For more practical guides on how people who sell drugs avoid the negative repercussions:
• AlpraKing’s business guide is hard to beat. https://archive.is/K7j1U
(It’s a great business guide in general, actually)
• Gary Cooper’s Never Get Busted Again and Never Get Raided Again shows practical use of dead drops for dealing.
>although one questions the sanity of stealing from Russian drug dealers.
I'd conjecture that the value of the booty would be quite limited too? (small envelopes not kilograms exchanging hands). A smack-head probably wouldn't care about the risks just as long as they get their next fix?
EDIT: "4. Don't hire people under 30 years old" that is great advise. You want Mike Ehrmantraut like characters (from "Better call Saul") ... btw that show was consistently good in OpSec lessons (unlike the parent show "Breaking Bad").
The drops get ripped so frequently there is a process for handling a drop that has been unloaded before the customer get there. The customer has to supply pictures of the drop location and the empty drop, then the dealer will send them to another place. Dead drops provide some security, but they’re a trade off.
I think the Gary Cooper videos are massively underrated for security principles. He explains how the adversary operates, how they think, and what their capabilities are, then based on that he distills core security strategies to exploit their operational limitations and mitigate their capabilities.
This is really great stuff for understanding how to counteract a threat, how to do proper counterintelligence analysis and apply it for security. The problem is that people see these as “stoner videos” rather than “the design and implementation of counter law enforcement techniques, by a former cop.” There is a lot to be learned, both from general security principles (such as compartmentation, cover, and concealment) But also how to analyze an adversary and develop a plan to mitigate their capabilities.
I was going to do a write up them years ago but someone scooped me by seeing my recommendation and then doing a (crappy) writeup before me. Just one of the things that killed my enthusiasm for sharing recommendations. But, I should do a write up. For a counterintelligence analysis they are sublime.
That would be very useful. Some people love videos. I don't. I'd rather read something that's concise and organized.
And yes, great links!
Millions of people use dark net marketplaces. The war on drugs has fueled their growth and more serious crimes like identity theft have benefited from it.
well, that's what the end user sees, but we can't pretend to know what happens behind the scenes from a data perspective, and how that data might be used in the future.
> They require a court order to open your package and even then can’t charge anyone with possession.
this is not true. only first-class mail (13oz and under) is subject to any fourth amendment protections at all, and your mail can be opened without warrant if it comes from overseas. USPS can also x-ray and use other imaging techniques on whatever they want, they even describe it as a best practice.
this isn't to say dead drops are a better idea; there are plenty of reasons not to go that route as well.
Whoa, that's news to me. I didn't realize that any class of mail besides First class is considered to not contain private correspondence.
Orders over 13 oz could simply be split into multiple sub-13 oz shipments, although then that means a possible increased risk of detecting a package.
Imagine a world where criminal gangs don't have access to the money they make through drugs and a government that doesn't have to spend huge amount of money on drug laws enforcement because drug trafficking would be much less lucrative in the existence of legal access and you get fewer and very cash-strapped drug gangs, and government making money from taxing drugs.
Surely such massive savings and earnings can be spent to help problem users and reduce violence, no?
I agree with your sentiment but I find it odd that you think judges are the worst. Of all the people in the system judges are probably the least worst because they don't have as many incentives to do things that are bad for society but good for them personally the way all the other actors do (i.e. they do not directly benefit from the war on drugs).
The bad incentive for judges seems to be that most of them have a desire to not rock the boat too much which is pretty benign compared to all the other actors who go out of their way to perpetuate and further the status quo because they materially benefit from it.
I find it hard to fault the judges for apathetically presiding over a flawed system when every other group you mentioned is doubling down to further that system.
But unlike say murder, "identity theft" isn't some serious crime - it's in the same basket as "war on drugs" in that they both attempt to fortify a nonsensical top-down design at odds with the underlying reality. It's arbitrage against a broken authorization paradigm, and will continue as long as banks (et al) choose to just bear the cost rather than actually fix their systems.
The ways to fix it are numerous, but most of them would involve a widely used national identity card that's actually designed for identification (as opposed to social security numbers which were never meant to be used like this). Alternatively have the banks pay fines for each instance of "identity theft" they suffer, and watch how they figure out better ways to identify people (probably verifying them in person).
I've done some research around social engineering and the no. 1 thing that stopped us from getting into bank accounts etc. was that to do anything remotely dangerous, you had to present your ID card. Even if you got your hands on someone's IBAN, name, address, bday and national ID number - no card, no deal.
