Slashdot Mirror
USB 'Dead Drops'
Okian Warrior writes "Aram Bartholl is building a series of USB dead drops in New York City. Billed as 'an anonymous, offline, peer to peer file-sharing network in public space,' he has embedded USB sticks as file cache devices throughout the city. Bartholl says, 'I am "injecting" USB flash drives into walls, buildings and curbs accessible to anybody in public space. You are invited to go to these places (so far 5 in NYC) to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your files and data.' Current locations (more to come) include: 87 3rd Avenue, Brooklyn, NY (Makerbot), Empire Fulton Ferry Park, Brooklyn, NY (Dumbo), 235 Bowery, NY (New Museum), Union Square, NY (Subway Station 14th St), and West 21st Street, NY (Eyebeam)"
Turn off AutoPlay first, kids. You'll thank me later.
Is that kind of like a Glory Hole? Probably the same number of viruses.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
What could possibly go wrong?
5 free usb drives, where's my bike?
I can think of no security issues that could be introduced by this development.
For an encore, he'll be setting up "Drop Dead" sites around the city. These will be little knobs mounted to walls, for anonymous people to "share" biological materials by walking up to them and licking them.
http://alternatives.rzero.com/
Will this unsuspecting guy access the child porn cache.. Hello my name is Chris Hansen and I am from NBC's "To Catch A Predator" please sit down
So basically, you are being invited to connect a USB device from an unknown source, with unknown code on it, to your machine. There have been many instances of people leaving USB sticks with exploit binaries around for people to find. You find the stick, stick it in your machine, and are promptly exploited. Regardless of whether the creator of the dead drops hasn't done this intentionally themselves (hopefully, they haven't), you have no idea what might have been placed on the sticks by others.
Ok, so they chose to leave the male end sticking out of the wall- and instead of using some sort of extension cord plug the laptop directly in. It will not take much wobbling of the laptop to create a large amount of shear stress on the usb stick leading to failure.
Also I'm sure many will complain about the possible dangers of viruses but imagine worse. How much damage could you do with a usb stick? It wouldn't be impossible to rig a car battery to the contacts from the other side of the wall.
As soon as the RIAA et al thugs can find the locations they will fill the devices up with garbage, pr0n, incorrectly named and incredibly distorted music/video files. Nice idea but too easy to corrupt
What the heck is the point of this? Sometimes I hate artists. Here's an idea, just give someone a USB drive when you want to share files with them. Or mail it. Or I guess call it art and attach USB drives to walls. Move over Van Gogh, there's a new master in town!
... this concept would not go down well with the government, especially around their nuclear facilities.
It's kinda pointless and possibly dangerous there's something cool about a USB port in a brick wall. It's like plugging into the unknown
Vector for malware in 3... 2...
Sounds an awful lot like a high(er?) tech version of a geocache to me. Somebody should post these to geocaching.com and suggest a new style of cache... a data cache.
Apparently, this person is willing to expose himself as a complete moron, just to get a bit of publicity. This is not even original, security experts have been using something very similar as network penetration technique for years.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
There's a long tradition of young folks picking up nasty viruses from anonymous strangers in NYC; now their computers can too.
Am I part of the core demographic for Swedish Fish?
some sort of actual storage instead of the 4-8GB that could be in that thumb drive max
Do you know how many computers I've had and/or used that had at least an order of magnitude less than 4-8GB mass storage?
Why, back in my day, we had 160KB floppy disks! And we were glad to have 'em too!!! Rassum fassum darned kids today with their fancy "USB Drives"...
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
So you stop by and upload/download but don't notice that the Dept Homeland Security has the place staked out until they serve the search warrant on your house...
Guys with expensive laptops will be at the following five locations:
sheesh
Could be worse. In 1969, the Museum of Modern Art in New York deployed Pulsa, an exhibit which included many strobe lights arranged to flash in sequence. There was a long line of strobes not only on the museum, but extending to adjacent buildings.
Pilots reported runway lighting in midtown Manhattan. The "moving ball of light" strobe system for runways was chosen because, even in cluttered urban areas with many parallel lines of light, there's nothing which looks like that. The FAA made them retime the strobes so that it didn't look like a runway.
