I've spent quite some time over the last few days trying to work out how I can combine the clear data security advantages of encrypting my machine with FileVault 2 under Lion, and the theft-recovery potential of programs like Undercover, Prey, or LoJack. The general consensus is that this is basically an either/or tradeoff, because encrypting your system is going to prevent a thief getting into it, and consequently prevent him from even running the tracking software. Under the old FileVault, you could have left a honeypot guest account unencrypted, but that came with some serious data security downsides, because it opened the route to a smart thief circumventing your encryption in single user mode. The new FileVault obviously doesn't give that option, although potentially you may get somewhere with Find My Mac on iCloud, which apparently does run under the recovery partition.
Is there are a better solution than being forced to choose between data security and tracking tools?
Best Answer
After a bit of messing about, it turns out that there is a better compromise which doesn't seem to be clearly documented anywhere obvious, so I thought I'd share it here. I don't believe this is a duplicate but I'm happy to see this question closed if I've missed something.
The cost of the solution (which may be unacceptable to some) is that you need to sacrifice about 14G of your drive to a honeypot partition. The steps I took are:
Use Disk Utility to resize your boot partition to create at least 14.3G of free space at the end of the drive. If you've already enabled FileVault, I believe this means you're going to have to turn it off and wait for it to finish decrypting first.
Create an empty, Mac OS Extended, Journalled partition at the end of your drive filling the free space.
To make things look a bit more convincing, give your new partition a name that's more plausible than Macintosh HD (2) - I name mine after my host name.
Restart your computer and launch into recovery mode by holding down Cmd-R as the system boots.
Select reinstall OS from the recovery menu, and follow through with the install. Somewhere along the line you will get the option to select where to install the OS. You want to put it on the new partition, obviously. It should be just big enough to let you install Lion. If it isn't you're going to have to drop back out to the main recovery menu, fire up Disk Utility and resize the partitions again. This is a bit of crapshoot because you don't end up with as much free space as the specified size of the partition but you'll get there in the end.
Complete the installation of your new copy of Lion. You want to set this up as a honeypot, so:
<shudder>
.Prevent corestoraged from trying to mount encrypted partitions on startup, thus blowing your cover:
(A bit of a hack, but it's only a honeypot. Hat tip to the contributors here )
So now, if you power off your mac and boot it from cold, it will boot into the honeypot partition without even asking for a password. To an unsophisticated thief, it will look like they've got access to your machine just by rebooting it. There's a fighting chance that your tracking software will have a chance to file a report before the thief realises that something isn't quite right.
When you reboot your machine, you will have to remember to hold down the alt/option key to get into your proper system, at which point you will be prompted for a password to decrypt it. Assuming that you have the appropriate locking settings enabled for sensible security, your machine is tolerably secure against someone getting hold of sensitive private data.
If you have a recent mac with proper firmware protection, the thief will have an exceptionally difficult time using anything other than the honeypot partition, and will struggle to do anything particularly useful even with that, since he has no administrative rights. With any luck, by the time he's finished getting frustrated with it the police will already be knocking at his door :-)