periodically updates online servers with the machine's current IP address and traceroute information. That's not new functionality; other products do that too. Adeona's difference -- other than being free and open source -- is that it's concerned from the outset with making sure that your privacy is protected.
The details are in a paper that Thomas Ristenpart, Gabriel Maganis, Arvind Krishnamurthy, and Tadayoshi Kohno presented at this years Usenix conference (PDF available here), but the gist is this: Current tracking systems, because they must continually acquire the machine's data (do yougo out in the morning planning to have your laptop stolen?), also pick up location information even when the machine is with its rightful owner -- and they store it in systems that make it easy to reverse-engineer who the user is and, by extension, what she or he might be doing. Users must then choose between laptop security and location privacy.
In addition, "trust-us" systems, where a single company holds sway over the accumulated data, make people nervous simply because there's no telling what might happen to that information in third-party hands. Third, a really sophisticated thief can alter a stolen machine or even destroy it to keep from getting caught.
In their paper, Adeona's risk-managing creators admit, refreshingly, that a really determined and smart thief is a formidable foe. However, they note, most thieves are anything but knowledgeable, and that location privacy should therefore be taken more seriously by makers of traffic software.
Adeona collects IP address info from the machine at irregular intervals (the better to avoid timed attacks). The software can also gather traceroute info or, for maximum findability, "passive location data" from the nearest Akamai nodes. The data, encrypted, anonymous and unlinkable, is stored in OpenDHT, the public distributed hash table. Adeona handles the encryption in such a way as to keep anyone who doesn't know that laptop's secret cryptographic seed from seeing the data or even examining a cache to reconstruct earlier data; likewise, location updates can't be linked to any sort of unchanging identifier such as a device ID number.
But wait, there's more! Mac users with iSight cameras built into their systems can set the software to take a "mug shot" if the machine senses something's wrong and enters an emergency-broadcast "panic mode." And since the software's open-source, the research team expects more functionality to come along as people work with the program.
The one thing it lacks? A badge. Once you have all that information, there's not much you can do beyond turning the information over to law enforcement -- or, as some have done previously, to the eagle eyes of the Internet.