
How I Got My Stolen Laptop Back Within 24 Hours Using Prey - Dougvs
http://dougvs.tumblr.com/post/9923567875/how-i-got-my-stolen-laptop-back-within-24-hours-using
======
raganwald
As an entirely personal note, I like the tone of this particular account. The
author avoids the moral and legal morass of identifying someone who has not
(yet) been convicted of a crime, and the article appears to focus on
describing what happened and how he recovered the laptop rather than
attempting to punish or shame the alleged thieves, vigilante style.

Refreshing.

------
forgotusername
As an existing Prey user (for my Android phone) I'm left wondering what time
remains before the tides turn on this kind of service, living in an age where
a burglar can successfully sue for hurting themselves on your furniture while
rummaging through your belongings, it couldn't be long. Here's a related
article from last week: [http://www.wired.com/threatlevel/2011/08/absolute-
sued-for-s...](http://www.wired.com/threatlevel/2011/08/absolute-sued-for-
spying/) wherein an unwitting supply teacher bought a stolen laptop, only
according to the judge to have had her privacy violated by the company
attempting to recover it.

That example aside, it doesn't require contrived thinking to fathom scenarios
where an "anti theft" feature of a conveniently placed (extremely cheap, mass
produced[, say 5 years from now]) phone might be intentionally used to spy on
someone. Compare and contrast with existing wiretapping laws and consider how
similar these services already are (at least in my mind).

It's also vaguely interesting that this user installed Prey and almost forgot
about it, i.e. here Prey is basically your typical "crapware" that a tech
friend might clean off the laptop along with accumulated toolbars and
suchlike.

(Sorry for the fragmented English, somewhat inebriated)

~~~
georgieporgie
_living in an age where a burglar can successfully sue for hurting themselves
on your furniture while rummaging through your belongings_

Do you have a source for that? Frankly, I don't believe it.

 _wherein an unwitting supply teacher bought a stolen laptop_

She bought a two year-old laptop _from a student_ at an 'Alternative' school
for _$60_. It had its serial number removed. Good luck to her in convincing
any jury that she didn't knowingly receive stolen goods.

The judge did't rule that her privacy was violated, only that "a reasonable
jury could find that they crossed an impermissible boundary."

~~~
ColinDabritz
It seems the 'burglar sues for hurting themselves' theme is a popular one.
I've heard it a few times from various friends and sources. As far as I can
tell it tends to be miss-represented, or non-existent.

One of the common ones is the 'fell through a skylight' version, which is
apparently sort-of true according to this:
[http://overlawyered.com/2006/09/the-burglar-and-the-
skylight...](http://overlawyered.com/2006/09/the-burglar-and-the-skylight-
another-debunking-that-isnt/)

In this case it was vs a school, and the case was settled before it was
decided, which is as much a side-effect of the structure of our legal system
as anything.

While I'm sure some questionable verdicts have caused unfair rewards in cases
such as this, I have to imagine that it is very rare, or that the cases are
actually much more complex than they appear on the surface.

It reminds me of people who laugh at the 'stupidity' of McDonald's hot coffee
lawsuit ("well duh coffee is hot!"), where the more detailed information shows
the reasonableness of the case (McDonald's coffee was dangerously, excessively
hot, the plaintiff was in the hospital for eight days for third degree burns
etc).

[https://secure.wikimedia.org/wikipedia/en/wiki/Liebeck_v._Mc...](https://secure.wikimedia.org/wikipedia/en/wiki/Liebeck_v._McDonald%27s_Restaurants)

I feel this is an interesting flavor of urban myth.

~~~
wisty
What people don't realize about hot liquids - a cup of boiling water is more
dangerous than a hot stovetop.

People panic about children touching hot dry things, like hot plates or coals.
A hot coal (with no flame) isn't a huge danger, as the outer layer of skin on
their hand will evaporate, creating a protective layer of gas. And the pain
will make them pull back. It's still possible for things to go badly, but the
risk is smaller than people may think.

On the other hand, a saucepan full of soup (or worse, oil) can easily kill a
child if it splashes all over them. The hot liquid sticks to skin and clothes,
transferring large amounts of heat (thus cooking multiple layers of skin).

So while a cup of coffee sounds safe (due to it being a familiar hazard, and
people incorrectly assuming that < boiling point = not so dangerous), it's
really really dangerous. Put it in an easily crushed paper cup, and hand it to
a grandma in a car, and you are just asking for trouble.

------
thibaut_barrere
I've read a couple of stories like these and still wonder if thieves tend to
format the hard-drive or not.

To avoid that, I created a "honeypot" account which is automatically logged in
on my machines (OS X), so at least the machine seems usable without
reformatting (and Prey remains effective).

Any other similar tips or things to take care of to secure a Mac in
particular?

~~~
Periodic
I wondered about this as well. If I were professionally stealing laptops, my
first instinct would be to disconnect power/battery, then boot from CD and
image the HDD for later identity theft. From there a reinstall would be in
order. All the theives seem to just open it up and start using it.

I also password protect my laptop. I wonder if I shouldn't to encourage
immediate use for information gathering.

~~~
38leinad
if they were smarter, they certainly would not end as thiefs ;-)

~~~
shabble
Not necessarily, but maybe if they were smarter, they wouldn't be caught
thieving :)

~~~
palish
I certainly wasn't!

Oh...

~~~
stanchan
If I found a laptop I would:

1\. PC... pop out the BIOS battery to clear the BIOS password, re-flash the
BIOS, DoD wipe the harddrive and install Windows fresh.

