July 14, 2008, 11:20 AM — Lose your laptop these days and you lose part of your life: You say good-bye to photos, music and personal documents that cannot be replaced, and if it's a work computer, you may be the source of a very public data breach.
But now, researchers at the University of Washington and the University of California, San Diego, have found a way to give you a shot at getting your life back. On Monday, they plan to launch a new laptop tracking service, called Adeona that is free and private.
Named after the Roman goddess credited with guiding children back to their parents, Adeona uses software that has been under development for the past year.
Here's how it works: A user downloads the free client software onto a laptop. That software then starts anonymously sending encrypted notes about the computer's whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, specifically a free storage service that has been around for several years, called OpenDHT.
The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer.
Adeona doesn't exactly give you the address and phone number of the person who's stolen your laptop, but it does provide the IP (Internet Protocol) address that it last used as well as data on what nearby routers it used to connect to the Internet. Armed with that information, law enforcement could track down the criminal, said Tadayoshi Kohno, an assistant professor at the University of Washington. "Once you actually recover information about your laptop...you probably want to take this information to the police."
Aviel Rubin, a professor at Johns Hopkins University who is familiar with the Adeona project says he wants to download the code when Adeona goes live. "Not all the information that you're going to get in every circumstance is going to find the laptop or catch the bad guy," he said. "But this is a pretty big step forward."
"Without this, you could pretty much kiss the laptop good-bye," he added.
When the team first started work on Adeona it wasn't the tracking and retrieval of missing laptops that piqued their curiosity. It was a privacy problem: How could they build a laptop tracking service that was so private that even the people running the service could not discover the location of the laptop? That information would be accessible only to the user, Kohno said.
The researchers believe that commercial tracking services are unappealing because the services could theoretically be used to keep tabs on legitimate users. "It's not exactly clear what they're doing since their systems are closed source," said Thomas Ristenpart, a graduate student with the University of California's Department of Computer Science, who worked on the project.
On the other hand commercial products such as Absolute Software's Lojack for Laptops have many features that Adeona lacks. For example their software is much harder to remove from the laptop, and these companies are already in the business of working with police to recover stolen laptops. Lojack costs about $40 per year. Another service, Brigadoon's PC PhoneHome goes for a one-time $30 fee.
Because Adeona ships with an open-source license, anyone can take the code and improve it or even sell it. The researchers say they're hoping that software developers will build all kinds of new features such as GPS- (Global Positioning System) aware tracking systems for new platforms such as the iPhone.
Later this month, the Adeona team will give a technical presentation at the Usenix Security Symposium in San Jose, California.
The University of Washington's Kohno said he'd be happy if some of the existing vendors started using the code. "I believe that privacy for laptop tracking systems is important," he said. "I would really like to see existing commercial services provide high levels of privacy."
Related reading:
Label That Laptop
