
Dropgangs, or the future of darknet markets - arikr
https://opaque.link/post/dropgang/
======
grugq
Dead drop based drug distribution doesn’t scale to retail levels. It is used
in Moscow and I know of people who will order from a dealer, then search the
surrounding area and clear out all the drops they find. It works for them,
although one questions the sanity of stealing from Russian drug dealers.

For more practical guides on how people who sell drugs avoid the negative
repercussions:

• AlpraKing’s business guide is hard to beat.
[https://archive.is/K7j1U](https://archive.is/K7j1U) (It’s a great business
guide in general, actually)

• Gary Cooper’s Never Get Busted Again and Never Get Raided Again shows
practical use of dead drops for dealing.

Busted:
[https://m.youtube.com/watch?v=ZyAjLkBCWKI](https://m.youtube.com/watch?v=ZyAjLkBCWKI)

Raided:
[https://m.youtube.com/watch?v=ML6VAy_ygVs](https://m.youtube.com/watch?v=ML6VAy_ygVs)

~~~
DyslexicAtheist
some really great links thanks!

 _> although one questions the sanity of stealing from Russian drug dealers._

I'd conjecture that the value of the booty would be quite limited too? (small
envelopes not kilograms exchanging hands). A smack-head probably wouldn't care
about the risks just as long as they get their next fix?

EDIT: _" 4\. Don't hire people under 30 years old"_ that is great advise. You
want Mike Ehrmantraut like characters (from "Better call Saul") ... btw that
show was consistently good in OpSec lessons (unlike the parent show "Breaking
Bad").

~~~
grugq
Sure, they aren’t stealing to supply their own business but to supply their
partying. Apparently there’s some trick involved in selecting a dealer who
offers a variety of options, not just one substance. They cache one or more of
each in an area, so you buy a mid size quantity of something and the
surrounding block probably has 5x as much plus other things... because the
dealers are humans, they develop patterns of drop locations. Once these guys
learn the pattern, they know where to look.

The drops get ripped so frequently there is a process for handling a drop that
has been unloaded before the customer get there. The customer has to supply
pictures of the drop location and the empty drop, then the dealer will send
them to another place. Dead drops provide some security, but they’re a trade
off.

I think the Gary Cooper videos are massively underrated for security
principles. He explains how the adversary operates, how they think, and what
their capabilities are, then based on that he distills core security
strategies to exploit their operational limitations and mitigate their
capabilities.

This is really great stuff for understanding how to counteract a threat, how
to do proper counterintelligence analysis and apply it for security. The
problem is that people see these as “stoner videos” rather than “the design
and implementation of counter law enforcement techniques, by a former cop.”
There is a lot to be learned, both from general security principles (such as
compartmentation, cover, and concealment) But also how to analyze an adversary
and develop a plan to mitigate their capabilities.

I was going to do a write up them years ago but someone scooped me by seeing
my recommendation and then doing a (crappy) writeup before me. Just one of the
things that killed my enthusiasm for sharing recommendations. But, I should do
a write up. For a counterintelligence analysis they are sublime.

~~~
mirimir
> But, I should do a write up.

That would be very useful. Some people love videos. I don't. I'd rather read
something that's concise and organized.

------
monotone666
Dead drops can’t compete with USPS. They require a court order to open your
package and even then can’t charge anyone with possession. All they do is send
you a “love letter” and people have reported receiving future packages just
fine.

Millions of people use dark net marketplaces. The war on drugs has fueled
their growth and more serious crimes like identity theft have benefited from
it.

~~~
omeid2
The war on drug has to be one of the top contributors and financiers of crime
and criminal gangs.

Imagine a world where criminal gangs don't have access to the money they make
through drugs and a government that doesn't have to spend huge amount of money
on drug laws enforcement because drug trafficking would be much less lucrative
in the existence of legal access and you get fewer and very cash-strapped drug
gangs, and government making money from taxing drugs.

Surely such massive savings and earnings can be spent to help problem users
and reduce violence, no?

~~~
sigmaprimus
The war on drugs is also a big contributor to the LEGAL gangs such as
police,distric attornies, defence attorneys, prison officials and worst of all
judges. Definitely an industrial economic complex similar to the Military
Industrial Complex.