It's not impossible to get fake IDs, but it's a significant investment to do so, which stops the kind of drive-by identity theft I read about from the states.
The real legislation that is needed is to statutorily shore up the banks' liability for the damage their negligence causes. A person that has to deal with fall out from a bank being defrauded (eg repudiating that bank's and surveillance bureaus' libel) should receive a decent hourly wage in liquidated damages.
But while I agree that tech alone wouldn't fix much, using a single number (with no biometrics whatsoever) for identification is just asking for trouble. Even my bus pass has my picture on it!
The real problem in the US is that for any newly proposed identity system, any protections that keep the private sector from hooking into it for their own commercial surveillance will get scrapped due to lobbying. At the present, even social security and license plates are just basic government mandates, but form a foundation for unrestrained commercial actors to implement totalitarian surveillance.
So given that, the sensible freedom-preserving USian position is to be against any new identity systems until some laws have actually been passed to prohibit abuses of the current ones.
And that's generally the best case. Name, state, and birthday are considered unique in a terrifying number of settings, including traffic stops, DMV records, and voter registrations. It's baffling to me that a police officer can 'run a license' and act on the results without making use of the unique ID already provided on the license, but it apparently happens.
For example, if you have a bank account at a brick-and-mortar bank (and haven't setup online access), anybody can obtain online access to that account by going to the bank's website and entering your name, social security number, and maybe the recent account balance. This is in fact the exact process a bank rep does when you open a new account if they setup that access for you, or sometimes they even tell you to go home and do this yourself! Similarly, if you forget your online banking password, you can reset it entirely online with access to your email account, making your email account more trusted than the bank account!
In actuality, your being in the bank in person is the primary trust relationship, and that needs to be leveraged for the above scenarios. So online access should only ever be setup in a branch, and perhaps password resets should even require going down there as well.
(Obviously this is just an example and does not also apply to online-only banks. As I said, the key is to stop treating quasi-public information as a shared secret)
Millions of people know this and routinely check them for good deals, the propaganda machine has failed to make them "scary"
cheaper than listing on ebay.
Its just cheaper mate
All DNMs offer an expanded audience and borderless payment system that wont freeze your account
That's a pretty big number, would be curious if based on anything more than a guess.
sometimes they even list! lower fees than Ebay. Maybe Ebay and Amazon write those Ask Reddit posts about the "scariest thing you've seen on the dark web" to perpetuate that its scary.
As interesting as it all is, it's also very concerning for Law Enforcement. While petty things like drugs don't really worry me much, the advances in the anonymized distributed networks like this do mean that things that previously required big budgets of national intelligence agencies become easier for common malcontents to use. The article essentially describes a quintessential terror cell structure, but with the added benefit of 0 direct interaction. The separation of layers has always existed with limits (IE you had to have some form of communication) but this potentially allows for goods and services to easily be passed from fully anonymized layers to others without every having any interaction at all.
it seems better from their perspective than street gangs shooting each other over turf imo. an improvement for everyone involved, frankly.
>How do you make sure the product gets to your support layers?
through dead drops, of course ;)
In this system, you have drops. How does a rival gang know where they are? They'd have to buy the product to discover the drop and drops shouldn't be used multiple times. They could watch a user find one, but then that drop wouldn't be used again so they couldn't stake out and wait for their rival to refill it.
I think it's very unlikely a drug business can get to scale without reusing drops; the cost of scouting a good drop is significant, and the number is finite. Regardless, the value of a drop declines the farther it is from customers and from the dealers who supply the drop. So in practice, gangs will still have an incentive to claim turf and to harm other dealers using drops on their turf.
Even if that somehow doesn't happen, they'll still have the same strong competitive incentives. So they'll be very much inclined, as now, to discover rivals and take over their business through violence.
As a bit of a "spoiler" his solution is a covenant with the citizens. The government will hack all of our computers, will own the IME equivalents of every machine, and in return they will only use this power to hunt down terrorists and mass murderers, people who are looking to leverage technology to build nuclear weapons, bio-weapons, etc.
Things like parallel construction would have to stop though. Or be considered an immediate dismissal.
Another post on the same site as the root post discusses the surveillance state, he roughly justifies what is happening currently:
But I disagree on a couple of points, truth is more important than pseudo "pragmatism". A problem with incorrect pragmatism is that we collectively talk each other away from the seemingly impossible... which may in fact turn out to be possible. The study of cryptography (both primitives and protocols and systems) can be viewed as the study of paradoxical possibility. Things that seem to be impossible until they turn out to be possible.
