Dead Drops P2P File Sharing Spreads Around Globe

← Back to Stories (view on slashdot.org)

Dead Drops P2P File Sharing Spreads Around Globe

Posted by Soulskill on Wednesday October 2, 2013 @08:12AM from the will-someday-enable-a-revolution-in-dystopia dept.

Lucas123 writes "After beginning as an art project 3 years ago in Manhattan to thwart government online spying and offer a physical depiction of our digitally-connected society, a trend of embedding USB thumb drives in walls has caught on and spread to every continent but Antarctica. Dead Drops, as the anonymous P2P files sharing network is called, now has more than 1,200 locations worldwide and has morphed as participants have become more creative in not only where they place the drives, but how they share files, including creating WiFi locations. The thumb drives, which range in size from a few megabytes to 60GB, have allowed people to share music, video, personal photos, poetry, political discourse, or artwork anonymously. Dead Drops creator, German artist Aram Bartholl, said the project is a way to 'un-cloud' file sharing."

106 of 174 comments (clear)

Min score:

Reason:

Sort:

Why yes! by Frosty+Piss · 2013-10-02 08:13 · Score: 5, Insightful

I'd be happy to plug my netbook / phone / multimedia device into this unknown thumb drive. Why not? I've got anti-virus...

--
If you want news from today, you have to come back tomorrow.
1. Re:Why yes! by stewsters · 2013-10-02 08:23 · Score: 2
  
  I prefer to plug in random firewire cables that i find hanging out of walls.
2. Re:Why yes! by Anonymous Coward · 2013-10-02 08:24 · Score: 2, Insightful
  
  don't mount the drive as root...
  or better yet, use a livecd boot and only mount a small partition you set aside for this.
3. Re:Why yes! by i+kan+reed · 2013-10-02 08:32 · Score: 4, Insightful
  
  Yes, windows blows, but a smart operating system doesn't protect you. A known flaw in the drivers for a USB drive could still allow execution of arbitrary code.
4. Re:Why yes! by Anonymous Coward · 2013-10-02 08:38 · Score: 1
  
  Yes, windows blows
  It blows in many ways, but it's pretty easy to disable this autorun 'feature.'
5. Re:Why yes! by blueg3 · 2013-10-02 08:44 · Score: 1
  
  It's not good.
6. Re:Why yes! by Anonymous Coward · 2013-10-02 08:48 · Score: 5, Funny
  
  Not a thing. I have no idea how I am even making this post.
7. Re:Why yes! by Hobadee · 2013-10-02 08:48 · Score: 5, Interesting
  
  You are making a pretty big assumption there that what you are plugging in is actually a storage device. It could easily be a device which shows up as an HID device and plays back a macro. "Alt-F2, 'xterm', Enter, 'rm -rf /', Enter" would be pretty devastating on your secure Linux box which doesn't run anything from removable media.
  Just because it looks like a thumb drive, doesn't mean it is one!
  
  --
  ...Had this been an actual emergency, we would have fled in terror, and you would not have been informed.
8. Re:Why yes! by jkflying · 2013-10-02 08:49 · Score: 5, Informative
  
  You're thinking software. Try thinking hardware.
  I bet by hooking the other end of the USB up to 220V I could do some pretty nasty things to your computer.
  
  --
  Help I am stuck in a signature factory!
9. Re:Why yes! by blueg3 · 2013-10-02 08:49 · Score: 1
  
  How do you know it's a storage device? It's just something with a USB port that happens to look vaguely like a storage device. But with USB, it's pretty trivial to do something like have that USB device present itself to the system as a storage device, mouse, and keyboard.
  There's also no shortage of vulnerabilities in the USB stack. A buffer overflow in a USB driver, for example. This is all handled during enumeration, when (with any operating system), the user has little control over the OS's behavior.
10. Re:Why yes! by Bengie · 2013-10-02 08:55 · Score: 1
  
  That's why you want a modern computer that has an IOMMU, which forces the device to first ask the OS for permission to memory. It's like protected memory, for DMA. It only sees what the OS allows it to see.
11. Re:Why yes! by geekoid · 2013-10-02 09:03 · Score: 1
  
  Every Major OS has the capability.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
12. Re:Why yes! by AK+Marc · 2013-10-02 09:07 · Score: 1
  
  If you used a CD boot, with your hard drive only mounting a "P2P" partition, the OS and user partitions not even mounted, would that not prevent nearly all attack vectors? anything going after the OS would find it on a read-only drive, and the data disc could be compromised with no ill effects, given proper precautions.
  