~~~
dsfyu404ed
>The war on drugs is also a big contributor to the LEGAL gangs such as
police,distric attornies, defence attorneys, prison officials and worst of all
judges.

I agree with your sentiment but I find it odd that you think judges are the
worst. Of all the people in the system judges are probably the least worst
because they don't have as many incentives to do things that are bad for
society but good for them personally the way all the other actors do (i.e.
they do not directly benefit from the war on drugs).

~~~
sigmaprimus
Based on your measure of what makes them "most or least worst" you may be
correct, but I disagree with the premise that whether or not their motives are
virtuous makes a difference. The fact is judges rule over the system and that
in itself make them the worst of the bunch, and actually the fact that they
have less incentives yet continue to enable such a broken system to hurt
people might be the best reason they are the worst.

~~~
dsfyu404ed
They don't have the incentive to ruin people's lives to game their performance
metrics (like prosecutors do). They don't have incentive to make much to do
over nothing to justify their budget (like cops do). They don't have incentive
to keep people in the system as long as possible to milk money from them and
the state (like the prison system does). They don't have incentive to
perpetuate the war on drugs to sell crap we don't need like tasers (police
abuse them) and post-release monitoring (an overpriced joke that plays fast
and loose with people's lives).

The bad incentive for judges seems to be that most of them have a desire to
not rock the boat too much which is pretty benign compared to all the other
actors who go out of their way to perpetuate and further the status quo
because they materially benefit from it.

I find it hard to fault the judges for apathetically presiding over a flawed
system when every other group you mentioned is doubling down to further that
system.

~~~
sigmaprimus
I would concede that your arguments are all valid, unfortunately if we look at
where most judges were employed before becoming judges the majority were the
best-worst of the people in "every other group I mentioned". I think we will
have to agree to disagree on this one, but I do appreciate your well thought
out argument.

------
crowbahr
Very interesting reading the obstacles faced by the black market drug trade
and how they're overcoming them. It seems like the producer layer is most
susceptible to penetration as it is essentially identical to most gangs. It's
entirely glossed over here but procuring the product seems like a difficult
problem for an anonymized distributor: How do you make sure the product gets
to your support layers?

As interesting as it all is, it's also very concerning for Law Enforcement.
While petty things like drugs don't really worry me much, the advances in the
anonymized distributed networks like this do mean that things that previously
required big budgets of national intelligence agencies become easier for
common malcontents to use. The article essentially describes a quintessential
terror cell structure, but with the added benefit of 0 direct interaction. The
separation of layers has always existed with limits (IE you had to have some
form of communication) but this potentially allows for goods and services to
easily be passed from fully anonymized layers to others without every having
any interaction at all.

~~~
SolarNet
Since you are primed on the question. You should read Rainbows End by Vernor
Vinge. It's a near-future sci-fi book that tackles these sorts of questions.

As a bit of a "spoiler" his solution is a covenant with the citizens. The
government will hack all of our computers, will own the IME equivalents of
every machine, and in return they will only use this power to hunt down
terrorists and mass murderers, people who are looking to leverage technology
to build nuclear weapons, bio-weapons, etc.

Things like parallel construction would have to stop though. Or be considered
an immediate dismissal.

~~~
selestify
How could the citizens trust the government to do only that?

~~~
dahdum
A strong judiciary, high bar to change the law, and harsh accountability.

Still a fine line to walk.

~~~
atemerev
People from more or less politically stable countries like the US are very
naive in not considering what can happen to the best of governments overnight.

People from Europe have this sort of... experience. Most of us know that
trusting the government with our lives is not a good idea.

~~~
jacquesm
> People from more or less politically stable countries like the US

I would have agreed with that assessment in the past but in the present I
really can't.

~~~
atemerev
Come on, if your country can handle _this_ president without collapsing
immediately, your political system is really well designed!

~~~
jacquesm
Shall we wait until it is over before drawing conclusions? It's already gone
downhill a lot further than I would have expected, the degree to which people
are apparently willing to enable all this is f'ing scary.

------
mirimir
It's cool to see serious tradecraft applied to this stuff. Especially
compartmentalization.

And yes, using traditional shipping systems is a serious problem for old-
school dark markets. I've thought off and on for several years about the
potential for using dead drops with accurate GPS. I mean, geocaching. Many
years ago, when I was dealing LSD, it was pretty common to use dead drops. But
then, they were typically rental lockers in bus and train stations.