It is in this sense that I wrote:
Perhaps I should be writing science fiction stories instead...
History suggests that is not long.
Still a fine line to walk.
People from Europe have this sort of... experience. Most of us know that trusting the government with our lives is not a good idea.
The US isn’t naive. In fact, it’s the opposite. It is a country that was so aware of the folly of government that it deliberately inhibited its own government by design. Because it knows damn well what happens when you relinquish control of yourself to another. That’s why the 2nd amendment is so fundamental.
The US doesn’t have to worry about things happening to the govt overnight, because the worry is built in. A successful model exits, it just needs to be followed...
I would have agreed with that assessment in the past but in the present I really can't.
Isn't "terror cell" a little over-the-top? It's just trade craft. The US does it. Russia and China do it. The various mafias (at least, modern ones) do it.
Terror cells have had to operate with reduced resources since the dawn of terrorism. The terror cell structure is trying to keep things as isolated as possible, and I'm saying this structuring and proliferation of dead-drop tech will all boost the potential power of the terror cell.
I'm saying that what they've described is a structure analogous to what exists, just higher tech. The time to adoption of this by terror elements is going to be short.
Last years state only tech is next years commercial tech. Once upon a time only the clergy were literate, now everyone can read and write whatever they want. Once upon a time the state could control the news. Now anyone with an internet connection can publish stuff. Once upon a time only major powers had tanks and artillery now every podunk warlord has them. Once upon a time only superpowers sent things into space. Now companies are doing it and making a profit. Once upon a time only the three letter agencies could bug a room. Now anyone can buy pinhole cameras for $5.
Trying to stand in the way of that is just stupid. You can't stop the long slow march of technological progress. At best you can quarantine off some small dystopia that you control.
The best counter to terrorism is a homogeneous population.
We'll probably see "white hat" distributed networks with pseudonymous reputation used for the provision of security and crime-prevention services, with no need for traditional Law Enforcement to get involved in any real way other than in a secondary, oversight role. After all, tools that "common malcontents" can use, can also be used by people working for the social good.
In this sort of arrangement, a jurisdiction's authorities could require shipments to be bonded, with forfeiture of the bond if it is found to contain a restricted substance. This would result in policing happening at the edges, by those providing the bonds, and likely relying on trust networks to assess the risk that a package originator is a terrorist.
Such a world would have a lot more trade friction than an idealized world govermment that centralized control of the movement of goods to prevent malevolent behaviour while allowing free trade of benign goods, at least in the earlier stages where localized solutions are not well-developed/efficient, but it would mean a far lower chance of a significant fraction of the world coming under the tyranny of a single malevolent government.
An all-powerful central govermment will always pose a far greater threat to the advancement of society than chaos IMHO.
And yes, using traditional shipping systems is a serious problem for old-school dark markets. I've thought off and on for several years about the potential for using dead drops with accurate GPS. I mean, geocaching. Many years ago, when I was dealing LSD, it was pretty common to use dead drops. But then, they were typically rental lockers in bus and train stations.
I agree that ubiquitous surveillance is a problem. However, it's ~clueless customers and low-level distributors who'll most likely get pwned. And they won't know anything important about the operation overall.
Anyway, time will tell.
INTERPOL has made some large busts in the past, but afaik it always has come down to failure to maintain proper OPSEC.
There's also the issue of possible directives in the future to prosecute customers en masse after major domestic busts using backlogged USPS analytics. As traffic obfuscation methods continuously improve, the economics of such directives will begin to look more and more reasonable when the goal is not to stop trade directly, but by establishing fear with precedent.
The problem with dead drops is that on a large scale where the level of trust is sufficiently low, it inevitably requires an escrow and resolution system with human moderation. And then you've just centralized trust instead of circumventing it. Dropgangs in the form described by the article do not provide the full package.
The article itself claims dropgangs and off-market platforms are the future and then goes on to state:
> Cryptocurrencies are still the main means of payment, but due to the higher customer-binding, and vetting process by the merchant, escrows are seldom employed. Usually only multi-party transactions between customer and merchant are established, and often not even that.
The author doesn't seem to make the connection that higher levels of trust means less scalability. The success of these platforms however is directly related to their scalability. Yes, this is a dangerous, criminal activity for both parties and I definitely do not appreciate the explosion in popularity of these kinds of markets. I have seen regular people get serious federal prison time due to the Dunning-Kruger effect.