  --
  Learn to love Alaska
13. Re:Why yes! by fnj · 2013-10-02 09:36 · Score: 1
  
  How good is the ESD protection on USB ports? Can it handle a thumb drive filled with capacitors?
  It's not good.
  Oh I dunno, if you get a half decent motherboard it can be pretty good.
  Gigabyte GA-Z87X-D3H
  At Newegg
  "GIGABYTE Ultra Durable 5 Plus debuts on GIGABYTE 8 Series motherboards, with a range of features and component choices that provide record-breaking performance, cool and efficient operation and extended motherboard lifespan."
  "GIGABYTE 8 Series motherboards raise the bar in terms of protecting your system, providing advanced electrostatic discharge (ESD) protection for both your Ethernet LAN and USB ports, both common sources of ESD-related failures. Each LAN and USB port is paired with a dedicated protection filter that can withstand high electrostatic discharges, protecting your system from common electrical surges and even direct lighting strikes."
  "On GIGABYTE 8 Series motherboards each USB port has its own dedicated power fuse that prevents unwanted USB port failure, helping to safe guard your important data during transfer."
  The board is not out of reach financially at all.
14. Re:Why yes! by QRDeNameland · 2013-10-02 09:37 · Score: 1
  
  It could easily be a device which shows up as an HID device and plays back a macro.
  Could you use an HID device to steal PIN numbers from an ATM machine?
  /pedant
  
  --
  Momentarily, the need for the construction of new light will no longer exist.
15. Re:Why yes! by fnj · 2013-10-02 09:38 · Score: 1
  
  Yeah, that would be real bad. If you ran the GUI as root like an idiot.
16. Re:Why yes! by Culture20 · 2013-10-02 09:46 · Score: 1
  
  s@rm -rf /@/bin/rm -rf ~/@
  would be devastating enough to most folk (and wouldn't require root privs)
  There are other things that could happen too: setting up a cronjob/scheduled task for a secure tunnel to a dynamic address or a daemon that regularly downloads new exploit code and attempts to get root/administrator
17. Re:Why yes! by Richy_T · 2013-10-02 09:46 · Score: 1
  
  I want to see it take a direct lightning strike.
18. Re:Why yes! by tlhIngan · 2013-10-02 10:08 · Score: 1
  
  Oh I dunno, if you get a half decent motherboard it can be pretty good.
  Gigabyte GA-Z87X-D3H
  At Newegg
  "GIGABYTE Ultra Durable 5 Plus debuts on GIGABYTE 8 Series motherboards, with a range of features and component choices that provide record-breaking performance, cool and efficient operation and extended motherboard lifespan."
  "GIGABYTE 8 Series motherboards raise the bar in terms of protecting your system, providing advanced electrostatic discharge (ESD) protection for both your Ethernet LAN and USB ports, both common sources of ESD-related failures. Each LAN and USB port is paired with a dedicated protection filter that can withstand high electrostatic discharges, protecting your system from common electrical surges and even direct lighting strikes."
  "On GIGABYTE 8 Series motherboards each USB port has its own dedicated power fuse that prevents unwanted USB port failure, helping to safe guard your important data during transfer."
  The board is not out of reach financially at all.
  ESD protection devices protect against ESD. That's it'. Sure it may be 50,000V, but the current is absolutely tiny, so the device doesn't heat up much. However, if the device is connected to a live 110V/220V mains, those ESD protection diodes will blow pretty damn quick, and the creepage distances generally mean the AC would couple beyond the protection devices.
  I like how they say it can protect against direct lightning strikes - what BS. Even the lightning rod on your house cannot protect against that - they'd vaporize. (The lightning rod is designed instead to cause dielectric breakdown of the air and conduct heavy current in an attempt to reduce the charge buildup. But if lightning hits it, it's generally a goner).
  Even worse, if the AC couples the wrong way in said laptop, you could put a rather nasty voltage across the battery of your laptop...
  Actually, maybe skip the AC. Put in DC - say 30V or so. That is enough to blow the protection diodes and possibly raise the bus lines to damage further components (ESD diodes prevent the USB power rails from exceeding ground and Vbus by excessive amounts by coupling them to a nearby power or ground rail at similar voltages. A driven voltage could easily cause the voltage to rise and destroy many components due to overvoltage stress - perhaps that rail was never meant to handle sustained 30V potential difference).
19. Re:Why yes! by K.+S.+Kyosuke · 2013-10-02 10:27 · Score: 1
  
  A known flaw in the drivers for a USB drive could still allow execution of arbitrary code.
  Why hasn't the known flaw been fixed yet if it's a known flaw?
  
  --
  Ezekiel 23:20
20. Re:Why yes! by slashdime · 2013-10-02 10:36 · Score: 1
  
  You're morely correct, but it would not prevent all attack vectors. If the boot cd auto mounts the usb key, and nautilus auto opens the mount point with preview on, the files could use vulnerabilities in various file formats (pdf comes first to mind) to run as nautilus (as root, or as a user that can escalate to root).
  