I agree that ubiquitous surveillance is a problem. However, it's ~clueless
customers and low-level distributors who'll most likely get pwned. And they
won't know anything important about the operation overall.

Anyway, time will tell.

~~~
kakarot
> However, it's ~clueless customers and low-level distributors who'll most
> likely get pwned.

INTERPOL has made some large busts in the past, but afaik it always has come
down to failure to maintain proper OPSEC.

There's also the issue of possible directives in the future to prosecute
customers en masse after major domestic busts using backlogged USPS analytics.
As traffic obfuscation methods continuously improve, the economics of such
directives will begin to look more and more reasonable when the goal is not to
stop trade directly, but by establishing fear with precedent.

The problem with dead drops is that on a large scale where the level of trust
is sufficiently low, it inevitably requires an escrow and resolution system
with human moderation. And then you've just centralized trust instead of
circumventing it. Dropgangs in the form described by the article do not
provide the full package.

The article itself claims dropgangs and off-market platforms are the future
and then goes on to state:

> Cryptocurrencies are still the main means of payment, but due to the higher
> customer-binding, and vetting process by the merchant, escrows are seldom
> employed. Usually only multi-party transactions between customer and
> merchant are established, and often not even that.

The author doesn't seem to make the connection that higher levels of trust
means less scalability. The success of these platforms however is directly
related to their scalability. Yes, this is a dangerous, criminal activity for
both parties and I definitely do not appreciate the explosion in popularity of
these kinds of markets. I have seen regular people get serious federal prison
time due to the Dunning-Kruger effect.

The barrier for entry is much higher for new distributors as well, because A)
at this membrane exists highest ratio of undercover law enforcement and B)
establishing initial trust is key to something like dead drops, which
typically will involve high-dollar, distributor-to-distributor transactions.
Open markets help to facilitate initial trust-building by providing a
trustworthy platform.

~~~
mirimir
Well, they could end the drug war, and then crime wouldn't be an issue.

~~~
kakarot
That would also fix a cascade of other major global issues.

------
3131s
> _“The Silk Road” was the first of a phenomenon that became widely known:
> Darknet Markets._

The history is way off here, Silk Road was one of the first two completely
public darknet markets (the other being the short-lived Open Vendor Database)
but there were private darknet markets long before, e.g. The Farmer's Market.

> _Use of the Internet to facilitate the marketing and sales of physical goods
> - drugs, weapons, false identification papers - began latest in the late
> 1990s, but usually focused on local geographic markets in major cities. This
> was due to the fact that payment and delivery still required in person
> meetings._

Not so, back then and still to this day drug dealers simply throw a stack of
cash in the mail. The clearnet markets for "research chemicals" all operated
this way and went basically unchecked until Operation Web Tryp in 2004, which
began an era of harsher enforcement of the Federal Analogue Act.

~~~
mirimir
Well, it was Adamflowers "long before".

And its OPSEC was over-the-top lame. I mean, Hushmail?

But then, DPR was also very sloppy.

~~~
krageon
If you really look at how the big names have gotten busted, you will see that
their opsec is bad with no exceptions. Apparently people that actually know
the craft don't see enough upside to running a marketplace like that, which
should make you wonder about the ones that still exist.

~~~
mirimir
Yes, indeed. I did look, rather carefully, a couple years ago. And OPSEC
failure (sometimes spectacular) explained all of the the major busts that were
widely reported.[0]

However, I did not research criminal court records. Accessing that data is
nontrivial, especially for someone using a pseudonym, who can't show up
physically, has no ID, and can't pay with a mainstream credit/debit card. Few,
if any, courts accept Bitcoin etc.

Also, I made no effort to check for parallel construction, except by looking
for inconsistencies among published accounts of investigations. And I do
understand that the US DEA's Special Operations Division (SOD) funnels
information from the NSA, CIA, etc to federal investigators.[1] With the
understanding that "the utilization of SOD cannot be revealed or discussed in
any investigative function".[2] And that includes outright perjury, if
necessary. Just as we've seen regarding the use of Stinger intercepts.