2\. Mac... pop out the battery, wipe the PRAM, DoD wipe the harddrive and
install OSX fresh.

~~~
yardie
I miss the old firmware PowerMacs. You could reprogram the firmware to lock
the boot sequence with a password. Unlike BIOS the firmware was NVRAM so
popping the battery and resetting the PRAM wouldn't change much. The only way
to get past the firmware was to replace the motherboard.

------
mike-cardwell
I have Windows installed on my laptop with a passwordless account, purely as a
honeypot OS. Ubuntu is my main OS and it's hidden. I have Prey running in the
honeypot OS. My laptop has a built in GPS unit which Prey is happy to take
advantage of, so I should get a more accurate location reading if my laptop
gets nicked than this guy.

For more info on how I set things up:
[https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sop...](https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks)

------
wgx
Love these stories - but, although I have Prey installed, my account is
passworded and full-disk encryption is on too.

So I guess it would be a reformat for the thief and no Prey for me?

~~~
sorbus
Yeah, if it's impossible for a thief to use the computer then Prey is useless.
It's why I have a guest account on my computer: if someone steals it, I want
them to be able to get it online so that I have some chance of recovering it.

~~~
wgx
Just checked, and you can't use Guest accounts if FileVault is on (makes sense
of course).

~~~
codenerdz
Thats a problem i have as well, filefault 2 is great, but the end user/thief
wont be able to report his location via a prey app. There is got to be a
workaround....

~~~
Dobbs
The easiest is to make two installs of OSX on the machine. The first has full
admin access and prey running. The second has full disk encryption and locked
down.

Default boot into the first partition. If the system is stolen they will
reboot and you can track. Because it has full admin they are less likely to
reinstall.

~~~
bluebl8de
That doesn't seem very practical.

~~~
jrockway
It is if you make a habit of leaving your laptop laying around unlocked and
enjoy writing blog posts to that effect.

Oh, but for actually using the computer? Yeah, somewhat impractical.

(My worry is not the $1000 I sunk on an easily-replaceable chunk of plastic
wrapped around my data. It's my data. So my laptop boots up to "type the
encryption key", and if you don't know it, you have to erase the disk and
install your own OS, keeping my data safe. I'd rather my private data stay
private than to take a picture of someone stealing my laptop. Also, my laptop
never gets stolen.)

------
marquis
I love the idea but I have been trouble actually getting the software working
(network issues connecting to server during install and now also their control
panel):

Says 'down for everyone'.

[http://www.downforeveryoneorjustme.com/http://control.preypr...](http://www.downforeveryoneorjustme.com/http://control.preyproject.com)

~~~
covercash
I'm having this issue as well, it's not just you.

~~~
marquis
I'm really happy to hear they are getting a lot of attention, and I hope they
make a paid service with an SLA - I'd happily be charged a yearly fee knowing
that it was keeping their servers up and my computer might stand a chance of
phoning home.

~~~
joshAg
check out lojack for laptops, if you want something with a guarantee.

since it embeds itself in the BIOS it will survive hdd replacements and os
wipes, too. I have it on my thinkpad, and it's survived numerous hdd
replacements and os wipes. the only downside i can think of is that it doesn't
support linux.

~~~
bluebl8de
You can easily wipe the BIOS.

~~~
nemetroid
Sure, but it's unlikely a thief would.

------
locci
He left all that in a parked car?

The faith people on the other side of the Atlantic put in strangers astonishes
me every time. Leaving the keys to your car inside the car, leaving the front
door open go against the most basic sense of responsability I've been taught,
to the point that I feel uneasy the whole travel when I have to leave the car
unlocked while on a ferry boat.

L'occasione fa l'uomo ladro - Opportunity makes a thief

~~~
noahc
It's weird to me that you WOULDN"T feel secure doing that. I grew up in a
rural community where you left your car keys in the car and the door unlocked.
It wasn't uncommon to see $100,000+ pieces of farm equipment sitting out in
the field with the keys still in them.

To me it seems odd that you would tolerate having to lock everything up.

~~~
aangjie
I will observe that farm equipment vs electronic equipment usually have a huge
difference in physical size. Also you seem to be referring to motorable farm
equipment.But i assume they don't have a very good speed.* *- I may be wrong
about the speed limit part.

------
ck2
I am questioning these "discoveries" about prey - from their FAQ

    
    
       My computer/phone was stolen but Prey wasn’t installed on it. 
       Is there something I can do?
    
       Not much, since you must install Prey before the actual theft takes place. 
       If Prey isn’t installed (or if it wasn’t correctly set up) 
       there’s no way we can track your device to see where it is. Sorry!

------
forget_passwd
Prey looks cool, but... a non-ssl sign-up/login? Ridiculous!

~~~
mike-cardwell
The login/signup/control panel all used to sit on "control.preyproject.com". I
wrote a HTTPS-Everywhere ruleset for it at the time to force it onto https. It
seems to have moved to "panel.preyproject.com" now though. https does exist
there, but it's not redirected to by default.

Anyway, I've just wrote an update for the HTTPS-Everywhere PreyProject ruleset
for this and requested that it is pulled in to the main repo. It's currently
sat here:

[https://github.com/mikecardwell/https-
everywhere/commit/aa9f...](https://github.com/mikecardwell/https-
everywhere/commit/aa9f2f70f7c69b19c30feb1ead4462a8b8f92adf)

But they're usually quite quick to pull in my rulesets.

~~~
forget_passwd
That's good news, thanks!

------
thedangler
Site must be busy. Taking forever for me to get registered.

------
pacomerh
I like this product but what are the odds of this story being a hoax just to
promote it.

~~~
sorbus
Given that Prey is free, open source, and has been around for quite a while, I
think that it's fairly unlikely that this is a hoax.

~~~
pacomerh
Good point