  At that point, it has access to all partitions and devices connected to the system, mounted or not.
21. Re:Why yes! by geekoid · 2013-10-02 11:15 · Score: 1
  
  Time, risk, and value.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
22. Re:Why yes! by Princeofcups · 2013-10-02 11:19 · Score: 1
  
  You are making a pretty big assumption there that what you are plugging in is actually a storage device. It could easily be a device which shows up as an HID device and plays back a macro. "Alt-F2, 'xterm', Enter, 'rm -rf /', Enter" would be pretty devastating on your secure Linux box which doesn't run anything from removable media.
  Just because it looks like a thumb drive, doesn't mean it is one!
  You don't an xterm to enter commands in unix/linux. You actually don't even need a shell, but it makes things a little easier.
  
  --
  The only thing worse than a Democrat is a Republican.
23. Re:Why yes! by Anonymous Coward · 2013-10-02 11:44 · Score: 1
  
  Excellent. I've never run any *nix distro that didn't make you go through egregious steps to auto mount anything.
24. Re:Why yes! by SampleFish · 2013-10-02 11:50 · Score: 1
  
  Windmills do not work that way
  https://www.youtube.com/watch?v=PmDVHs-juPo
25. Re:Why yes! by SampleFish · 2013-10-02 11:54 · Score: 1
  
  You don't know shit about USB rubber ducky.
  http://hakshop.myshopify.com/products/usb-rubber-ducky
  Make your time.
  All your base are belong to us.
26. Re:Why yes! by Trogre · 2013-10-02 12:24 · Score: 1
  
  Hint: Acronyms aren't supposed to be expanded inline.
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
27. Re:Why yes! by Trogre · 2013-10-02 12:39 · Score: 1
  
  Or as any other user.
  rm -Rf / will be equally devastating to an unprivileged user's data. It just won't leave you with a non-functional computer.
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
28. Re:Why yes! by Trogre · 2013-10-02 12:50 · Score: 1
  
  Or the other way around:
  Now that there's a nice centrally-administered map database for all these, what's to stop antagonistic operatives (govt, RIAA, etc) systematically applying portable high voltage flash-zappers to these, rendering them all useless?
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
29. Re:Why yes! by Anonymous Coward · 2013-10-02 13:02 · Score: 2, Interesting
  
  You are blindly trusting that something physically appearing as a "USB key" is a usb storage class device. It could just as easily present some human-interface device endpoints and start injecting keyboard or mouse input to quickly control your computer. Or, it could simply zap your computer with a high voltage surge, potentially by drawing USB power to charge a capacitor...
30. Re:Why yes! by aztracker1 · 2013-10-02 13:06 · Score: 1
  
  rm -Rf ~/ could be pretty devastating if you're the only user on the machine, and all the stuff you care about is under ~/
  
  --
  Michael J. Ryan - tracker1.info
31. Re: Why yes! by DigiShaman · 2013-10-02 13:14 · Score: 3, Funny
  
  I've seen what happens to a PC that took a direct hit. Lightning struck the house that it was in. The damage to the motherboard was fantastic! Every IC, south bridge, north bridge, and main CPU, had its packaging material blown off exactly where each chip was below it. I've never seen anything like it.
  
  --
  Life is not for the lazy.
32. Re:Why yes! by pwizard2 · 2013-10-02 15:41 · Score: 1
  
  If you just want to see what's there, a laptop running a Linux LiveCD (with all hard drives unmounted) would eliminate much of the risk.
  
  --
  "It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
33. Re:Why yes! by Nefarious+Wheel · 2013-10-02 15:42 · Score: 1
  
  We need a small, portable, dedicated device that performs a bi-directional USB to USB copy. You can remove the insects later.
  
  --
  Do not mock my vision of impractical footwear
34. Re:Why yes! by lars_boegild_thomsen · 2013-10-02 15:55 · Score: 1
  
  I'd be happy to plug my netbook / phone / multimedia device into this unknown thumb drive. Why not? I've got Linux.
35. Re:Why yes! by TheLink · 2013-10-02 18:34 · Score: 1
  
  Oh I see it's "lighting strikes" and not lightning strikes. I suppose it could protect your system from someone shining a not too bright light at it.
  
  In contrast I'm not aware of many smallish _electronic_ devices that can take direct lightning hits with zero or minimal damage.
  
  I've seen a modem that probably took a lightning induced surge[1]. Basically some of the copper tracks vaporized and were deposited as small little copper balls on the inside of the modem case. Even the mouse attached to the PC attached to the modem was dead.
  
  Anyone who makes claims about small electronic devices protecting your system from direct lightning is lying or doesn't know anything about lightning.
  