He should put in a rootkit in every one of them, which at a specified time and date will display "Congratulations, you are the xth idiot out of y idiots who have risked security and data just to try something stupid"
Silly suggestions aside, he should really take this opportunity to teach people the dangers of malware which can be picked up by doing stupid things.
For the finale they really ought to bust him for possession of child porn. That would almost make the show worth watching.
I definitely won't stick someone's hoo-hoo dilly in my laptop's cha-cha.
Some sort of plastic egg or something, that you were supposed to put a message in, then give it to someone "hey, this is for Joe Bloggs, in Topeka, pass it on". The idea was that eventually, Joe would get it, no matter where you were when you started it. I think others were encouraged to add to it too.
It predates the 6-degrees of Kevin Bacon, but it is the same idea.
Was it an oobie or some such? This sounds like that. Probably sold a lot of plastic crap and packaging.
Hippies.
This issue is a bit more complicated than you think.
I have to agree with the other posters. This is a stupid idea. The are easy to break. Easy to find for those that don't like the idea of them existing. They don't hold a particularly large amount of data. The fixed location makes them useless as a dead drop.
The way a non-stupid person would do this is to set up a wireless router. This way two anonymous people could exchange data and no one would be able to tell where or who they were beyond being in the general vicinity. It would also actually be able to hide. As long as they could get power to it, it could be just about anywhere, so it would take a fair amount of effort to make sure you had the skill and equipment to actually find the thing. If you want storage, just use a router that has NAS capabilities.
I kind of like the idea of an anonymous way for citizens to share data, but gluing USB sticks on walls is not the way to do it.
get it? :D
Empire Fulton Ferry Park is right down the street from where I live. There's only so many places it could be hid.
I think I need to fire up my spare laptop with a LiveCD and find it.
For science
Shameless plug for my photos on Flickr
Hate to break it to you, but the first thing a Windows boxen will do when it is then plugged into the drive then will be prompt the user to format it, NTFS, sort of making this hardly any real fix, and really just more annoying to the projects spirit as whatever pdf of the Anarchist's Cookbook or whatever "contraband" files these kiddies will be spreading at these dead-drops will be deleted twice.
It's proving to take a very long time to make the proles (and indeed even many geeks) that copying data is not actually *doing* something.
This will make a lot of people think, I think.
expandfairuse.org
It's a great idea, but why put these things in such easily accessible locations where they could be open to anyone with less than noble intentions? I did the same thing as this guy a couple of years back, but was a little more selective in location, some of which are as follows:
* Mount Etna (near the mouth)
* North pole (well 40 ft underground at that point)
* 3 miles underground at an unknown location. There is a cave entrance though I think (well there was last time I went).
* In my house
* Inside the fossilized remains of a dead bird found somewhere in the Sahara Desert.
* Five are in the ocean too (I'll keep the exact locations secret, but you may have some luck checking out the Atlan... (hint hint) ).
Why OpalCalc is the best Windows calc
it's a trap!
Politics is Treachery, Religion is Brainwashing
It's like a speak-easy from the era of prohibition for file sharing. What could possibly go wrong? Can anyone say entrapment?
goatse.jpg
Copy of goatse.jpg
Copy2 of goatse.jpg
Copy3 of goatse.jpg
...
I have something in common with Stephen Hawking...
That way i can get my free viruses without having to plug something in.
---- Booth was a patriot ----
...its like the era of near anonymous sex, eventually people started dying after hooking up. How long before we see people killing their computers, or going to jail because they plugged in and xferred something really illegal?
This is REALLY smart.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
Why would I want to go to a dark alley on new work to plug my laptop into a usb port sticking out of a wall?
For the cheap thrill? Isn't that why people insert other things sticking out of walls, or insert their thing into holes in walls in New York?
... and then they built the supercollider.
it's a trap!
Not only that, dead drops would be better protected by NOT disclosing their locations. Make it a game or puzzle, or riddle or something.
The mind conceives, the body achieves, the spirit manifests.
They can just come by at 3am and replace the USB drive with something else ... with a little camera off to one side.
Unless of course people feel there is something 'cool' about having to be in a specified location to receive information in this day and age.
GEO caching came readily to mind. Find an interesting (and hopefully somewhat safe site) and when people get there, not only can they share whatever, but they can have a unique experience as well.
