
Dead Drops - zhte415
https://deaddrops.com/
======
api
This has been around for a while, and given the vulnerabilities in USB stacks
and OSes is somewhat dangerous. When it appeared over at Reddit someone called
it a "USB glory hole."

Same thing applies to chargers in public places. You never know whether it's
_just_ a charger.

~~~
baddox
Do the "charge-only" USB cables fix this vulnerability?

e.g. [http://www.amazon.com/PortaPow-Micro-USB-Cable-
Charging/dp/B...](http://www.amazon.com/PortaPow-Micro-USB-Cable-
Charging/dp/B0088HTYUE)

~~~
detaro
For chargers, yes. For getting data of a "dead drop", obviously not, and also
not if someone connects high voltage or something crazy like that. Or someone
manages to exploit the power management system by turning power on and off in
just the right way, but that seems far-fetched.

------
AdmiralAsshat
Are there any kind of restrictions or requirements that would ensure that a
random embedded USB flash drive in the side of a wall in a dark alley would
not contain BadUSB exploits, keyloggers, etc.? I kinda assumed initially that
this was an extension of the creator's original art project, but it seems like
people are actually using these--the security concerns far outweigh the
novelty, in my mind.

~~~
pavel_lishin
I'm going to assume that there's no way for the creator to enforce this,
anyway - but is there any way to access one of these without endangering your
machine? I'd rather not use a burner-laptop every time I try to see what's on
these guys.

~~~
x1798DE
I'd say it's pretty risky either way, but you could insulate yourself from
risk somewhat by using a raspberry pi with a fresh image on the SD card each
time.

Also, if it's possible to run a raspberry pi from a write-protected SD card
(and assuming that SD-card write-protection hardware switches are actual
hardware disables not something that just sets a flag that the software can
ignore), then you may not need to clean the SD card every time either.

------
fiatjaf
For a more interesting project that resembles a "anonymous, offline, peer to
peer file-sharing network in public space" \-- but is in fact much more
useful, see Edgenet:

proposal:
[http://cultureandempire.com/html/edgenet.html](http://cultureandempire.com/html/edgenet.html)

slides:
[http://cultureandempire.com/edgenet.html#/2/1](http://cultureandempire.com/edgenet.html#/2/1)

(funded) indiegogo project:
[https://www.indiegogo.com/projects/edgenet](https://www.indiegogo.com/projects/edgenet)

~~~
nosuchthing
• LibraryBox [1] is an open source, portable digital file distribution tool
based on inexpensive hardware that enables delivery of educational,
healthcare, and other vital information to individuals off the grid.

[1][http://librarybox.us/](http://librarybox.us/)

• PirateBox [2] is a DIY anonymous offline file-sharing and communications
system built with free software and inexpensive off-the-shelf hardware.

[2] [http://piratebox.cc/](http://piratebox.cc/)

------
pavel_lishin
The map search doesn't seem to work at all - "New York City, NY" decodes to
0.00, 0.00, apparently.

Also, the full-size image for the Union Square Dead Drop[1] is ... not very
full-size:
[https://deaddrops.com/db/images/fullsize/32/935838.jpg](https://deaddrops.com/db/images/fullsize/32/935838.jpg)

[1]
[https://deaddrops.com/db/?page=view&id=32](https://deaddrops.com/db/?page=view&id=32)

------
exelius
Seeing as this project is 5 years old, I'm curious how many of these are still
functioning? None, I would guess, since it seems like more of an art
project... but still, I'm a little curious. Is anyone close to any of these
that could test them out?

~~~
hamitron
I embedded one into a wall in my neighborhood. It lasted about two weeks
before it completely oxidized.

~~~
exelius
That's about what I had thought would happen.

------
ripter
Every one I've tried in SF doesn't exist anymore.

------
Practicality
This seems like a great way to share viruses.

~~~
leohutson
Yes, it seems like the computing equivalent of a glory hole.

------
hamitron
the piratebox project is much better
[http://piratebox.cc](http://piratebox.cc)

------
joefiddy
Why not use a burner running Linux?