  [1] e.g. lightning hits nearby causes a powerful electrical surge along the phone lines. If it was a direct hit the modem wouldn't be in one piece.
  --
  
  Too many replies beneath your current threshold
36. Re:Why yes! by Yomers · 2013-10-02 21:11 · Score: 1
  
  Interesting device! How to protect linux computer from such attack, besides glueing USB ports? Any way to make it to ask for user password upon inserting HID device?
37. Re:Why yes! by magic+maverick+ · 2013-10-02 21:55 · Score: 1
  
  That's the joke ...
  
  --
  HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
38. Re:Why yes! by Kickasso · 2013-10-03 02:38 · Score: 1
  
  How do you know it's a storage device? Because it looks like one? Could it be a programmable HID perhaps?
  I think the last OS with autorun enabled by default was Windows XP.
39. Re:Why yes! by chaim79 · 2013-10-03 04:15 · Score: 1
  
  Something like a slightly modified Raspberry Pi with a custom OS that simply pulls all the content and saves it as a drive image that can be scanned and parsed, or maybe just grabs specific files (just image files or pdf files) and ignores all other files. In the end delivering it to another USB drive or an SD card in such a way that it's safe to open from your computer...
  (optionally) uploads new content to the USB drive.
  This sounds like a fun project, I'll have to start playing around with it. :D
  
  --
  DEMETRIUS: Villain, what hast thou done?
  AARON: Villain, I have done thy mother.
  Shakespeare invents 'your mom'
40. Re:Why yes! by Reziac · 2013-10-03 09:16 · Score: 1
  
  Also I'm wondering how long before these drops become 'targets' for law enforcement.
  
  --
  ~REZ~ #43301. Who'd fake being me anyway?
41. Re: Why yes! by uninformedLuddite · 2013-10-03 10:32 · Score: 1
  
  pics?
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
42. Re:Why yes! by uninformedLuddite · 2013-10-03 10:34 · Score: 1
  
  what if a child pokes a fork in it? Damn you.
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
Better idea by MrEricSir · 2013-10-02 08:17 · Score: 4, Informative

While it requires power, something like the PirateBox seems like a safer alternative. It relies on wifi, which means you don't have to be in one physical spot to use it, and you don't run the risk of pluggin your computer into something you can't see. You never know, it could be a 240 volt power line attached to that USB plug.

--
There's no -1 for "I don't get it."
1. Re:Better idea by CastrTroy · 2013-10-02 08:46 · Score: 2
  
  I was just thinking of doing something similar with a Raspberry Pi (or other similar cheap computer, Beaglebone etc.) Add a wireless dongle, create a network that people can connect to, and allow them to add files. It would be pretty easy to set up a firewall, so they couldn't do much damage. I'm not sure what the best software would be though. It would be nice if you could allow people to upload, but not delete files, and set up some kind of quota system so that someone doesn't just fill it with junk.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
2. Re:Better idea by davidbrit2 · 2013-10-02 08:51 · Score: 1
  
  If only there were some sort of pocket-sized device one could use to test for voltage.
  Alternative solution: build the thing with the flash drive protruding from a transparent acrylic box/panel.
3. Re:Better idea by drkstr1 · 2013-10-02 11:55 · Score: 1
  
  Wow, someone that can say "Raspberry Pi" but can't google "file permissions on linux" or umask.
  Nice snark there rtard. If a user has permission to "edit" a directory, this includes both editing and deleting files owned by the same user. File permissions or umask will not help you there. I suppose you could rig the system to create a new user for every mac address that connects, but that could be easily circumvented. Im sure it's possible someone, just not as easy as googling how filer permissions work.
  
  --
  Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7
4. Re:Better idea by drkstr1 · 2013-10-02 11:57 · Score: 1
  
  Meant to say creating and deleting files. Editing would actually be protected by umask, but is not the issue here.
  
  --
  Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7
5. Re:Better idea by Inda · 2013-10-02 23:51 · Score: 1
  
  Yeah. We should invent a protocol to transfer files, a file transfer protocol, so to speak. It would allow anonymous access, uploading and downloading, but no deleting. Deleting could only be done by the server admin.
  
  For extra functionallity, we could allow a ratio system where the user must upload a file before being able to download. This might be a problem for people with massive upload speeds. We'd have to introduce some form of throttling too.
  
  I'd like to see a discovery system introduced. It would have to be decentralised. Maybe each user could be assigned a netblock that they scan for anonymous access to file transfer protocol servers. They'd probably have to set the scan going overnight and report the findings in the morning.
  
  I can't beleive something like this wasn't invented 40 years ago. It sounds so obvious.
  
