Hi,

I was browsing the other day and came across this (http://www.vbforums.com/showthread.php?t=576987)

Max, feel free to correct me if i am wrong.

The general theme is an application will run as a Service that will capture images through a built in web cam. The reason behind it is that it would capture images every 5 seconds and send them to a secure server and if the hardware gets stolen then the police can use the images to ascertain who has the device also using positioning devices to help locate the hardware.

My thought is that this could get used for other purposes that would not be legal. I don't like the thought that the images are being captured and sent as it could very easily capture me in a compromising position.

More concerning is that the device could be used by a minor <16 who is totally unaware and thus it may capture them in a state of undress. I would add that this may then mean that to service provider would be guilty of producing indecent images of a minor. (this would be my biggest concern)

What are the thoughts of the general community ?

Max whatever the outcome of this i wish you all the best with your project, Good luck.


Thanks


David

Nothing except people and their motives can ever be considered ethical or non-ethical. Even atomic bombs and computer viruses are ethically neutral. It's their usage that is generally considered "not-ethical" and that always comes down to the people using them.

Same thought as Jenner. What the software COULD be used for in not relevant.

Is a camera alone unethical because it can be used to take lewd pictures of minors? Is BitTorrent unethical because it can be used to pirate software? Is electricity unethical because it could be used to shock someone to death?

Someone using something for unethical reasons does not make the existance of the object or application unethical. There have been many stories that have come out of that type of software you are against being used successfully to regain stolen property. Even Apple has a a service that allows you to track location of your iPhone in case it is stolen or lost. Is that unethical becuase the same tech could be used to track and observe you? No.

Ahh You have got the slightly wrong end of the stick and I will correct you now.

It won't be taking snapshots from the webcam every 5 seconds this is just purley for testing purposes. The webcam will take one picture on start up and prob a couple more shortly after just for best chances of getting a picture after that the program will be de-activated until next boot up. As well as the pictures being uploaded the will be IP information and anything else that can possibly help.

Also as I have already explained there will be strict percedures in place to stop this program being used illegally. There will be no trial version of this software and all copies of it will have to be fully licensed which our server with authorize on each connection. The licensing will be tied to machine hardware and very strict so if one reason it thinks its on a different computer it will no longer work. We are happy to allow customers to move the software from one computer to another however the licensing is in place and strict to prevent illegal use of this software due to the private data involved.

Also to show are concern in keeping this data safe we are also going to make the Hosting facility sign a contract to ensure they will not access the data and for any reason if they do not to diclose it.

Another way to stop illegal use of this application will be that it will be a subscription service and not a one of payment for the application which means that people wishing to use it for illegal use are more put off the program and the second a subscription expires the end user is notified and the application is de-licensed and stops working.

As a last point to put across where this data is sent cannot be modified it is not stored in an external settings file or anything and can only connect to our server unless changed by us through a program update.

Also another note to add noone will be allowed access to the data apart from ourselfs. All data will be encrypted and protected and upon request from end user we will carry out several security checks of the user including a phoneback to the number on our database and a crime number from the End user and we will forward the info we have to the police. We will NEVER hand out any of this data back to the End User which will be stated clearly in the agreement of this service. Due to Data Protection however the End User can at any point request us to delete any data held on file for them at any point.

The police also have no access to the data we hold until a crime number has been given and the appropiate security checks have been carried out on the end user and only then we only forward the info for that user they can't access the whole data we have. The only exception being if the police have a warrant or a court order being handed to us then it is beyound our control.

I can assure you that every effort will be taken to make sure the data is secure and no leaks can happen and if in any event we decide that it is not possible to secure it to our satifaction then this project will die as we would not want to breach anyones privacy.

We can see this project being a massive help to end users as well as the police in cutting crime and recovering stolen hardware hence why we are working on this project.

If there are any concerns or questions then we are more than happy to answer. As said before the only thing we won't answer is how the program actually works as we are a business and do have to protect our work.

