

"Dead Drops" is an anonymous, offline, p2p file-sharing network in public space - yan
http://datenform.de/blog/dead-drops-preview/

======
randomwalker
Here's a more sophisticated version of a similar idea:

 _Cellular networks are centrally administered, enabling service providers and
their governments to conduct system-wide monitoring and censorship of mobile
communication. This paper presents HUMANETS, a fully decentralized,
smartphone-to-smartphone (and hence human-to-human) message passing scheme
that permits unmonitored message communication even when all cellular traffic
is inspected._

 _HUMANET message routing protocols exploit human mobility patterns to
significantly increase communication efficiency while limiting the exposure of
messages to mobile service providers. Initial results from trace-driven
simulation show that 85% of messages reach their intended destinations while
using orders of magnitude less network capacity than naïve epidemic flooding
techniques._

[http://www.usenix.org/event/hotsec10/tech/full_papers/Aviv.p...](http://www.usenix.org/event/hotsec10/tech/full_papers/Aviv.pdf)

~~~
zokier
I don't see the similarity, but distributed p2p systems are very interesting,
especially when they involve mobile wireless communication. It's kinda sad
that there is currently little use for these kind of networks. In larger
cities node density could get high enough to actually create a continuous mesh
network with acceptable latency and loss.

------
sweis
It is a bad idea to plug untrusted hardware into your computer. Many Windows
users have autorun enabled, so could be infected with malware as soon as they
plug it in. This has been exploited by people pretending to run promotions and
handing out infected USB drives in front of targeted businesses.

Worse than autorun, there have been buffer overflows against USB drivers and
proof-of-concept exploits that allowed Firewire devices to read arbitrary
physical memory through DMA access. I haven't seen this used in practice, but
the risk is there. Bruce Schneier wrote about these attacks a few years ago:
[http://www.schneier.com/blog/archives/2006/06/hacking_comput...](http://www.schneier.com/blog/archives/2006/06/hacking_compute.html)

If you want to go down the Ken Thompson "Trusting Trust" hardware security
rabbit hole, think about who manufactured your computer.

~~~
petercooper
Not even just that, but someone could rig up a USB plug that shorted out the
power (or, worse, rammed 9V from a battery back up it) and cream your USB
port..

------
NonOrthodox
I have thought for ages of something like this, but instead of usb drivers, a
wifi box with a big harddisk. You would connect to the wireless network, open
browser at 192.168.0.1 and instead of a router's page, you would get to a
website, with a nice interface, where you could select the files you wanted to
download or upload others.

I even did some drawing and thought of solar pannels and batteries to keep it
going non-stop. What demotivated me was the fact I'm living in Brazil and
normal filesharing is still much easier and non-risky...

Anyway, a wifi box like this would be much more secure if done right. A
complementary idea I also thought of was to make the boxes communicate with
each other, much like a cloud you could access from any reachable access
point.

~~~
baltcode
Don't wireless networks know the other parties MAC IDs?

~~~
sigstoat
they know whatever MAC address you're using at the time, sure. if that happens
to be 06:66:de:ad:b3:3f, then anyone later inspecting the logs will probably
be disappointed.

------
derfclausen
This is as "anonymous" as a public mailbox. This is trivial to monitor, and
said monitor could easily perform a diff of the drive after each contact.

Real dead drop locations are typically only known by the involved parties, are
ad hoc, and move frequently.

Don't get me wrong -- it's an interesting and sort of amusing project. I don't
mind most of the terminology they're using, but I think it's dangerous to call
something "anonymous" when it is so far from being so.

~~~
jackolas
Well if theres enough of them that'd be beyond trivial.

------
chaosmachine
Fun concept, but I immediately imagine someone going around smashing these
with a hammer (or, perhaps more likely, city workers being sent out to remove
them). :\

Here's a much more expensive project with a similar idea:

[http://torrentfreak.com/kiosk-of-piracy-an-offline-copy-
of-t...](http://torrentfreak.com/kiosk-of-piracy-an-offline-copy-of-the-
pirate-bay-090914/)

~~~
Pyrodogg
You don't even need malicious intent. Mishandle the computer while it's
plugged in to the stick and you'd likely damage it pretty quickly.

~~~
jonhendry
Yeah, you'd want to use a short USB extension cable.

------
mithaler
It's a cool idea, but I worry about malware. Malware is known to be able to
infect USB drives put into the machine it's on, and it only needs to be
plugged into another machine to infect it. They'll have to be systematically
reformatted pretty often...

~~~
diziet
I don't think it's a big deal for people running linux!

~~~
yan
You think incorrectly and having that assumption, you're exposing yourself to
more risk. To assume Linux USB drivers, file systems and file managers don't
contain vulnerabilities is to assume wrong.

~~~
diziet
Sure, there is also the potential threat of someone breaking into my
home/office and installing secret videocameras to record my keyboard and get
my truecrypt password (or more easily, opening the "safe" and figuring out
what string of characters in a certain notebook is it). However, I don't worry
about such things, and neither would I worry connecting a random usb to my
practically disposable netbook.

------
jonhendry
Note that you don't actually know what kind of device it is. It's USB, but
it's not necessarily just a flash drive. For all you know it's hooked up to a
microprocessor-driven exploit-o-bot.

------
dhechols
A couple of concerns with usability, malware, and vandalism, but otherwise an
AWESOME idea!

What about doing the same thing but attaching it outside your car instead?
Then it's your property _and_ it's mobile.

~~~
DeusExMachina
If it's your property I think you could be liable of what people put on it.

------
david_shaw
This is a great idea with the caveat that once someone puts some nasty malware
on one/all of the drives, it starts to get a lot less fun.

------
theDoug
It's a cute idea, but feels a whole lot like the things coming out of the MIT
media lab in the late 1990s.

------
phreeza
Neat idea. Obvious security concerns apply, but probably people who are nerdy
enough to whip out their laptop and plug it into the wall are smart enough not
to have autorun switched on when doing this.

Would also make a neat Kickstarter project.

------
ciupicri
Is it to me or is there a risk of breaking the USB port of your laptop?

------
stackthat
I wonder who's going to drop a auto-run USB worm into them...

------
illumen
ℒℴѵℯ it. Going to put some around London tonight.

------
LordLandon
What if the USB ports on your laptop are all sideways? I'm sure that'd be even
more inconspicuous.

------
jacquesm
Most or all of the downsides could be negated by making this thingy a
standalone wireless device.

------
zokier
I think the term 'network' implies some kind of connection between nodes.

------
ranza
haha well done! Great and fun idea. We should make it a movement and put them
up all over the world. And make a site like geocaching for this type of
sharing!

------
xtacy
How big a file can you share over this USB?

~~~
retube
however much space is available on it

------
tocomment
How do they get power?

~~~
jberryman
These are just flash drives. They get power through your USB port.

------
meatsock
i tried this and the thumbdrive ruined my nuclear reactor =(

------
executive
every time i see one i will smash it with a hammer