It's hard to say whether people who know tradecraft well just prudently avoid
running dark markets, as you say. Or whether they do, but don't get caught.
Time will tell, I guess. At least, if remaining ones _do_ get busted. But if
they don't, there's the implication that the operators practice good OPSEC.
Or, that they're honeypots ;)

0) [https://www.ivpn.net/privacy-guides/online-privacy-
through-o...](https://www.ivpn.net/privacy-guides/online-privacy-through-
opsec-and-compartmentalization-part-2)

1) [https://www.deamuseum.org/wp-
content/uploads/2015/08/042215-...](https://www.deamuseum.org/wp-
content/uploads/2015/08/042215-DEAMuseum-LectureSeries-MLS-SOD-transcript.pdf)

2) [http://www.reuters.com/article/us-dea-sod-
idUSBRE97409R20130...](http://www.reuters.com/article/us-dea-sod-
idUSBRE97409R20130805)

------
yownie
Few years ago it was revealed USPS was photographing all senders and recipient
addresses on all mail in order to 'backtrack' packages in order to aid in
investigations.

[https://www.offthegridnews.com/privacy/vast-postal-
surveilla...](https://www.offthegridnews.com/privacy/vast-postal-surveillance-
system-tracking-mail/)

~~~
yownie
more:

[http://www.washingtonpost.com/wp-
dyn/content/article/2008/02...](http://www.washingtonpost.com/wp-
dyn/content/article/2008/02/17/AR2008021701801.html?hpid=sec-
tech&noredirect=on)

~~~
yownie
[https://en.wikipedia.org/wiki/Mail_cover](https://en.wikipedia.org/wiki/Mail_cover)

~~~
yownie
[https://en.wikipedia.org/wiki/Mail_Isolation_Control_and_Tra...](https://en.wikipedia.org/wiki/Mail_Isolation_Control_and_Tracking)

------
GistNoesis
How do you defend against the eye in the sky, video surveillance or location
tracking ? There seems to be conflicting objectives. When hiding an object you
don't want too many people around to see where you hide it. Yet if you record
only two person going to exactly the same non standard spot it's pretty much a
red flag, then you follow the person in the recording to identify them. Most
buildings are probably not valid because they can't be entered easily by both
parties.

~~~
perlmutterlabs
Yeah, it's a great story, but machine vision + machine learning + surveillance
could pull the rug out from the dropgangs market in a second.

But really, other than this fatal flaw, it's a great narrative of the internet
spilling into and interfacing with analog markets

~~~
zzzcpan
It's not a fatal flaw, unless they choose a location with police surveillance,
but why would they?

~~~
perlmutterlabs
Taking a guess: ML is just too good. Don't forget, it's also a signal to leave
surveillance areas, eg "last seen driving into the desert". Any kind of
outlier behavior is PART of the detection model ... that's where probabilistic
models gain leverage, in fact ...

~~~
maxander
I think if “he left surveilled areas for no registered reason” is something
that law enforcement observes and considers evidence of criminal activity,
we’ll have well and truly lost any semblance of being a free society.

~~~
perlmutterlabs
"Parallel Construction" ... yep, sad times
[https://en.wikipedia.org/wiki/Parallel_construction](https://en.wikipedia.org/wiki/Parallel_construction)

~~~
X6S1x6Okd1st
I don't see how parallel construction applies here.

------
zzzcpan
Using telegram for communications with customers also allowed marketing to
escape darknet forums and into the walls of public places. Normal people don't
even need to know about darknet to buy drugs and what those @usernames on
walls are is becoming common knowledge.

------
jorblumesea
The biggest flaw here is the dead drop system. It doesn't scale well and
involves many more complex steps and people in the system.

For example, a drone on surveillance duty that continuously watches the area
will be able to identify patterns and pick out possible outliers. Combined
that video feed with machine learning and it may be possible actively identify
dead drop participants.

~~~
anon_cow1111
If the system becomes that large and profitable, those surveillance drones are
going to end up mounted on plaques like big game trophies.

------
panarky
Anonymous, decentralized transactions using dead drops only works with side-
channels for reputation, or with security deposits.

Side-channels for reputation like posting cryptographic proof on darknet
forums isn't scalable or reliable.

And security deposits without a third-party adjudicator just move the trust
issue around without eliminating it.

