As an entirely personal note, I like the tone of this particular account. The author avoids the moral and legal morass of identifying someone who has not (yet) been convicted of a crime, and the article appears to focus on describing what happened and how he recovered the laptop rather than attempting to punish or shame the alleged thieves, vigilante style.
As an existing Prey user (for my Android phone) I'm left wondering what time remains before the tides turn on this kind of service, living in an age where a burglar can successfully sue for hurting themselves on your furniture while rummaging through your belongings, it couldn't be long. Here's a related article from last week: http://www.wired.com/threatlevel/2011/08/absolute-sued-for-s... wherein an unwitting supply teacher bought a stolen laptop, only according to the judge to have had her privacy violated by the company attempting to recover it.
That example aside, it doesn't require contrived thinking to fathom scenarios where an "anti theft" feature of a conveniently placed (extremely cheap, mass produced[, say 5 years from now]) phone might be intentionally used to spy on someone. Compare and contrast with existing wiretapping laws and consider how similar these services already are (at least in my mind).
It's also vaguely interesting that this user installed Prey and almost forgot about it, i.e. here Prey is basically your typical "crapware" that a tech friend might clean off the laptop along with accumulated toolbars and suchlike.
(Sorry for the fragmented English, somewhat inebriated)
living in an age where a burglar can successfully sue for hurting themselves on your furniture while rummaging through your belongings
Do you have a source for that? Frankly, I don't believe it.
wherein an unwitting supply teacher bought a stolen laptop
She bought a two year-old laptop from a student at an 'Alternative' school for $60. It had its serial number removed. Good luck to her in convincing any jury that she didn't knowingly receive stolen goods.
The judge did't rule that her privacy was violated, only that "a reasonable jury could find that they crossed an impermissible boundary."
It seems the 'burglar sues for hurting themselves' theme is a popular one. I've heard it a few times from various friends and sources. As far as I can tell it tends to be miss-represented, or non-existent.
In this case it was vs a school, and the case was settled before it was decided, which is as much a side-effect of the structure of our legal system as anything.
While I'm sure some questionable verdicts have caused unfair rewards in cases such as this, I have to imagine that it is very rare, or that the cases are actually much more complex than they appear on the surface.
It reminds me of people who laugh at the 'stupidity' of McDonald's hot coffee lawsuit ("well duh coffee is hot!"), where the more detailed information shows the reasonableness of the case (McDonald's coffee was dangerously, excessively hot, the plaintiff was in the hospital for eight days for third degree burns etc).
What people don't realize about hot liquids - a cup of boiling water is more dangerous than a hot stovetop.
People panic about children touching hot dry things, like hot plates or coals. A hot coal (with no flame) isn't a huge danger, as the outer layer of skin on their hand will evaporate, creating a protective layer of gas. And the pain will make them pull back. It's still possible for things to go badly, but the risk is smaller than people may think.
On the other hand, a saucepan full of soup (or worse, oil) can easily kill a child if it splashes all over them. The hot liquid sticks to skin and clothes, transferring large amounts of heat (thus cooking multiple layers of skin).
So while a cup of coffee sounds safe (due to it being a familiar hazard, and people incorrectly assuming that < boiling point = not so dangerous), it's really really dangerous. Put it in an easily crushed paper cup, and hand it to a grandma in a car, and you are just asking for trouble.
Edit: actually, doing some more reading, it seems like the first case that I read was actually a freak incident. Other laws protect you. Now I'm curious about what case this person is talking about.
Now I'm curious about what case this person is talking about.
People fear things. One way of coping is to try to get everyone else to be scared of things, too. This article is a perfect place for that sort of thing: "Wow, you sure showed him, but I'm too scared to do anything bold in my life. So what you're doing is probably illegal, didn't you hear about that urban legend? So that's why I don't do anything bold, it's actually illegal and I'm a Good Person Who Would Never Do That."
I'm not saying that's the motivation behind this particular comment thread, but that's how I interpret it. If you can't have a parade, you may as well rain on someone else's.
I've read a couple of stories like these and still wonder if thieves tend to format the hard-drive or not.
To avoid that, I created a "honeypot" account which is automatically logged in on my machines (OS X), so at least the machine seems usable without reformatting (and Prey remains effective).
Any other similar tips or things to take care of to secure a Mac in particular?
