Tracking Proof of Life

In my last blog entry, I mentioned about helping other people with their computers. While I didn’t mention anyone’s age, a lot of the feedback has been related to elderly relatives. (Only some of the people I tried to help were elderly.) These comments led to some very interesting discussions about monitoring the elderly.

Whether it’s your parents, grandparents, distant relatives, or nearby neighbors, we all know someone who is elderly. Unless you live with them, you probably check up on them during the occasional visits, while on walks around the block, or through phone calls, emails, texting, and social media apps. I know many people (myself included) who have scheduled weekly calls to check in and chat. The problem is, if we don’t hear from them, we just assume they are busy. We usually don’t get concerned until after days or weeks pass.

My biggest fear is to learn that someone had an accident, like falling, and remain unnoticed for days. I remember reading an article about a man who died and nobody noticed for 7 years. That’s when his auto-pay bank account ran out of funds for utilities. Another deceased person went unnoticed for 8 years.

I’ve been chatting with friends about different kinds of “proof of life” monitoring. Personally, I don’t want to install a camera in every room of someone’s house. That’s too invasive. But at the same time, friends and family should know that the person is moving around and doing the expected day-to-day things. An alert should be triggered whenever the daily routine is disrupted. My friends and I have come up with a few solutions.

Solution #1: Panic Button

Devices like Life Alert, LifeCall, Lifeline, and invisaWear are wearable devices that you can press if you have an emergency. However, they are large, bulky, and unflattering to wear. These buttons also won’t work if you can’t reach it or are unconscious.

The TV commercials for these devices always show a happy elderly person receiving the device, and then using it while in distress. I’ll tell you from first-hand experience: I’d rather have dental surgery than try to convince an elderly person to carry the device around every day, “just in case they need it.”

A few decades ago, these panic buttons were good solutions. But there are much better options today.

Solution #2: Apple Watch

The Apple Watch includes a fall detector. If you fall, it sounds an alert. If you don’t stop the alert, then it uses the built-in cellphone to call for help.

The Apple Watch is a great (but expensive) out-of-the-box solution. No technical programming needed and it’s easy enough that even my non-techie elderly friends can use it. As an emergency monitoring system, this is a bare-minimum solution. However, it has some serious limitations. For example:
If you fall, then it must be a hard fall. If you hit a sofa, slide down a wall, or partially catch yourself, then it won’t detect the fall.

If you fall and land on the watch, it could be damaged. (For example, falling onto hard concrete can break the watch.) A broken Apple Watch won’t call for help.

If you’re not wearing the watch, then it won’t detect the fall. This includes falling while getting out of bed, slipping in the shower, or not wearing the watch while it is charging.

Speaking of charging… The watch needs to be regularly recharged. If you forget and it loses power, then it won’t help you.

The watch needs cellular connectivity to call for help. One of my friends has a cellular blind spot in the kitchen, between the refrigerator and the oven. (If you want good reception, move away from the kitchen.)
Let’s say it’s a soft fall and you are conscious. You can always use the phone to dial for help, right? Well, not necessarily. What if you broke one or both arms when you hit the ground? Then you can’t easily touch or navigate the watch’s interface. If the user has “Hey Siri” enabled, then it may not register when your voice has a lot of stress. (It doesn’t recognize screaming.)

The worst case? A soft fall as you lose consciousness. The watch is no help here.

Solution #3: Daily Pattern Monitoring

Rather than watching for a life-impacting event, I’ve been thinking about detecting the absence of an event. For example, when I travel, I always have my laptop with me. If I get to the hotel too late at night, I might not call home (I don’t want to wake anyone up). However, I am guaranteed to check my email when I get to the hotel. I’ve recently configured my laptop to trigger a “proof of life” URL every time it goes online. This way, my friends and family who want to know if I made it safely can always check to see if my laptop was turned on.

Similarly, I have a couple of elderly friends who always check their computers. I’ve recently modified their Windows configuration to trigger a proof-of-life URL anytime the computer is logged in (including when screensaver is deactivated). If they don’t use their computer at least once a day, then it will trigger an alert.

To do this, I just needed to create three things: (1) a VisualBasic script to trigger the proof-of-life URL, (2) a task scheduler event that runs the script when there is a login event, and (3) a receiving service that looks for missed events.

Keep in mind, these are the steps I used. I wouldn’t be surprised if there was a better or easier option.
Open the Command Prompt. This will default to your home directory (C:usersname). Create a directory called ‘Scripts’ for holding the script to call when the event is triggered. (mkdir Scripts)

Create the script. I used ‘Notepad’ to create a simple visual basic script. This script calls ‘curl’ to trigger a URL that will record the activity. I saved the script as usersnameScriptsProof-Of-Life.vbs (the suffix “.vbs” is important.) Here’s the source code:
Set oShell = CreateObject(“Wscript.Shell”)
Dim strArgs
strArgs = “cmd /c curl -A Eddie+Desktop https://server/life-track.php”
oShell.Run strArgs, 0, false
Change the URL to point to your own web server, and set the user-agent string (-A) to identify which computer is doing the reporting. The script’s ‘run’ parameters will trigger the tracking URL silently (without having a terminal window briefly popup). In effect, the user won’t notice that this happened.

