DeadDrops - anonymous, offline, peer to peer file-sharing

I work near one of these and a couple of us decided to investigate purely out of curiosity one lunch time earlier this year.

We used a netbook with a fresh Windows XP on it and nothing of value and destroyed the disk afterwards.

It had on it some inane chart mp3s, a low quality DVD rip, a text file with 1337speak in it and what looked like a Ubuntu ISO. I doubt anyone else had actually plugged anything into it and these were probably the originator's files.

I can see the attraction and purpose of it, but the idealisms probably won't ever be realised with human nature as it stands. Someone will trash or break it and someone else will upload something nasty to it.

As for security, all these probably carry the Internet clap so don't go sticking them in anything of value (sounds like a certain human problem as well).

Wouldn't this be a tad easy to "troll"? All you would need to do is hit that USB port with a rock and it would be completely unusable, all effort into cementing it into the wall wasted.

This can't end well, I won't ever plug anything into my laptop if it is hidden in a wall. See: http://www.fiftythree.org/etherkiller/

It would be interesting to use a $20 TP-Link 703N to create a solar wifi dead-drop.

Here is Moustreet keys, located in Toulouse, France: http://blog.lamoustacherie.fr/?page_id=3981

The advantage they have is a female plug, you can't physically break it like standard usb key (most of these keys are broken after a year).

But they're disappearing too, people tend to paint walls :)

A LAN shareparty without internet access might be a better way to revitalize the sneakernet. You could just use a httpd to share your files and let others download what they want over a 1GB LAN. Or use some file-sharing system locally and only locally.

Curiously enough, in a LAN party the IP addresses are much less critical than on the internet. If we assume that there were MAFIAA infiltrators listening on your local torrent swarms then nobody really knows whose computer is behind, say, 192.168.0.67: a dhcp server will distribute ips pretty randomly to different participants without querying who they are. Of course, some computers connected to the same router will see the corresponding MACs but following those would require the infiltrator to know which port of the router can be used to find a certain MAC and you don't really see that unless you have access to the router console.

Conversely, ISPs generally keep track of who's using which IP at a given moment eventhough the internet is global and one might think that any IP address will just disappear in the sea of endless numbers.

This seems like a really simple way to get implicated into some nasty shit.

It doesn't look like anyone has explained the real danger of plugging into one of these.

Any malware, skeezy content, etc. can be avoided by simply not opening files and having your computer not autorun usb drives. But the real issue (at least the one that always comes to my mind) is if, say, the "USB device" was just a male connector connected directly to wall power. This would at least fry your computer's USB, possibly more.

It would also be trivial to set up a simple circuit inside a USB drive casing to step up voltage and potentially fry your computer's ports.

It they think I'm going to hold my shiny new laptop awkwardly against a wall and get it all scratched up only to get it riddled with child porn and malware, they are sadly mistaken.

Great. The computer equivalent of a glory hole.

Could someone please explain the risks of plugging into a random USB device?

I see a handful of people alluding to risks (viz. "USB Condom") but I don't understand precisely what the issue is.

On Windows, presumably there's autorun.inf which can launch any executable on the USB drive. Is that correct? What about if you plug in from Unix or MacOS?

Bonus question: What are the risk factors, both for you and the host, if you charge your smart-phone in a stranger's laptop through USB?

What could possibly go wrong ?

Clever. Inordinately stupid, but clever.

I could see this actually working...but not as advertised. And not if advertised.

Just as dealers hit street corners and people still buy off them knowing the risk, secret USB ports (not all over Hacker News or advertised on a web page) could pass software to a group of people who have a high barrier for membership insofar as they trust the other members of the group.

But then, isn't this just what people used to do before the internet? Now it's "anonymous, offline, p2p file sharing"!

Don't do that without an USB condom

Same link has been posted here several times. At least two times earlier.

Yeah that seems perfectly safe.

Not this crap again it's so old and only 5 people in the whole world do it. Someone else spammed this on HN last month. I guess it's not as bad as a "how our company learnt from being stupid" splog posts we see daily here.