One ideal solution could be a cryptocurrency with on-chain confirmation of the
real-world transaction by both parties after the fact.

When both parties to the transaction can point to a series of successful
transactions through a web of trust, then the central marketplace for
reputation or escrow is no longer needed.

~~~
runeks
> One ideal solution could be a cryptocurrency with on-chain confirmation of
> the real-world transaction by both parties after the fact.

How do you prevent merchants from just creating a thousand fake transactions
to make them look reputable?

~~~
panarky
This is where the web of trust comes in.

You give the greatest trust to reviews provided by the anonymous identities
you have transacted with.

You give progressively less trust to reviews by identities 1, 2, ..., _n_ hops
away from those you have transacted with.

If a merchant creates 1000 sock-puppet consumers, they won't be reachable from
your trust network, so you'll give them little if any weight.

~~~
runeks
> You give the greatest trust to reviews provided by the anonymous identities
> you have transacted with.

I don’t quite follow. Consumers deal with merchants. Consumers give reviews to
merchants. So the anonymous identities you mention will be customers that I
don’t know. Merchants won’t review each other, I presume.

In other words, as I understand it, the “anonymous identities I’ve transacted
with” will be merchants, who don’t review other merchants.

> If a merchant creates 1000 sock-puppet consumers, they won't be reachable
> from your trust network, so you'll give them little if any weight.

What if do a successful deal with this merchant? Will I then trust that all
those 1000 fake transactions took place? And will the people who trust me also
believe that?

------
drcode
I wonder if dark web markets will ever establish a comprehensive alternative
parcel system... that seems like the natural, final extension of these ideas.
The technical challenges to this would of course be significant (I'll refrain
from listing them and suggesting potential workarounds since I don't really
want to give anybody any specific ideas on this LOL)

~~~
CamperBob2
There are quite a few holes in the scheme as outlined in the article. The
author asserts that dead drops are better than post office boxes because
they're harder to surveil, but what keeps law enforcement from signing up
their own personnel as distributors? Then it's just a matter of staking out
their own dead drop and arresting whoever shows up. This is why the first rule
of opsec has always been, "Involve as few people as possible." You can't
improve security by adding more people to the loop.

The best way to do this is probably for the 'salesperson' to drive to an
isolated area and chuck packages into the bushes at random intervals. The
packages then send their GPS locations to a LoRaWAN gateway somewhere, to
which their buyers have been sold access tokens. LE can still infiltrate the
organization in the sales role, but with more difficulty. Adding an extra
distribution layer with fixed dead-drop locations just seems pointless.

~~~
hinkley
It's not just the cops that will be surveilling a dead drop.

You don't think a heroin addict who couldn't come up with the money for their
next buy isn't going to go check every dead drop they ever bought at on the
off chance that there is something there?

I mean, just thinking of the old espionage meaning of dead drop, if you have
dead drops or safe houses or secret meeting locations that you could only use
once a year, to avoid patterns, then researching them would become
tremendously expensive. A full time job, really, probably for several people
(and someone in logistics managing them all). I can't see how that'd be much
different for criminals, and how do you make a profit at that? At least in the
espionage case, you would have been State sponsored. You don't have to make
money.

~~~
cobbzilla
great observations. but as for “how do you make a profit at that?” I’m pretty
sure it gets priced into the (expensive) product. That premium might be too
high for retail, then this gets used for lower frequency, higher quantity and
higher trust transactions.

------
bittermang
The elephant in the room that this article highlights, but never addresses.

A mobile phone has become a de facto a requirement for illegal commerce, as
described, and to me presents a pretty huge single point of failure.

And yes, I know, EVERYBODY has a phone. But I don't. Why would I want to carry
a police officer in my pocket? Especially if I'm a criminal.

~~~
TylerE
That's why you'd use a burner.

~~~
bigiain
Depending on your adversary, you need to be super careful to not make the
single mistake that'll blow your cover there. If that burner ever gets
switched on or off at your home, or if it only ever gets switched on/off at
the same location as a phone registered in your name, or if it commonly
travels exactly the same route as your phone...

I'm guessing "they" won't go to those sort of investigative lengths for
theoretical retail customers of a theoretical Dropgang. I'd expect a vendor to
be targeted using those sorts of techniques though.

