I’m assuming by “built-in tracking device” you mean that someone has actually added a hardware device of some sort to your laptop.
Such a device would share all the capabilities of malware — or perhaps even more.
Become a Patron of Ask Leo! and go ad-free!
Malware can do anything
Once malware is on your machine, it can do anything. That’s one of the reasons that prevention is so critical.
The addition of hardware to your machine is no different. Be it a physical keystroke logger or a device that monitors your CPU activity in some way, it has the exact same capability: it can do anything.
Chances are it could do more than traditional malware. I can envision a tracking device installed on your laptop that is relatively impervious to detection, for example. Anti-malware tools don’t look for rogue hardware, so it would be unlikely to be found.
Tor on your computer
Tor — The Onion Router — is a privacy and anonymization service that allows you to hide your internet activity in two ways:
- The sites you visit have no idea who you are or where you come from (unless, of course, you explicitly tell them).
- The path that data travels between your computer and that site is also impervious to detection, cementing your inability to be located.
What Tor doesn’t do, however, is hide your activity from your own computer. When you think about it, that makes no sense — to use Tor at all implies using your computer to do so.
Traditional bypasses are ineffective
One of the traditional approaches to using Tor (or any privacy and security-centric solution), is to never assume that the installed operating system is trustworthy. Instead, one might boot from an optical disc that can’t be compromised, or a USB device you’re certain has not been. The result is to run a custom, perhaps single-purpose, operating environment.
For example, if you’re concerned about malware on your machine, you might boot from such a disk in order to perform online banking.
If you have malicious hardware installed on your machine, however, that approach is ineffective: the hardware is still there. It can continue to do — and monitor — anything.
It’s rare, but…
Now, you might think that someone actually going through the trouble to install malicious hardware on your laptop or desktop computer is highly unlikely.
And, unless you’re some kind of high value target, it almost certainly is.
This is one reason I’ll never use a shared computer (such as at an internet cafe or a library) for anything even remotely personal. One of the simplest devices to install would be a malicious keystroke logger. It would be virtually undetectable.
If you can’t trust the hardware, don’t use it
And that’s the bottom line: if for some reason you have cause not to trust the hardware, don’t use it. That’s the only pragmatic way to avoid the risk you seem to be concerned about.
Since this type of compromise requires physical access to your computer, the only step to prevent this from happening at all is to always and completely physically secure your machine when it’s not in your possession.
Assuming you think this is likely to happen to you, of course. Maybe you are a “high value target” to someone after all.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,
Originally answered on Quora: Can an inbuilt tracking device in my laptop detect Tor browsing history?