The barrier for entry is much higher for new distributors as well, because A) at this membrane exists highest ratio of undercover law enforcement and B) establishing initial trust is key to something like dead drops, which typically will involve high-dollar, distributor-to-distributor transactions. Open markets help to facilitate initial trust-building by providing a trustworthy platform.
The history is way off here, Silk Road was one of the first two completely public darknet markets (the other being the short-lived Open Vendor Database) but there were private darknet markets long before, e.g. The Farmer's Market.
> Use of the Internet to facilitate the marketing and sales of physical goods - drugs, weapons, false identification papers - began latest in the late 1990s, but usually focused on local geographic markets in major cities. This was due to the fact that payment and delivery still required in person meetings.
Not so, back then and still to this day drug dealers simply throw a stack of cash in the mail. The clearnet markets for "research chemicals" all operated this way and went basically unchecked until Operation Web Tryp in 2004, which began an era of harsher enforcement of the Federal Analogue Act.
And its OPSEC was over-the-top lame. I mean, Hushmail?
But then, DPR was also very sloppy.
However, I did not research criminal court records. Accessing that data is nontrivial, especially for someone using a pseudonym, who can't show up physically, has no ID, and can't pay with a mainstream credit/debit card. Few, if any, courts accept Bitcoin etc.
Also, I made no effort to check for parallel construction, except by looking for inconsistencies among published accounts of investigations. And I do understand that the US DEA's Special Operations Division (SOD) funnels information from the NSA, CIA, etc to federal investigators. With the understanding that "the utilization of SOD cannot be revealed or discussed in any investigative function". And that includes outright perjury, if necessary. Just as we've seen regarding the use of Stinger intercepts.
It's hard to say whether people who know tradecraft well just prudently avoid running dark markets, as you say. Or whether they do, but don't get caught. Time will tell, I guess. At least, if remaining ones do get busted. But if they don't, there's the implication that the operators practice good OPSEC. Or, that they're honeypots ;)
But really, other than this fatal flaw, it's a great narrative of the internet spilling into and interfacing with analog markets
Technology is not a magic bullet. It also is also neutral and does not choose sides. Crime will exist for as long as it is profitable. There's even crime and black markets in highly secure, structured environments like prison. "Arms Race" between law and outlaw will continue.
Note that I said "could" in the original post ...
Type 1. Some things "could" be with enough power backing them,
Type 2. While others could never be regardless of power backing (eg engineering limits like quantum computing, or even organizational limits like the petro-bolivar?).
With the right backing - political, resources, talent - surveillance tech "could" quickly squash dropgangs, so it belongs to Type 1. (Btw, where talent goes is a key determinant.)
Even when the dead drop could be as subtle as attaching something under a public bench or dropping something in a trash can?
For example, a drone on surveillance duty that continuously watches the area will be able to identify patterns and pick out possible outliers. Combined that video feed with machine learning and it may be possible actively identify dead drop participants.
Side-channels for reputation like posting cryptographic proof on darknet forums isn't scalable or reliable.
And security deposits without a third-party adjudicator just move the trust issue around without eliminating it.
One ideal solution could be a cryptocurrency with on-chain confirmation of the real-world transaction by both parties after the fact.
When both parties to the transaction can point to a series of successful transactions through a web of trust, then the central marketplace for reputation or escrow is no longer needed.
How do you prevent merchants from just creating a thousand fake transactions to make them look reputable?
You give the greatest trust to reviews provided by the anonymous identities you have transacted with.
You give progressively less trust to reviews by identities 1, 2, ..., n hops away from those you have transacted with.
If a merchant creates 1000 sock-puppet consumers, they won't be reachable from your trust network, so you'll give them little if any weight.
I don’t quite follow. Consumers deal with merchants. Consumers give reviews to merchants. So the anonymous identities you mention will be customers that I don’t know. Merchants won’t review each other, I presume.
In other words, as I understand it, the “anonymous identities I’ve transacted with” will be merchants, who don’t review other merchants.
> If a merchant creates 1000 sock-puppet consumers, they won't be reachable from your trust network, so you'll give them little if any weight.
What if do a successful deal with this merchant? Will I then trust that all those 1000 fake transactions took place? And will the people who trust me also believe that?
The best way to do this is probably for the 'salesperson' to drive to an isolated area and chuck packages into the bushes at random intervals. The packages then send their GPS locations to a LoRaWAN gateway somewhere, to which their buyers have been sold access tokens. LE can still infiltrate the organization in the sales role, but with more difficulty. Adding an extra distribution layer with fixed dead-drop locations just seems pointless.