And none of that data ever goes away... Who knows what law enforcement might
choose to do with those sorts of leads in the future?

~~~
TylerE
If you’re sufficiently paranoid just use a new phone for every single call.

------
keithnz
Kind of interesting distribution is kind of like darknet geocaching. I wonder
how much accidental discovery occurs.

~~~
tomglynch
The other issue I see is at some point, all secret hiding spaces will be used.
For a consumer, checking previous drop locations may result in finding free
goods.

~~~
droopyEyelids
If this becomes big business then every retail store will start providing
airport locker type storage.

~~~
olefoo
In a known, easily watched location?

Did you read the article?

------
chrisweekly
Excellent summary. I'm reminded of the old saw, "The future is already here,
it's just not evenly distributed".

~~~
bigiain
"Old saw"? I remember that quote being new, it's not _that_ old...

<google google google>

It's from 2003.

[https://www.goodreads.com/quotes/681-the-future-is-
already-h...](https://www.goodreads.com/quotes/681-the-future-is-already-here-
it-s-just-not-evenly)

~~~
hinkley
Sit down. You're not going to like what I'm about to say. This is going to
start happening to you (us, really) more and more. Things that happened in the
00's happened a 'long time ago' to a larger and larger group of loud people
with Internet access. People who can drink legally were born in '98\. What's
up with that shit?

[https://en.wikiquote.org/wiki/William_Gibson#Quotes](https://en.wikiquote.org/wiki/William_Gibson#Quotes)
has a citation for him saying it in '99 and an unsupported assertion that it
might have been said in '93\. I've been hearing this long enough that I
believe the '99 date, but I'm skeptical about '93.

~~~
bigiain
Yeah yeah. I know...

And I would have gotten away with it too, if it weren't for you meddling kids
and your damned dog...

\-- Old Man Big from The Haunted Amusement Park

------
JohnJamesRambo
Dead drops sounds like an awful way to distribute anything at scale. The loss
from other people finding stuff seems enormous also.

~~~
bigiain
So long as there's sufficient profit margin to allow for an acceptable
"shrinkage", it just becomes a cost of doing business. The benefits in terms
of privacy/security for the typical darknet vendor probably make it well worth
low double digit percentage losses, given the assumed margins from source to
end user...

~~~
JohnJamesRambo
I don't know how secure it is when a cop sees you drop a bag of heroin behind
a bench instead of just shipping people stuff.

~~~
6nf
They wouldn't drop at a public bench with people around

------
golergka
Once again, I'm completely surprised how behind is western dark market world
compared to Russia in that regard. Tor-based marketplaces with dead drops in
parks and around the city have been around since 2013 and are now the only
practical way to buy any drugs. Telegram channels have been widely used since
at least 2015. Any city park has police squads patrolling the exits at night -
they search people, open up your phone and look up Telegram and Tor apps if
they suspect you've gone there to get a drop. Drops (they're actually called
"buried treasure", or "klad" here) moved from parks to the city - you get
instructions, for example, to go to some floor of a random apartment building,
stop the elevator and search for a magnet-attached package behind it's doors.

I don't think that this article doesn't do a good job on the risk model
because it doesn't understand how law enforcement operates - at least in
Russia, the picture is completely different. Law enforcement has KPIs to catch
some amount of drug dealers and users, and they have developed ways to do this
reliably. So, instead of intercepting communication between the drug sellers
and drug buyers, they prefer to work together with sellers (taking considerate
money for 'protection') and arrest some proportion of buyers when they go for
the drop.

~~~
tawm
Thank you for this valuable comment. It is highly likely that police would go
for the lower hanging fruit of buyers instead of sellers in a system so opaque
and decentralized. The old thinking of "what could happen, they only want the
big guys anyway" should have no place in OpSec. And when information on these
networks is so hard to come by to begin with, a buyer being busted is very
desirable. The way I see this "evolution" of the dark markets, is that it
mostly protects vendors while inconveniencing and endangering buyers.

~~~
golergka
It's always been like that here - the police departments that were supposed to
fight drug trade basically overtook it. So why would they arrest their own
employees when they can close their quota with drug users instead?