To verify that you did this part correctly, you should be able to open the File Folder, navigate to usersnameScripts, and run the Proof-Of-Life.vbs file by double-clicking on it (or right-click and select “Open” from the menu). If everything works correctly, nothing will appear to happen on the desktop. However, the remote web server will see a request for “/life-track.php” coming from the computer.

Open the Windows ‘Task Scheduler’. (Go to the Start menu and just type ‘Task Scheduler’. It will appear at the top of the list.) This is where things get complicated. For tracking logins, you will select “Create Task” and then fill in the tabs:

General. Give this task a name and description. I called mine “Proof of Life Login”. (Caveat: You can’t change the name. To change it, delete the task and recreate it with the new name.) Select ‘Run only when user is logged on”. You don’t need to change any of the other default values.

Triggers. Select “New” to create a new trigger. From the top drop-down menu for “Begin the task”, select “On workstation unlock”. I also configured it to “Stop task if it runs longer than” 30 minutes. (It should only take a second to run.)

Actions. Select “New” and “Start a program”. Select your “C:usersnameScriptsProof-Of-Life.vbs” program.

Conditions. I uncheck the Power settings since I want it to run no matter regardless of whether it’s on battery or AC. I also selected the Network with “Any connection”.

Settings. This vbs program should take a second to run. For “Stop the task if it runs longer than”, select the minimum time: 1 hour.
With all of these entered, click “OK”. Now you should be able to activate the screensaver (Win-L to lock). When you unlock the screensaver, it will immediately trigger the tracking URL.

On the server side, I created a life-track.php script that (1) validates the user based on the User-Agent string value, and (2) logs the information in an SQLite database. I record the user, date and time, and IP address. I also have a cronjob that checks the SQLite database every few hours to make sure that the user triggered the URL. If no user was seen, then it sends an alert email to me. (My first response will be to check if they are supposed to be home. Then call them, and if that fails, then issue a welfare check on them.)

As far as privacy goes, the only people who knows about the data are myself and the person who said I could monitor them. The monitoring is also not intrusive: I don’t know what they are doing at the computer, or even how long they are on the computer. I only know when a proof-of-life was last observed. If the person is injured or missing, then I’ll know within a few hours. Worst case, they will be on the floor for up to 16 hours (night check through next morning check), but that’s much better than having nobody know there’s a problem.

Alternate Use

For my laptop, I have a similar Windows Task called “phone home”. It runs automatically whenever the laptop connects to any network. For this script, I used a custom event trigger:
Begin the task: On an event
Log: Microsoft-Network-NetworkProfile/Operational
Source: (leave blank)
Event ID: 10000 (that’s when the network is up)
When I get to the hotel, I use my laptop to connect to the WiFi, and it automatically triggers a proof-of-life.

(This has the added benefit of tracking my laptop if it is ever stolen. If the thief turns it on and connects to any wireless network, it will immediately and silently call home.)

Configuring Windows Tasks is not intuitive. There are tons of event names and numeric identifiers, and very little documentation. A good start is to look in the “Event Viewer”. Every event is logged and lists both the log file and the numeric code.

More Options

Looking for a change in the daily pattern of life is a great option for monitoring someone’s welfare. If they end up falling or being incapacitated, then they may be down or hurt for a few hours, but it won’t be for days or weeks before someone notices.

Besides tracking login access and network connectivity, there are other great uses for these types of monitors. For example, I have one Windows computer that I only use with one client. I can use these triggers to monitor both start and stop times, allowing me to automatically track my billable hours. (Why estimate to the nearest 15 minutes when I can see the exact times that the computer was in use?)

The tracking doesn’t even need to be a global system event. I showed this to one of my coworkers and they immediately put in a tracker around their social media apps. The event contacts the tracking server each time the program starts and stops. Now they know exactly how much time they are wasting online.

The tracking URLs don’t even need to be accessible over the internet. I could have my script contact a local embedded device, like a Raspberry Pi, Arduino, or ESP32, that runs a simple web server. The micro computer can then trigger some event or activity. Personally, I might make one that beeps every hour, so I remember to get up and move around a little. (It’s not healthy to sit in one place for hours.) Or maybe have it automatically adjust the room lighting and temperature when it sees that I’m working.

The Dark Side of Tracking

While these technologies can be used to track the welfare of elderly friends, they can also be abused. A stalker with access to your computer can use this technique to monitor when you are at the computer. Employers could use them to determine when you are not working.

Fortunately, you can use the Task Scheduler to see what other tasks are currently on the system. If you see an unexpected task, you can easily disable or delete it.

On my own systems, I noticed that Google and Microsoft both added event tasks to check for updates. I modified those so that they only run on my home network. (Woo hoo! No more “auto update” while giving a presentation at a conference!) Personally, I don’t care how high the risk is that the patch wants to fix; I don’t want updates when I’m traveling. When I’m on the road, the risk from a malicious or failed update is almost always worse than the problem being patched.