

Ask HN: Software to help retrieve stolen laptop for a paranoid person? - everyone

There are a few purpose made solutions for the stolen laptop scenario like &#x27;prey&#x27; . But I&#x27;m too paranoid to sign up to a service like that and give them access to my machine all the time its <i>not</i> stolen. Is there any unobtrusive remote admin software that might suit me better. Note: laptop has windows 7 64 bit on it atm.
======
cpach
For a very high level of paranoia (i.e. resourceful adversaries that could
attempt an evil maid attack on you) it’s probably best to consider laptops as
disposable. In this scenario, you would encrypt the whole filesystem and never
leave the laptop with power on. So if it gets stolen, nobody could extract any
data from it and you can lose it without worrying.

~~~
dmix
Yep make your laptops like burner phones in The Wire. This is a good reason to
switch off of OSX to linux, buy some cheap ~$300 thinkpads or Asus laptops on
Craigslist with cash and you never have to stress (too much) about forgetting
it at a bar or getting stolen (+1 full-disk encryption and powering off). In
addition it's great for privacy and infosec, countering malware is near
impossible, theres no better fix than getting rid of it.

Practice good daily backups via cron. I use Tarsnap and can bootstrap a new
machine within 20min (dotfiles, scripts, etc).

~~~
RexRollman
I don't use cloud services but if I did, something like Tarsnap would be a
must. Encrypt it _before_ it leaves your computer, that way you don't have to
worry about a Lavabit situation.

------
robinhoodexe
On OS X or Linux I'd hack together a bashscript that uses cron to periodically
(every 10 mins or so) broadcasts where it's located and then upload that
information to a logfile on my Raspberry Pi. Sort of like what Prey does, just
on my own.

I'm pretty sure something like that is possible on Windows as well, altough
you may need some kind of server to store the information so you can avoid
receiving a mail or something with the information.

~~~
everyone
Where would you get its location data?

~~~
TallGuyShort
Traceroute should nail down the ISP and possibly enough info for the ISP to
track it down, but you need law enforcement to get further I guess.
Personally, I'd rather have full disk encryption and password login to prevent
them even getting far enough for a network connection to be there.

------
burnte
In short, no, because there's no way to tell a service to turn on without
access to the machine. Nothing will know your laptop is stolen unless you can
tell it. To do that there has to be a service listening for a specific
command. To do that, it has to be running all the time, which is what you
don't want. Even if you wrote your own (which you can do) it would still have
to be running 24/7.

------
gatehouse
In many cases the data on the laptop is probably more valuable than the
machine itself. You need to think about if you want it to be possible for the
thief to run _any_ of your programs, including a secret tracking program.

One thing you could to get your name and phone/email laser engraved on the
bottom. This will fuck up the resale value and if it falls into the possession
of someone honest they might return it. Or the thief might try to extort you
and you can just show up with the cops.

------
emning
I would use a simple autossh setup with key authentication to a limited
account on a VPS that is only allowed to open a reverse shell.

Put sshd on port 443 on the VPS to maximize chances of a successful
connection, and maybe put a bit of effort into hiding autossh on the laptop.

This way you have ssh to your laptop at all times. You will also know the IP
it is on, for easy geoip lookups and tracerouting.

------
eps
You are looking for a system that requires monitoring backend to authenticate
itself to the (laptop) client in order to get an access to its peripherals.
Meaning, that the backend always has a way to access your laptop, but it can't
actually do that until you issue it proper credentials, presumably in the
event of theft.

Whether such system exists, I don't know. Perhaps others can advise.

------
RexRollman
Personally, I would be more concerned with having the data well secured and
backed up. The hardware itself is easy to replace.