From sneaker net ot peer to peer to USB Dead Drops? lmao...
Might be good practice for when Fascism takes over thanks to Citizen United vs FEC.
Is your Internet Throttled? Install DD-Wrt, OpenWRT or Tomato to learn the truth! Google: 1Gbps/1Gbps: 5 Communities
I used to do Geocaching...before kids ;)
I had reservations about finding boxes hidden and opening them to see what's inside. On all occasions the contents were benign.
I think it's a shame that the first thing people think to do with these is to load them up with exploits or porn. Don't get me wrong, I wouldn't be plugging my laptop in without some serious protection. However one thing I liked about Geocaching was that it caused you to go to places off the beaten track or informed you of interesting facts about the location. It was great as a tourist.
There is so much interesting stuff about this...and yet...now I'd be too afraid to plug in.
Another train of thought, If the artist wanted to present some interesting social study, he/she would monitor the files at each location and build an instillation to show what type of file, when uploaded, how much good and bad, yadda yadda.
I'm sure with a bit of extra thought with respect to the security aspects by the artist, this could be made acceptably safe. For instance, could the stick be simulated on a system which actively scans and cleans between uploads?
Okay, most people wouldn't have your attitude about it, but you're probably right: this is a lawsuit waiting to happen. Unfortunately, lots of people in America today view civil suits as a way to make some quick cash. I doubt that anyone really cares if someone does this to their property, but I could see someone using this to try to make a buck.
Social Engineering Expert: Because there is no patch for stupidity.
From a geek perspective, I think this is awesome. It combines all the fun of geocaching with the rewards of actually getting something. I do think that viruses would be a concern, yes, but at the same time, anyone looking for one of these things is going to expect that, and will either be protected somehow, or will be using a machine they can keep in quarantine.
From an art perspective, I think this is awesome. It's funny, fresh and gets people outside, exploring their world. It's using available materials to change the way people look at common, everyday items.
From an engineering perspective, all I can see is broken USB hubs stuck in my port because I sneezed too hard. Or shorted out the port because it was wet on the inside of the plug. Or someone thought they were cute and put some WD-40 in there, instead of electrical contact cleaner.
But from an societal point of view, I see strangers walking up to a building and holding their computers up against the wall. That's fine for things like monuments, park statues and maybe even trees in a park? But doing that outside a business might get you in trouble.
Do it anywhere near someplace the NYPD consider "sensitive", and you might just become the latest headline news.
[End Of Line]
Creativity: A+
Humor: B
Usefulness: F
Convenience: F
Security: F
Resistance to Vandalism: F
"When information is power, privacy is freedom" - Jah-Wren Ryel
I'd be pretty peeved if someone did this to my property, leaving it there is a huge liability, removing it and making good properly would be quite a hassle.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Perhaps geocaching then? I've not partaken myself, but it seems to be something along the lines of what you're talking about.
Comment removed based on user account deletion
One man's USB treasure is another man's garbage...
Help! I am a self-aware entity trapped in an abstract function!
Partition the usb drive into two. sdb1 is a tiny ntfs partition with some barney pics, and sdb2 is ext3 with all the awesome stuff on it. Windows won't even know how to access the 2nd partition AFAIK. Last time I checked Windows wouldn't even let you partition a usb thumbdrive w/ more than 1 partition.
Why not set up a "Swap Club" to pass around a big "Slut Drive" or three around?
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
... of a ball peen hammer and a flat surface. The viewer is invited to place his thumb on the flat surface and whack it with the hammer, and by doing so become more interconnected with what it means to execute a Really Dumb Idea.
Yeah, because the "open" guys have really shown that they know how to all control their egos and make sure everything they do is in the best interests of the "community", and not in the pursuit of some ridiculous need to flex an e-peen or get the last word.
I predict the first day you declare your utopia has been achieved, at least 3 people will fork it because they can't abide by trivial differences in your set of rules, and several dozen blog posts will go up lamenting the shoddy architecture and insecure design of your utopia, and talk about how short-sighted you are to have not anticipated these issues.
Because that's how your vaunted community works in actuality. Thank you, but as someone else mentioned, we'll be -- blessedly -- long dead before this hellish 'utopia' comes to pass. God save us from technical savants with the will to power and limited or nonexistent social skills.