  --
  This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
6. Re:Better idea by CastrTroy · 2013-10-03 00:33 · Score: 1
  
  I know that FTP exists, but I'm not aware of any servers that would limit the users in quite the necessary ways. It would have to allow for anonymous uploads, and yet somehow still have quotas. Something basic would assign a quota to each MAC address, but even that is quite easily changed. How does one enforce a quota when the people connecting are anonymous. You can't just track the IP of the end point, because it's an ad hoc network, and the clients could pick any address they wanted to on the subnet.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
7. Re:Better idea by CastrTroy · 2013-10-03 00:53 · Score: 1
  
  Perhaps it would be OK if users could delete files they themselves uploaded. I've always thought it would be interesting to have a programmable ftp server. Similar to dynamic pages on the web, using PHP/JSP/Python/CGI/Ruby, but served over the FTP protocol. You could control access to the files using scripts, and serve dynamic files, so for instance people downloading data sets over FTP would always be downloading a current version of the data.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
What a great idea! by Russ1642 · 2013-10-02 08:19 · Score: 5, Funny

The technological equivalent of having unprotected sex through a glory hole at a Quebec truckstop.
1. Re:What a great idea! by Rinikusu · 2013-10-02 08:23 · Score: 1
  
  Without the excitement and swab down the dick later... Yeah, I think I'll pass...
  
  --
  If you were me, you'd be good lookin'. - six string samurai
2. Re:What a great idea! by Anonymous Coward · 2013-10-02 08:25 · Score: 1
  
  If you're running a system that is vulnerable to infected USB devices or media files, that's pretty much on you.
3. Re:What a great idea! by Anonymous Coward · 2013-10-02 08:25 · Score: 1
  
  Is there a reason truckstop glory holes in Quebec are more dangerous than those in other locations?
4. Re:What a great idea! by Russ1642 · 2013-10-02 08:29 · Score: 4, Funny
  
  When trying to depict something as seedy make it French. I didn't make up the rules.
5. Re:What a great idea! by Ralph+Wiggam · 2013-10-02 08:30 · Score: 1
  
  Wait...you're saying that's a bad idea?
6. Re:What a great idea! by cjb658 · 2013-10-02 08:32 · Score: 2
  
  What if the government is doing this to get us to install their spyware?
7. Re:What a great idea! by Gibgezr · 2013-10-02 08:35 · Score: 1
  
  In this particular instance, having seen the state of many roadside toilets along the highway in Quebec over the years, I agree with the choice. Many are fine, but the filthiest/most run down bathrooms I have ever seen have all been in Quebec (and not just along the highway; the worst hotel bathroom was in Quebec as well...although, to be fair, so was the nicest).
8. Re:What a great idea! by Rockoon · 2013-10-02 08:41 · Score: 4, Insightful
  
  If you're running a system that is vulnerable to infected USB devices or media files, that's pretty much on you.
  Sigh.. there is no technical reason why a untrusted USB device couldnt present itself as a Human Interface Device (HID - keyboard, mouse, both, ..) and then open up a shell on your *nix box and run arbitrary shell commands.
  
  There is in fact concern that future USB drives will be manufactured to "phone home" using such techniques.
  
  --
  "His name was James Damore."
9. Re:What a great idea! by AK+Marc · 2013-10-02 09:10 · Score: 1
  
  So you assert that there are no driver vulnerabilities that can cause issues, or physical attacks that could work over USB?
  
  --
  Learn to love Alaska
10. Re:What a great idea! by intangible · 2013-10-02 09:26 · Score: 1
  
  Was it the same hotel bathroom perchance?
11. Re:What a great idea! by Soporific · 2013-10-02 11:41 · Score: 1
  
  It probably wouldn't survive a gunshot coming out of the wall either, but I mean really? People are going to go around wiring 480 volt USB cables?
  ~S
12. Re:What a great idea! by Ian+A.+Shill · 2013-10-02 12:02 · Score: 1
  
  Which one?
  
  The technological equivalent of having unprotected sex through a glory hole at a Quebec truckstop.
  
  --
  For hire.
13. Re:What a great idea! by Gibgezr · 2013-10-02 12:08 · Score: 1
  
  No, but both hotels were in the same city: Montreal.
Ah... Sneakernet. by fahrbot-bot · 2013-10-02 08:23 · Score: 4, Informative

Sneakernet, for you youngsters, is like the Internet, but with more walking.
[ Links make things "Informative"... :-) ]

--
It must have been something you assimilated. . . .
1. Re:Ah... Sneakernet. by geekoid · 2013-10-02 09:01 · Score: 1
  
  The latency is hell.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
2. Re:Ah... Sneakernet. by Soporific · 2013-10-02 11:44 · Score: 1
  
  We used to drag our machines over to some guys house along with 15-20 other people and just start the copy fest of 360KB disks. It was a bit tedious I suppose but at least the net wasn't faceless then.
  ~S
3. Re:Ah... Sneakernet. by jxander · 2013-10-02 16:53 · Score: 1
  
  Never underestimate the bandwidth of a station wagon full of CDs cruising down the freeway.
  