Regards,
Max

Also as I have mentioned to davadvice, all views are welcome I would really like to know what everyone thinks of this project, for and against. So please do leave your comments everything helps us as to decide whether this is a valuable project or not.

Regards,
Max

This discussion theme keeps popping up all the time because someone wants to automate a form submission but in some cases it's ethical and in some cases it's not. In and of itself, HttpWebRequest is a great class, I've known it for years, even went on vacation with it once. But it can be used for bad things. In the end, it's about the user's intentions.

A person downloading max's software will do so intentionally and knowing what it does. If this catches them in a state of undress, well, it's their fault, sort of.

As you say mendhak, the user is knowingly using the software and they know its operating however as said before the data will not be watched or monitored only its security to ensure its safety will be monitored and the only time it will be accessed is if the device its sitting on is reported as stolen with a crime number for the investigation.

Also the download of it (or as we are planning) will be protected and only those with a license are able to download it and no trial of the software will be given.

The fact that it also can't be modified to where it send data also helps the protection.

Please do use the poll that davadvice provided i would like to see the advice but also express your views in a post on this topic.

Regards,
Max

OK, let me add another bit to the mix - I know max carpenter from his posts and have seen him on VBF for quite a while. As a result, I lean towards giving him the benefit of the doubt, because of the association with stability that being on a forum for a long time involves. Making sense?

Also going back to your remark about a minor devadvice, I am going to be talking to the appropiate policing depart in regards to this.

I need to ensure that everyone is safe not limiting the end user but also the hosting provider, ISP and ourselfs of course. Like I have already said it will not be taking pictures every 5 seconds this is for testing purposes it will more likley be three image during the first 2 minutes or so of operation then stop until next reboot.

In 99% of cases of anyone having a picture shot in a compromising picture it will go un-detected as noone will activly be watching the data taken only when it is marked as stolen so the chances are very slim but all in all this is a discussion I will have with the police as to how to handle things.

If for some reason the police was to come to me and ask for sperfic data without the end user requesting or no court order etc then we would of course confirm with the end user before we release anything we intend to do everything above board and protect everything from our customers.

Like I have said many times we do not intend to do anything illegal or indecent but rather protect our customers hardware.

The only people that should be worried by this project are those that steal computers.

You never know if this is very sucessful we may even extend it to Windows Mobile Devices but thats something only time will tell.

Thanks mendhak for the vote there :-) much appreciated.

I am more than happy, and will, post back here more details in the near future when more development is made with the police and how we plan to integrate with the Policing Agencies and of course I will post details when the project is finialised (if in fact it does) and anyone intrested can take a further look into it and possibly purchase it if they desire.

I am sure I can offer some sort of discount to VBF users as after all many of you provide much needed help to me which I am very grateful to. I do also try to help other where possible :-)

I know this is a general discussion but this program is only targeted to UK audience at present due to the integration with the Police but if successful it could be worthwhile taking it to other countries. If anyone is in another country and intrested in making this application available in their country then I could establish a partnership where by we remain the owners of the software and all data is held by us (again for security reasons the partnership would not entitle you to access anything including source code or data collected) but the 2nd party could resell once a relationship with their national policeing agency was established and confirmed with us (of course we would still post data directly through the police and not to the 2nd party).

In return you would manage sales and support for your country.

PM me if anyone is slightly intrested in this.

Regards,
Max

OK, let me add another bit to the mix - I know max carpenter from his posts and have seen him on VBF for quite a while. As a result, I lean towards giving him the benefit of the doubt, because of the association with stability that being on a forum for a long time involves. Making sense?

Definatly makes sense. It isn't like he was a new member with 1 post asking for 'codes' in broken english saying it is for a joke on a friend.:eek:

I see the advantage to the software, and doubt that it will cause any legal issues. However, I can also see the major drawback of the software. It is an invasion of privacy, though an opt-in invasion, so nobody should really complain. To sum up my position: Those pictures will be a hoot!! Not all of them, mind you, but there will be a fair number.

