Adeona may have been the goddess of safe returns, but if a group of computer science professors and graduate students get their wish, they’ll be viewed as the patron saints of secure laptop computer data, thanks to their new open source software service named after the Roman deity.
Also, for those who worship at the altar of bargains, Adeona may indeed be a godsend: It’s free.
Adeona, the result of a yearlong joint research project at the University of Washington and the University of California, San Diego, allows users to track the location of lost or stolen laptop computers.
It’s designed to answer the needs of corporations and government entities that have seen an increase in personal data breaches because of missing laptops, as well as consumers who are putting more music, photos and memories onto their portable computers.
Security vs. Privacy
For one of the graduate students involved in the project, Adeona became a search for a truly private system for laptop users. “The research project at first was initially not about delivering a service for people,” Thomas Ristenpart, graduate student from UCSD, told LinuxInsider. “We were originally looking at the privacy implications of some of the device-tracking systems now on the market. But as we got into it, we realized we were going to develop a client that people would be interested in using.”
That interest stems from the fact that existing commercial laptop-tracking products involve someone besides the owner having access to personal data. Ristenpart has no information that any abuse has taken place, he said, but his team understood the concerns some users might have regarding those products.
How It Works
Users install Adeona onto their laptops, which then set up encrypted connections to the open source OpenDHT storage servers on the Web. If a user loses a laptop or is the victim of theft, another download and a password allows him to track his device via last-known Internet protocol (IP) addresses and Internet nodes that were used to connect to the missing machine. Users are the only ones to see the information about their laptops — not outside companies or law enforcement agencies.
“We think that one of the cool contributions of this type of research is not only can you develop a system that successfully tracks your laptop, but it can do so with privacy mechanisms in place. People don’t have to sacrifice privacy to get these kinds of benefits,” Ristenpart said.
Open Source Security
“I applaud services like this,” David Perry, global education director for the security company Trend Micro, told LinuxInsider. “It takes a village to protect your computer. … I think laptops should ship with this and, in fact, with proprietary devices like iPhones.”
Perry did have questions about whether an open source-based tracking system would itself be secure, since any developer would have access to the source code. “The fact that it’s open source makes the structure of security visible to the bad guys as well. … Corporations don’t open source security for that reason.”
Tracking systems focused on the hardware and not the data itself face challenges, Perry added. “The thieves steal the laptops, and within an hour throw them away like peanut shells. What they really wanted was the data, they wanted the identity on the laptop. … It turns out to be a liability because you can be tracked through it.”
"Corporations don’t open source security…" That’s interesting. Maybe David Perry should have a chat with the folks behind ClamAV, or OpenSSH, or SpamAssassin, or GnuPG, or … I trust security that can be independently reviewed much more than security that is full of hidden holes.