A team of University of Washington security researchers has released a free, open-source system for tracking lost or stolen laptops, arguing that the system's architecture is more reliable and ensures privacy to a greater extent than existing proprietary services.
The four researchers behind Adonea, named after the Roman goddess of safe returns, will publish the details of the foundations of their design and an analysis of its security and privacy properties in a research paper at the 2008 Usenix Security Symposium this weekend in San Jose, California.
The two main differences between Adonea and the various existing, proprietary laptop-tracking systems are that it allows the user to be independent of any third-party service and that it preserves the user's privacy, the researchers said.
The data captured by the client software — location information and, for the Mac OS X version, images captured by the built-in iSight camera — is encrypted so that only the user can access it.
"Unlike other systems, users of Adeona can rest assured that no-one can abuse the system in order to track where they use their laptop," the researchers said in the project's documentation.
Adonea is based on a freely downloadable client, which continually monitors the laptop's current location and sends information such as IP addresses and local network topology to an open-source distributed storage service called OpenDHT.
The information is stored there in an encrypted state, meaning only the user or a designated agent can retrieve it, the researchers said.
The system is designed to appeal to those who see commercial tracking systems as a holding the potential for an invasion of privacy.
"Even while the device is still in the rightful owner's possession, the (proprietary) tracking system is keeping tabs on the locations it (and its owner) visit," the researchers noted. "Worse, with some commercial products, even outsiders (parties not affiliated with the tracking provider) can 'piggyback' on the tracking system's internet traffic to uncover a mobile-device user's private information and/or locations visited."
The researchers admitted that Adonea doesn't currently incorporate technology designed to make the software difficult to uninstall. By contrast, commercial services such as Absolute Software's Computrace embed software in the BIOS, making it more difficult for thieves to circumvent.
The University of Washington developers argued that a motivated and skilled thief will always be able to disable a tracking system, no matter how well protected it is.
"The Adeona system was designed to protect against the common thief; for example, a thief that opportunistically decides to swipe your laptop from a coffee shop or your dorm room, and then wants to use it or perhaps sell it on online," the researchers noted.
In many cases, such thieves will not be savvy enough to remove Adonea from the system, they argued. "While device tracking will not always work, systems like Adeona can work, and it is against the common-case thief that we feel tracking systems can add significant value," the researchers wrote.