Lol, I am liking some of the replies this is getting. Something else I forgot to add in the privacy agreement that will be argeed upon before using the software there will be a part in there binding us to law not to misuse the data or view the data unless requested to submit details to police by end user or court order/warrant. So we can't go browsing through the pictures whenever we feel like it.

Regards,
Max

Exactly, yes, it is an "invasion of privacy" but the key element is that it is an "opt-in invasion of privacy". It's no different than hiring a credit-watch company to monitor your credit card activity.

I will admit, it will be an interesting EULA to read during the software install and setup of the service. :)

:-) Well ad I said I will keep you informed of the progress.

During the setup and Install progress, Im not going to make it hard to install the product thats the wrong word, just more secure as in you won't be able oto purchase the software download it there and then and get the license code automatically within seconds. More of a delay it by a day, phone the user up and confirm everything that way its less likley that someone who is working on the computer for an hour or so could install it which should be one step closer to being secure and confirming the correct person with authority is installing the software.

The other thing I am not entiry sure about is when the computer comes on collects data and transfers it back on sucessful connections then to display something like a ballon saying data transmission sucessfull and if click it explains whats just happened.

Although in one respect it would deffinatly make the user aware of the software operating the other foot if someone stole the laptop they would be aware and quickly move it on and move address :-) Which I think is a step in the wrong direction so I am not entirly sure about that 'feature'. Maybe some thoughts on that?

Regards,
Max

Ok, so... if I were to buy the software, install it... then I know what it does right? And I'll know that its going to snap off a few shots when it first bootsup and starts right? sooo.... I don't know about the rest of you folk, but I don't necessarily parade around in my skivvies when my laptop boots up... I guess the point I'm making is that IF the user is aware that the software does this, and they do something rather unseemingly when it happens... well... what are you going to do? In the end, I think the intent is a good thing, and I can see the system being a decent seller.

-tg

I do have a question about the "only on boot-up" bit... does that include being woken up from sleep/hibernation? Or only from a total boot up? Just wondering.

Max, do you intend to activate the software when the computer is stolen or is it always active even when it is not reported stolen?

And why did you vote that your software is unethical? =)

Right,

Firstly techgnome, thats a very valid question. To be honest I hadn't thought of that but thats important like me I always leave my laptop on standby (or when the battery gets low on standby it auto goes into hibernation)

I am guessing the program can get a call from windows to say its restored from hibernation or standby so thats something I need to look into because it really should function as it does on normal startup.

Secondly dee-u,

1: The software will always be active as to capture all the time, Say for instance the laptop gets stolen the person who has it turns it on then does a recovery. The Owner then realises its missing reports it but its too late to get any useful data as its been wiped.

2: I didn't vote it un-ethical. When I arrived at this topic it was one for un-ethical and none for ethical I voted Ethical and it turned to 1/1?

Hmm just looked at poll results and it does day that. Must of done it by accident. Is there anway a Mod can change my vote or at least remove it?

2: I didn't vote it un-ethical. When I arrived at this topic it was one for un-ethical and none for ethical I voted Ethical and it turned to 1/1?
That's odd if you voted yes and you are listed in the No voters, perhaps this should be reported to the admins?

I will try and find one unless one sees this first. It could of been me at work not thinking and accidently hit the wrong one :-)

Was a bit rushed today.

Hmm just looked at poll results and it does day that. Must of done it by accident. Is there anway a Mod can change my vote or at least remove it?I changed your vote, but unfortunately your name isn't actually listed any more.

Thanks, thats better than the wrong vote :-)

Yeah, nothing like voting yourself unethical.

To get back to the balloon message question: If you add that feature, make it optional with the default to OFF!! There is no good purpose for this program other than quietly capturing an image. To announce that an image was just taken could have some perceived advantage, but I would think it would defeat the main purpose (at least partially). Right now, you are creating something like a silent alarm (except that it has some fourth dimension issues to complete the analogy). To continually remind somebody that there was a silent alarm triggered would make the silent part kind of pointless.

Good Morning,

Yeh that was purley a mistake voting the wrong thing :-) How bad would it be making to software when I thought it was un-ethical :-)

Thanks for you thoughts shaggy hiker on the baloon message. I do beleieve it would be taking one step forwards but two steps back implementing such a feature.