  --
  This signature is false.
Interesting, but... by Impy+the+Impiuos+Imp · 2013-10-02 08:29 · Score: 2

I don't see how this thwarts government spying. A catalog must be online somewhere, and anything the government is interested in, well, bonus, set up a cam opposite and write down whoever visits. Hell, it makes foreign spying even easier -- just another tourist visiting your country.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
1. Re:Interesting, but... by Anonymous Coward · 2013-10-02 09:29 · Score: 1
  
  I don't see how this thwarts government spying. A catalog must be online somewhere, and anything the government is interested in, well, bonus, set up a cam opposite and write down whoever visits. Hell, it makes foreign spying even easier -- just another tourist visiting your country.
  Resources. The government can come into your house and look in your computer (with an apparently all-too-easy-to-get warrant), but they don't have enough people to do that to all houses everywhere. The same is somewhat true here, they can't physically monitor all dead drops. And we could conceivably put in our own surveillance measures to detect if they physically come to the dead drop location, so we have a chance at knowing if we've been compromised. It's not a cure, it's just returning a little more control back to us. Or maybe it's just the illusion of control. We humans have a hard time telling the difference.
And it never occured to anyone ... by johnlcallaway · 2013-10-02 08:30 · Score: 1

... that the government can find and plug into these as easily as anyone else?? And then load software to track who is downloading??

Another creative ideas from people from children living in their mom's basements who really don't have a clue.

--
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
1. Re:And it never occured to anyone ... by Gibgezr · 2013-10-02 08:43 · Score: 1
  
  How do they "load software to track who is downloading"? Do thumb drives now have the capability to execute software on their own? Can that software access your files and ID you over a USB port?
  Methinks you don't understand the technologies involved here. Everything to do with computers isn't a computer; specifically, USB flash drives are not computers.
2. Re:And it never occured to anyone ... by geekoid · 2013-10-02 08:59 · Score: 1
  
  His point is someone could put software on it, and then when it gets copied to your computer it could report a location.
  But the would require someone clicking on an unknown executable or link, and no one would every do that, right?
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
3. Re:And it never occured to anyone ... by Gibgezr · 2013-10-02 09:24 · Score: 1
  
  OK, so the only people who need to be scared are people that would download a file named "RunMeToMakeFacebookFaster.exe" and execute it...but those folks are already boned by every Nigerian Prince on teh internetz, so I don't worry about them. The government already knows the state of every bit on their computers.
  I might be wrong, lord knows who actually uses these things, but it sounded like it was aimed at the sort of paranoid people who worry about the government tracking their files, and wouldn't be silly enough to run software they found laying in the street. It could be that they are actually used exclusively by cool hipsters with Macbooks though.
4. Re:And it never occured to anyone ... by blueg3 · 2013-10-02 09:46 · Score: 4, Informative
  
  How do they "load software to track who is downloading"? Do thumb drives now have the capability to execute software on their own?
  Sometimes! But let's use an easier attack. Put a thumb drive plus some custom hardware into a thumb drive case. Easy to do. The hardware enumerates as both a thumb drive and, say, a USB audio-device driver that is present on most stock Linux distributions and has a particular buffer overflow vulnerability that allows arbitrary code execution. That sort of vulnerability is reasonably common and has happened in the past. Engineering that hardware is not hard. When the system enumerates the USB audio device, it loads that driver and the driver performs setup by talking to the USB device and requesting information. The evil device sends back responses to the driver that trigger the buffer overflow and execute device-provided code.
  You could make this fairly system-independent by putting a number of fake devices in there that exercise different vulnerabilities. Or you could determine what the connecting operating system is (and what drivers it has available) by looking at how it enumerates. You can even have your device use soft reconnects to try out different vulnerable drivers. (You would have the computer-facing port actually connect to a hub. Also easy to engineer up.)
  