------
bfuller
Russian darkmarkets started using dead drops years ago if I recall correctly

------
stcredzero
_The current method of reporting sales experience on forums is open to
spamming and manipulation since it is hard to show that a deal even took
place._

 _It is likely that forums and merchants develop best practices to solve this
problem. There is the potential that merchants will start to issue “proofs of
sale” in a cryptographic form, that customers then use to make statements
about the performance of the merchant in public forums._

Could a blockchain or some other kind of public ledger be used to create a
public sales rating record? I don't see how such a thing can respond to
spamming and deliberate manipulation, however.

Another thought I just had: could some combination of drones and self driving
cars revolutionize dead drops?

~~~
zhoujianfu
Yeah, and you can at least sort of solve the manipulation issue by weighting
ratings based on “bitcoin days” of the address making the review.

(Number of bitcoin on the address times time it’s been there.)

------
sigmaprimus
My biggest problem with using the Darknet, messaging apps, or old school
methods such as dial a dope or hitting up the guy on the street corner to buy
drugs is the same. How can I really trust someone willing to break the rules
and sell drugs or other non legal goods? You lay down with dogs you get
fleas!! Last thing I would want is to eat, smoke or snort something from
someone I have never met even if they have a 5 star rating on a darknet review
board. Don't even get me started on messaging out to someone whos' contact
info is written out next to a pay phone or on a bathroom wall and the likes!

~~~
amundsentb
If something is illegal, it does not follow that it is also immoral. You may
actually deal with a very moral person.

~~~
teddyh
If something is illegal, it operates outside of the law and therefore lacks
the normal protections which the law affords consumers. It has nothing to do
with morality.

------
kahlonel
My vision was distorted for full 30 seconds after reading this page.

~~~
theelous3
Yeah. High contrast is only good for people with serious vision problems.

Awful to read.

------
DonHopkins
Pokemon Blow!