As you suggest I could implement it with default off. That is an option but I think its better off.

The other thing I was thinking is to have a system tray icon that when clicked it prompts for a password and when entered sucessfully perhaps a settings page which also has license details etc.

What are peoples thoughts on this idea?

Again I very much appreciate your input and thoughts it helps me make the software better.

I have just been looking at Server costs and what is involved and at quick glance I have come up with some pricing ideas for this application and I was wondering if I can post them here and get your thoughts on the pricing and whether you think it was acceptable. If you were also looking to purchase something like this or offer to you and you were intrested would this pricing be the correct band? Also note this is the normal charging I will of course offer discount for VBF members :-)

=================
= TRIAL PRICING =
=================

Ok I have completly mis-judged that. Just done some recounting on costs and I'm afraid it will be slight more that I first thought.

To start with I would have to charge the following prices:

MONTHLY OPTION:
------------------
Setup Cost - £35
Monthly Cost - £7.50

ANNUAL OPTION:
----------------
Setup Cost - £35
Annual Cost: - £80 (A saving of £10)

BI-ANNUALLY OPTION:
----------------------
Setup Cost - £30 (Save £5)
Bi-Annual Cost - £150 (A saving of £30)

Anyone from VBF that wants to purchase the software within 3 months of its release date will get the following good will rates:

Setup: £20
Monthly: £5
Annualy: £50


Also if this software takes off I can reach 25 Users in the first 3 months of release I will reduce the prices. If I can the reach a target of 50 Users in the first 6 months of release I will reduce the pricing even further.

And if the pricing does get reduced due to popularity then I will reduce the rate of current customers (or if paid annually/bi-annually refund them the difference of the remainder)


How does this all sound everyone?

I think the tray icon idea is good. It does give the valid user some indication that the program is functioning, but gives the average user no idea. I expect that you will come up with a variety of interactions and options that you might want to make available to the user, and the tray icon would be a nice, unobtrusive, means of allowing that interaction.

Max,

Why take only photos, and why on every boot up? I think users would be wary of this. Who wants a photo of them sent to a remote location every time they turn on their computer? Sure, you've an agreement not to view the data, but eventually someone will need to at least list the files for maintenance, and from there it's a short step to actually viewing them. Plus, you will end up with a huge amount of useless data.

Instead of this, why not activate the webcam in video mode, streaming the video back to your servers, when the computer is reported stolen? You could provide this facility via a (secure) website for your service.

Something similar has been done before:
http://www.smh.com.au/news/technology/mac-thief-caught-on-webcam/2008/05/12/1210444306538.html

I think this approach is more likely to be considered acceptable and essentially negates the ethical concerns raised by Davadvice.

Good Morning,

Thanks penagate for your input.

Firstly it is not just photos that are being taken there will be other data included like External IP address.

I am also thinking of including a theft check in which it can check from our servers whether its been reported as stolen etc. That part has not been planned yet.

Secondly Maintainence will not be performed by a human everything is automated including the deletion of old files. Data collected by our software will only remain on the server for a certain amount of time and then it will automatically be deleted. Automation of other tasks such as defrag will happen as well. Restriction to access the server and even access the folder will be in force. Not Even the hosting company will have access.

Now the reasoning behind constantly getting pictures on bootup:

Its all very well activating the software on computer theft but by the time the device is reported stolen they could of already had it on and decided to wipe it. Thereforce Our software can take a picture on each boot up and even if it takes 7 days for the user to report it as stolen (ok it could of moved on again) but we would have a picture if it was ever turned on.


One thing I am thinking of is if and when reported stolen for the software to constantly take pictures not just a boot up but be stuck on. Rater than lock anything on the laptop as again the thief will then know something exists of this nature where if it does it silently they might not even know what is happening.

Hi everyone, I have made a quick survey so I can gather a bit more research and thoughts on the software. It shouldn't take more than 2 minutes.

