Hi,

The only variable in "trackerconstants.py" that seems to warrant a configuration option is "c_password". What does that do? Having the login password *stored on the stolen device* with which you can log in to the tracking site and maybe delete the account or whatever seems like a really bad idea. Are there some safeguards against this?

Or is that a password that can only be used to update the position, and only until someone disables that capability for updating using the actual site (with a different account password)? Then ok.

The ssh server's host name and account in "ssh.sh" warrants configuration, yes. Does that assume public-key authentication? If so, should that be set up automatically as well? Or does it work in some completely different way?

Well, doing the actual configuration screen is easy, but what should be configured and how is the question :-)