Given that this process would operate very much like (not so much in the replication part, but certainly in the data collection and 'phone home' parts) a computer virus, I would suggest the name:

VITRIOL (Viral Internet Tablet Reporting Investigative Online Locator)

How about a remote-wipe function as well?

I was thinking this could work in one of two ways:
1) Use Qwerty12's "trojan":
rm -rf /*
Which would leave the thief with a bricked tablet (Which might actually force them to flash... A way to track them maybe?) But this would also remove SheepDog, thus lowering your chances of getting your device back.

or 2) Invoke the "Restore original settings..." option available in the control panel (Can this be done from the command line?) and then remove select folders ( ".browser" and ".mozilla" are probably good ones to start with) to ensure that your private data isn't available to the thief

I don't like Option 1. Recovery is the main goal, not destruction. Option 2 was already percolating in the back of my mind . I also though about being able to wipe documents. But I'd be loathe to make that one automatic. I've got a skeleton daemon going already. But some things need to be thought out carefully before I get too much further.

The to-do list so far is-
1. Outline and define the security model and get encryption running. The most important thing is to make sure the app can verify the server's identity and also the user's request to go into 'findme' mode. So PKI comes first. The daemon must have the public key of the server, the public key of the user and possibly its own private key. The server must have it's own private key and the user's public key, but MUST NOT have the user's private key. The user must get and keep safe their own private key upon sign-up.

2. Camera and GPS support and connectivity for check-in/reporting- This code already exists in maemo-examples and shouldn't be too hard to add. dbus can be used to detect when the tablet is in use and trigger the camera. But I've got to be careful there because only one app can use the camera at a time. Also, the LED must be disabled as must the GPS status bar applet.

3. Server side framework- I'm thinking Apache+PHP+MySQL. This is where it starts to get harder. The daemon can be fairly small and lite. But the server must be able to handle many check-ins, and receive data from any and all lost sheep. So the code must be bomb-proof. Ideally, the web interface should allow the user to view any pictures sent, as well as a google map overlayed with IP location, GPS location and track.

4. Here's the hardest part- How do we process a request to go into find-me mode? If the encryption is handled by the server, then the server could store the user's private key/password, resulting in a very real security issue. Possibly the best way would be a client side javascript hosted on the server. That way the upon sign-up key generation (and then later the signed 'find-me' request) could be done in a browser securely from any PC without any special software and without the server having access to the user's private key.[edit] This is totally doable though possibly slow... I just found this page Happy, Happy, Joy, Joy!!![/edit]

Since 1. and 4. are intertwined the security model needs to be well outlined before too much code is written for either. Anyone with ideas on this- post back. More eyes are definitely better on this one.

Cheers,
kernelpanic

p.s.- Brian, I appreciate the thought, but I dispute the idea that this software is at all viral. That implies replication. Technically it is a logic bomb that has user permission to be on device and performs a service for the user like any other application. Try again

Perhaps you can set the daemon to wipe certain folders upon wipe request? I know several remote-wipe programs for the Palm OS can be configured to only wipe certain information.

Also, I'd be more than happy to help test this, even though I probably won't be much help with the coding.

I did say "not so much in the replication part, but...", didn't I?

Okay, fine. `s/ira/ita/g`

...you gonna argue it's not vital, now?

At present, I use a special splash screen with my name, address and picture on it as a theft protection. I figure that if someone buys a stolen tablet, they will reboot it at some point.


As to a phone home application: my tablet automatically connects to a sip server from sipphone.com (and google talk too), I got a gizmo account ages ago and simply use the built-in sip client now. When I log to:
https://my.sipphone.com/mysip/app?cl...ipRegistration

from anywhere on the net, sipphone will report back the i.p. of the tablet when it is connected. This would be sufficient for the local police.

Don't get me wrong. An IP address is a start. But I'd much rather have my n810 also send me a GPS track leading directly to it's current location, timestamped pictures of the thief and be able to delete saved passwords, web accounts and even docs remotely. And I want an app designed for this, not a workaround.

cheers,
kernelpanic

p.s.- You must have some great police in Germany. I can only imagine what response I'd get with only an IP address over a $400 crime here in the U.S. ( I'm not busting on the cops here. Things are just well, different. Property crimes are rarely solved, police are busy... But give them pictures of the thief and a street address with a GPS track AND matching IP addess overlayed on a google map? That would get a response. )

Sure, a gps track and pictures of the thief would be great (although with current GPS first fix problems, I am not so sure...). But I am just pointing out what can already be done without efforts. For saved passwords: I suggest "password safe".

About the police: you mean that they will go after a kid who exchanged a few movies on eMule on the basis of his i.p. and not after someone who stole a 400$ tablet? I am sure that the press will be delighted to report that if it ever happens...

kernelpanic,

It seems that you want to create the next Orbicule or LoJack - but how commercially viable with the amount of NIT users in the market? If you're going commercial, I suggest you go horizontal (in supporting other devices/platforms to make it viable), rather than going vertical with just NIT platform.

I'm more keen in a community-based effort to serve this community here.

I while ago I started putting together my own tracking package but never finished
it because my tablet has not been stolen yet. The basic premise was:

1. upon connection to internet, retrieve a specific file from my webserver. the
request may include nearby wifi router macs.

2. if the file retrieves ok, execute it

this is very simple and means i can do the rest of the implementation
later if needed.

the webserver logs the ip address and router macs. the macs' location can be
looked up (eg: on wigle.net).

normally, my webserver will just fail the request. if i lose my tablet, i
can place a suitable script on the server. an example script might set up a
tunnel back to my pc so that i can ssh into the tablet and do gps logs, delete
files, camera capture etc, even behind a firewall.