I always wonder if these are actually just astroturfed advertisements for HiddenApp. They always seem to follow a pretty common pattern [1] of a small collection of images of people showing them doing silly things, and the name of the HiddenApp utility is always named at least once, with a link, in the article. Probably the cynic in me, as the laptops do seem to be found eventually....
I had the same thought when I saw the obvious product mention and link. They've built a page which is destined to get many inbound links from high ranking sites. This page has exactly one outbound link (to Hidden), and a clear topic of laptop theft.
Real or fake, it's going to help Hidden's search traffic.
[Edit: Also, how many people really set up a separate blog just for a specific event like this? Setting up free blogs like this with very very narrow topic is yet another extremely common black hat SEO trick]
I thought it was just cynical old me thinking this, in fact as soon as I saw a hyperlink to HiddenApp I had my suspicions.
However, if I were trying to sell HiddenApp I'd probably not make a point of demonstrating that even with the app sometimes your laptop ends up in Iran with no hope of recovery.
Then again, just getting people to talk about the product is good advertising for their product.
The telescope picture shows a date of "21 Farvardin" which corresponds to April 10th. If he has been monitoring his laptop for a month, this date would've probably been earlier than yesterday.
I hate to spoil the fun, but she may well just be someone the thief sold the laptop to. Unless there's some unmentioned reason to believe she's not innocent it shouldn't be acceptable to spy on her and post her activities online.
Either way, it's stolen goods that need to be returned to the owner. You don't tell the owner of a car "too bad, your stolen car was bought in good faith by a third party".
It's a ethical question more than a legal question. Perhaps they did not buy the laptop, maybe someone else in their family did and they are merely a bystander.
* Do they have an expectation of privacy?
* Does this violate this expectation?
* As a deterrent for buying stolen property does this possible violation outweigh the benefit?
Consider a school which loans out laptops to its students but then uses the laptops to spy on the students. Or a company that backdoors its product so that when it is pirated they can spy on the users that pirated the software, perhaps uploading all their email to tumblr.
* Would such an action ever to ok?
* Where do you draw the line?
* What if you inform people that you are going to do this? How loud of a notification do you need to be justified (tiny sticker on the back of the laptop)?
> A suburban Philadelphia school district is agreeing to pay $610,000 to settle two lawsuits brought by students who were victims of a webcam spying scandal in which high school-issued laptops secretly snapped thousands of pictures of pupils.
But that still doesn't justify invading their privacy in this way. Yes, the laptop should be returned - no, you don't have free reign to do what you like with their usage of it.
What are the rules about publishing photos taken automatically by the stolen property of one person from the UK when that property is in Iran (or any other country)?
Are there rules?
Clearly, a legal opinion on this will be complex, to say the least.
- she's not a minor (as far as we can tell) so having/publishing her pictures are not illegal in the UK.
- She's not a UK resident or have established a valid UK contract, or contact UK authorities about international law concerning rights to the use of ther image
So, i'd say it's pretty legal. Douchbaggery, but legal.
If i were on his place, i'd get enough personal information to 'convince' (wink wink) her that it was her best interest to return my property and report the seller (if that was the case) the local authorities.
Also, since he never mention that he tried to contact her, it makes him 10x more idiot.
The location of the laptop has nothing to do with it. It is the behavior of the publisher that is unethical and/or illegal. If the Iranians have a cause of action against the publisher in the UK based on privacy laws, they would have standing to bring a suit in court in the UK. They don't have to be citizens to do that.
because if they don't know that they're goods are stolen, they haven't done anything wrong and there is no reason why their privacy should be allowed to be violated
NOTE: This is what is called a 'rhetorical question'. I'm not trolling.
> Shouldn't he be able to use it as he sees fit?
Say it ends up in the wheelhouse of an old oil tanker and the Captain prefers its GPS and maps application to the 1980s-era thing built in to the ship. If the legitimate owner of the laptop "saw fit" to modify the displayed GPS coordinates such that a catastrophe ensued, "shouldn't" he be able to do that?
After all, it's not his fault that a coastline packed with baby seals was standing in front of it.
That gets into the territory of intent. If he intended to crash the ship, then it's illegal. If, in the normal course of working on his laptop, he changed the map's endpoint to somewhere else (say, the local Wal Mart), he did not intend to crash the ship.
Is Dom intending to cause harm with these pictures? Is he actually causing harm? Those are the relevant questions.
But for a portable 'personal' computer like this Mac laptop, it's difficult to "use it as one sees fit" in the normal way when it's in Iran. Sure, it's possible he could make a remote connection and continue to edit documents on it or something. But in practice Dom is unlikely to get any real utility out of it by treating it as cloud server in the hands of untrusted parties. We probably all agree that Dom should be free to recover and wipe his own data from it, but that's purely an attempt to cut his losses rather than derive further "use".