I wondered about this as well. If I were professionally stealing laptops, my first instinct would be to disconnect power/battery, then boot from CD and image the HDD for later identity theft. From there a reinstall would be in order. All the theives seem to just open it up and start using it.
I also password protect my laptop. I wonder if I shouldn't to encourage immediate use for information gathering.
All there theives seem to just open it up and start using it.
Every missing/recovered laptop story I've ever seen on HN has a screenshot of the thief on Facebook. I imagine there is some degree of selection bias. The story about the recovered laptop (with pictures of the thief) is much more interesting than the one about the laptop that disappeared forever. Plus, it's much easier to catch a thief when you have access to their Facebook profile. Still, it's funny to think about all these thieves running off with laptops just so they can get their Facebook fix.
I miss the old firmware PowerMacs. You could reprogram the firmware to lock the boot sequence with a password. Unlike BIOS the firmware was NVRAM so popping the battery and resetting the PRAM wouldn't change much. The only way to get past the firmware was to replace the motherboard.
I'm guessing that most thieves, like most people, don't even know what 'formatting the hard drive' means, or even how to do it if they knew it meant erase the hard drive completely. Many people think the hard drive is the actual desktop box in many cases. It probably sounds like repairing the distributor cap on a car.
if you're really worried about a wiped/new hdd, lojack for laptops will embed itself in the BIOS, which allows it to survive OS reinstalls and replaced hdds.
I have it on my thinkpad, and despite numerous windows reinstalls and a couple hard drive replacements, it's still on my system.
1. Set a Firmware password. They will be unable to reinstall the OS or flash the HD without opening the case and messing with hardware. With a MacBook Air it is essentially impossible.
2. Create a Guest Account. This prevents you from using FileVault.
I feel like in this regard, the pre-Lion FileVault that only encrypted your home folder was superior, as it left you the opportunity of creating a honey pot.
Now I have to decide between a potential thieves having access to my unencrypted files and a chance of me getting returned my laptop or knowing my files safe but having to buy a new machine
I have prey installed in stand-alone mode, but instead of having it check for a url, i just have cron running it every 30 minutes and emailing the photo and screenshot and other info to a gmail account i made. I figure if it gets stolen, I might not have time (or remember) to turn on the url before its too late.
I also have the firmware pw set (Macbook Pro) - not sure how easy this it to circumvent - if you can't circumvent it then you can't reformat that easily.
Not sure if this applies to all Intel Macs, but once the EFI firmware password is set, only Apple can break it by calling support or going to an Apple Store.
I've lost laptops before, and always called Apple to make a note of the serial number. What I'm not sure of is whether or not Apple would hold the laptop if it was flagged, or return it back.
I'm second guessing my decision to FileVault the entire disc on the MBA, because I think this prevents automated login. The honeypot account makes a ton of sense.
I have Windows installed on my laptop with a passwordless account, purely as a honeypot OS. Ubuntu is my main OS and it's hidden. I have Prey running in the honeypot OS. My laptop has a built in GPS unit which Prey is happy to take advantage of, so I should get a more accurate location reading if my laptop gets nicked than this guy.
Yeah, if it's impossible for a thief to use the computer then Prey is useless. It's why I have a guest account on my computer: if someone steals it, I want them to be able to get it online so that I have some chance of recovering it.
Thats a problem i have as well, filefault 2 is great, but the end user/thief wont be able to report his location via a prey app.
There is got to be a workaround....
The easiest is to make two installs of OSX on the machine. The first has full admin access and prey running. The second has full disk encryption and locked down.
Default boot into the first partition. If the system is stolen they will reboot and you can track. Because it has full admin they are less likely to reinstall.
It is if you make a habit of leaving your laptop laying around unlocked and enjoy writing blog posts to that effect.
Oh, but for actually using the computer? Yeah, somewhat impractical.
(My worry is not the $1000 I sunk on an easily-replaceable chunk of plastic wrapped around my data. It's my data. So my laptop boots up to "type the encryption key", and if you don't know it, you have to erase the disk and install your own OS, keeping my data safe. I'd rather my private data stay private than to take a picture of someone stealing my laptop. Also, my laptop never gets stolen.)
Create another account and give out the password in the login screen (either check "Show password hint" or go to Security & Privacy -> show a message when the screen is locked).