  Can that software access your files and ID you over a USB port?
  So, yes.
  Don't assume that because something looks like a flash drive, it actually is. And don't connect unknown peripherals to your computer -- they talk directly to drivers.
5. Re:And it never occured to anyone ... by geekoid · 2013-10-02 11:20 · Score: 1
  
  Or and hacked word doc, or an image with an exploit, or a file with a virus.
  It's like your knowledge of attack vectors stopped in 1994
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
6. Re:And it never occured to anyone ... by Qzukk · 2013-10-02 11:21 · Score: 1
  
  specifically, USB flash drives are not computers
  And you know it's a USB flash drive and not a gumstix or other tiny computer because... the sign said "usb flash drive!!1! plug in here for good porn!!one!" and signs could never lie?
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
7. Re:And it never occured to anyone ... by Gibgezr · 2013-10-02 12:23 · Score: 1
  
  This is actually something I considered for a moment as I was posting the above message, but tossed aside as being overly paranoid. Yes, a USB-drive-that-isn't-actually-a-USB-drive-but-is-actually-a-tiny-computer, a custom piece of hardware, might be able to find a vulnerability. Normally I'd think the tinfoil hat must be too tight if someone was worried about this, but in recent light of all this NSA spying on the world crap, I guess the option of "the terrorist state has won and I am giving in to fear" is perhaps a valid one. I await Brian Krebs' story on this in the future.
8. Re:And it never occured to anyone ... by Gibgezr · 2013-10-02 12:27 · Score: 1
  
  I have been around for a long time, but like I explained, it was more "people paranoid enough to use sneakernet so as to avoid internet tracking are paranoid enough not to open word docs with macros turned on/run exes etc."
9. Re:And it never occured to anyone ... by Gibgezr · 2013-10-02 12:31 · Score: 1
  
  Possible, yes. Probable? No. I'd love to find out someone was crazy-glueing gumstix to the wall in public places near me, I'd have a nice collection of gumstix for 5 seconds work with a mini pry bar.
10. Re:And it never occured to anyone ... by MickLinux · 2013-10-02 13:07 · Score: 1
  
  Perhaps the easiest and best way to thwart the nsa is to put all your files on a usb, and put it in a dead drop at
  NSA
  9800 Savage Rd
  Fort Meade, MD
  Yeah, it might seem pointless. But if ALL 6 billion of us did it...
  
  --
  Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
11. Re:And it never occured to anyone ... by blueg3 · 2013-10-03 00:43 · Score: 1
  
  It's already been done many times, in a variety of ways, by researchers (mostly using general-purpose hardware). It doesn't require much paranoia at all.
12. Re:And it never occured to anyone ... by Gibgezr · 2013-10-03 04:05 · Score: 1
  
  I dunno, even in the cases you are talking about (the ones I am familiar with are computer under the table/behind the curtain with "charging cables" for phones etc), I would think that it requires some level of paranoia to say "I shouldn't plug my phone into any charging stations because they might be tracking me". It might be a justifiable level of paranoia, but it is still something that we haven't seen in the wild except as research experiments.
  The level of paranoia required to go from that to "better not plug into that lexar thumbdrive glued to the wall, it might actually be an evil computer leveraging 0-day auto-mount driver exploits" is significantly higher.
13. Re:And it never occured to anyone ... by blueg3 · 2013-10-03 05:43 · Score: 1
  
  You can whitelist on Linux and Windows systems, too, if you include modifying the driver-loading process. It can be reasonably easily done on either system. But common out-of-the-box OSes have wide-ranging support for drivers that they load automatically.
Re:How is this different from sneakernet? by Gibgezr · 2013-10-02 08:37 · Score: 2

This is sneakernet with anonymous strangers. I don't know about you, but that is a new one on me. It used to be I knew who I was getting the floppy disk from.
by analogy - use a dildo by schlachter · 2013-10-02 08:37 · Score: 1

use an offline, disposable computer to read these drives if you want to play the game.

--
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
1. Re:by analogy - use a dildo by sconeu · 2013-10-02 09:05 · Score: 1
  
  Booted from a LiveCD.
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
but it is a could by geekoid · 2013-10-02 08:57 · Score: 1

it's just a particularly slow one.

--
The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Antarctica doesn't need dead drops... by babymac · 2013-10-02 08:57 · Score: 3, Interesting

As a six month veteran of the US Antarctic Program, I can tell you McMurdo Station doesn't need dead drops. There's plenty of file sharing going on pretty much in the open. I attended meetings in the library that would pretty much devolve into file sharing swap meets. I suppose it must have been like the mid-1990s on college campuses. Fun stuff!

--
"War makes me sad." - Me
Blast that federal shutdown! by Austrian+Anarchy · 2013-10-02 08:58 · Score: 1

http://deaddrops.com/dead-drops/db-map/
Service Temporarily Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Additionally, a 503 Service Temporarily Unavailable error was encountered while trying to use an ErrorDocument to handle the request.

--
Time Bomber the Book coming soon.
No thanks by nurb432 · 2013-10-02 09:09 · Score: 1

1 - God only knows what virus is on that device or if its not just wired to 220 and fry your machine on contact.
2 - Who is watching? It wouldn't be considered entrapment if its the government.