Please if you can spare those couple of minutes just to answer a few questions and to leave your comments. Also if you are intrested in this software there is also an option to be a beta tester as well as an option to be notified on final release.

Here is the link to the survey:

http://www.dhcd.co.uk/Default.aspx


Thanks,
Max

hi,

i Just thought i should come back on this, i'm just back after a week away.

As you have intimated that it will only take images at a certain time and not every 5 secs. i can understand how it would be of benifit to do this and will lessen the likley hood of capturing images we would not like to see.

one thought on this though. most people who steal computers will pass them to a fence that will format the HDD prior to selling to the end user, will they not ?

have you any stats that would say otherwise ? the police may be able to help on that one. could the software not be embeded to prevent a format removing the application ?

Not sure if you are aware of a story on the beeb stating that we are spying too much on people. may be worth a read to you.

still not sure that i totaly agree with the concept.

good luck maybe see you on dragons den in the future.

David

Nice thread, admittedly not read through it all yet but skimmed over. I think Davadvice raises a good point.

The concept of the App is good, but again i see more invalid uses than valid. I'd be interested to see what the commercials are, do you have a retail cost? ongoing license fee?

Pino

If its for security against theft purposes then there are other means of implementing this feature, e.g. an installed hardware/chip that can be configured to send an SMS when laptop is not within assigned area (needs coordination with wi-fi providers) and informs latest location of laptop.

Heard on radio last week here in Phil, said technology is already available for cars for monitoring rentals/fleets, e.g. use only within 20 KM of so and so area. They did not consider installing camera on said car. In their case they coordinated with telcos so their device can triangulate location via SMS network.

ERRATA: My mistake, positioning was via GPS. Notification and setup via SMS (device had SIM card).

I have to say that I find an app of this nature troubling.

Max, some others have vouched for you so I've no doubt you intentions are entirely honourable but, actually, you do have a responsibility to consider how the app would be used. You ignore that responsibility at your peril and you could find yourslef being privately sued or even publicly prosecuted. The fact that Napsters software was 'ethically neutral' didn't stop them getting put out of business as a result of it's usage (mind you, they did get bought out so maybe that's not the best example, but you see what I mean). And that's ignoring the moral aspects of what you're trying to achieve. I'm not saying don't pursue this. The goal of preventing theft is entirely laudable, but I do think you need to put some serious thought into safeguards against miss-use.

The first thing I'd suggest is embedding it as others have already mentioned so it can't be removed. The second thing is to only activate the software on a theft being reported and the third thing is to stick a pigging great label on the case informing all and sundry that the machine is protected. Nobody's going to nick a machine that they can immediately see has no resale value. This switches the emphasis from catching the culprit to preventing the theft in the first place but, to my mind, that's preferable anyway. This removes any ethical concerns while still providing a reliable deterrent.

Good Morning,

Thanks for all the replies.

Firstly the concerns of misuse of this software please can you put forward how this software could be misused as I am not seing anyway that the software can be missued based up on what I have described so far.

1: The server checks authorisation of each machine every time before any connections
2: All paths, server addresses etc are hard built in so cannot be changed to go to a different location
3: The server will be hardened to the extreme and legal agreements in place to say that none of the hosting companies staff may access the machine and also an agreement presented to users that we will not view the data unless requested by them because of a theft

Secondly - As I have said before this software is purposly active all the time because once its been reported as stolen it might be too late and already wiped and gone back out the door etc. Therefore if it is always active there is more chance of catching the theif, they are likely to turn it on first to see if they can get on.

Thirdly. I was going to talk to manufactures to see if this is something they would be intrested in to put it in the automated recovery system therefore if the laptop was wiped using ASR the Anti-Theft would still function - however - the other side to this is would have to work before a license was put in and potentially without user knowledge. (See next point)


> To help with the Third point and the fact that many people like Trials I am thinking of possibly letting the software work for a short period (something like 3 days) before requiring a license. This was it can work with ASR to automatically work once wiped and if users wish to they can install it before purchase. - Can I have some thoughts on this one please?