So Dom continuing "to use it as he sees fit" is not really possible. Nearly everything Dom can do remotely to this computer will be inseparable from his intent with respect to effects on these other parties.
Look at the pictures. Who do you think needs the laptop more? I think it's better (and probably all we can do) to inform the Iranian police and plead with them them to just find and ask these people who sold them the laptop.
Whoever's ultimately responsible for the theft is in the US--finding the seller on the Iranian side will help you track down the person who ultimately stole it.
That makes sense. The US embargoes Iran, and I don't think it's legal to sell Apple products to Iran (since Apple is based in the US), so they go on the black market.
I'm not sure though, since it's impossible for me to picture any Persian shabab without his iPhone :)
Would you be Ok with tracking their usage, finding their contact info and letting them know you know they have your stolen laptop and ask them to return it. If they don't comply with returning it, then does spying become acceptable?
I have absolutely no problem doing whatever I like to hardware that is stolen from me. However, mere spying doesn't get the message across.
I'd prefer to brick the unit. A nice fast erasure of the firmware would be good, though reflashing the unit to display an "I'm stolen" message would be better. You could even request payment for an unlock ("This is stolen, but you can buy it from me.")
Remotely brick the device in EFI, so it's completely and utterly useless without taking it to an Apple store, maybe even to swap it for an entirely new machine once you verify ownership.
Obviously this will just cause the thief (or person who bought the stolen goods) to discard the machine - so why not offer an incentive?
When the machine boots, show a message from EFI - 'take this device to any Apple store for a $200 reward', or some such.
(Obviously there are some kinks to work out, but surely we can think of something)
You guys are all so nice. My first thought was to gather as much personal information from these people as possible and then blackmail them into returning my notebook to me. This obviously only works when the stolen property is in a country like Iran; I doubt that you could get away with this in the US.
That said, I agree with earlier posters that this is probably a b.s. story made up for SEO purposes.
I'm using Undercover and it actually has a mode like this, it's called Plan B, and when activated it shows a simulated screen with an error as if something went wrong. What happens next is uncertain though, supposedly the owner should bring it to an Apple Store and they should detect it was stolen.
If they know the device is stolen and don't cooperate with legal authorities, aren't they as criminally liable as a private individual who buys a stolen device and doesn't care about it?
But if you throw someone in jail when they give it back, then there's still no incentive to return it. You could arrest someone who repeatedly returned laptops, but that just makes the loop condition 'for person in friends + family'.
Seeing this peek into normal Iranian culture got me thinking...
I wonder if "encouraging" theft of devices with hidden tracking apps like the one in the article is an effective way for an intelligence service to gather information within a country.
I also wonder from the peace or humanitarian side if similar windows into the lives of average Iranians (or other cultures) will help to push for normal (read: non-hostile) relations.
I have been on this planet long enough to know that every time I or somebody else says "I wonder if", it has probably already happened. Even more than that, it probably is already established principle for so long and to such a degree that the people following through with the "I wonder if" are already kind of bored of it and moved on to even more outlandish stuff.
Windows into lives of average Iranians are widely available f.ex. through books and actually good Iranian cinema (one of which won an Oscar). No need to spy with laptop cams, seriously, and politicians don't care that people are nice.
This is pathetic. You're violating the privacy of families who've certainly done nothing wrong (laptop thieves resell their gains to unsuspecting customers). HN shouldn't support this.
I agree,I find this irresponsible. If it was her who stole it, great then go ahead. But I highly highly doubt she has anything to do with this, she just bought a laptop for cheap, probably after saving up lots of money, and now all her actions are being posted online for the world to laugh at.
It is an extraordinary claim to say that they "certainly" did nothing wrong. You don't know that, and just as viable of an explanation (even more seemingly logical) is that this is the family of the thief.
However if we accept your notion that they have "nothing" to do with it, the secondary market is what props up the theft market. Many people buy goods from shady actors and with shady pasts ("Oh I've totally lost every supporting component..."), knowing how the sausage is made. Those people should worry about the goods, and hold some culpability in it.
Wonder if these folks know it's stolen or if they bought it second hand. If the latter, then I feel sorry for the sith lord whose face is now plastered all over the internet.
I'm sure that Dom could have posted some more embarrassing/humiliating pictures (ie: the girl picking her nose or something) but he kept it light and humorous. Good to see that some people have a sense of humor.
Ultimately the axe to grind is not with these people. They seem to be folks who bought the product at the end of the day. It may have changed hands multiple times, and shaming these people isn't justified,
Though I should admit that I'm surprised that it wasn't wiped before resale
I use encrypted folders on my laptops for sensitive stuff. I auto log into single user mode just for this risk. My ssh server inits on startup, and my webserver mails me whenever my daily crons run with the current IP included.
