[Noisebridge-discuss] usb 'dead drops' at noisebridge?
travis+ml-noisebridge at subspacefield.org
travis+ml-noisebridge at subspacefield.org
Thu Nov 4 12:09:59 UTC 2010
On Wed, Nov 03, 2010 at 09:44:46AM -0800, epsas at evil-wire.org wrote:
> The problem with this is that the dead drop would then be subject to
either interception by a technically capable oppressor
Real dead drops are, of course, designed for servicing by particular
people, and not for the general public. So in that case, it's pretty
easy to secure the data using crypto.
Even in the public case, I suppose you could use anonymous D/H
to prevent passive interception.
> or bare
traffic analysis using MAC addresses or cameras for associating
users with "dropped" files. With a wired/usb dead drop, an
oppressor would only know that an individual had used a dead drop
for a certain period of time. The latter is a big enough risk
already.
I'd say that having to plug in pretty much identifies the person
receiving the data - with radio, not so much.
I'm sure you can imagine a device which is programmed to receive a
radio transmission in a certain vicinity without requiring any
observable action by the recipient. Technically the reception
_could_ be completely passive, but not with WIFI.
Given Noisebridge's location and the amount of foot traffic, it should
be easy to design a system for transmitting to certain people casually
walking by on Mission at certain times. Maybe a smart phone app that
checks in and (without any user interaction) exchanges messages...
Depending on the exact technology, and circumstances, MACs could
identify a network node, and that could be linked to a physical
person. The recent batch of Russian spies got tagged this way, IIRC.
FBI CI was all over them like a cheap suit. But any sufficiently
paranoid net sec guy should know the simple solution to this. There
are even more esoteric problems and solutions beyond this...
--
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20101104/4d33bf43/attachment-0003.sig>
More information about the Noisebridge-discuss
mailing list