Hacker News new | past | comments | ask | show | jobs | submit login
"Dead Drops" is an anonymous, offline, p2p file-sharing network in public space (datenform.de)
155 points by yan on Oct 30, 2010 | hide | past | favorite | 52 comments



Here's a more sophisticated version of a similar idea:

Cellular networks are centrally administered, enabling service providers and their governments to conduct system-wide monitoring and censorship of mobile communication. This paper presents HUMANETS, a fully decentralized, smartphone-to-smartphone (and hence human-to-human) message passing scheme that permits unmonitored message communication even when all cellular traffic is inspected.

HUMANET message routing protocols exploit human mobility patterns to significantly increase communication efficiency while limiting the exposure of messages to mobile service providers. Initial results from trace-driven simulation show that 85% of messages reach their intended destinations while using orders of magnitude less network capacity than naïve epidemic flooding techniques.

http://www.usenix.org/event/hotsec10/tech/full_papers/Aviv.p...


I don't see the similarity, but distributed p2p systems are very interesting, especially when they involve mobile wireless communication. It's kinda sad that there is currently little use for these kind of networks. In larger cities node density could get high enough to actually create a continuous mesh network with acceptable latency and loss.


It is a bad idea to plug untrusted hardware into your computer. Many Windows users have autorun enabled, so could be infected with malware as soon as they plug it in. This has been exploited by people pretending to run promotions and handing out infected USB drives in front of targeted businesses.

Worse than autorun, there have been buffer overflows against USB drivers and proof-of-concept exploits that allowed Firewire devices to read arbitrary physical memory through DMA access. I haven't seen this used in practice, but the risk is there. Bruce Schneier wrote about these attacks a few years ago: http://www.schneier.com/blog/archives/2006/06/hacking_comput...

If you want to go down the Ken Thompson "Trusting Trust" hardware security rabbit hole, think about who manufactured your computer.


Not even just that, but someone could rig up a USB plug that shorted out the power (or, worse, rammed 9V from a battery back up it) and cream your USB port..


This was the first and only thing I thought about when reading the article.

The idea is "neat" but completely impractical and extremely dangerous.


It's a similar risk to using a file sharing network though. It depends on the type of files you're downloading, of course, but lots of people don't check an EXE before running it.

Although you often have the wisdom of the crowd when downloading files; if 1000 people are sharing/seeding, then the files are probably* safe.

* Possibly a terrible assumption.


I think USB-based DMA attacks were used against the Xbox 360, but I don't have a source off the top of my head.


Zzzzz. Old spare computer with no network connection, DVD burner, done.


I have thought for ages of something like this, but instead of usb drivers, a wifi box with a big harddisk. You would connect to the wireless network, open browser at 192.168.0.1 and instead of a router's page, you would get to a website, with a nice interface, where you could select the files you wanted to download or upload others.

I even did some drawing and thought of solar pannels and batteries to keep it going non-stop. What demotivated me was the fact I'm living in Brazil and normal filesharing is still much easier and non-risky...

Anyway, a wifi box like this would be much more secure if done right. A complementary idea I also thought of was to make the boxes communicate with each other, much like a cloud you could access from any reachable access point.


An interesting idea would be using client computers to synchronize boxes automatically in the background.


It could do virus scans. So thats a bonus. Maybe if this project works that could be next.


Don't wireless networks know the other parties MAC IDs?


they know whatever MAC address you're using at the time, sure. if that happens to be 06:66:de:ad:b3:3f, then anyone later inspecting the logs will probably be disappointed.


that would be really nice!


This is as "anonymous" as a public mailbox. This is trivial to monitor, and said monitor could easily perform a diff of the drive after each contact.

Real dead drop locations are typically only known by the involved parties, are ad hoc, and move frequently.

Don't get me wrong -- it's an interesting and sort of amusing project. I don't mind most of the terminology they're using, but I think it's dangerous to call something "anonymous" when it is so far from being so.


