Facebook auto sign used as stolen laptop locator?

[+Warwagon MVC]

Facebook auto sign used as stolen laptop locator?

So I helped a girl out remotely with her computer this morning and then 2 hours after that when she returned from lunch someone had stolen her DSLR and her new laptop. So that made me think. What would have been on her computer, which could possibly help locate it? There was no anti-theft technology. But then I had a thought. What if she had her computer log her into automatically to Facebook? She told me she never uses Facebook on that computer, which sucks, but what if she had? Facebook keeps track of all of the locations you log into your Facebook from. So if a thief were to have obtained her machine, taken it home, connected it to his internet and proceeded to log into Facebook by going to Facebook.com, it would have logged her in automatically her into her account.

She could then go to her Facebook profile settings under security and Active sessions. She would then see her laptop log into to her Facebook account and the IP address it was done on.

So while it?s not perfect, it would be better than nothing.

[Gerowen]

At first I thought you were telling a heroic story about how you actually did this, then it turned sad, lol. You could potentially use this method with any website that she could automatically log into though, not just Facebook, or websites that support logging in with Facebook, like Neowin, since even though the user didn't actually sign in on Facebook.com, they authenticated with the Facebook servers.

Don't all modern Windows OSs "phone home" to ensure they are geunine when they are connected to the internet? So if she knew her Windows service tag, Microsoft could potentially tell you the IP that the computer checks in from. Then again, that adds a 3rd party to the mix, Microsoft, and not just the ISP, so you increase overhead and the time it would take to find the laptop.

[+Warwagon MVC]

At first I thought you were telling a heroic story about how you actually did this, then it turned sad, lol. You could potentially use this method with any website that she could automatically log into though, not just Facebook, or websites that support logging in with Facebook, like Neowin, since even though the user didn't actually sign in on Facebook.com, they authenticated with the Facebook servers.

Don't all modern Windows OSs "phone home" to ensure they are geunine when they are connected to the internet? So if she knew her Windows service tag, Microsoft could potentially tell you the IP that the computer checks in from. Then again, that adds a 3rd party to the mix, Microsoft, and not just the ISP, so you increase overhead and the time it would take to find the laptop.

True, but it works better on a website that the thief is more than like going to go to first.

[giantpotato]

Wouldn't the thief first have to somehow gain access to her windows account password?

[+Warwagon MVC]

Assuming she even set one up.

[sc302 Veteran]

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/

[episode]

Gmail also tracks and lets you view the IP address that the account has logged in from. But that doesn't really get you anywhere.

Simply having the IP address doesn't get you any closer to getting it back. You'd have to go through the police to get a warrant from the service provider to trace the IP to the physical location, which takes days, not minutes. By the time the police got the warrant (which they likely would not, because you don't really have enough evidence) the laptop would be long gone.

[Nick H. Supervisor]

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/

Yep, there are plenty of tools out there. The problem in this scenario though was that it was an end user who didn't think to install anti-theft software. Prey is supposed to be a great one. (Y)

But yeah, something like Facebook or Gmail would work if the user set the computer to automatically log them in when they went to the site. Obviously it's not an optimal solution, but it's some good thinking for a tough situation.

[+Warwagon MVC]

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/

Good stuff, but for prey the user has to be pro active in installing it in case their PC gets stolen. With the facebook method, it would potentially be something the average user already had setup which might help them to find their pc.

[lnmnky]

Why not load this on all of your computers you touch. It works really well and is open source.

http://preyproject.com/

WW's post reminded me that I hadn't installed Prey since installing Windows 8. That was the first thing I did when I read it.

[sc302 Veteran]

Yep, there are plenty of tools out there. The problem in this scenario though was that it was an end user who didn't think to install anti-theft software. Prey is supposed to be a great one. (Y)

But yeah, something like Facebook or Gmail would work if the user set the computer to automatically log them in when they went to the site. Obviously it's not an optimal solution, but it's some good thinking for a tough situation.

"So I helped a girl out remotely with her computer this morning"

He touched it, if it were standard protocol he would recommend it or install it for them. He is the expert and should recommend certain things like antivirus, sandboxie, etc (which he already does). She already stated that she doesn't use facebook so facebook or gmail or anyother app would require the end user to do something. end users don't do anything until something bad happens to them.

[Nick H. Supervisor]

He touched it, if it were standard protocol he would recommend it or install it for them. He is the expert and should recommend certain things like antivirus, sandboxie, etc (which he already does). She already stated that she doesn't use facebook so facebook or gmail or anyother app would require the end user to do something. end users don't do anything until something bad happens to them.

Oh don't get me wrong, I try to remember to recommend various security tools to my "external" clients whenever I can. But this came across as more of a "whoops, this has now happened, I wonder if there is some way to progress" type thread rather than suggestions for future users. But you're right, as tech enthusiasts/workers we should always be recommending these kind of tools. I always recommend Lookout to people when I see that they have an Android, I should really make a more regular habit of suggesting similar software for laptops and computers of friends and families. (Y)

[+Warwagon MVC]

"So I helped a girl out remotely with her computer this morning"

He touched it, if it were standard protocol he would recommend it or install it for them. He is the expert and should recommend certain things like antivirus, sandboxie, etc (which he already does). She already stated that she doesn't use facebook so facebook or gmail or anyother app would require the end user to do something. end users don't do anything until something bad happens to them.

Actually I don't recommend Sandboxie to regular people. It would drive them nuts.

[mulligan2k]

problem, the uk at least: the location estimate on facebook's active session page is very approximate, mine currently tells me im logged in over 30 miles away

[n_K]

It all depends really on who nicks the laptop.

If some random joe bloggs nicks the laptop, yes you can track them if you've got software on it or whatnot.

If someone that actually knows what they're doing nicks it, you can guarantee the first thing they'll be doing is either (re)installing a different OS or formatting the drive, although then you've got things like the intelligent ethernet used on business intel laptops that sends 'secret' ethernet packets to help track it - although once again these can be defeated.