What is the legality of hijacking the computer that was stolen from you? You could put a keylogger, get their gmail, bank, or anything else. Show a message on the screen saying: this laptop is stolen, please return it. If they don't - make their life not fun by destroying anything you can get your hands on. Granted since its in Iran I think you could get away with doing anything but what about USA resident && USA thief?
My guess is a lawyer would say: "it depends". On a lot of things like: What country/jurisdiction the (owner, theft, purchaser, end user, prosecution or lawsuit) was in, what harm the user suffered, intent of the various parties, and so on.
That's an interesting question. I dunno. It still is your laptop, and they are an unauthorized user. You should be able to log anything you want on your own system.
In this specific case, I think raising the awareness of the danger of insecure and omipresent webcams and microphones is a lesser evil than the violation of privacy of this (effectively anonymous) family in Iran. A few relatively innocuous cases like this 'going viral' may be better than letting the truly bad guys keep their playground full of perpetually ignorant users.
I tweeted @hiddenapp 20 minutes ago to ask if this is legit or marketing. No response yet, though I'm pretty sure they're looking at their feed to capitalize on the publicity. Most likely a marketing stunt in my opinion. If turns out to be that, very dodgy.
I found this interesting for a different reason, the Iranian connection.
So there are like a bazillion sanctions on Iran and importing products into Iran is a big transgression, so somethings are hard to come by. One such thing is apparently laptops. The creates a huge black market for them. There isn't a good Chinese counterfeit item (although there are for the accessories)
So stealing these things is currently profitable. But the interesting point was an Iranian guy who out of the blue called me up and offered to buy any "not too old laptops we weren't using" for nearly list price. I was pretty amazed until I figured he was making the profit on the other side.
This is obviously a publicity stunt. Or perhaps the thieves erased all of the data and set up a new user account... But then HiddenApp wouldn't be on the computer anymore.
Or maybe the original user was too dumb.
Or, most likely:
This is staged, and a publicity stunt. No other explanation.
Someone else mentioned that the app in question suggests opening up a guest account for this purpose on their site (i.e. your personal files are protected, but the thief can still use the computer).
Because if it was password protected the thief would just reformat the laptop and there's no chance of recovery. Allowing them to use the PC allows the software to phone home.
The "similar service" is really only the Find My Mac thing. These apps usually include taking screenshots, taking webcam pictures, simulating error screens, keyloggers, etc..
They most likely do, both password and FileVault. The idea is to intentionally leave a barely-functional Guest account available to anyone who opens the laptop. Those in possession of the laptop start using it and the tracking software phones home with location, photos, etc. This is even a best-practice suggested by Apple; its quite effective.
Normally I'm all for bricking these units or fun shenanigans.
But in this case isn't there a case for some cross-cultural education?
Popping up a message asking for information about Iran; language and culture and customs and how the black market works and etc etc?
(Not speaking any Iranian languages isn't a problem. There were about 100,000 people in 1990 speaking Farsi in London - there will be many more today.)
I'm curious on the status of the iPad. Surely you can do a "find my phone" with an iPad like you can with an iPhone? So either the iPad has never been turned on and connected to wifi, or the author has that feature disabled?
Or, to mesh with the conspiracy theory theme in this thread, perhaps it's not mentioned because Hidden doesn't have an iPad app?
For some reason I find pictures of people's faces when they're using computers really off putting. Every has this hollow, empty expression, like they're looking into some void.
But these people probably didn't knowingly buy a stolen laptop. That kind of reselling happens all the time.
As others have stated, it's a single-purpose blog with a single out-bound link (to HiddenApp). It's going to send a lot of traffic their way regardless of whether or not they are the ones behind it.
I question the geo location data. Every thing i used to get my location with my ip addresse put my location at least ~75km off my real location. Does this software use more?
I guess that it depends on the ISP (for general area location) or the Wi-Fi SSID and MAC (for exact location). I just ran an HTML5 geolocation demo http://html5demos.com/geo from my wi-fi connected laptop, and the location is less than a couple of meters off. It even shows the correct corner of the building, where my apartment is.
If it's that wildly off then they're probably just using the IP address to do a WHOIS and basing the location on the details reported by the ISP, which tends to be wherever the largest office of the ISP is located.
Just send an email to this woman---she might send your mac back!
My wife just told me that Iranians, like the ones in this case, don't like to use stolen things.
Maybe these people bought the laptop as a used laptop from eBay without knowing it was stolen. It's no good to break their privacy and show their pictures like that. But this article must be a troll otherwise why someone would create a new tumblr page for stolen laptop?!
BTW despite being a muslim, they drink Hennessy. LMAO!
[1] http://thisguyhasmymacbook.tumblr.com/