The only criteria the thumb drive in the wall fails is "Accessible via Tor to protect against traffic analysis.", however it doesn't need network access at all so I think it is kind of a moot point.
There is some minor risk of surveillance on the site, but that can be defeated with a fake mustache or whatever. Also physical security risk, the drive might be designed to damage computers that connect to it via a voltage spike.
As a thought exercise I sometimes wonder how far I can go from a specific location without being captured on a camera.
Worst case you could try underwater
All significantly harder though
Ideally you'd like your data transfer to be completely invisible even to watching eyes, ears and attenas, so the best option is to use signals (or the absence of signals) one would expect to be there.
Might also make for a neat Geocache.
0. https://hackaday.com/2024/01/27/harvesting-electricity-from-...
1. https://www.instructables.com/Remote-Control-ESP8266-With-Co...
2. https://arduino-esp8266.readthedocs.io/en/latest/esp8266wifi...
That's how they got the Harvard bomb threat suspect. Even though he was using Tor, he was one of only a few people directly accessing it from the university's network at the time it was sent, and they had logs.
All you need is to e loitering nearby, connect and drop the data then move
But phyaical tracking is very much a threat
I wonder how many packet sniffers record exact extremely-accurate timestamps, maybe you could even use synchronized gps clocks so even if the saved a millisecond (or better?) timestamp, you send enough packets with enough exact timings that you need to have saved higher resolution
Accuracy is hard to judge, but tcpdump/wireshark usually show 6 digits after the decimal. It's gotta be close enough within the bounds of usual jitter on a packet switched network.
Even better: put it in the ICMP echo request; then you can also spoof the sending address if you wish.
Or encode it in a DNS request/response.
Sounds like the other size of timing leaks that cryptographers are so worried about
Would introduce a configurable amount of delay variance,
Would attach directly to the Ethernet port, before the patch cord going to the rack's router.
It also has a lot of eyes on it and was reviewed by people whose job is to spot these sort of issues
Libsodium is also extremely robust. The only crypto project I’ve seen that is as footgunless is google’s tink, and that isn’t available for a JS environment.
What’s great about libsodium is that it’s a single code base that works everywhere. RSA libs I’ve used have subtle differences when it comes to loading keys in different formats and also incompatibilities due to dropping leasing zero bytes for instance. Compared to that, libsodium was a breeze that just worked.
I always try to find something that runs in web-assembly, but it's better to avoid nodejs altogether if you want high security. Go is much better for these kind of things overall.
What an absolutely stupid hot take.
The premise here is that the donor has an app on their phone. They load their data into the app.
Then they go to a mall, down town shopping district, someplace busy and they walk around.
When they got home they see a green dot showing the data has been transferred.
Somewhere hidden where they were walking is a BT receiver. The app and phone sniffed it out and sent the data as they walked by.
Once the data is loaded onto the drop, it’s exported out via a mesh of LORA radios.
I don’t know how to get BT radios to pair automatically without ever seeing each other, even between cooperating parties. Or maybe it could work with WiFi Direct. Not really familiar with that.
Also Apple Wireless Direct Link is pretty interesting as well. It can do a lot more than Airdrop.
Also that aside, many whistleblowers are not necessarily technologically inclined people, so this would not necessarily work well due to that too
So? Post it on craigslist (or reddit/twitter/mastodon/youtube comment/wherever).
Most of those need logins, but so what - use a fresh account for each dead drop.
But remember that we rely on the lambda scheduler to run it
That does boy have perfect accuracy, so that helps too
Finally, you aren't publishing every 5 minutes, you execute it once a minute, and have 25% chance to publish, so it's going to be mixed
I'm not quite sure OPs approach is the best tho, serverless is just somebody else's server.
Better to use something like Onionshare and run it on a device on-premise then transfer the files to an air gapped device for decryption.
Like how low-code involves large amounts of code, serverless is a perfect term for keeping people from knowing what's going on.
As we have learned, many companies hosting your data do not even require a court order. An urgent-sounding email with an official-looking return address is all that is needed.
[0]: https://ipfs.tech
[1]: https://geti2p.net