Well if theres enough of them that'd be beyond trivial.


Fun concept, but I immediately imagine someone going around smashing these with a hammer (or, perhaps more likely, city workers being sent out to remove them). :\

Here's a much more expensive project with a similar idea:

http://torrentfreak.com/kiosk-of-piracy-an-offline-copy-of-t...


Bluetooth low energy is option once more phones support it. With a button cell the transmitter will operate more than a year. Hide it completely in a wall or somewhere else where it is difficult to remove.


You don't even need malicious intent. Mishandle the computer while it's plugged in to the stick and you'd likely damage it pretty quickly.


Yeah, you'd want to use a short USB extension cable.


I don't think that Lars Ulrich lives in New York.


It's a cool idea, but I worry about malware. Malware is known to be able to infect USB drives put into the machine it's on, and it only needs to be plugged into another machine to infect it. They'll have to be systematically reformatted pretty often...


Yup. When I saw it, my first thought: "Better project name: Digital Glory Hole"


I don't think it's a big deal for people running linux!


You think incorrectly and having that assumption, you're exposing yourself to more risk. To assume Linux USB drivers, file systems and file managers don't contain vulnerabilities is to assume wrong.


Sure, there is also the potential threat of someone breaking into my home/office and installing secret videocameras to record my keyboard and get my truecrypt password (or more easily, opening the "safe" and figuring out what string of characters in a certain notebook is it). However, I don't worry about such things, and neither would I worry connecting a random usb to my practically disposable netbook.


Well, less people target Linux as less use it. If I hooked up to one of these, though, it'd have to be with an isolated partition or in Haiku.


Someone could always re-wire the thing into mains power, in all probability destroying anything connected to it regardless of any software it might be running.


Not to mention potentially killing the next person to try to use it.


Since you can only touch one conductor of a USB connector at a time (or really at all) unless you stick your tongue into it, then any mains power applied to it is going to be hard pressed to cause you anything besides an uncomfortable tingling.


Hold a live power cable while walking barefoot across wet grass and I doubt you'd live to tell the tail.


Ah, so you do remember that the current is going to have to flow through you, and that will need something a bit more conductive than pavement and shoes.


... or any OS which doesn't automatically run an executable when mounting a volume. (I have no idea if the autorun stuff is still enabled on Win 7.)


Note that you don't actually know what kind of device it is. It's USB, but it's not necessarily just a flash drive. For all you know it's hooked up to a microprocessor-driven exploit-o-bot.


A couple of concerns with usability, malware, and vandalism, but otherwise an AWESOME idea!

What about doing the same thing but attaching it outside your car instead? Then it's your property and it's mobile.


If it's your property I think you could be liable of what people put on it.


This is a great idea with the caveat that once someone puts some nasty malware on one/all of the drives, it starts to get a lot less fun.


It's a cute idea, but feels a whole lot like the things coming out of the MIT media lab in the late 1990s.


Neat idea. Obvious security concerns apply, but probably people who are nerdy enough to whip out their laptop and plug it into the wall are smart enough not to have autorun switched on when doing this.

Would also make a neat Kickstarter project.


Is it to me or is there a risk of breaking the USB port of your laptop?


I wonder who's going to drop a auto-run USB worm into them...


ℒℴѵℯ it. Going to put some around London tonight.


What if the USB ports on your laptop are all sideways? I'm sure that'd be even more inconspicuous.


Most or all of the downsides could be negated by making this thingy a standalone wireless device.


I think the term 'network' implies some kind of connection between nodes.


haha well done! Great and fun idea. We should make it a movement and put them up all over the world. And make a site like geocaching for this type of sharing!


How big a file can you share over this USB?


however much space is available on it


How do they get power?


These are just flash drives. They get power through your USB port.


i tried this and the thumbdrive ruined my nuclear reactor =(


every time i see one i will smash it with a hammer




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: