
DeadDrops - anonymous, offline, peer to peer file-sharing - hornbaker
http://deaddrops.com/
======
meaty
I work near one of these and a couple of us decided to investigate purely out
of curiosity one lunch time earlier this year.

We used a netbook with a fresh Windows XP on it and nothing of value and
destroyed the disk afterwards.

It had on it some inane chart mp3s, a low quality DVD rip, a text file with
1337speak in it and what looked like a Ubuntu ISO. I doubt anyone else had
actually plugged anything into it and these were probably the originator's
files.

I can see the attraction and purpose of it, but the idealisms probably won't
ever be realised with human nature as it stands. Someone will trash or break
it and someone else will upload something nasty to it.

As for security, all these probably carry the _Internet clap_ so don't go
sticking them in anything of value (sounds like a certain human problem as
well).

~~~
praptak
For this to be remotely usable, a cheap and lightweight (physical) client
should exist. Your netbook with a fresh XP and nothing of value is a good
approximation of that.

I wonder how low-cost could one go with a custom made USB device that just
copies everything to itself after connecting. Effects of scale unfortunately
don't apply, as it would have about 10 customers worldwide :)

~~~
meaty
They already made them:

[http://www.amazon.co.uk/Belkin-USB-Anywhere-data-
copier/dp/B...](http://www.amazon.co.uk/Belkin-USB-Anywhere-data-
copier/dp/B000CRPTCA)

------
Drakim
Wouldn't this be a tad easy to "troll"? All you would need to do is hit that
USB port with a rock and it would be completely unusable, all effort into
cementing it into the wall wasted.

~~~
aw3c2
or put malware on it.

or really dangerously illegal content.

or use some "smart" device (instead of a "dumb" storage device) to harvest
data from connected machines.

etc.

~~~
areallybadidea
!g USB HID Exploit

Teensy etc. Hell even the nubs at Hak5 and even Steven Gibson (lol) probably
have covered this.

~~~
ynniv
Are there any known SD exploits? My intuition is that the format is dumb
enough that there are not, but intuition makes for poor security.

------
livebeef
This can't end well, I won't ever plug anything into my laptop if it is hidden
in a wall. See: <http://www.fiftythree.org/etherkiller/>

------
noonespecial
It would be interesting to use a $20 TP-Link 703N to create a solar wifi dead-
drop.

~~~
neopallium
Here is a project that is using the TL-MR3020 (which is very similar to the
703N) using solar/wind power + rechargeable battery to build environment
tracking stations: <https://apollo.open-resource.org/lab:argus>

------
alx
Here is Moustreet keys, located in Toulouse, France:
<http://blog.lamoustacherie.fr/?page_id=3981>

The advantage they have is a female plug, you can't physically break it like
standard usb key (most of these keys are broken after a year).

But they're disappearing too, people tend to paint walls :)

------
yason
A LAN shareparty without internet access might be a better way to revitalize
the sneakernet. You could just use a httpd to share your files and let others
download what they want over a 1GB LAN. Or use some file-sharing system
locally and only locally.

Curiously enough, in a LAN party the IP addresses are much less critical than
on the internet. If we assume that there were MAFIAA infiltrators listening on
your local torrent swarms then nobody really knows whose computer is behind,
say, 192.168.0.67: a dhcp server will distribute ips pretty randomly to
different participants without querying who they are. Of course, some
computers connected to the same router will see the corresponding MACs but
following those would require the infiltrator to know which port of the router
can be used to find a certain MAC and you don't really see that unless you
have access to the router console.

Conversely, ISPs generally keep track of who's using which IP at a given
moment eventhough the internet is global and one might think that any IP
address will just disappear in the sea of endless numbers.

------
batiudrami
This seems like a really simple way to get implicated into some nasty shit.

------
lantern
It doesn't look like anyone has explained the _real_ danger of plugging into
one of these.

Any malware, skeezy content, etc. can be avoided by simply not opening files
and having your computer not autorun usb drives. But the real issue (at least
the one that always comes to my mind) is if, say, the "USB device" was just a
male connector connected directly to wall power. This would at least fry your
computer's USB, possibly more.

It would also be trivial to set up a simple circuit inside a USB drive casing
to step up voltage and potentially fry your computer's ports.

------
unfamiliar
It they think I'm going to hold my shiny new laptop awkwardly against a wall
and get it all scratched up only to get it riddled with child porn and
malware, they are sadly mistaken.

~~~
EliRivers
[http://www.usbcables.com/assets/images/white-usb-
extension-c...](http://www.usbcables.com/assets/images/white-usb-extension-
cable-A-TO-A.jpg)

Now you can get your child pron without scratching your laptop :)

------
bobo29
Great. The computer equivalent of a glory hole.

------
bravura
Could someone please explain the risks of plugging into a random USB device?

I see a handful of people alluding to risks (viz. "USB Condom") but I don't
understand precisely what the issue is.

On Windows, presumably there's autorun.inf which can launch any executable on
the USB drive. Is that correct? What about if you plug in from Unix or MacOS?

Bonus question: What are the risk factors, both for you and the host, if you
charge your smart-phone in a stranger's laptop through USB?

~~~
maxerickson
There's always the risk that it is wired in such a way that it attempts to fry
the port it connects to.

The risk of hostile software should be relatively easy to deal with (even on
ancient versions of Windows).

------
morphyn
What could possibly go wrong ?

------
Beltiras
Clever. Inordinately stupid, but clever.

------
Tipzntrix
I could see this actually working...but not as advertised. And not if
advertised.

Just as dealers hit street corners and people still buy off them knowing the
risk, secret USB ports (not all over Hacker News or advertised on a web page)
could pass software to a group of people who have a high barrier for
membership insofar as they trust the other members of the group.

But then, isn't this just what people used to do before the internet? Now it's
"anonymous, offline, p2p file sharing"!

------
fla
Don't do that without an USB condom

------
stephengillie
<http://xkcd.com/956/>

------
Sami_Lehtinen
Same link has been posted here several times. At least two times earlier.

------
enr
Yeah that seems perfectly safe.

------
areallybadidea
Not this crap again it's so old and only 5 people in the whole world do it.
Someone else spammed this on HN last month. I guess it's not as bad as a "how
our company learnt from being stupid" splog posts we see daily here.

~~~
shiftpgdn
Goodness you are bitter. May I suggest taking a break from HN for a while?

~~~
knowaveragejoe
This person's diction and tone indicate to me they don't even belong here in
the first place. Only 5 people doing it is quite a bit of an understatement
too.