You don't think a heroin addict who couldn't come up with the money for their next buy isn't going to go check every dead drop they ever bought at on the off chance that there is something there?
I mean, just thinking of the old espionage meaning of dead drop, if you have dead drops or safe houses or secret meeting locations that you could only use once a year, to avoid patterns, then researching them would become tremendously expensive. A full time job, really, probably for several people (and someone in logistics managing them all). I can't see how that'd be much different for criminals, and how do you make a profit at that? At least in the espionage case, you would have been State sponsored. You don't have to make money.
This only catches the end users, and that's not a great use of police resources. The police would much rather target the distributors, not the end users picking up a small amount of drugs for personal use.
Fascinating idea, however.
A mobile phone has become a de facto a requirement for illegal commerce, as described, and to me presents a pretty huge single point of failure.
And yes, I know, EVERYBODY has a phone. But I don't. Why would I want to carry a police officer in my pocket? Especially if I'm a criminal.
I'm guessing "they" won't go to those sort of investigative lengths for theoretical retail customers of a theoretical Dropgang. I'd expect a vendor to be targeted using those sorts of techniques though.
And none of that data ever goes away... Who knows what law enforcement might choose to do with those sorts of leads in the future?
Tourists are having a hard time buying sim cards when they come here. Don't even know if it's possible at all.
Dealers don't rotate their numbers so much any more, so I was told.
As well as several of the methods outlined for protecting/locating the dead drops. WiFi hotspots, bluetooth beacons, etc.
Did you read the article?
<google google google>
It's from 2003.
https://en.wikiquote.org/wiki/William_Gibson#Quotes has a citation for him saying it in '99 and an unsupported assertion that it might have been said in '93. I've been hearing this long enough that I believe the '99 date, but I'm skeptical about '93.
And I would have gotten away with it too, if it weren't for you meddling kids and your damned dog...
-- Old Man Big from The Haunted Amusement Park
I don't think that this article doesn't do a good job on the risk model because it doesn't understand how law enforcement operates - at least in Russia, the picture is completely different. Law enforcement has KPIs to catch some amount of drug dealers and users, and they have developed ways to do this reliably. So, instead of intercepting communication between the drug sellers and drug buyers, they prefer to work together with sellers (taking considerate money for 'protection') and arrest some proportion of buyers when they go for the drop.
It is likely that forums and merchants develop best practices to solve this problem. There is the potential that merchants will start to issue “proofs of sale” in a cryptographic form, that customers then use to make statements about the performance of the merchant in public forums.
Could a blockchain or some other kind of public ledger be used to create a public sales rating record? I don't see how such a thing can respond to spamming and deliberate manipulation, however.
Another thought I just had: could some combination of drones and self driving cars revolutionize dead drops?
(Number of bitcoin on the address times time it’s been there.)
This is one of the reasons I hugely support legalized drug testing, and having law enforcement keep out of the way of drug testing orgs, because it's a public health risk.
Reagent testing kits are pretty easy for the individual consumer to buy (legally) and test their substances with before use.
In the UK, the charity The Loop is making great strides with testing and harm-reduction awareness, they've been running stalls at large festivals for a few years now and have a few permanent centers in large cities. When they discover drugs being sold with dangerous adulterants, they make it known on social media, and relay the info to paramedics and welfare. Has definitely saved a few lives!
But you can protect yourself. Whenever you have a new batch of some street drug, you test with a small dose. Maybe 10% of what you'd normally use. If it's too little, test with maybe twice as much. Waiting as appropriate, if tolerance is an issue (as with LSD). And then use what you need, to get the desired effect.
In most cases, bad drugs are either cut way too much, or adulterated with some other drug. But it's pretty rare for someone to be selling outright poison. So maybe an amphetamine in the MDMA or LSD. But nothing that's likely to kill at 10% of a typical dose.
The one key exception is fentanyl. So yes, some idiot may indeed sell you heroin (or even cocaine) containing too much fentanyl. However, you can still protect yourself by initially testing a small dose.
Most open marketplaces on the internet, not just darknet markets, provide reputation systems for this purpose.
Even Amazon has a review and rating system in place, which was integral towards building initial trust with its buyers and sellers.
Awful to read.
I foresee a stiff plastic or metal pipe, tapered to a point at one end, which can be driven by force into soil or into a lawn, so that it ends up to be approximately flush with the plane of the soil. Once placed, a smaller cylindrical container, as well as active elements, if needed, can be slid into the metal pipe, from above.