I love the idea but I have been trouble actually getting the software working (network issues connecting to server during install and now also their control panel):
On their homepage http://preyproject.com/ they have a "What people are saying" section in which they display recent tweets that mention prey. Nearly all of them are about this story.
I'm really happy to hear they are getting a lot of attention, and I hope they make a paid service with an SLA - I'd happily be charged a yearly fee knowing that it was keeping their servers up and my computer might stand a chance of phoning home.
check out lojack for laptops, if you want something with a guarantee.
since it embeds itself in the BIOS it will survive hdd replacements and os wipes, too. I have it on my thinkpad, and it's survived numerous hdd replacements and os wipes. the only downside i can think of is that it doesn't support linux.
The faith people on the other side of the Atlantic put in strangers astonishes me every time. Leaving the keys to your car inside the car, leaving the front door open go against the most basic sense of responsability I've been taught, to the point that I feel uneasy the whole travel when I have to leave the car unlocked while on a ferry boat.
L'occasione fa l'uomo ladro - Opportunity makes a thief
I don’t think this has anything to do with the side of the Atlantic you are living on. People grow up in different surroundings. Leaving your car unlocked, with keys and valuable stuff, is obviously no problem at all if you are from a really small village where everyone knows everyone. If you grew up in a larger city where no one knows no one the thought alone of leaving a car unlocked would probably make you uneasy.
I’m from and grew up in a small German town (pop. 40,000) and I can pinpoint pretty exactly when I start feeling uneasy. I’m ok with leaving a car unlocked for a few minutes (not much more than five) but I would not consciously leave the keys (even if I only stop the car in front of my home to run in and get something) and I would always make sure that no valuable stuff is visible.
That’s the level of precautions I’m personally comfortable with but I know other people with different comfort levels.
(Of course there are always situations in life when you just do something stupid for no good reason at all except that it seemed like a good idea or comfortable at the time. The likelihood of being the victim of a crime even if you leave your keys is quite low, so sometimes you might just want to be lazy.)
It's weird to me that you WOULDN"T feel secure doing that. I grew up in a rural community where you left your car keys in the car and the door unlocked. It wasn't uncommon to see $100,000+ pieces of farm equipment sitting out in the field with the keys still in them.
To me it seems odd that you would tolerate having to lock everything up.
I will observe that farm equipment vs electronic equipment usually have a huge difference in physical size. Also you seem to be referring to motorable farm equipment.But i assume they don't have a very good speed.*
*- I may be wrong about the speed limit part.
It really depends on where you are from. If you are born and raised in Asia, or in urban America, I don't think you would feel comfortable leaving things unlocked.
Last time I checked, Windsor, Ontario, Canada has such a friendly neighborhood that they do often leave their home doors unlocked. Whether that's a good idea or not, it is up to you. Personally, I keep it locked, just for a peace of mind.
It depends mostly on the habits from where you live, I personally leave things unlocked at home half the time because I only have 5 neighbors in a few mile radius but when I go to the city you can bet my car doors are locked but it is likely that I would leave a camera or laptop in my car for a while.
It also depends on where you are at, I wouldn't do it in a city I don't know or a part of town I don't like but some things are familiar and generally safe.
I am questioning these "discoveries" about prey - from their FAQ
My computer/phone was stolen but Prey wasn’t installed on it.
Is there something I can do?
Not much, since you must install Prey before the actual theft takes place.
If Prey isn’t installed (or if it wasn’t correctly set up)
there’s no way we can track your device to see where it is. Sorry!
The login/signup/control panel all used to sit on "control.preyproject.com". I wrote a HTTPS-Everywhere ruleset for it at the time to force it onto https. It seems to have moved to "panel.preyproject.com" now though. https does exist there, but it's not redirected to by default.
Anyway, I've just wrote an update for the HTTPS-Everywhere PreyProject ruleset for this and requested that it is pulled in to the main repo. It's currently sat here:
What are the odds of recovering your laptop, without and with a tool like this installed? The statistics could very well be something on the order of 2% and 2.003% (I made that up). Without a much larger sample size than these anecdotes can provide it is impossible to make an informed decision.
when prey first started they also posted a link to their service on hn as well and if you donated anything to them they gave you a lifetime premium subscription.
prey is pretty damn helpful, and i install it on everything i've got.
btw i dont work for them, and i've never seen them advertise anywhere, but this would be good advertisement...
Refreshing.