A USB dead drop is a USB mass storage device installed in a public space. For example, a USB flash drive might be mounted in an outdoor brick wall and fixed in place with fast concrete. Members of the public are implicitly invited to find files, or leave files, on a dead drop by directly plugging their laptop into the wall-mounted USB stick in order to transfer data. (It is also possible to use smartphones and tablets for this purpose, by utilizing a USB on-the-go cable.) The dead drops can therefore be regarded as an anonymous, offline, peer-to-peer file sharing network. In practice, USB dead drops are more often used for social or artistic reasons, rather than practical ones.
Background and history
The Dead Drops project was conceived by Berlin-based conceptual artist Aram Bartholl, a member of New York's F.A.T. Lab art and technology collective. The first USB dead drop network of five devices was installed by Bartholl in October 2010 in Brooklyn, New York City. The name comes from the dead drop method of communication used in espionage. An unrelated system called "deadSwap", in which participants use an SMS gateway to coordinate passing USB memory sticks on to one another, was begun in Germany in 2009.
Each dead drop is typically installed without any data except two files: deaddrops-manifesto.txt, and a readme.txt file explaining the project. Although typically found in urban areas embedded in concrete or brick, installation of USB dead drops in trees and other organic structures in natural settings have also been observed. Wireless dead drops such as the 2011 PirateBox, where the user connects to a Wi-Fi hotspot with network attached storage rather than physically connecting to a USB device, have also been created.
Comparison to other types of data transfer
Some reasons to use USB dead drops are practical. They permit P2P file sharing without needing any internet or cellular connection, sharing files with another person secretly/anonymously, and they do not track any IP address or similar personally identifying information. Other benefits are more social or artistic in nature: USB dead drops are an opportunity to practice what Telecomix describes as datalove and can be seen as a way to promote off-grid data networks. Motivation for using USB dead drops has been likened to what drives people involved in geocaching, which has existed for longer and is somewhat similar in that often a set of GPS coordinates is used to locate a particular USB dead drop. Specifically, USB dead drops give the user "the thrill of discovery" in seeking out the location of the dead drop and when examining the data it contains. A QR-Code dead drop including the data in the QR code image or pointing to a decentralized storage repository would be an alternative and less risky option compared to a physical USB dead drop as long as users avoid IP address disclosure.
Potential drawbacks
Dead drops are USB-based devices, which must be connected to an upstream computer system, e.g. laptop or smartphone or similar. The act of making such a connection, to a device which is not necessarily trusted, inherently poses certain threats:
- Malware: anyone can intentionally or unintentionally infect an attached computer with malware such as a trojan horse, keylogger, or unwanted firmware. This risk can be mitigated by using antivirus software, or by using a throwaway device for the act of data transfer.
- Booby trap: a fake dead drop or USB Killer might be rigged to electrically damage any equipment connected to it, and/or constitute a health and safety hazard for users. This risk can be mitigated by using a USB galvanic isolation adapter, which allows data exchange while physically decoupling the two circuits. Wifi-based dead drops are not vulnerable to this threat.
- Mugging: because a USB dead drop is normally in a public or quasi-public location, users may be physically attacked when they attempt to use the system, for a variety of reasons including theft of the user's devices.
Drawbacks to system infrastructure
Publicly and privately available USB dead drops give anyone (with physical access) the ability to save and transfer data anonymously and free of charge. These features are an advantages over the internet and the cellular network, which are at best quasi-anonymous and low-cost (there is always some fee associated although in certain scenarios such as government-subsidized or employer-subsidized or public-library-subsidized network access the end user may experience no direct costs). However, offline networks are vulnerable to various types of threats and disadvantages, relative to online ones:
- One device at a time: Users cannot plug in to a USB dead drop if someone else is already plugged in
- Removal of stored data: anyone with physical access can erase all of the data held within the USB dead drop (via file deletion or disk formatting), or make it unusable by encrypting the data of the whole drive and hiding the key (see also the related topic of ransomware).
- Removal of the entire device: thieves can steal the USB drive itself.
- Disclosure: anyone can disclose the location of a (formerly) private dead drop, by shadowing people that use it, and publishing coordinates in a public fashion. This impacts the anonymous nature of USB dead drops, since known drops can be filmed or otherwise observed.
- Vandalism of the dead drop by physical destruction: anyone with physical access can destroy the dead drop, e.g. with pliers, a hammer, high voltage from a static field, high temperature from a blowtorch, or other physical force. Likelihood of vandalism or extraction is reduced by sealing the USB dead drop in a hole deeper than its length but this requires legitimate users to connect with a USB extender cable. Sometimes the installation of the dead-drop can itself be vandalism of the building; i.e. when a building owner destroys a dead drop placed without permission.
- Exposure to the elements: dead drops tend to be exposed to rain and snow, which will presumably reduce their service lifetime.
- Demolition or damage during maintenance: certain dead drop locations are limited to the lifespan of public structures. When a dead drop is embedded in a brick wall, the drop can be destroyed when the wall is destroyed. When a drop is embedded in a concrete sidewalk, the drop can be destroyed by sidewalk-related construction and maintenance. Sometimes dead drops are damaged when walls are repainted.