Hacker News new | comments | show | ask | jobs | submit login
DeadDrops - anonymous, offline, peer to peer file-sharing (deaddrops.com)
79 points by hornbaker on Nov 28, 2012 | hide | past | web | favorite | 35 comments

I work near one of these and a couple of us decided to investigate purely out of curiosity one lunch time earlier this year.

We used a netbook with a fresh Windows XP on it and nothing of value and destroyed the disk afterwards.

It had on it some inane chart mp3s, a low quality DVD rip, a text file with 1337speak in it and what looked like a Ubuntu ISO. I doubt anyone else had actually plugged anything into it and these were probably the originator's files.

I can see the attraction and purpose of it, but the idealisms probably won't ever be realised with human nature as it stands. Someone will trash or break it and someone else will upload something nasty to it.

As for security, all these probably carry the Internet clap so don't go sticking them in anything of value (sounds like a certain human problem as well).

For this to be remotely usable, a cheap and lightweight (physical) client should exist. Your netbook with a fresh XP and nothing of value is a good approximation of that.

I wonder how low-cost could one go with a custom made USB device that just copies everything to itself after connecting. Effects of scale unfortunately don't apply, as it would have about 10 customers worldwide :)

Many smartphones and tablets support plugging in USB devices with a $5 USB on-the-go cable and (sometimes) minor software modification.

Regarding "human nature as it stands", doesn't nature change when things different to it happen?

Wouldn't this be a tad easy to "troll"? All you would need to do is hit that USB port with a rock and it would be completely unusable, all effort into cementing it into the wall wasted.

or put malware on it.

or really dangerously illegal content.

or use some "smart" device (instead of a "dumb" storage device) to harvest data from connected machines.


!g USB HID Exploit

Teensy etc. Hell even the nubs at Hak5 and even Steven Gibson (lol) probably have covered this.

Are there any known SD exploits? My intuition is that the format is dumb enough that there are not, but intuition makes for poor security.

Glass windows are also easy to "troll" with rocks, but that hasn't stopped people putting them into buildings and vehicles.

This can't end well, I won't ever plug anything into my laptop if it is hidden in a wall. See: http://www.fiftythree.org/etherkiller/

It would be interesting to use a $20 TP-Link 703N to create a solar wifi dead-drop.

Here is a project that is using the TL-MR3020 (which is very similar to the 703N) using solar/wind power + rechargeable battery to build environment tracking stations: https://apollo.open-resource.org/lab:argus

have a look in the wiki, some users are doing this http://wiki.daviddarts.com/PirateBox_DIY

Here is Moustreet keys, located in Toulouse, France: http://blog.lamoustacherie.fr/?page_id=3981

The advantage they have is a female plug, you can't physically break it like standard usb key (most of these keys are broken after a year).

But they're disappearing too, people tend to paint walls :)

A LAN shareparty without internet access might be a better way to revitalize the sneakernet. You could just use a httpd to share your files and let others download what they want over a 1GB LAN. Or use some file-sharing system locally and only locally.

Curiously enough, in a LAN party the IP addresses are much less critical than on the internet. If we assume that there were MAFIAA infiltrators listening on your local torrent swarms then nobody really knows whose computer is behind, say, a dhcp server will distribute ips pretty randomly to different participants without querying who they are. Of course, some computers connected to the same router will see the corresponding MACs but following those would require the infiltrator to know which port of the router can be used to find a certain MAC and you don't really see that unless you have access to the router console.

Conversely, ISPs generally keep track of who's using which IP at a given moment eventhough the internet is global and one might think that any IP address will just disappear in the sea of endless numbers.

This seems like a really simple way to get implicated into some nasty shit.

It doesn't look like anyone has explained the real danger of plugging into one of these.

Any malware, skeezy content, etc. can be avoided by simply not opening files and having your computer not autorun usb drives. But the real issue (at least the one that always comes to my mind) is if, say, the "USB device" was just a male connector connected directly to wall power. This would at least fry your computer's USB, possibly more.

It would also be trivial to set up a simple circuit inside a USB drive casing to step up voltage and potentially fry your computer's ports.

It they think I'm going to hold my shiny new laptop awkwardly against a wall and get it all scratched up only to get it riddled with child porn and malware, they are sadly mistaken.


Now you can get your child pron without scratching your laptop :)

Great. The computer equivalent of a glory hole.

Could someone please explain the risks of plugging into a random USB device?

I see a handful of people alluding to risks (viz. "USB Condom") but I don't understand precisely what the issue is.

On Windows, presumably there's autorun.inf which can launch any executable on the USB drive. Is that correct? What about if you plug in from Unix or MacOS?

Bonus question: What are the risk factors, both for you and the host, if you charge your smart-phone in a stranger's laptop through USB?

There's always the risk that it is wired in such a way that it attempts to fry the port it connects to.

The risk of hostile software should be relatively easy to deal with (even on ancient versions of Windows).

Also there is the obvious risk of carrying around and taking out a relatively expensive device like a laptop or a tablet. A good location for a dead drop would probably be a good location for a mugger, since neither should be too public.

What could possibly go wrong ?

Clever. Inordinately stupid, but clever.

I could see this actually working...but not as advertised. And not if advertised.

Just as dealers hit street corners and people still buy off them knowing the risk, secret USB ports (not all over Hacker News or advertised on a web page) could pass software to a group of people who have a high barrier for membership insofar as they trust the other members of the group.

But then, isn't this just what people used to do before the internet? Now it's "anonymous, offline, p2p file sharing"!

Don't do that without an USB condom

Same link has been posted here several times. At least two times earlier.

Yeah that seems perfectly safe.

Not this crap again it's so old and only 5 people in the whole world do it. Someone else spammed this on HN last month. I guess it's not as bad as a "how our company learnt from being stupid" splog posts we see daily here.

Goodness you are bitter. May I suggest taking a break from HN for a while?

This person's diction and tone indicate to me they don't even belong here in the first place. Only 5 people doing it is quite a bit of an understatement too.

Looks like you have no reason to visit HN then?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact