Jump to content



Photo

Facebook auto sign used as stolen laptop locator?


  • Please log in to reply
14 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 12 November 2012 - 22:12

Facebook auto sign used as stolen laptop locator?

So I helped a girl out remotely with her computer this morning and then 2 hours after that when she returned from lunch someone had stolen her DSLR and her new laptop. So that made me think. What would have been on her computer, which could possibly help locate it? There was no anti-theft technology. But then I had a thought. What if she had her computer log her into automatically to Facebook? She told me she never uses Facebook on that computer, which sucks, but what if she had? Facebook keeps track of all of the locations you log into your Facebook from. So if a thief were to have obtained her machine, taken it home, connected it to his internet and proceeded to log into Facebook by going to Facebook.com, it would have logged her in automatically her into her account.

She could then go to her Facebook profile settings under security and Active sessions. She would then see her laptop log into to her Facebook account and the IP address it was done on.
So while it’s not perfect, it would be better than nothing.


#2 Gerowen

Gerowen

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 28-August 05
  • Location: Hills of Kentucky
  • OS: Ubuntu Linux

Posted 13 November 2012 - 03:51

At first I thought you were telling a heroic story about how you actually did this, then it turned sad, lol. You could potentially use this method with any website that she could automatically log into though, not just Facebook, or websites that support logging in with Facebook, like Neowin, since even though the user didn't actually sign in on Facebook.com, they authenticated with the Facebook servers.

Don't all modern Windows OSs "phone home" to ensure they are geunine when they are connected to the internet? So if she knew her Windows service tag, Microsoft could potentially tell you the IP that the computer checks in from. Then again, that adds a 3rd party to the mix, Microsoft, and not just the ISP, so you increase overhead and the time it would take to find the laptop.

#3 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 13 November 2012 - 03:57

At first I thought you were telling a heroic story about how you actually did this, then it turned sad, lol. You could potentially use this method with any website that she could automatically log into though, not just Facebook, or websites that support logging in with Facebook, like Neowin, since even though the user didn't actually sign in on Facebook.com, they authenticated with the Facebook servers.

Don't all modern Windows OSs "phone home" to ensure they are geunine when they are connected to the internet? So if she knew her Windows service tag, Microsoft could potentially tell you the IP that the computer checks in from. Then again, that adds a 3rd party to the mix, Microsoft, and not just the ISP, so you increase overhead and the time it would take to find the laptop.


True, but it works better on a website that the thief is more than like going to go to first.

#4 giantpotato

giantpotato

    Neowinian Senior

  • Joined: 27-January 04
  • Location: Montreal, Canada

Posted 13 November 2012 - 04:14

Wouldn't the thief first have to somehow gain access to her windows account password?

#5 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 13 November 2012 - 04:18

Assuming she even set one up.

#6 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 23
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 13 November 2012 - 15:15

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/

#7 episode

episode

    Neowinian Fanatic

  • Tech Issues Solved: 3
  • Joined: 11-December 01

Posted 13 November 2012 - 15:20

Gmail also tracks and lets you view the IP address that the account has logged in from. But that doesn't really get you anywhere.
Simply having the IP address doesn't get you any closer to getting it back. You'd have to go through the police to get a warrant from the service provider to trace the IP to the physical location, which takes days, not minutes. By the time the police got the warrant (which they likely would not, because you don't really have enough evidence) the laptop would be long gone.

#8 Nick H.

Nick H.

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 28-June 04
  • Location: Switzerland

Posted 13 November 2012 - 15:20

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/

Yep, there are plenty of tools out there. The problem in this scenario though was that it was an end user who didn't think to install anti-theft software. Prey is supposed to be a great one. (Y)

But yeah, something like Facebook or Gmail would work if the user set the computer to automatically log them in when they went to the site. Obviously it's not an optimal solution, but it's some good thinking for a tough situation.

#9 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 13 November 2012 - 15:22

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/


Good stuff, but for prey the user has to be pro active in installing it in case their PC gets stolen. With the facebook method, it would potentially be something the average user already had setup which might help them to find their pc.

#10 lunamonkey

lunamonkey

    Ten years on Neowin.

  • Joined: 28-May 03
  • Location: Swindon, England

Posted 13 November 2012 - 15:23

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/


WW's post reminded me that I hadn't installed Prey since installing Windows 8. That was the first thing I did when I read it.

#11 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 23
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 13 November 2012 - 15:23

Yep, there are plenty of tools out there. The problem in this scenario though was that it was an end user who didn't think to install anti-theft software. Prey is supposed to be a great one. (Y)

But yeah, something like Facebook or Gmail would work if the user set the computer to automatically log them in when they went to the site. Obviously it's not an optimal solution, but it's some good thinking for a tough situation.

"So I helped a girl out remotely with her computer this morning"

He touched it, if it were standard protocol he would recommend it or install it for them. He is the expert and should recommend certain things like antivirus, sandboxie, etc (which he already does). She already stated that she doesn't use facebook so facebook or gmail or anyother app would require the end user to do something. end users don't do anything until something bad happens to them.

#12 Nick H.

Nick H.

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 28-June 04
  • Location: Switzerland

Posted 13 November 2012 - 15:31

He touched it, if it were standard protocol he would recommend it or install it for them. He is the expert and should recommend certain things like antivirus, sandboxie, etc (which he already does). She already stated that she doesn't use facebook so facebook or gmail or anyother app would require the end user to do something. end users don't do anything until something bad happens to them.

Oh don't get me wrong, I try to remember to recommend various security tools to my "external" clients whenever I can. But this came across as more of a "whoops, this has now happened, I wonder if there is some way to progress" type thread rather than suggestions for future users. But you're right, as tech enthusiasts/workers we should always be recommending these kind of tools. I always recommend Lookout to people when I see that they have an Android, I should really make a more regular habit of suggesting similar software for laptops and computers of friends and families. (Y)

#13 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 13 November 2012 - 16:44

"So I helped a girl out remotely with her computer this morning"

He touched it, if it were standard protocol he would recommend it or install it for them. He is the expert and should recommend certain things like antivirus, sandboxie, etc (which he already does). She already stated that she doesn't use facebook so facebook or gmail or anyother app would require the end user to do something. end users don't do anything until something bad happens to them.


Actually I don't recommend Sandboxie to regular people. It would drive them nuts.

#14 +mulligan2k

mulligan2k

    Neowinian

  • Joined: 20-February 04

Posted 13 November 2012 - 16:50

problem, the uk at least: the location estimate on facebook's active session page is very approximate, mine currently tells me im logged in over 30 miles away

#15 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 13 November 2012 - 16:51

It all depends really on who nicks the laptop.
If some random joe bloggs nicks the laptop, yes you can track them if you've got software on it or whatnot.
If someone that actually knows what they're doing nicks it, you can guarantee the first thing they'll be doing is either (re)installing a different OS or formatting the drive, although then you've got things like the intelligent ethernet used on business intel laptops that sends 'secret' ethernet packets to help track it - although once again these can be defeated.



Click here to login or here to register to remove this ad, it's free!