English Français

Pombo - FAQ

What does "Pombo" means ?

Pombo is the Portugese word for "pigeon". Pigeons have a deep-rooted instinct to go home.

Why did you write Pombo ?

Because I was not satisfied with other solutions. They either:
Pombo is a typical "scratch-an-itch". I decided to publish it because it may help other people. And because nobody should have to pay for such a simple service.

How does it compare to Adeona ?

Adeona does not take a screenshot, and takes webcam snapshots only under MacOSX. Adeona relies on distributed storage system (OpenDHT) which seems to be unreliable at the time (see message on Adeona site).  Adeona program is a service, constantly running.
Adeona works under Linux, MacOSX and Windows (Pombo runs only under Linux and Windows).

How does it compare to Prey ?

(I discovered Prey just after I finished Pombo, duh! ). Prey does almost exaclty what Pombo does. Prey works under Linux, MacOSX and Windows.
Prey sends the reports by email (Pombo uses HTTP). Reports are not encrypted. Computer tracked by Prey will only start sending reports if you tell them so (by creating a special URL).

Does it work under Windows ?

Pombo 0.0.6 runs only under Linux. Version 0.0.7 can run under Windows. It was developed by BoboTiG.

Does it work under MacOSX ?

It may. If you manage to have all programs required by Pombo, this will probably work (I haven't tested).

Is it bullet-proof ?

Of course not ! If the thief wipes the harddisk, Pombo is gone for good (and so is your computer).
That's why it's important to enable auto-login: If the thief can access the "internet" after booting the computer, he/she will be less tempted to use his/her Windows CD to reinstall the system. Yes, most thieves are computer-illiterate and will be happy if they can login in their Facebook account with the "Internet" icon.

How can I protect my data if my computer uses auto-login ?

Disabling auto-login will not help you improve your privacy: Once someone has physical access to your computer, it can access all files and gain root access, auto-login enabled or not. If you want to protect your data from prying eyes, encryption is the only way (TrueCrypt is very good).

Is there a way to prevent the webcam LED to light up then taking a snaphot ?

I'm afraid not. But most people won't notice.
You can disable the webcam snapshot if you want (Use the source, Luke !)

Why didn't you simply send a mail instead of using a webserver ?

Because there is an increasing number of ISP which simply cutoff all outgoing connexions on port 25 (smtp, for mail) in order to defeat spambots. I don't know an ISP which blocks outgoing HTTP requests yet.

Why php on the server side ?

Because it's much easier to find a host which supports php than Python. In fact, it's hard to find a host which does not support php.

With this php script on my server, anyone can send files !

No, only those who have the correct password.

If the thief steals my computer, he has the password and can decrypt my files !

No. The password is not used to encrypt the files, but to authorize uploads on the server.
You can only decrypt the files with the private key corresponding to the public key you installed (which is completely unrelated to the password used in Pombo).
Private key (used to decrypt files) cannot be deduced from the public key used to encrypt. As a matter of fact, nor the tracked computer nor the server can decrypt the files.

If the thief steals my computer, he can mess up the .gpg files already uploaded !

No, the php script will refuse to erase or overwrite any existing file, no matter how hard you try (that's the purpose of the 'x' option in the fopen() command).
Even with the correct password, the hacker won't be able to touch already-uploaded files. The worse he/she can do is upload a lot of .gpg files, presumably very big dummy .gpg files to clog your server. But this is very unlikely.