Monday, November 15, 2010

Taking the Dead out of Digital Dead Drops

The other day I blogged about Digital Dead Drops, a scheme where USB drives are stashed around a city for folks to use. While the concept has been rolling around in my head for the last few days, what's really been bugging me is all the negativity in the comments on the announcement page.

Sure, the idea has flaws - but it never ceases to amaze me how people can show up and criticize an idea with such vitriol.

In the spirit of being more positive, I offer here solutions to three key problems I see with the idea. First, the potential for physical damage to one's laptop, second, the concern about virii and other malware and third, the concern about drives being wiped.

The first concern is that, by say a wedged in place staple hidden in the USB port, one might accidentally damage their laptop by using a Dead Drop. On the surface, it seems the hardest to fix. Though, in reality it's almost trivial. Just use a $3.00 USB cable extender and you're all set. Yes, the extender cable could get damaged - but it's easily replaced for just a few bucks. An extender cable would also make using the drives easier, as you wouldn't need to position your laptop at just the right angle as shown in the original video.

The second concern - viruses and malware also seems relatively easily solved. The solution: PGP (or, more likely GPG). A public dead drop seems the perfect application for public key cryptography. Not only could you use the encryption to get all cloak and dagger like, but just as importantly, you could use digital signatures to confirm a file really is written by who it claims to be written by. By using Public Key Encryption, you could effectively use an insecure medium like a dead drop to pass files around securely. Just, like, say, a VPN.

To get really fancy, someone could write an application to browse dead drops. It would have functionality like turning off auto run behavior and showing which files are signed and which aren't. In other words, making the power of PGP available to novices.

The third problem, that of people deleting drives and files, is trickier to solve. About the best I've come up with is that the browsing application mentioned above could be enhanced to take disk images of the drive and archive them. An individual could visit drops the frequent, and make archived copies of the drive, or restore them. This would work much like the Wikipedia restoring process works now.

So there you have it - three problems and three solutions.

And why do we need dead drops in the first place? I'm not exactly sure yet. But I know, that sometimes the best inventions come out of a product that doesn't appear useful.

No comments:

Post a Comment