Dropgang vulnerabilities

jim bell jdb10987 at yahoo.com
Tue Jan 22 23:27:26 PST 2019

 On Tuesday, January 22, 2019, 3:13:07 PM PST, Steve Kinney <admin at pilobilus.net> wrote:
 On 1/13/19 10:43 PM, Mirimir wrote:
>> Dropgangs, or the future of dark markets

>Here's some ideas about structural vulnerabilities in the Dropgang
protocol, as described at https://opaque.link/post/dropgang/

>Dead drop reuse:

>To achieve acceptable security each dead drop may be used once only,
because hostile buyers could place 'their' dead drops under video
surveillance  and record every courier and customer visit to the drop
following their own transaction.

>Couriers delivering to dead drops can not determine if their supplier
sends them to previously used dead drops, unless they service only dead
drops they set up and document themselves.  Couriers should transmit the
locations of drops they have developed only when presented with an order
to fill, to assure that their distributor can not send other couriers
and customers to use them first.  The added surveillance exposure of
making two visits to the same site - setup and delivery - presents less
exposure than trusting that the anonymous seller will never send a
courier to a previously used dead drop.
[much stuff deleted]

People who think of a 'dead drop' as being a previously-existing hidey-hole in the urban/suburban landscape need to remember that even if they are relatively plentiful, they are NOT so plentiful that they won't be reused at some point.  Or much more likely, probed on speculation by passers-by, especially once they learn that such locations may be used as dead-drops.  
This is one reason I previously described my idea to have a pointy metal or stiff-plastic  tube driven into the soil or  in grassy area, maybe 1 inch in diameter, and then filled with a removable tube with the payload contained in it.  For an approximate shape, take a look at this ad for centrifuge tube:https://www.usplastic.com/catalog/item.aspx?sku=76941&gclid=Cj0KCQiAm5viBRD4ARIsADGUT24x7cDtbtnGyiwG2_DKaCKpwCn9I-jw8XHCOwL17U0LCWFB3SQkyGAaArjUEALw_wcB

(Although I am not suggesting employing an actual 'centrifuge tube':  They appear to be much too expensive for this purpose.  I am merely showing the approximate simple shape that could be employed.)
Its location, when placed, is essentially arbitrary.   All cities, suburbs, and towns, to say nothing of rural areas, are quite full of parks, fields, unbuilt lots, golf courses, cemeteries, grassy medians, high-tension line rights-of-way, gravel roads, beaches, and forested areas.  Almost all of that could be employed to hide a tiny pipe whose presence would probably go unnoticed for years, and certainly for hours and days.  
The main requirement to find the store is a precise GPS system, ideally one which can employ WAAS (Wide Area Augmentation System), which usually will provide a location accuracy of 1 meters.  That alone would probably be sufficient.
If people are assumed to only have access to ordinary GPS receivers, such as those in smartphones, I have also suggested using a plastic molded "corner-cube" retroreflection device to accurately send back light (or, with an IR-only filter, IR) to the searcher.  See Acrylite GP color 1146-0.  https://www.eplastics.com/plexiglass/acrylic-sheets/ir-transmitting   This material can be placed over an ordinary clear-plastic retroreflector, and according to the graph shown it retroreflects only 1% of 1% (or 0.01%; it loses 99% on each pass through the sheet.)   The retroreflection plane can be 'aimed' in a specific direction, to make it even more unlikely to be accidentally found by a random passer-by.  
Another aid to finding such a cache would be to throw a few hundreds or thousands of tiny (say, 1/100 inch diameter? polished glass beads, around the target, after it was placed in a grassy area.  These glass beads would, themselves, be somewhat retroreflective, but could only be seen from above as the searcher gets close to the cache.  Or, a small retroreflection disk can be placed, face-up, at or near the cache.  
                 Jim Bell

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7492 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20190123/ba7548ee/attachment.txt>

More information about the cypherpunks mailing list