------
tomcooks
Been a big fan of this author since the cypherpunk podcast, strange to see
"smuggler" reveal his real (?) name.

~~~
arikr
Could you please link the podcast?

------
DoctorOetker
Is this how people will deal food during a food scarcity in a previously
developed society?

------
rayrrr
When Pokemon Go hit, it was impossible not to notice in public. Just a
thought.

------
jimb1
Yes, I am also quite impressed at the amount of thought that has been put into
this concept. I would be quite interested in helping in designing these
systems, as I have been following some of the necessary technologies for
years. Jim

I foresee a stiff plastic or metal pipe, tapered to a point at one end, which
can be driven by force into soil or into a lawn, so that it ends up to be
approximately flush with the plane of the soil. Once placed, a smaller
cylindrical container, as well as active elements, if needed, can be slid into
the metal pipe, from above.

From the linked article:
[https://opaque.link/post/dropgang/](https://opaque.link/post/dropgang/)

"This challenge is met by Dropgangs in various ways. The primary one is that
the documentation of each dead drop is conducted in minute detail, covering
GPS coordinates, photos of the surrounding and the location, as well as photos
of the concealment device in which the product is hidden (such as an empty
coke can). The documentation however increases the risk for the Dropgang since
whoever creates it would be more easy to identify by surveillance. In
addition, even great documentation still requires the customer to understand
it and follow it precisely, which can lead to suspicious behavior around the
dead drop location (staring at photos, visually comparing them to the
surrounding, etc)." [end of partial quote]

Ordinarily, smartphones that use GPS, don't use accurizing features, such as
WAAS. (Wide Area Augmentation System).

See
[https://en.wikipedia.org/wiki/Wide_Area_Augmentation_System](https://en.wikipedia.org/wiki/Wide_Area_Augmentation_System)

WAAS correction data is probably already available on the Internet.
"Accuracy[edit] The WAAS specification requires it to provide a position
accuracy of 7.6 metres (25 ft) or less (for both lateral and vertical
measurements), at least 95% of the time.[2] Actual performance measurements of
the system at specific locations have shown it typically provides better than
1.0 metre (3 ft 3 in) laterally and 1.5 metres (4 ft 11 in) vertically
throughout most of the contiguous United States and large parts of Canada and
Alaska.[3] With these results, WAAS is capable of achieving the required
Category I precision approach accuracy of 16 metres (52 ft) laterally and 4.0
metres (13.1 ft) vertically. [end of partial quote]

WAAS might be described as a form of differential GPS. If the location as
computed by the smartphone was improved by WAAS, the statement above indicates
an accuracy within about 1 meter.

IR-specific retroreflectors to greatly simplify things.

The article describes complicated systems using Bluetooth or WiFi to help
locate these dead-drops. While they are certainly innovative, they add cost
and complexity to the hardware involved. I have thought of a much-cheaper
system that I feel is sufficiently secure and simple for common use.

Light-retroreflectors are commonly made from Scotchlite
[https://en.wikipedia.org/wiki/Retroreflective_sheeting](https://en.wikipedia.org/wiki/Retroreflective_sheeting)
or plastic molded corner-cubes. If a rather small (say, 1/4 in diameter)
sphere covered with retroreflector material was held up from the insert,
possibly by a short, thin stiff wire, the sphere could be visible, but not
excessively obvious even during the daylight. It would be easy to find this
device with a flashlight in the dark. For added security, an infrared-
transmitting plastic (such as is often used to cover IR-activating remote
controls, such as [https://www.eplastics.com/plexiglass/acrylic-sheets/ir-
trans...](https://www.eplastics.com/plexiglass/acrylic-sheets/ir-transmitting)
) could be used to ensure that only IR is retroreflected back to a searcher.

Ordinary smart-phone camera arrays are not only sensitive to human-visible
light (generally described as 400-700 nanometer wavelength), but are also
sensitive to near-IR wavelengths. If a smartphone camera was combined with a
directional IR LED, substituting for the white light LED lamp used for
photography, and aiming in the same direction, a user would be able to see
(through the camera display) the IR-specific reflections from an IR-limited
retroreflector, and this would probably be doable both during the day and at
night. A person operating such a camera would "look like" he was doing
photography, or perhaps playing a game. Somebody watching, even at night,
could not see the IR. The IR 'searchlight' could be a narrow-beam device,
perhaps with a full-angle of 16 degrees or so (typical for a narrow-beam IR
LED), so it wouldn't be particularly obvious even if watched through an IR
viewer. (If the IR LED itself was shielded from direct view.)

One advantage of this technique is that the searcher could identify the target
from a very long distance away, perhaps many tens of meters, and thus approach
it in a more "innocent" fashion. No obvious "searching" would have to be
performed in the open. And, the person who placed the dead drop could
ascertain its status without later needing to approach it closely.

This technique could be combined with Bluetooth or WiFi techniques, too. The
retroreflector could normally be retracted, and only raised if the proper
Bluetooth or WiFi signal was heard. Or, perhaps, the target would contain an
exposed IR LED, which would activate from an battery only if the proper
signals were heard. The resulting dead-drop would be virtually impossible to
find.

~~~
mirimir
Back in the 60s, we just buried the main stash in the garden, behind the
house. Nothing fancy, just a large paint can. We did get busted once, but they
only found a little of this and that.

I've played some with geocaching, and it's amazingly hard to find something
buried, with no data except GPS. Phones are useless for that. And they're also
a security nightmare, being basically tracking devices.

So you use a dedicated GPS device, which doesn't transmit. But even with them,
you need to average for maybe 10-20 minutes to get WAAS-level accuracy.

I like the IR retroreflector idea. And retractable! It'd be a little
stationary robot. And for a cover story, have Pokémon Go installed.

------
jimb1
This system has problems deleting messages.

~~~
mirimir
There's a 10-20 minute window for deleting messages. And then a ~1 hour window
for editing them. So if you miss the delete window, you can just edit to
"[post deleted]".

But maybe there's some minimum karma needed. I don't remember.

Edit: OK, 20-30 minute window for deleting.

------
auslander
Dark Drones!

------
bayesian_horse
From what I know about drug users' level of motivation I'd say the dealers
will regret using dead drops quickly...

------
tw1010
> "What is illegal and unethical trade for one is perfectly legal for another"

What in the world does that mean? There's only one rule of law.

~~~
mr_pinnen
That might be true for one specific country/state. But different countries
have different laws.

------
cvza
"What is illegal and unethical trade for one is perfectly legal for another.
Judge for yourself."

Is it just me, or is this statement just plain incorrect?

~~~
trevyn
Jurisdiction.

------
rospaya
A very long article with the only takeaway being... a better use of dead
drops? Am I missing something bigger here?