A wide range WLAN-NAS would be a better dead drop.
I did my part found one and uploaded photoshop, some movies, and bunch of mp3's :)
on the device was couple movies and sims 3
pretty interesting
They really don't have any standards for art anymore, do they?
Not since they took the Dadaists seriously, no.
I tend to think of modern art as a sport akin to social engineering. When you think of it that way, it stays annoying but at least you can respect some of the skills involved, unlike those used in the actual work itself.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
They are getting desperate out there ;)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Just wait until someone drops kiddie porn on it or the latest malware!!
The guy obviously overlooked the "people are assholes" factor. Some jerk will eventually show up with a hammer and destroy the thing just for the hell of it.
So how about it /.?
I see alot of posts criticizing the implementation of this "Dead Drop" system.
Anyone else here have a better idea?
Maybe some super cheap hacked routers with open wifi and ftpd?
Or how about a blue-tooth device cemented in the sidewalk?
I live near NYC... i think it would be cool to come up with a "off the grid" sneakernet..
I have to return some videotapes...
really dumb.
Now maybe if it were a wifi spot with shared data, but USB who cares.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
How long do you think it will be before some people start using these as a way to exchange child porn or some idiot thinks it would be funny to upload kiddie porn on all the USB sticks and the cops come in and shut the thing down?
If you liked this thought maybe you would find my blog nice too:
Hmm?
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
I can confirm that this works - I have a usb drive w one fat partition and one ext3. The fat one contains putty, winscp and stuff like that, plus a private ssh key. The ext3 one contains another private ssh key, plus a private gpg key. Never had any problems with windows trying to do anything with the ext3 partition. Linux mounts both of them :)
--The knowledge that you are an idiot, is what distinguishes you from one.
You didn't quite get what I mean, or I didn't make myself clear. My idea is that there will be a world in which there are no pricks and people who don't get the law -- they will all understand it and punish themselves if they ever fail to follow it (which, in itself, would rarely happen). This world would be the perfect world of Anarchy that so many leaders and people have waited for. It is impossible, because every guy like I described, there's three idiots like us who can do nothing else than type on /., and then there's politicians which are basically immoral beings who smell money.
Now, go bash someone else, and don't invoke the thing's name -- it's enough people believe in such foolness already.
Have you heard about SoylentNews?
Hey guys, no one expects this to be _useful_. You're welcome.
> I figured it would also need some code to figure out who was getting too close to the hidden antenna and drop transmit power or the connection outright to mask the actual location.
1) If I sniff only, you will not detect me
2) No matter what you do, unless you switch positions, I can find you over time
> I also figured the network would need to occasionally switch off and vanish if devices nearby were lurking and not sharing, even with that, no way to defeat passive wifi sniffing.
How will you find out that I sniff when I only sniff? I will send _nothing_.
I can put a JPG, MP3, PDF, anything that exploits a zero-day (or known) vulnerability on the drive. As you will not only _copy and store_ but _open_ the files...
Also, what stops me from emulating a keyboard and entering a load of crap? "Windows-c (?) deltree c:\\ /y\n" comes to mind.
The USB stick solution doesn't need a power supply; all wireless solutions do. It's also a lot cheaper to implement, especially for an artsy experiment.
Indeed /. this time around breaks it down however it can do, takes it way too seriously, and hasn't come with a single alternative that's as cheap, easy to implement, and anonymous as this one is. This assuming it has any practical value in the first place.
I once saw an art installation that was an almost-functional guillotine. Pull a lever, and the blade would come down, until it hit a hidden stop. It was installed in a public place for a year and, sadly, nobody pulled the lever.
My opinion is that the purpose of art is to make the audience think. Today, we are thinking about what kind of malevolent files could be shared, or what fleeting connections we have with people around us. A hammer and hard surface makes me think about how, now and then, everybody needs warnings about really bad ideas.
Congratulations! An artist is you!
You do not have a moral or legal right to do absolutely anything you want.
You forgot the obligatory Admiral Ackbar. ;)
But setting up a wireless access point connected only to a local server would probably do a lot better. Use a "cantenna" to direct the access point covering area to a given location and it will be trickier to triangulate. Even better if you can bounce the radio waves against something using the "cantenna".