From the linked article: https://opaque.link/post/dropgang/
"This challenge is met by Dropgangs in various ways. The primary one is that the documentation of each dead drop is conducted in minute detail, covering GPS coordinates, photos of the surrounding and the location, as well as photos of the concealment device in which the product is hidden (such as an empty coke can). The documentation however increases the risk for the Dropgang since whoever creates it would be more easy to identify by surveillance. In addition, even great documentation still requires the customer to understand it and follow it precisely, which can lead to suspicious behavior around the dead drop location (staring at photos, visually comparing them to the surrounding, etc)." [end of partial quote]
Ordinarily, smartphones that use GPS, don't use accurizing features, such as WAAS. (Wide Area Augmentation System).
WAAS correction data is probably already available on the Internet.
The WAAS specification requires it to provide a position accuracy of 7.6 metres (25 ft) or less (for both lateral and vertical measurements), at least 95% of the time. Actual performance measurements of the system at specific locations have shown it typically provides better than 1.0 metre (3 ft 3 in) laterally and 1.5 metres (4 ft 11 in) vertically throughout most of the contiguous United States and large parts of Canada and Alaska. With these results, WAAS is capable of achieving the required Category I precision approach accuracy of 16 metres (52 ft) laterally and 4.0 metres (13.1 ft) vertically. [end of partial quote]
WAAS might be described as a form of differential GPS. If the location as computed by the smartphone was improved by WAAS, the statement above indicates an accuracy within about 1 meter.
IR-specific retroreflectors to greatly simplify things.
The article describes complicated systems using Bluetooth or WiFi to help locate these dead-drops. While they are certainly innovative, they add cost and complexity to the hardware involved. I have thought of a much-cheaper system that I feel is sufficiently secure and simple for common use.
Light-retroreflectors are commonly made from Scotchlite https://en.wikipedia.org/wiki/Retroreflective_sheeting or plastic molded corner-cubes. If a rather small (say, 1/4 in diameter) sphere covered with retroreflector material was held up from the insert, possibly by a short, thin stiff wire, the sphere could be visible, but not excessively obvious even during the daylight. It would be easy to find this device with a flashlight in the dark. For added security, an infrared-transmitting plastic (such as is often used to cover IR-activating remote controls, such as https://www.eplastics.com/plexiglass/acrylic-sheets/ir-trans... ) could be used to ensure that only IR is retroreflected back to a searcher.
Ordinary smart-phone camera arrays are not only sensitive to human-visible light (generally described as 400-700 nanometer wavelength), but are also sensitive to near-IR wavelengths. If a smartphone camera was combined with a directional IR LED, substituting for the white light LED lamp used for photography, and aiming in the same direction, a user would be able to see (through the camera display) the IR-specific reflections from an IR-limited retroreflector, and this would probably be doable both during the day and at night. A person operating such a camera would "look like" he was doing photography, or perhaps playing a game. Somebody watching, even at night, could not see the IR. The IR 'searchlight' could be a narrow-beam device, perhaps with a full-angle of 16 degrees or so (typical for a narrow-beam IR LED), so it wouldn't be particularly obvious even if watched through an IR viewer. (If the IR LED itself was shielded from direct view.)
One advantage of this technique is that the searcher could identify the target from a very long distance away, perhaps many tens of meters, and thus approach it in a more "innocent" fashion. No obvious "searching" would have to be performed in the open. And, the person who placed the dead drop could ascertain its status without later needing to approach it closely.
This technique could be combined with Bluetooth or WiFi techniques, too. The retroreflector could normally be retracted, and only raised if the proper Bluetooth or WiFi signal was heard. Or, perhaps, the target would contain an exposed IR LED, which would activate from an battery only if the proper signals were heard. The resulting dead-drop would be virtually impossible to find.
I've played some with geocaching, and it's amazingly hard to find something buried, with no data except GPS. Phones are useless for that. And they're also a security nightmare, being basically tracking devices.
So you use a dedicated GPS device, which doesn't transmit. But even with them, you need to average for maybe 10-20 minutes to get WAAS-level accuracy.
I like the IR retroreflector idea. And retractable! It'd be a little stationary robot. And for a cover story, have Pokémon Go installed.
But maybe there's some minimum karma needed. I don't remember.
Edit: OK, 20-30 minute window for deleting.
What in the world does that mean? There's only one rule of law.
Is it just me, or is this statement just plain incorrect?