--
---- Booth was a patriot ----
hey INTERNET! by Anonymous Coward · 2013-10-02 09:09 · Score: 1

we are looking for people who would be interested to bring the deaddrops.com project fwd. things were slow but caught up now again in post snowden era ;) if you know php and are interested to support please get in touch! dev at deaddrops.com
thx!
ARAM (i m the guy in the video ;)
1. Re:hey INTERNET! by zentigger · 2013-10-02 10:40 · Score: 1
  
  The best 99 you will ever spend:
  http://www.monoprice.com/products/product.asp?c_id=103&cp_id=10303&cs_id=1030304&p_id=5432&seq=1&format=2
  
  --
  the above is my personal opinion and does not necessarily reflect that of the little voices in my head
Re:How is this different from sneakernet? by nurb432 · 2013-10-02 09:10 · Score: 1

With sneaker-net you knew who you were dealing with, and you took it to them personally. You didn't just lay a grocery bag of anonymous floppies under a park bench.

--
---- Booth was a patriot ----
Time to do more in Seattle by jetcityorange · 2013-10-02 09:15 · Score: 1

I've placed a couple of dead drops here in Seattle (the gum wall @ Pike Place Market & the Fremont Bridge) but both are long gone. Looks like it's an idea whose time has come. Time to plant some more all over town... http://jetcityorange.com/dead-drops/
1. Re:Time to do more in Seattle by drkstr1 · 2013-10-02 12:20 · Score: 1
  
  Hello fellow Seattleite. I will keep an eye out for your work. :)
  
  --
  Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7
Re:What will the Jews do... by Anonymous Coward · 2013-10-02 09:16 · Score: 1

Dear incoherent racist troll:
When you die, you'll have accomplished nothing but making life for others slightly less wonderful than it otherwise would have been. You will have created nothing of lasting beauty, and wasted the only opportunity you'll ever have to do something great. You get one chance at this game of life, and you are losing at it. Badly.
wifi drops by nurb432 · 2013-10-02 09:18 · Score: 1

Those *might* be ok to use. at least then you can scan what you are getting, plus it wouldn't be obvious you are doing it.

--
---- Booth was a patriot ----
Re:How is this different from sneakernet? by geekoid · 2013-10-02 11:17 · Score: 1

anon sneakernet is still sneakernet

--
The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Re:OH BOY by SampleFish · 2013-10-02 12:00 · Score: 1

That's actually what I put in mine
Someone needs to validate the location DB. by prowler1 · 2013-10-02 12:21 · Score: 1

One of the linked articles mentioned a Chinese student placing a 120Gb at a Sydney TAFE but when you look at the location database map option, it is pinned to a location which is about 30-40km's from where it really is. It shows it as being in Western Sydney when it should be showing it as being in/near to the Sydney CBD. If you look at the photos one of them shows a sign for Harris street which is a main road the TAFE is located next to in/near the Sydney CBD. Not sure how it ended up so far away on the map.
As an aside, I wonder how many of these drives are now infected with malware etc by now.
WARNING: LiveCD does not protect you by Anonymous Coward · 2013-10-02 12:32 · Score: 1

I hope you physically disconnected your hard drive first. Otherwise you're at even greater risk, because your LiveCD probably has "sudo ALL=(ALL) ALL" in your /etc/sudoers.
See Hobadee's comment about HIDs and its children, and realize what would happen if it could get root without asking for a password -- just by adding "sudo" before the command.
Hint: "/usr/bin/sudo /bin/dd if=/dev/zero of=/dev/sda" from a LiveCD will completely ruin your day. Even if you manage to kill it in the first second, your partition table is already gone, and most of your primary partition's directory structure is probably gone too. I hope you had a backup.
Could be possible to use safely by russotto · 2013-10-02 13:19 · Score: 1

But you're going to need an industrial-strength "USB condom". Data lines optoisolated. Power lines hooked to a battery in the condom. Both data and power lines on the "dangerous" side protected with fuses and overvoltage protection devices. And a microcontroller implementing a filter to make sure it can't pretend to be anything but a block storage device. Feasible, but worth it? I don't think so.
Hardly anonymous by almechist · 2013-10-02 14:01 · Score: 2

Anyone who thinks this offers some form of anonymity in any way hasn't been paying attention. For instance, the locations are all known, there's a website that lists them all! Anyone interested in exactly who is downloading or uploading what just has to put up a hidden camera to watch the thumb drives.
So, interesting concept, poor execution. Now if the drives were accessible through wireless means, that would be a step towards creating a true dead-drop network. This thing as described is just a stunt. Art project? Yeah, I can believe that.
Small problem by Hypotensive · 2013-10-02 20:00 · Score: 2

Your anonymity in a dead drop system depends on the dead drop location being known only to you and to the person with whom you want to exchange the secret.
As soon as you publish the location of the dead drop anyone can observe it and you have no anonymity whatsoever.