It would be an excellent information drop point for everyone in covert operations. Add a steganographed picture of something innocent - or maybe not so innocent like a pr0n image and you can propagate your information.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
There's more than just autoplay and malware to worry about.
How long before some jerk sets one of these up that's not connected to a hidden USB drive, but to the AC power lines?
*POOF* No more laptop.
Beta sux! Join the Slashcott! http://hardware.slashdot.org/comments.pl?sid=4760465&cid=46173047
I've read a lot of the comments at the article and here at /. and, all opinions considered, I have to agree that it was a fairly irresponsible decision on the artist's behalf.
1. Could poke some kid's eye out, should have been recessed into the wall
2. Could break off in your USB port or cable, should have been recessed into the wall;
3. Could be filled with things you don't want to go near like viruses and other malware, maybe should have been set up with some firmware attached as mediator;
4. Surprisingly, not mentioned: could be filled with things you don't want to go near like child pornography, which will temporarily be in your possession while you're "jacked in there lil' chummer";
5. Also not mentioned: easily spoofed performance art, with malicious self-activating-firmware or voltage sources attached, to become a very, very, very malicious device to hook up to with anything at all, especially valuable hardware and software (also easily torn out and replaced with evil twin);
6. Also not mentioned: these things don't all appear to be in the most secure sorts of areas, and will likely become targeted by hoodlums looking to score a quick laptop or other portable device.
7. The liability of any wrong coming to any computer users through these devices, I am pretty sure (I'm not a lawyer) could be traceable directly back to the artist.
To all those who got off on how it's the digital equivalent of GPS: frankly, it's the digital equivalent of fucking a crack-whore, or actually putting your shit up-to/into a real "glory hole".
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
But the USB stick alone is such an issue.
Why stop at wide-open storage? Why not put a common terminal BBS in a firmware and attach several backup storages, upload/download directories, a virus scanner, even forums, and make it something relatively safe and functional? Then attach that to a wireless, give it a photovoltaic cell for a voltage source, attach a few capacitors to charge for night time use, cover the PVC with a layer or quartz and encase the whole thing in a piece of granite, and sink *that* into something.
As it is, the USB sticking out of a wall idea is one of the most retarded things... it's so obvious, maybe the artist should have stopped and said "there are reasons why this hasn't been done, yet", and not stopped at "oh some capitalist would steal it -- voila, cement!"
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Sneakernet reintroduced! Yay!
The security risk is pretty obvious to people with some computer knowledge. And let's face it, people without some computer knowledge are never going to hear about these things--or bother to find them.
If I'm going to use a dead drop, obviously I'm not just going to log into my home account and then plug in. I'm going to boot off a CD or another USB, and then plug in to drop off or pick up. Or I'm going to use a sacrificial machine (netbooks or old laptops are cheap).
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
I'm just going to leave this here: INTERNET!
This is not SneakerNet, or data geocaching. This is AttentionWhoreNet. The only things you'll find on these things after a day is club/drug/callgirl spam and kiddie porn. Congrats, you dumb fucking sycophant of an "artist", you fail at thinking.
Besides, Real SneakerNetters (tm) in this day and age use portable hard drives or small NAS boxes. Driving a 16TB NAS to your friend's basement is oh, about 100 gigabit per sec :) Which is about ten thousand times faster than any USB key I've ever seen.
-Billco, Fnarg.com
See, the key to running a cold war-style dead drop is that you DON'T tell everyone where it is.
Maybe the idea here is to spread the idea of dead drops, not the specific dead drops themselves? Also nothing stops you from uploading encrypted content if you don't want others to read it.
You forget to make a difference between "simple, low-budget, not necessarily useful arts project" and "ueber-geeky, high-budget, high-maintenance, overly complex, still probably useless project".
That said I would prefer to connect using a USB extension cable instead of holding my laptop to the wall, risking breaking everything.
This idea is moronic. Are you expecting some kind of exclusive data not available anywhere else?
People excited about this must get really excited about surprises like the prize in a box of cracker jacks or what's behind door number 2 on Let's Make a Deal.
It reminds me of the Family Guy episode where Peter is offered a prize of either a boat or a mystery box.
Not quite good enough - you could still get a BIOS/EFI rootkit :\