Nearing the end, Hardware security is a good idea but its not something I can do perfectly and potentially supply to the masses. Unless it was incorporated in manufacture I don't think it would be viable. That sort of thing is more a manufacture security that they would implement. Maybe in the future when I am a big business I could afford to manufacture and sell them ready to use to laptop manufactures. We will see

Also with the great big label to say its protected...I mean come on, who would really want one of those on their laptops? I know many people that wouldn't... Ok I personally agree that would scare most people off and I have heard about a company doing it in the past but many home users would not want a big label on the lid of their laptop.


Lastly, Pino, The prices are yet to be confirmed I am looking at different hostings costs and what I need to do to cover my costs. At first I wouldn't say the pricing is expensive but its higher than what I would like it to be but I have got to cover my own costs so it will be likely that the pricing will something like as follows:

Setup: £20
Monthly: £10

Or I have options that would be a higher setup costs but something like £5 Monthly Cost.

If and when this software becomes popular and I can get it to 50/100 users then I will decrease the prices in steps and deccrease current customers fees at the same time so they are on the same pricing plan and I would like to get it as low as:

Setup £10
Monthly: £1
As I have said all pricing in this post is only an 'IDEA' of what the pricing will be nothing is set in stone yet.


Regards,
Max

how this software could be misused You're taking photographs of individuals without their prior knowledge and passing them to a third party. Admittedly the person who installs the software in the first place has knowledge of the photograph but anyone else who uses the machine does not (and it's worth bearing in mind that there's nothing to ensure the owner of the machine is the one doing the installing). There's nothing to tell them that their image has been captured and there's certainly nothing that requests their permission.

That's kind of your problem, the basis of the system is that you want an illigitemate user to have their image captured without their knowledge but ethics demands that you not capture the image of a legitimate user without their knowledge and permission. Further, if that image is subsequently leaked or stolen (and don't fool yourself that your system is secure, there's no such thing) and miss-used you could find yourself to be partly liable for that miss-use because you never gained permission to capture the image.

[quote]Also with the great big label to say its protected...I mean come on, who would really want one of those on their laptops?[quote] There's a sticker on the window of my car adivising that the stereo is keycoded. My office has a big blue sign on the wall that advises the world that it's protected by CCTV and Burglar Alarms. It's exactly the same principle and I don't know anyone whose turned down a car because they didn't like the sticker. OK it doesn't have to be a huge sticker but it does need to be there and prominent enough so any potential thief spots it immediately.

Essentially.... http://en.wikipedia.org/wiki/Security_through_obscurity

Hi,

Thanks for the input. We will do everything in our power to ensure that the user installing is the user that owns the computer. One way to do this is once the software is installed it generates a request for license. That request will also requires user name, address, phone number etc. That request will then come to us. We will then wait 24 hours and contact the person who will be required to be in front of the machine. The license will be issued 48 hours after the orginal request and those entire 48 hours the software will need to remain on the computer and it will issue warnings to state that this software is installed and awaiting activation and what the software does. Also it will state that if you did not install this software please contact us imediantly.

Ok that alone still won't prevent un-authorised people from installing but its 1 step to help.

The other step that will help is this data will only be available to us we are going to use very strong encryption as well as harden the server it sits on and with no other access and the fact that you will have to pay for this service I think there is a very strong chance that noone would pay for this software and try and hack through. It seems alot of effot for nothing really!

We are not passing any information on to third party apart from at the request of the license holder and even then we will only pass it onto the police and they must have already contacted the police and got a crime number before we will open our database up.

As for the sticker, something like a laptop people are less willing to have a sticker along those lines as they are too their car from what I have found. Also a sticker won't stop everyone...

I believe is the correct security methods are in place to protect everything as well as do our best to verify the person is the correct and authorised person of the computer then this software is actually a great bit of software.



Due to all your concerns with it would anyone be intrested in Beta testing and seeing if they can get round the software then reporting their findings?

I think it would be great if I had some people from here willing to test it out. In exchance (If wanted I will give an extended free license to any beta testers?)